cbb2edf3fdc28c80b323da3a4c7cd8ee

Sharing

Copy URL Twitter E-mail

General

Target

cbb2edf3fdc28c80b323da3a4c7cd8ee
Size

13KB
MD5

cbb2edf3fdc28c80b323da3a4c7cd8ee
SHA1

fa38e41dc0c8758007eb005d694ff96409f3b1da
SHA256

b09f4eff8387c78bf228aefa1d5dfcafe8c463e90249bf0de118adbd47081a26
SHA512

b97ab30ba8d53377cc840186f8ec8edab79de41384839f79835370db99dacf2db8b6efaeaaa53bc7e965a1f222f8e4836c292aaf2ddffdd902b1c72d76f02476
SSDEEP

192:1ponilPk62HqQJB7tOtbslBMWsdc26reWwpYSqu:1pMilclHq87tOtbATEkeWwpYSq

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
cbb2edf3fdc28c80b323da3a4c7cd8ee

Files

cbb2edf3fdc28c80b323da3a4c7cd8ee
.exe windows:6 windows x86 arch:x86

245f4035d417ee68bed1944e3fbb3812

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

S:\wtf\_x86\service.heimdall\svc.heimdall.cui.srv:pdb

Imports

lib.io.char

?create@CharWriter@@SA?AV?$Ref@VCharWriter@@@@V?$Ref@VStream@Interfaces@@@@I@Z
?create@CharPrinter@@SA?AV?$Ref@VCharPrinter@@@@V?$Ref@VCharWriter@@@@@Z
?str@StrConv@@SA?AV?$Ref@VString@@@@I@Z

svc.node

?create@Stream@Providers@Nodes@Services@@SA?AV?$Ref@VStream@Interfaces@@@@V?$Ref@VProvider@Nodes@Services@@@@@Z

lib.syslog

?procName@SysLog@@SAXV?$Ref@VString@@@@@Z
?thdName@SysLog@@SAXV?$Ref@VString@@@@@Z
?stdOutPrinter@SysLogStream@@SA?AV?$Ref@VSysLogStream@@@@XZ
?id@SysLogFilter@@SAII@Z
?reg@SysLogFilter@@SAIPBD@Z
?state@SysLogFilter@@SA_NI@Z
?level@SysLogFilter@@SAIXZ

svc.console

?create@TerminalMan@@SA?AV?$Ref@VTerminalMan@@@@V?$Ref@VString@@@@I@Z

system

?create@Chn@@SA?AV?$Ref@VChn@@@@V?$Ref@VConMan@@@@@Z
?cancelled@Thd@@SA_NXZ
?create@Thd@@SA?AV?$Ref@VThd@@@@V?$Ref@VExec@@@@IIIV?$Ref@VString@@@@@Z
?create@Mon@@SA?AV?$Ref@VMon@@@@I@Z
?create@OutMsg@@SA?AV?$Ref@VOutMsg@@@@XZ
?create@String@@SA?AV?$Ref@VString@@@@ABV?$Ref@VInMsg@@@@@Z
?create@String@@SA?AV?$Ref@VString@@@@PBDII@Z
??1Object@@MAE@XZ
?selfTest@Object@@UAE_NV?$Ref@VStream@Interfaces@@@@@Z
?dump@Object@@UAEXV?$Ref@VStream@Interfaces@@@@@Z
?_selfTest@Object@@UAE_NV?$Ref@VStream@Interfaces@@@@@Z
?_dump@Object@@UAEXV?$Ref@VStream@Interfaces@@@@@Z
?gcproxy@Object@@UAEPAVGcProxy@@XZ
?obj@Object@@UAE?AV?$Ref@VObject@@@@XZ
?counterRef@Object@@UAEIXZ
?unlockRef@Object@@UAEXXZ
?lockRef@Object@@UAEXXZ
?decRef@Object@@UAEXXZ
?incRef@Object@@UAEXXZ
??0Object@@QAE@XZ
?create@Chn@@SA?AV?$Ref@VChn@@@@V?$Ref@VConMan@@@@V?$Ref@VString@@@@@Z
?free@Heap@@SAXPAXI0@Z
?alloc@Heap@@SAPAXIIPAX@Z
??_7type_info@@6B@
?setExitCode@Proc@@SAII@Z
?lock@InitCode@@SAXXZ
?unlock@InitCode@@SAXXZ

Sections

.text
Size: 6KB - Virtual size: 5KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 196B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 960B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 612B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

245f4035d417ee68bed1944e3fbb3812

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

lib.io.char

svc.node

lib.syslog

svc.console

system

Sections

.text Size: 6KB - Virtual size: 5KB

.rdata Size: 4KB - Virtual size: 3KB

.data Size: 512B - Virtual size: 196B

.rsrc Size: 1024B - Virtual size: 960B

.reloc Size: 1024B - Virtual size: 612B

.text
Size: 6KB - Virtual size: 5KB

.rdata
Size: 4KB - Virtual size: 3KB

.data
Size: 512B - Virtual size: 196B

.rsrc
Size: 1024B - Virtual size: 960B

.reloc
Size: 1024B - Virtual size: 612B