64058ff2ee3237192a72151227ecd78e8c873dd53f7bc8ae2567ddec07d49e78

Sharing

Copy URL

Twitter E-mail

General

Target

64058ff2ee3237192a72151227ecd78e8c873dd53f7bc8ae2567ddec07d49e78
Size

1.5MB
MD5

1c5e73c0af6ad6e6873ed49d684ed55b
SHA1

7ff861f322d17a131a262c7911bf4583cd364d98
SHA256

64058ff2ee3237192a72151227ecd78e8c873dd53f7bc8ae2567ddec07d49e78
SHA512

e82b7d76bffdecb72e6e193c5132f45529697cb9bece9e59389b189a08a9ddd1c02991a341ac2dafaee72d0c781ef6ba12cf64b3a8a2cb6f91a4456e21a2abd9
SSDEEP

12288:/UrTduSZpUdxB30GHrVxGnXQSaWt+DNISOgv3isiyWcn:/UrTduSZpUR0GHrVQ1aW4mSOgv3isi

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
64058ff2ee3237192a72151227ecd78e8c873dd53f7bc8ae2567ddec07d49e78

Files

64058ff2ee3237192a72151227ecd78e8c873dd53f7bc8ae2567ddec07d49e78
.exe windows:5 windows x86 arch:x86

f5a42fce54ee1d373dc3e03083f60545

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

C:\bld_area\SymQualClient_r7.6.3_13\VS11XP\Bin\Win32\Release\symerr.pdb

Imports

kernel32

InterlockedDecrement
GetProcAddress
OpenProcess
GetCurrentProcess
InterlockedIncrement
GetModuleHandleW
SetPriorityClass
GetPriorityClass
GetFileAttributesW
CreateFileW
OutputDebugStringW
GetModuleFileNameW
LoadLibraryExW
lstrlenW
CloseHandle
ReadFile
GetFileSize
DuplicateHandle
GetLastError
GetCurrentThreadId
GetCurrentProcessId
QueryPerformanceCounter
IsProcessorFeaturePresent
IsDebuggerPresent
DecodePointer
EncodePointer
GetProcessHeap
HeapSize
HeapFree
HeapReAlloc
HeapAlloc
HeapDestroy
LoadLibraryExA
FreeLibrary
InterlockedExchange
RaiseException
GetSystemTimeAsFileTime

advapi32

GetTraceEnableLevel
GetTraceLoggerHandle
UnregisterTraceGuids
RegisterTraceGuidsW
ControlTraceW
TraceMessage
RegQueryValueExW
RegOpenKeyExW
RegCloseKey
GetTraceEnableFlags

ole32

CoInitializeSecurity

msvcp110

?_Syserror_map@std@@YAPBDH@Z
??0id@locale@std@@QAE@I@Z
?_Xout_of_range@std@@YAXPBD@Z
?_Xlength_error@std@@YAXPBD@Z
?_Xbad_alloc@std@@YAXXZ
?_Orphan_all@_Container_base0@std@@QAEXXZ
?_Winerror_map@std@@YAPBDH@Z

shlwapi

PathIsUNCServerW
PathAppendW
PathAddBackslashW
PathRemoveFileSpecW

msvcr110

wcslen
wcsncpy_s
wcsstr
_wcsnicmp
mbstowcs_s
_splitpath_s
??3@YAXPAX@Z
vswprintf_s
_snwprintf_s
??_V@YAXPAX@Z
memset
strlen
_purecall
??2@YAPAXI@Z
??0exception@std@@QAE@ABQBD@Z
??0exception@std@@QAE@ABQBDH@Z
??0exception@std@@QAE@ABV01@@Z
??1exception@std@@UAE@XZ
?what@exception@std@@UBEPBDXZ
_CxxThrowException
__CxxFrameHandler3
memcpy
wcscmp
_lock
_unlock
_calloc_crt
wcscpy_s
_onexit
_crt_debugger_hook
__crtUnhandledException
__crtTerminateProcess
_except_handler4_common
??1type_info@@UAE@XZ
?terminate@@YAXXZ
_XcptFilter
__crtGetShowWindowMode
_amsg_exit
__wgetmainargs
__set_app_type
exit
_exit
_cexit
_configthreadlocale
__setusermatherr
_initterm_e
_initterm
_wcmdln
_fmode
_commode
__crtSetUnhandledExceptionFilter
_invoke_watson
_controlfp_s
wcschr
wcscat_s
_stricmp
memmove
strcat_s
strcpy_s
__dllonexit
iswxdigit
_waccess

Sections

.text
Size: 27KB - Virtual size: 26KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 33KB - Virtual size: 32KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1.4MB - Virtual size: 2.3MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

f5a42fce54ee1d373dc3e03083f60545

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

advapi32

ole32

msvcp110

shlwapi

msvcr110

Sections

.text Size: 27KB - Virtual size: 26KB

.rdata Size: 8KB - Virtual size: 8KB

.data Size: 1024B - Virtual size: 1KB

.rsrc Size: 33KB - Virtual size: 32KB

.reloc Size: 1.4MB - Virtual size: 2.3MB

.text
Size: 27KB - Virtual size: 26KB

.rdata
Size: 8KB - Virtual size: 8KB

.data
Size: 1024B - Virtual size: 1KB

.rsrc
Size: 33KB - Virtual size: 32KB

.reloc
Size: 1.4MB - Virtual size: 2.3MB