8127851428eab960927fcf9c0d2e2bdbb992f9d8b08643158067d87e6096f59e

Sharing

Copy URL Twitter E-mail

General

Target

8127851428eab960927fcf9c0d2e2bdbb992f9d8b08643158067d87e6096f59e
Size

1.4MB
MD5

6eec23d075816617a18e5bb29d1e4f76
SHA1

a439f9b5828f89fba9fc4baba9e268a37930b9a8
SHA256

8127851428eab960927fcf9c0d2e2bdbb992f9d8b08643158067d87e6096f59e
SHA512

a52d4f1f9f932e7a783aea9e9585250062161b7f1e35579e91440edc16e68d299b470c7ea5431ef8e4fa7cc0cd46d05d683367f412de8263f3616d9646c8954a
SSDEEP

12288:htfAJfF6ktQ+LewXmQrIFnvaR8cKR1nCHEqosaJFJ3k98YcD:htiF6NLwexaR8cKR5CkJJFJ3ShcD

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
8127851428eab960927fcf9c0d2e2bdbb992f9d8b08643158067d87e6096f59e

Files

8127851428eab960927fcf9c0d2e2bdbb992f9d8b08643158067d87e6096f59e
.exe windows:6 windows x86 arch:x86

b502ddb9cacdbdcf29350e85028fe380

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

c:\ZoomCode\client_sdk_2019_kof\Bin\Release\zCrashReportExe.pdb

Imports

kernel32

SystemTimeToFileTime
GetModuleHandleW
FreeLibrary
WideCharToMultiByte
SystemTimeToTzSpecificLocalTime
VirtualQueryEx
EnterCriticalSection
LeaveCriticalSection
WaitForSingleObject
CreateEventW
SetEvent
ResetEvent
FindFirstFileW
GetFileSizeEx
GetFullPathNameW
FindNextFileW
FindClose
K32GetProcessImageFileNameW
K32GetProcessMemoryInfo
FileTimeToSystemTime
GetLocalTime
ReadProcessMemory
GetSystemTime
GetProcessTimes
GetCommandLineW
GetCurrentThreadId
lstrcmpiW
LoadLibraryExW
ReadFile
WriteFile
TerminateProcess
LoadResource
CreateToolhelp32Snapshot
Process32NextW
Process32FirstW
CreateThread
GetCurrentProcessId
GlobalMemoryStatusEx
CreateProcessW
GetExitCodeProcess
OutputDebugStringW
InitializeSListHead
GetSystemTimeAsFileTime
QueryPerformanceCounter
GetStartupInfoW
IsDebuggerPresent
IsProcessorFeaturePresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
WaitForSingleObjectEx
InitializeCriticalSectionAndSpinCount
WritePrivateProfileStringW
HeapFree
FindResourceExW
LoadLibraryW
GlobalFree
LockResource
FormatMessageW
Sleep
CreateFileW
GetPrivateProfileStringW
MultiByteToWideChar
OpenProcess
GetFileAttributesW
GetModuleFileNameW
GetCurrentProcess
SetLastError
SizeofResource
CreateDirectoryW
MapViewOfFile
DeleteCriticalSection
HeapDestroy
DecodePointer
GetSystemInfo
RaiseException
HeapReAlloc
HeapSize
UnmapViewOfFile
OpenFileMappingW
GetLastError
InitializeCriticalSectionEx
FindResourceW
GetProcessHeap
GetProcAddress
HeapAlloc
CloseHandle
CreateMutexW

user32

PostMessageW
SetProcessDefaultLayout
SendMessageW
DestroyWindow
DefWindowProcW
EnumDisplayDevicesW
IsWindow
CharNextW
GetGuiResources

advapi32

RegOpenKeyExW
RegQueryValueExW
LookupPrivilegeValueW
AdjustTokenPrivileges
RegQueryInfoKeyW
RegDeleteKeyW
RegCreateKeyExW
RegEnumKeyExW
RegSetValueExW
OpenProcessToken
RegDeleteValueW
GetUserNameW
RegCloseKey

shell32

CommandLineToArgvW

ole32

CoTaskMemRealloc
CoTaskMemFree
CoCreateInstance
CoUninitialize
CoTaskMemAlloc
CoInitialize

oleaut32

VarUI4FromStr

shlwapi

PathStripPathW

comctl32

InitCommonControlsEx

msvcp140

?_Xlength_error@std@@YAXPBD@Z

vcruntime140

wcschr
wcsstr
wcsrchr
_purecall
strchr
__current_exception
__current_exception_context
memset
_CxxThrowException
_except_handler4_common
memmove
memcpy
__std_exception_destroy
__CxxFrameHandler3
memcmp
__std_exception_copy

api-ms-win-crt-runtime-l1-1-0

_errno
_invalid_parameter_noinfo_noreturn
_c_exit
_invalid_parameter_noinfo
_initterm
_exit
exit
_initterm_e
_get_wide_winmain_command_line
_initialize_wide_environment
_configure_wide_argv
_set_app_type
_seh_filter_exe
_cexit
_crt_atexit
_register_onexit_function
_initialize_onexit_table
_controlfp_s
_register_thread_local_exe_atexit_callback
terminate

api-ms-win-crt-heap-l1-1-0

_recalloc
free
_callnewh
_set_new_mode
malloc

api-ms-win-crt-string-l1-1-0

isdigit
isspace
isalpha
wcsncpy_s
_wcsicmp
wcsnlen
wmemcpy_s
wcspbrk
wcscpy_s
strncmp

api-ms-win-crt-stdio-l1-1-0

__stdio_common_vsprintf
fwrite
__stdio_common_vsnprintf_s
fgetc
__p__commode
fseek
__stdio_common_vfprintf
ferror
fputc
ftell
__stdio_common_vswprintf_s
fread
_wfopen_s
_set_fmode
__stdio_common_vswprintf
fclose

api-ms-win-crt-time-l1-1-0

_time64
_gmtime64_s
strftime

api-ms-win-crt-convert-l1-1-0

_wtoi

api-ms-win-crt-math-l1-1-0

__setusermatherr

api-ms-win-crt-locale-l1-1-0

_configthreadlocale

Sections

.text
Size: 74KB - Virtual size: 74KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 24KB - Virtual size: 23KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 83KB - Virtual size: 82KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1.2MB - Virtual size: 1.8MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

b502ddb9cacdbdcf29350e85028fe380

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

user32

advapi32

shell32

ole32

oleaut32

shlwapi

comctl32

msvcp140

vcruntime140

api-ms-win-crt-runtime-l1-1-0

api-ms-win-crt-heap-l1-1-0

api-ms-win-crt-string-l1-1-0

api-ms-win-crt-stdio-l1-1-0

api-ms-win-crt-time-l1-1-0

api-ms-win-crt-convert-l1-1-0

api-ms-win-crt-math-l1-1-0

api-ms-win-crt-locale-l1-1-0

Sections

.text Size: 74KB - Virtual size: 74KB

.rdata Size: 24KB - Virtual size: 23KB

.data Size: 512B - Virtual size: 1KB

.rsrc Size: 83KB - Virtual size: 82KB

.reloc Size: 1.2MB - Virtual size: 1.8MB

.text
Size: 74KB - Virtual size: 74KB

.rdata
Size: 24KB - Virtual size: 23KB

.data
Size: 512B - Virtual size: 1KB

.rsrc
Size: 83KB - Virtual size: 82KB

.reloc
Size: 1.2MB - Virtual size: 1.8MB