7e00c20efccceee9e6ae346b178ff767

Sharing

Copy URL Twitter E-mail

General

Target

7e00c20efccceee9e6ae346b178ff767
Size

280KB
MD5

7e00c20efccceee9e6ae346b178ff767
SHA1

f57d997d330b1472e7662b23ef4d360fc6e15100
SHA256

54ac76adeff7f9f86f7bf362aa23117d9e9ca6866512d54ca1e56a838c24cdd6
SHA512

34ec1f842578e1e18d5b2a86e43cf89a0ae6ba01e0dc9b33d94762441fc280c5949a6aadcc2a208c2f5fcff65c572023b775a45400c923881a9e7784e89f8d18
SSDEEP

6144:ZDczFHtuzmsZo7rguEuZfJ3vi4bxg2AOjQTSD:Z+FNuzm+6VEkb1y

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
7e00c20efccceee9e6ae346b178ff767

Files

7e00c20efccceee9e6ae346b178ff767
.dll windows:4 windows x86 arch:x86

63c451c0b92817644b2e8b7e27f2be71

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

c:\Documents and Settings\admin\Desktop\workspace\hl2 pub\Hl2\Release\PULICA.pdb

Imports

winmm

sndPlaySoundA

kernel32

GetStdHandle
GetProcAddress
GetModuleHandleA
WriteProcessMemory
OpenProcess
VirtualProtect
Sleep
CreateThread
IsBadReadPtr
GetModuleFileNameA
WritePrivateProfileStringA
ExitProcess
GetPrivateProfileIntA
VirtualQuery
HeapAlloc
GetProcessHeap
CloseHandle
GetLocaleInfoW
FlushFileBuffers
GetSystemInfo
VirtualAlloc
SetStdHandle
GetStringTypeW
GetStringTypeA
IsValidCodePage
IsValidLocale
EnumSystemLocalesA
GetLocaleInfoA
GetUserDefaultLCID
GetSystemTimeAsFileTime
GetCurrentProcessId
GetTickCount
QueryPerformanceCounter
LCMapStringW
MultiByteToWideChar
RtlUnwind
GetLocalTime
GetCurrentThreadId
GetCommandLineA
GetVersionExA
TlsAlloc
SetLastError
GetLastError
TlsFree
TlsSetValue
TlsGetValue
TerminateProcess
GetCurrentProcess
SetHandleCount
ReadFile
GetFileType
GetStartupInfoA
DeleteCriticalSection
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
WideCharToMultiByte
GetEnvironmentStringsW
UnhandledExceptionFilter
WriteFile
LeaveCriticalSection
EnterCriticalSection
GetACP
GetOEMCP
GetCPInfo
SetUnhandledExceptionFilter
IsBadWritePtr
IsBadCodePtr
SetFilePointer
RaiseException
InitializeCriticalSection
InterlockedExchange
LoadLibraryA
LCMapStringA

user32

GetWindowTextA
wsprintfA
FindWindowA
GetAsyncKeyState
GetWindowThreadProcessId

shell32

ShellExecuteA

vstdlib

RandomSeed
Q_strncpy
Q_snprintf
KeyValuesSystem
Q_strnicmp
RandomFloat

tier0

?ExitScope@CVProfNode@@QAE_NXZ
Error
?EnterScope@CVProfNode@@QAEXXZ
GetCPUInformation
?GetSubNode@CVProfNode@@QAEPAV1@PBDH0H@Z
g_VProfCurrentProfile
Msg
g_pMemAlloc

Sections

.text
Size: 200KB - Virtual size: 197KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 44KB - Virtual size: 41KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 215KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 20KB - Virtual size: 18KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

63c451c0b92817644b2e8b7e27f2be71

Headers

File Characteristics

PDB Paths

Imports

winmm

kernel32

user32

shell32

vstdlib

tier0

Sections

.text Size: 200KB - Virtual size: 197KB

.rdata Size: 44KB - Virtual size: 41KB

.data Size: 12KB - Virtual size: 215KB

.reloc Size: 20KB - Virtual size: 18KB

.text
Size: 200KB - Virtual size: 197KB

.rdata
Size: 44KB - Virtual size: 41KB

.data
Size: 12KB - Virtual size: 215KB

.reloc
Size: 20KB - Virtual size: 18KB