293b82b911c3c73880fb7643a4f1e3bb7f6a2a2819b6ffda80e8850695df08b5

Sharing

Copy URL Twitter E-mail

General

Target

293b82b911c3c73880fb7643a4f1e3bb7f6a2a2819b6ffda80e8850695df08b5
Size

3.6MB
MD5

9908131b980073ae9219db47b7c813ea
SHA1

3914b7686e83041df6f20a73423f353e59d12b7c
SHA256

293b82b911c3c73880fb7643a4f1e3bb7f6a2a2819b6ffda80e8850695df08b5
SHA512

b6d1958b18b9f24a3fdf7a3129782a8119c2aabebbff8cce2009396a41e0b1fbb7d969a7fd1c120483281dc0d5a364cdda7545a46133d22d3920a6d95dd0486c
SSDEEP

98304:I9Q27cqPdk1Zrm+coYpUSEyzADNdAu/YF1HhCOSr2F4ow:Ij/Pdk1xyoY2SfcDNal1Hi2y

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
293b82b911c3c73880fb7643a4f1e3bb7f6a2a2819b6ffda80e8850695df08b5

Files

293b82b911c3c73880fb7643a4f1e3bb7f6a2a2819b6ffda80e8850695df08b5
.dll windows:5 windows x86 arch:x86

d2f0be00d83437061aacc9a3f7cd9e3d

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

C:\Jenkins\jobs\BuildDriverWithParameter\workspace\Windows\Core\Release\ES2Image.pdb

Imports

kernel32

WaitForSingleObject
SetEvent
GlobalFree
GlobalAlloc
GlobalLock
GlobalUnlock
CreateFileMappingW
MapViewOfFile
FlushViewOfFile
UnmapViewOfFile
GetModuleHandleW
LoadLibraryExW
GetProcAddress
FreeLibrary
GetLastError
FindFirstFileW
FindNextFileW
FindClose
CloseHandle
WaitForMultipleObjects
UnhandledExceptionFilter
InterlockedExchange
InterlockedCompareExchange
GetCurrentProcess
GetVersion
GetTickCount
VirtualAlloc
VirtualFree
GetModuleHandleA
LoadResource
LockResource
SizeofResource
FindResourceA
FindResourceW
CreateEventW
LeaveCriticalSection
EnterCriticalSection
DeleteCriticalSection
DeleteFileW
Sleep
GetSystemTimeAsFileTime
GetCurrentProcessId
QueryPerformanceCounter
IsDebuggerPresent
SetUnhandledExceptionFilter
TerminateProcess
DecodePointer
EncodePointer
GetTempPathW
GetModuleFileNameW
CreateDirectoryW
GetTempFileNameW
VerifyVersionInfoW
LoadLibraryW
VerSetConditionMask
CreateFileW
ReadFile
GetFileAttributesW
WriteFile
SetFilePointer
GetFileSize
ReleaseMutex
CreateMutexW
MultiByteToWideChar
WideCharToMultiByte
GetProcessHeap
HeapFree
HeapAlloc
HeapReAlloc
GetCurrentThreadId
GetLocalTime
GetPrivateProfileIntW
GetVersionExW
InitializeCriticalSection
GetPrivateProfileStringW
IsProcessorFeaturePresent

