cd8107501836ae5211005a7287bac3f740132be4262376c949360960846add4b

Sharing

Copy URL

Twitter E-mail

General

Target

cd8107501836ae5211005a7287bac3f740132be4262376c949360960846add4b
Size

598KB
MD5

81deebc60438b36da806676cdd975a29
SHA1

68917350df24b9113d17d706894575eee51cbcbf
SHA256

cd8107501836ae5211005a7287bac3f740132be4262376c949360960846add4b
SHA512

d5cac10b49537c1922d6a4bb23091cbe2fd2e52814cbbb6e0a446a89a4d951bf4324396ffec7dc23d39f763482d4069e338f6653d7a0ddde9fdf229685b98b90
SSDEEP

12288:Y74Cv9f5K9fQtmoHOf3D81jDAhJqCqnajuMJjF9oSbNPMlg013wPA04bvVC:Y71K9fQtVOf3D8lAhJqCqnajuMJjF9oe

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

Processes:

resource
cd8107501836ae5211005a7287bac3f740132be4262376c949360960846add4b

Files

cd8107501836ae5211005a7287bac3f740132be4262376c949360960846add4b
.exe windows:6 windows x64 arch:x64

948ebc8c1756effa3e60be05e7b9f62a

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

D:\user_local_build\Henry\CES18_PDR20_GM3\CES_CacheAgent\CES_CacheAgent\x64_Audio\Release\bin\CES_AudioCacheAgent.pdb

Imports

shlwapi

PathFileExistsW

kernel32

IsValidCodePage
MultiByteToWideChar
GetLastError
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
GetProcAddress
LoadLibraryExW
CloseHandle
CreateThread
SetEvent
WaitForSingleObject
FreeLibrary
GetCurrentThreadId
UnmapViewOfFile
GetCurrentProcessId
InitializeCriticalSection
GetPrivateProfileStringW
CreateMutexW
CreateEventW
CreateFileMappingW
MapViewOfFile
ReleaseMutex
Sleep
OutputDebugStringW
SuspendThread
OpenThread
ResumeThread
TerminateThread
OpenProcess
GetPriorityClass
SetPriorityClass
CreateToolhelp32Snapshot
Thread32First
Thread32Next
GetFileSize
SetThreadPriority
CreateFileW
GetACP
GetFileSizeEx
GetVolumeInformationW
GetDiskFreeSpaceExW
CreateEventA
SetFilePointerEx
GetConsoleMode
GetConsoleCP
WideCharToMultiByte
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetModuleFileNameA
GetFileType
GetProcessHeap
HeapAlloc
GetModuleFileNameW
WriteFile
GetStdHandle
HeapSize
GetModuleHandleExW
ExitProcess
GetOEMCP
GetModuleHandleW
GetStartupInfoW
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
TerminateProcess
GetCurrentProcess
SetStdHandle
WriteConsoleW
DeleteFileW
FlushFileBuffers
LCMapStringW
LoadLibraryW
HeapReAlloc
InitializeCriticalSectionAndSpinCount
SetLastError
SetUnhandledExceptionFilter
GetStringTypeW
GetCPInfo
IsDebuggerPresent
IsProcessorFeaturePresent
EncodePointer
DecodePointer
GetCommandLineA
QueryPerformanceCounter
GetSystemTimeAsFileTime
RtlLookupFunctionEntry
RtlUnwindEx
RtlPcToFileHeader
RaiseException
HeapFree
RtlCaptureContext
RtlVirtualUnwind
UnhandledExceptionFilter

user32

PeekMessageA
FindWindowW
PostMessageA
EndDialog
EndPaint
BeginPaint
DefWindowProcA
DialogBoxParamA
UpdateWindow
ShowWindow
CreateWindowExA
RegisterClassExA
LoadCursorA
LoadIconA
TranslateAcceleratorA
LoadAcceleratorsA
TranslateMessage
DispatchMessageA
GetMessageA
LoadStringA
DestroyWindow
PostQuitMessage

advapi32

RegOpenKeyExW
RegCloseKey
RegQueryValueExW

ole32

CoInitializeEx
CoUninitialize
CoCreateInstance
CoTaskMemFree

gdiplus

GdiplusStartup
GdiplusShutdown

Sections

.text
Size: 90KB - Virtual size: 89KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 43KB - Virtual size: 42KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 6KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 49KB - Virtual size: 48KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 404KB - Virtual size: 1.1MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

948ebc8c1756effa3e60be05e7b9f62a

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

shlwapi

kernel32

user32

advapi32

ole32

gdiplus

Sections

.text Size: 90KB - Virtual size: 89KB

.rdata Size: 43KB - Virtual size: 42KB

.data Size: 6KB - Virtual size: 15KB

.pdata Size: 5KB - Virtual size: 4KB

.rsrc Size: 49KB - Virtual size: 48KB

.reloc Size: 404KB - Virtual size: 1.1MB

.text
Size: 90KB - Virtual size: 89KB

.rdata
Size: 43KB - Virtual size: 42KB

.data
Size: 6KB - Virtual size: 15KB

.pdata
Size: 5KB - Virtual size: 4KB

.rsrc
Size: 49KB - Virtual size: 48KB

.reloc
Size: 404KB - Virtual size: 1.1MB