d5cb3aba8cf8a718d118966c46fd7ac6

Sharing

Copy URL Twitter E-mail

General

Target

d5cb3aba8cf8a718d118966c46fd7ac6
Size

112KB
MD5

d5cb3aba8cf8a718d118966c46fd7ac6
SHA1

f776f7b73fe7b508b7f01f3df3e699bc8e9a3e61
SHA256

29e85b41b295887ae7d6487c559db00eae029aecebd7af3d781c6751a8c447ee
SHA512

a73b8ac67299687ee3c3e75d8b9412127cec53d904bfd36e691d33da4e2875fb4acdc648dac61eb473c0ded7154ede5ef98d6ffda824c8eab69f416ff5fd4216
SSDEEP

1536:9lVgJBBr9jJn2Gbql83kPBHX9F7wSCwCugB3K2DSBoXyS4bBPm24RAWQMBsfpzS2:9aBrxwJguBHXXfCwCum0BxHbBOHBCm

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
d5cb3aba8cf8a718d118966c46fd7ac6

Files

d5cb3aba8cf8a718d118966c46fd7ac6
.exe windows:6 windows x86 arch:x86

57c06a7c65f26915e22ddfce3b064918

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

VmDemux.pdb

Imports

advapi32

ConvertStringSecurityDescriptorToSecurityDescriptorW

kernel32

FreeLibrary
GetProcAddress
LoadLibraryW
LocalFree
FormatMessageW
CloseHandle
GetLastError
GetOverlappedResult
ResetEvent
CreateEventW
Sleep
GetTickCount
CreateProcessW
CreateIoCompletionPort
TerminateProcess
GetQueuedCompletionStatus
CancelIo
WriteFile
ReadFile
CreateFileW
SetCommTimeouts
SetCommState
GetCommState
SetupComm
PurgeComm
CreateNamedPipeW
ConnectNamedPipe
DisconnectNamedPipe
DeviceIoControl
UnhandledExceptionFilter
GetCurrentProcess
GetSystemTimeAsFileTime
GetCurrentProcessId
GetCurrentThreadId
QueryPerformanceCounter
GetModuleHandleA
SetUnhandledExceptionFilter
OutputDebugStringA
InterlockedCompareExchange
InterlockedExchange

msvcrt

_vsnwprintf
_getch
_kbhit
wcschr
_wtoi
_CxxThrowException
??0exception@@QAE@ABV0@@Z
??1exception@@UAE@XZ
??0exception@@QAE@XZ
??0exception@@QAE@ABQBD@Z
?what@exception@@UBEPBDXZ
free
malloc
__CxxFrameHandler
_errno
memcpy
_callnewh
__wgetmainargs
_cexit
_exit
_XcptFilter
_initterm
_amsg_exit
__setusermatherr
__p__commode
__p__fmode
__set_app_type
??1type_info@@UAE@XZ
_unlock
__dllonexit
_lock
_onexit
?terminate@@YAXXZ
_controlfp
mbtowc
__mb_cur_max
isleadbyte
_snprintf
_itoa
ferror
__badioinfo
__pioinfo
_fileno
_lseeki64
_write
_isatty
printf
isgraph
memmove
exit
memset
_purecall
time
localtime
vfwprintf
_iob
fprintf

ntdll

RtlUnwind

Sections

.text
Size: 59KB - Virtual size: 59KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 49KB - Virtual size: 52KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

57c06a7c65f26915e22ddfce3b064918

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

advapi32

kernel32

msvcrt

ntdll

Sections

.text Size: 59KB - Virtual size: 59KB

.data Size: 1024B - Virtual size: 1KB

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 49KB - Virtual size: 52KB

.text
Size: 59KB - Virtual size: 59KB

.data
Size: 1024B - Virtual size: 1KB

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 49KB - Virtual size: 52KB