99428e832351e6f60333a4c6aa45155ab0029fa2c18e8198aa15888745917118

Sharing

Copy URL Twitter E-mail

General

Target

99428e832351e6f60333a4c6aa45155ab0029fa2c18e8198aa15888745917118
Size

94KB
MD5

6ecb9302d86ea9cd860b6ae4b3583cb3
SHA1

474e1555394384c2e75edad998b1c4e95cdf4f58
SHA256

99428e832351e6f60333a4c6aa45155ab0029fa2c18e8198aa15888745917118
SHA512

d55e9455f0b93b8d4758451f71235e36154203e7580181c74270019db7a0aa255a856f56ef790f7b2f0cffc108e8af5000368e0bc0091b46ab0daf5b4741d21b
SSDEEP

1536:TlsxC2L4y1W9Wk7rb6XQoI55k8uIQ0HPT8eeLuB5oGqZ:D2L4MW9f7Pou5k8unAPUO5oZ

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
99428e832351e6f60333a4c6aa45155ab0029fa2c18e8198aa15888745917118

Files

99428e832351e6f60333a4c6aa45155ab0029fa2c18e8198aa15888745917118
.exe windows:6 windows x64 arch:x64

1464a3bd518c9f186532d0e23f08fb0e

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

C:\Dev\work\NetVision\Dev\Install\Scripts\InnoSetup_MULTI\ProgramDir\PgBuild\postgresql\Release\zic\zic.pdb

Imports

kernel32

GetLastError
CopyFileA
CreateDirectoryA
CreateFileA
GetFileAttributesA
GetFileAttributesExA
RemoveDirectoryA
CloseHandle
DeviceIoControl
LocalFree
FormatMessageA
MoveFileExA
MultiByteToWideChar
WideCharToMultiByte
LoadLibraryExA
SleepEx
GetSystemTimeAsFileTime
GetCurrentThreadId
GetCurrentProcessId
QueryPerformanceCounter
EncodePointer
IsProcessorFeaturePresent
IsDebuggerPresent
DecodePointer

msvcr120

sscanf
_errno
exit
abort
strtoll
free
malloc
realloc
memmove
strchr
_time64
memcpy
memset
strcmp
strncmp
_stat64i32
sprintf
strnlen
remove
_dclass
strerror
_fdopen
strstr
_close
_setmode
_open_osfhandle
_wassert
__crt_debugger_hook
__crtUnhandledException
__crtTerminateProcess
__crtCaptureCurrentContext
__crtCapturePreviousContext
_XcptFilter
_amsg_exit
__getmainargs
__set_app_type
_exit
_cexit
_configthreadlocale
__setusermatherr
_initterm_e
_initterm
__C_specific_handler
__initenv
_fmode
_commode
?terminate@@YAXXZ
__crtSetUnhandledExceptionFilter
_lock
_unlock
_calloc_crt
__dllonexit
_onexit
putc
getc
fwrite
fgets
ferror
fclose
__iob_func
strrchr
_strdup
_chdir
_mkdir
_unlink

Sections

.text
Size: 52KB - Virtual size: 51KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 14KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 24KB - Virtual size: 23KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

1464a3bd518c9f186532d0e23f08fb0e

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

msvcr120

Sections

.text Size: 52KB - Virtual size: 51KB

.rdata Size: 14KB - Virtual size: 14KB

.data Size: 512B - Virtual size: 6KB

.pdata Size: 2KB - Virtual size: 2KB

.rsrc Size: 24KB - Virtual size: 23KB

.text
Size: 52KB - Virtual size: 51KB

.rdata
Size: 14KB - Virtual size: 14KB

.data
Size: 512B - Virtual size: 6KB

.pdata
Size: 2KB - Virtual size: 2KB

.rsrc
Size: 24KB - Virtual size: 23KB