user32

SendMessageW

msvcp100

?clear@?$basic_ios@_WU?$char_traits@_W@std@@@std@@QAEXH_N@Z
?getloc@ios_base@std@@QBE?AVlocale@2@XZ
?_Osfx@?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QAEXXZ
?flush@?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QAEAAV12@XZ
?uncaught_exception@std@@YA_NXZ
?exceptions@ios_base@std@@QAEXH@Z
?imbue@?$basic_ios@_WU?$char_traits@_W@std@@@std@@QAE?AVlocale@2@ABV32@@Z
??1?$basic_ios@_WU?$char_traits@_W@std@@@std@@UAE@XZ
??_7?$basic_ostream@_WU?$char_traits@_W@std@@@std@@6B@
??0?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QAE@PAV?$basic_streambuf@_WU?$char_traits@_W@std@@@1@_N@Z
?widen@?$basic_ios@_WU?$char_traits@_W@std@@@std@@QBE_WD@Z
??0?$basic_ios@_WU?$char_traits@_W@std@@@std@@IAE@XZ
??6?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QAEAAV01@H@Z
?_Orphan_all@_Container_base12@std@@QAEXXZ
??1_Container_base12@std@@QAE@XZ
?_Swap_all@_Container_base12@std@@QAEXAAU12@@Z
?_Xfunc@tr1@std@@YAXXZ
??1?$basic_ios@DU?$char_traits@D@std@@@std@@UAE@XZ
??1?$basic_iostream@DU?$char_traits@D@std@@@std@@UAE@XZ
??_7?$basic_ostream@DU?$char_traits@D@std@@@std@@6B@
??1?$basic_streambuf@DU?$char_traits@D@std@@@std@@UAE@XZ
?_Pninc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAEPADXZ
?_BADOFF@std@@3_JB
?setstate@?$basic_ios@DU?$char_traits@D@std@@@std@@QAEXH_N@Z
?flush@?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV12@XZ
?sync@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAEHXZ
?_Unlock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@UAEXXZ
?_Lock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@UAEXXZ
?_Osfx@?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEXXZ
?sputc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAEHD@Z
?xsputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAE_JPBD_J@Z
?_Ipfx@?$basic_istream@DU?$char_traits@D@std@@@std@@QAE_N_N@Z
?snextc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAEHXZ
?sgetc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAEHXZ
?sbumpc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAEHXZ
?uflow@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAEHXZ
?showmanyc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAE_JXZ
?xsgetn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAE_JPAD_J@Z
?setbuf@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAEPAV12@PAD_J@Z
?imbue@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAEXABVlocale@2@@Z
?sputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAE_JPBD_J@Z
??0?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAE@XZ
??0?$basic_iostream@DU?$char_traits@D@std@@@std@@QAE@PAV?$basic_streambuf@DU?$char_traits@D@std@@@1@@Z
??0?$basic_ios@DU?$char_traits@D@std@@@std@@IAE@XZ
?setg@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAEXPAD00@Z
??6?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QAEAAV01@I@Z
?sputn@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@QAE_JPB_W_J@Z
?id@?$ctype@D@std@@2V0locale@2@A
?imbue@?$basic_ios@DU?$char_traits@D@std@@@std@@QAE?AVlocale@2@ABV32@@Z
??0?$basic_ostream@DU?$char_traits@D@std@@@std@@QAE@PAV?$basic_streambuf@DU?$char_traits@D@std@@@1@_N@Z
?setstate@?$basic_ios@_WU?$char_traits@_W@std@@@std@@QAEXH_N@Z
??6?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QAEAAV01@G@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@H@Z
?widen@?$basic_ios@DU?$char_traits@D@std@@@std@@QBEDD@Z
?clear@?$basic_ios@DU?$char_traits@D@std@@@std@@QAEXH_N@Z
?_Getcat@?$ctype@D@std@@SAIPAPBVfacet@locale@2@PBV42@@Z
?narrow@?$ctype@D@std@@QBEDDD@Z
?widen@?$ctype@D@std@@QBEDD@Z
?_Xlength_error@std@@YAXPBD@Z
?_Xout_of_range@std@@YAXPBD@Z
?_Orphan_all@_Container_base0@std@@QAEXXZ
?_Decref@facet@locale@std@@QAEPAV123@XZ
??1_Lockit@std@@QAE@XZ
??0_Lockit@std@@QAE@H@Z
?widen@?$ctype@_W@std@@QBE_WD@Z
?_Incref@facet@locale@std@@QAEXXZ
?narrow@?$ctype@_W@std@@QBED_WD@Z
?is@?$ctype@_W@std@@QBE_NF_W@Z
?_Getgloballocale@locale@std@@CAPAV_Locimp@12@XZ
?_Init@locale@std@@CAPAV_Locimp@12@XZ
?_Getcat@?$ctype@_W@std@@SAIPAPBVfacet@locale@2@PBV42@@Z
?id@?$ctype@_W@std@@2V0locale@2@A
??Bid@locale@std@@QAEIXZ
??1?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@UAE@XZ
?imbue@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@MAEXABVlocale@2@@Z
?sync@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@MAEHXZ
?setbuf@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@MAEPAV12@PA_W_J@Z
?xsputn@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@MAE_JPB_W_J@Z
?xsgetn@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@MAE_JPA_W_J@Z
?uflow@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@MAEGXZ
?showmanyc@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@MAE_JXZ
?sputc@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@QAEG_W@Z
??6?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QAEAAV01@K@Z
?_Unlock@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@UAEXXZ
?_Lock@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@UAEXXZ
??0?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@IAE@XZ

