filemapping[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

filemapping.exe
Size

410KB
MD5

e9e63ccd51e28ced025e7bbe8df03f2c
SHA1

7a6573c6ef4641e8602768c9d5afd1d6c61747ad
SHA256

e1a96384b27f43066fd1fb256d4cafefc471ca43d2a0117b0cda97a985321d13
SHA512

1f426f719101f50a046d81674b999b764e923773deebb51839c98492d46d21d4580752892c18065f3bdb16149dba4d74ae1d9901d8e6384a397ca34e91b0f067
SSDEEP

6144:UNdrH1E7K1dewz00lIdkajHHcn6n6AbC26ISbrWk:UNb6K1dznajHHcn2rC2Gbq

Score

N/A

Malware Config

Signatures

Files

filemapping.exe
.exe windows x86

1f5ae6a73625493bfb847f81c19da5bb

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

CloseHandle
UnmapViewOfFile
MapViewOfFile
OpenFileMappingW
DeleteFileW
WaitForSingleObject
CreateThread
CreateFileMappingW
WriteFile
CreateFileW
InterlockedIncrement
InterlockedDecrement
Sleep
InterlockedExchange
InitializeCriticalSection
DeleteCriticalSection
EnterCriticalSection
LeaveCriticalSection
RtlUnwind
RaiseException
GetCommandLineW
HeapSetInformation
EncodePointer
DecodePointer
GetModuleFileNameW
HeapValidate
IsBadReadPtr
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
WideCharToMultiByte
MultiByteToWideChar
lstrlenA
GetProcAddress
LoadLibraryW
TlsAlloc
TlsGetValue
TlsSetValue
GetCurrentThreadId
TlsFree
GetModuleHandleW
SetLastError
GetLastError
GetCurrentThread
IsProcessorFeaturePresent
InitializeCriticalSectionAndSpinCount
FatalAppExitA
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
GetSystemTimeAsFileTime
ExitProcess
FreeEnvironmentStringsW
GetEnvironmentStringsW
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoW
HeapCreate
HeapDestroy
OutputDebugStringA
WriteConsoleW
OutputDebugStringW
SetConsoleCtrlHandler
HeapAlloc
GetModuleFileNameA
HeapReAlloc
HeapSize
HeapQueryInformation
HeapFree
GetACP
GetOEMCP
GetCPInfo
IsValidCodePage
GetProcessHeap
VirtualQuery
FreeLibrary
GetLocaleInfoW
LCMapStringW
GetStringTypeW
FlushFileBuffers
GetConsoleCP
GetConsoleMode
SetFilePointer
GetLocaleInfoA
IsValidLocale
EnumSystemLocalesA
GetUserDefaultLCID
SetStdHandle

Sections

.textbss
Size: - Virtual size: 148KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.text
Size: 321KB - Virtual size: 320KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 63KB - Virtual size: 63KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 5KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 14KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

1f5ae6a73625493bfb847f81c19da5bb

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

Sections

.textbss Size: - Virtual size: 148KB

.text Size: 321KB - Virtual size: 320KB

.rdata Size: 63KB - Virtual size: 63KB

.data Size: 5KB - Virtual size: 14KB

.idata Size: 3KB - Virtual size: 3KB

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 14KB - Virtual size: 14KB

.textbss
Size: - Virtual size: 148KB

.text
Size: 321KB - Virtual size: 320KB

.rdata
Size: 63KB - Virtual size: 63KB

.data
Size: 5KB - Virtual size: 14KB

.idata
Size: 3KB - Virtual size: 3KB

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 14KB - Virtual size: 14KB