475309e9a1316fbf50d11bbd7da2775e782cb9032ebdea7a33cc95726ce3c35a

Sharing

Copy URL Twitter E-mail

General

Target

475309e9a1316fbf50d11bbd7da2775e782cb9032ebdea7a33cc95726ce3c35a
Size

791KB
MD5

22a901ba60ca29a3b25247fd26575c42
SHA1

57e4e94e091118994a0d64466e6152affcc0e659
SHA256

475309e9a1316fbf50d11bbd7da2775e782cb9032ebdea7a33cc95726ce3c35a
SHA512

f07b66f3f519a834a9e52f8c49b50c1755f31b0f2a2d59259f96ab58794fbc768b56d9f803b251278ee95c270b650085444837ee7067400e317054168c222699
SSDEEP

24576:CAlBilrd7zHInI+6oA7B7R2mwTywUqqyjHeIhUn:CrNzHIJmBsmwT1pqyj+IWn

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
475309e9a1316fbf50d11bbd7da2775e782cb9032ebdea7a33cc95726ce3c35a

Files

475309e9a1316fbf50d11bbd7da2775e782cb9032ebdea7a33cc95726ce3c35a
.exe windows:5 windows x86 arch:x86

05b033e4e05c70f5f18d18b1ed66ebc3

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

H:\Work\rcimage\bin\Win32\Release\pdb\2345PicDumper.pdb

Imports

kernel32

GetLastError
GetFileAttributesExW
GetACP
MultiByteToWideChar
WideCharToMultiByte
GetProcAddress
HeapFree
HeapAlloc
GetProcessHeap
CreateMutexW
WaitForSingleObject
ReleaseMutex
CloseHandle
OpenMutexW
ReadFile
WriteFile
SetFilePointer
SetEndOfFile
GetFileSize
CreateDirectoryW
lstrlenW
RemoveDirectoryW
GetFileAttributesW
SetFileAttributesW
DeleteFileW
MoveFileExW
GetTempFileNameW
MoveFileW
FormatMessageW
CreateFileW
LoadLibraryW
FreeLibrary
GetCurrentThreadId
GetVersionExW
OpenProcess
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSection
DeleteCriticalSection
LockResource
LoadResource
FindResourceW
GetModuleHandleW
lstrcmpiW
GetCurrentProcess
GetModuleFileNameW
InterlockedExchange
SetLastError
InterlockedExchangeAdd
GetTickCount
GetCurrentProcessId
LoadLibraryExW
FindClose
LocalFree
FindNextFileW
SwitchToThread
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
GetSystemTimeAsFileTime
EncodePointer
DecodePointer
CompareStringW
LCMapStringW
GetLocaleInfoW
GetStringTypeW
GetCPInfo
UnhandledExceptionFilter
SetUnhandledExceptionFilter
TerminateProcess
IsProcessorFeaturePresent
QueryPerformanceCounter
InitializeSListHead
IsDebuggerPresent
GetStartupInfoW
UnmapViewOfFile
DuplicateHandle
GetFileInformationByHandle
FileTimeToSystemTime
GetLocalTime
SystemTimeToFileTime
GetFileType
GetSystemTime
CreateFileMappingW
MapViewOfFile
FileTimeToDosDateTime
RtlUnwind
RaiseException
GetStdHandle
ExitProcess
GetModuleHandleExW
FlushFileBuffers
GetConsoleCP
GetConsoleMode
IsValidLocale
GetUserDefaultLCID
EnumSystemLocalesW
ReadConsoleW
SetFilePointerEx
GetTimeZoneInformation
HeapReAlloc
OutputDebugStringW
FindFirstFileExW
IsValidCodePage
GetOEMCP
GetCommandLineA
GetCommandLineW
GetEnvironmentStringsW
FreeEnvironmentStringsW
SetEnvironmentVariableA
SetStdHandle
WriteConsoleW
HeapSize
ExpandEnvironmentStringsW
LoadLibraryA
lstrcatW
lstrcpyW
GetFileSizeEx
FindFirstFileW
InitializeCriticalSectionAndSpinCount
SetErrorMode

shell32

SHGetPathFromIDListW
SHGetSpecialFolderLocation

ole32

CoTaskMemFree

imm32

ImmDisableIME

advapi32

GetUserNameW

Exports

Exports

CheckSigner

Sections

.text
Size: 526KB - Virtual size: 525KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 140KB - Virtual size: 140KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 5KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 91KB - Virtual size: 92KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

05b033e4e05c70f5f18d18b1ed66ebc3

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

shell32

ole32

imm32

advapi32

Exports

Exports

Sections

.text Size: 526KB - Virtual size: 525KB

.rdata Size: 140KB - Virtual size: 140KB

.data Size: 5KB - Virtual size: 10KB

.rsrc Size: 8KB - Virtual size: 7KB

.reloc Size: 91KB - Virtual size: 92KB

.text
Size: 526KB - Virtual size: 525KB

.rdata
Size: 140KB - Virtual size: 140KB

.data
Size: 5KB - Virtual size: 10KB

.rsrc
Size: 8KB - Virtual size: 7KB

.reloc
Size: 91KB - Virtual size: 92KB