msvcr100

_wfsopen
tolower
fwrite
_vsnwprintf_s
_wsplitpath_s
_wfopen_s
sprintf_s
_wtoi
_wtof
fread
atof
_wfopen
_wstat64i32
_errno
_ftelli64
_fseeki64
fopen
ferror
__CxxFrameHandler3
?_name_internal_method@type_info@@QBEPBDPAU__type_info_node@@@Z
__clean_type_info_names_internal
_unlock
__dllonexit
_lock
_onexit
?terminate@@YAXXZ
_malloc_crt
_encoded_null
_initterm
_initterm_e
_amsg_exit
__CppXcptFilter
_crt_debugger_hook
?_type_info_dtor_internal_method@type_info@@QAEXXZ
_except_handler4_common
__RTDynamicCast
_CIlog
_CIpow
_CIcos
_CIsin
_CIatan
_CxxThrowException
floor
_CIexp
_CIsqrt
memset
memcpy
??3@YAXPAX@Z
??0exception@std@@QAE@ABV01@@Z
?what@exception@std@@UBEPBDXZ
??1exception@std@@UAE@XZ
??0exception@std@@QAE@ABQBD@Z
??2@YAPAXI@Z
memmove
??9type_info@@QBE_NABV0@@Z
_purecall
exit
??0bad_cast@std@@QAE@ABV01@@Z
??1bad_cast@std@@UAE@XZ
??0bad_cast@std@@QAE@PBD@Z
memchr
fwprintf
realloc
_getch
rand
__iob_func
fclose
fscanf_s
_stricmp
sscanf_s
fgets
fopen_s
printf
fprintf
??0exception@std@@QAE@ABQBDH@Z
??_V@YAXPAX@Z
_beginthreadex
ceil
memcpy_s
ldiv
free
malloc
??0exception@std@@QAE@XZ
??8type_info@@QBE_NABV0@@Z

mscms

OpenColorProfileW
TranslateBitmapBits
CreateColorTransformW
CloseColorProfile
DeleteColorTransform

version

GetFileVersionInfoSizeW
GetFileVersionInfoW
VerQueryValueW

shlwapi

PathFileExistsW
PathFindFileNameW
PathIsDirectoryW
PathAppendW

advapi32

SetSecurityDescriptorDacl
InitializeSecurityDescriptor

shell32

SHGetSpecialFolderPathW

Exports

Exports

??0_Mutex@std@@QAE@W4_Uninitialized@1@@Z
??4_Init_locks@std@@QAEAAV01@ABV01@@Z
InitFilterChainInstance
InitThumbnailAnalyzer
InitThumbnailCreator

Sections

.text
Size: 712KB - Virtual size: 712KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 152KB - Virtual size: 152KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 2.6MB - Virtual size: 2.6MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 75KB - Virtual size: 75KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

d2f0be00d83437061aacc9a3f7cd9e3d

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

user32

msvcp100

msvcr100

mscms

version

shlwapi

advapi32

shell32

Exports

Exports

Sections

.text Size: 712KB - Virtual size: 712KB

.rdata Size: 152KB - Virtual size: 152KB

.data Size: 2.6MB - Virtual size: 2.6MB

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 75KB - Virtual size: 75KB

.text
Size: 712KB - Virtual size: 712KB

.rdata
Size: 152KB - Virtual size: 152KB

.data
Size: 2.6MB - Virtual size: 2.6MB

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 75KB - Virtual size: 75KB