5651a1f54705f2d251c429437be786b287a43d29fc324804b989ab2d2ab7929e

Sharing

Copy URL Twitter E-mail

General

Target

5651a1f54705f2d251c429437be786b287a43d29fc324804b989ab2d2ab7929e
Size

226KB
MD5

3423f67544c24df0690004ffdb9ea34e
SHA1

fd429760f5d2f5fe91f457f2b65abf89e1ef00f4
SHA256

5651a1f54705f2d251c429437be786b287a43d29fc324804b989ab2d2ab7929e
SHA512

4a0d9c1eb9a163426cce29d456a4a39155b7f3235101a3e066ac74d232186991c958f7d2e1df8aa33b96e2dcd7889a6a853b497a32d6879d68e0d466c256f87b
SSDEEP

3072:KmS277762hbmpO7Q4RuK20zUi+y7Rkco2Aq+gphVEf+eGKwPvwQ1pNVsY5nC1oA8:KmSqP6QmmnGujNAq0IdXwqDVV5C1F8

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
5651a1f54705f2d251c429437be786b287a43d29fc324804b989ab2d2ab7929e

Files

5651a1f54705f2d251c429437be786b287a43d29fc324804b989ab2d2ab7929e
.exe windows:6 windows x86 arch:x86

f858e131a555e3aead830b6f873c6453

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

A:\WindowsSDK7-Samples-master\WindowsSDK7-Samples-master\winbase\rdc\client\Release\RdcSdkTestClient.pdb

Imports

kernel32

CreateFileW
DeleteFileW
GetFileSizeEx
ReadFile
SetFilePointerEx
WriteFile
CloseHandle
GetLastError
CreateThread
VirtualAlloc
LoadLibraryW
DecodePointer
RaiseException
InitializeCriticalSectionAndSpinCount
DeleteCriticalSection
ReadConsoleW
WriteConsoleW
SetStdHandle
GetConsoleMode
GetConsoleCP
FlushFileBuffers
GetStringTypeW
IsDebuggerPresent
OutputDebugStringW
EnterCriticalSection
LeaveCriticalSection
EncodePointer
ExitProcess
GetModuleHandleExW
GetProcAddress
MultiByteToWideChar
WideCharToMultiByte
HeapAlloc
RtlUnwind
HeapFree
GetCommandLineA
IsProcessorFeaturePresent
HeapSize
UnhandledExceptionFilter
SetUnhandledExceptionFilter
SetLastError
Sleep
GetCurrentProcess
TerminateProcess
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
GetStartupInfoW
GetModuleHandleW
GetStdHandle
GetModuleFileNameW
LoadLibraryExW
IsValidCodePage
GetACP
GetOEMCP
GetCPInfo
GetProcessHeap
GetFileType
GetCurrentThreadId
GetModuleFileNameA
QueryPerformanceCounter
GetCurrentProcessId
GetSystemTimeAsFileTime
GetEnvironmentStringsW
FreeEnvironmentStringsW
HeapReAlloc
LCMapStringW
SetEndOfFile

ole32

CoCreateInstance
CoInitializeEx
CoCreateInstanceEx

Exports

Exports

Run

Sections

.text
Size: 113KB - Virtual size: 113KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 30KB - Virtual size: 30KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 6KB - Virtual size: 18KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 67KB - Virtual size: 66KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

f858e131a555e3aead830b6f873c6453

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

ole32

Exports

Exports

Sections

.text Size: 113KB - Virtual size: 113KB

.rdata Size: 30KB - Virtual size: 30KB

.data Size: 6KB - Virtual size: 18KB

.rsrc Size: 67KB - Virtual size: 66KB

.reloc Size: 8KB - Virtual size: 8KB

.text
Size: 113KB - Virtual size: 113KB

.rdata
Size: 30KB - Virtual size: 30KB

.data
Size: 6KB - Virtual size: 18KB

.rsrc
Size: 67KB - Virtual size: 66KB

.reloc
Size: 8KB - Virtual size: 8KB