c4ae57987216a5b1a1dede52b0ebe611

General

Target

c4ae57987216a5b1a1dede52b0ebe611
Size

15KB
MD5

c4ae57987216a5b1a1dede52b0ebe611
SHA1

2903039e0ea1c577a6b034513f45bc62af0a09c5
SHA256

15a76b1d2689b76087ba2e88d2a99db1c9c8a0967a93828688c6af11a9666b1c
SHA512

03e7fa96b02cda89161c35679f9e6d429f3ecf0e8360f337714c99b287df113a05b5c208127e61013704785ad68ca3e083679dc6564782d42d755ca4fe778e66
SSDEEP

384:h5ZrxZ9ijmvnwh74wINmtWjzMTOn6NQPOXaIi:hH1Z9ijYcWvp7f

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
c4ae57987216a5b1a1dede52b0ebe611

Files

c4ae57987216a5b1a1dede52b0ebe611
.exe windows:4 windows x86 arch:x86

d0fbc2bed4f5aa548452e779949a98c2

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

C:\cygwin\tmp\2007-MessageQueue\MessageQueue.pdb

Imports

rpcrt4

NdrClientCall2
RpcStringFreeA
RpcBindingToStringBindingA
UuidToStringA
RpcMgmtEpEltInqNextA
RpcMgmtEpEltInqBegin
RpcBindingFromStringBindingA
RpcStringBindingComposeA
RpcBindingFree

kernel32

InterlockedCompareExchange
Sleep
InterlockedExchange
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
GetSystemTimeAsFileTime
GetCurrentProcessId
GetCurrentThreadId
GetLastError
GetVersionExA
GetTickCount
QueryPerformanceCounter

ws2_32

send
connect
socket
htons
inet_addr
WSAStartup
recv

msvcr80d

_decode_pointer
_onexit
_lock
__dllonexit
_unlock
_invoke_watson
malloc
free
exit
printf
fflush
__iob_func
strcpy
atoi
strlen
strchr
strcmp
sprintf
memset
memcpy
mbstowcs
wcslen
wcscat
memcmp
_except_handler4_common
_configthreadlocale
__setusermatherr
_adjust_fdiv
__p__commode
__p__fmode
_encode_pointer
__set_app_type
_amsg_exit
__getmainargs
_exit
_XcptFilter
_cexit
__initenv
_CrtSetCheckCount
_CrtDbgReportW
_initterm
_initterm_e
?terminate@@YAXXZ
_controlfp_s

Sections

.text
Size: 7KB - Virtual size: 7KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

d0fbc2bed4f5aa548452e779949a98c2

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

rpcrt4

kernel32

ws2_32

msvcr80d

Sections

.text Size: 7KB - Virtual size: 7KB

.rdata Size: 4KB - Virtual size: 3KB

.data Size: 3KB - Virtual size: 3KB

.text
Size: 7KB - Virtual size: 7KB

.rdata
Size: 4KB - Virtual size: 3KB

.data
Size: 3KB - Virtual size: 3KB