bd2c42500579613db8b7c861a6679253

Sharing

Copy URL Twitter E-mail

General

Target

bd2c42500579613db8b7c861a6679253
Size

222KB
MD5

bd2c42500579613db8b7c861a6679253
SHA1

7aa58e0c045c0bcedee30fe267bb6a26eb751108
SHA256

4c05283fc7314ee8ef2a962b11870ad24013c3d5274f7dbfb6981c0c38c43395
SHA512

680dbd7faa5a2d0caad6a9958a80289a85cbb062d28617409210d5e0b3855fa5e9e145049b5d4955e88929ac044a7911107eea8c25796d0e6faa19e4339f6a4a
SSDEEP

6144:A1BcPUcxhDOQIPzgrp8F4gacCrEdsh/P2/O:AcPUcxAYqNau2h/+

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
bd2c42500579613db8b7c861a6679253

Files

bd2c42500579613db8b7c861a6679253
.dll windows:5 windows x86 arch:x86

e57b5ca73c78307e9416fb63268f72c4

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

C:\build\source\datatype_rn\rm\imagemap\renderer\rel32\imaprender.pdb

Imports

kernel32

GetVersionExA
GetVersion
GetSystemInfo
InterlockedExchange
Sleep
InterlockedCompareExchange
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
DisableThreadLibraryCalls
QueryPerformanceCounter
GetTickCount
GetCurrentThreadId
GetCurrentProcessId
GetSystemTimeAsFileTime
GetModuleHandleA

msvcr90

??3@YAXPAX@Z
_strnicmp
strstr
memset
memcpy
_purecall
?_type_info_dtor_internal_method@type_info@@QAEXXZ
?terminate@@YAXXZ
_except_handler4_common
_onexit
_lock
__dllonexit
_unlock
__clean_type_info_names_internal
_crt_debugger_hook
__CppXcptFilter
strncat
_stricmp
strtol
_adjust_fdiv
_amsg_exit
_initterm_e
_initterm
_decode_pointer
_encoded_null
free
_malloc_crt
_encode_pointer
isupper
tolower
??2@YAPAXI@Z
_putenv
strncpy
strrchr
_vsnprintf
strchr
_localtime32
_time32
??_V@YAXPAX@Z
fclose
fprintf
asctime
fopen
??_U@YAPAXI@Z
memmove

user32

CharNextA
GetSystemMetrics
SetCursor
GetCursor
LoadCursorA

gdi32

CreatePen
DeleteObject
GetStockObject

advapi32

RegQueryValueA
RegOpenKeyA
RegSetValueA
RegEnumKeyExA
RegCloseKey
RegOpenKeyExA
RegEnumKeyA
RegDeleteKeyA
RegCreateKeyA

Exports

Exports

CanUnload2
RMACreateInstance

Sections

.text
Size: 29KB - Virtual size: 29KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 177KB - Virtual size: 177KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

e57b5ca73c78307e9416fb63268f72c4

Headers

File Characteristics

PDB Paths

Imports

kernel32

msvcr90

user32

gdi32

advapi32

Exports

Exports

Sections

.text Size: 29KB - Virtual size: 29KB

.rdata Size: 8KB - Virtual size: 8KB

.data Size: 177KB - Virtual size: 177KB

.rsrc Size: 2KB - Virtual size: 2KB

.reloc Size: 3KB - Virtual size: 3KB

.text
Size: 29KB - Virtual size: 29KB

.rdata
Size: 8KB - Virtual size: 8KB

.data
Size: 177KB - Virtual size: 177KB

.rsrc
Size: 2KB - Virtual size: 2KB

.reloc
Size: 3KB - Virtual size: 3KB