36a12a0509a8c5eae035bb206cde2cd485ef7948c543a066100e6149036080a1

Sharing

Copy URL Twitter E-mail

General

Target

36a12a0509a8c5eae035bb206cde2cd485ef7948c543a066100e6149036080a1
Size

1.7MB
MD5

2db48ada81c55e1ef669b43d1fe605ba
SHA1

0422c1862115a4496be2661ccfbdae1f9db3238b
SHA256

36a12a0509a8c5eae035bb206cde2cd485ef7948c543a066100e6149036080a1
SHA512

f6465aff4f6fb9f57ce4db883693ff897b9b0619ef767d9002a76b991563604d6c9d49c6d529304689503ec156191fe3e5970938a3bf6d5e4c50cc623bdb999b
SSDEEP

49152:BkZ/FZMcvuMTjkVCT89eQdoVNKHnTM7wpN6mbM3+h:qZXwedVNKDBkA

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
36a12a0509a8c5eae035bb206cde2cd485ef7948c543a066100e6149036080a1

Files

36a12a0509a8c5eae035bb206cde2cd485ef7948c543a066100e6149036080a1
.exe windows:6 windows x86 arch:x86

220339eb2fc40a854cda6a1bafbbef7f

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

C:\workspace\exman-corelib_release-7.11\ExManCmd\Bin\Win\Release\ExManCmd.pdb

Imports

exmancorelib

ExManUpdateExtension
ExManGetUpdateInfoByExtId
ExManGetExtensionVersion
ExManGetCountOfProductVersions
ExManSetLoggingLevel
ExManGetExtensionHandleByName
ExManInit
ExManSetIsFromDir
ExManGetUpdateInfoByProduct
ExManInstallExtension
ExManGetExtensionCountOfProductByDisplayName
ExManRemoveExtensionForAll
ExManSetSkipEncrypted
ExManInstallExtensionForAll
ExManStartCheckUpdate
ExManEnableExtension
ExManGetExtensionName
ExManRemoveExtension
ExManGetCountOfUpdateExtByProduct
ExManGetProductNameByProductDisplayName
ExManGetExtensionsListOfProductByDisplayName
ExManSetIMSCredentials
ExManGetExtensionStatus
ExManGetProductsList
ExManGetProductVersionsList
ExManDisableExtension
ExManGetCountOfProduct
ExManWaitUpdateComplete
ExManTerminate
ExManGetExtensionMetadataStruct
ExManIsProd

vulcancontrol

?GetInstance@IVulcanController@api5@vulcan@adobe@@SA?AW4VulcanControlErrorCode@@PAPAV1234@@Z
?ReleaseInstance@IVulcanController@api5@vulcan@adobe@@SAXXZ

kernel32

WriteFile
SetFilePointer
GetTempPathW
CreateFileW
GetCurrentThreadId
GetLastError
DeleteFileW
CloseHandle
lstrcmpW
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSection
DeleteCriticalSection
ReadFile
GetFileSizeEx
MultiByteToWideChar
FileTimeToSystemTime
GetLocalTime
GetTimeFormatW
SystemTimeToFileTime
WideCharToMultiByte
GetDateFormatW
CreateMutexW
WaitForSingleObject
FindNextFileW
OpenMutexW
GetFileAttributesW
SetFileAttributesW
LoadLibraryW
GetProcAddress
SetConsoleTextAttribute
GetConsoleScreenBufferInfo
FreeLibrary
GetCurrentProcess
GetVersionExW
GetModuleHandleW
HeapSize
WriteConsoleW
SetStdHandle
SetEnvironmentVariableW
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetOEMCP
IsValidCodePage
FindFirstFileExW
ReleaseMutex
FindFirstFileW
GetStringTypeW
EncodePointer
DecodePointer
SetLastError
InitializeCriticalSectionAndSpinCount
CreateEventW
Sleep
TlsAlloc
TlsGetValue
TlsSetValue
GetCurrentProcessId
GetSystemTimeAsFileTime
CompareStringW
LCMapStringW
GetLocaleInfoW
GetCPInfo
SetEvent
ResetEvent
WaitForSingleObjectEx
QueryPerformanceCounter
InitializeSListHead
IsDebuggerPresent
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetStartupInfoW
IsProcessorFeaturePresent
TerminateProcess
CreateDirectoryW
GetFileAttributesExW
RemoveDirectoryW
SetEndOfFile
MoveFileExW
GetCurrentDirectoryW
GetLongPathNameW
GetSystemDirectoryW
FindClose
GetEnvironmentVariableA
SetEnvironmentVariableA
GetSystemInfo
GetComputerNameA
GetStdHandle
GetExitCodeProcess
SetThreadPriority
GetExitCodeThread
GetModuleFileNameW
RaiseException
RtlUnwind
LoadLibraryExW
InterlockedPushEntrySList
GetTimeZoneInformation
HeapAlloc
HeapReAlloc
HeapFree
ExitProcess
GetModuleHandleExW
GetCommandLineA
GetCommandLineW
GetACP
CreateThread
ExitThread
FreeLibraryAndExitThread
CreateProcessA
GetFileType
IsValidLocale
GetUserDefaultLCID
EnumSystemLocalesW
GetConsoleMode
ReadConsoleW
FlushFileBuffers
GetConsoleCP
SetFilePointerEx
GetProcessHeap
TlsFree

shell32

SHCreateDirectoryExW
SHGetKnownFolderPath
SHGetFolderPathW

ole32

CoInitialize
CoTaskMemFree

shlwapi

PathIsDirectoryW
PathAppendW
PathIsFileSpecW
PathRenameExtensionW
PathRemoveExtensionW
PathRemoveFileSpecW
PathFindFileNameW
PathFileExistsW
PathAddExtensionW

iphlpapi

GetAdaptersInfo

advapi32

RegSetValueExW
CryptReleaseContext
CryptGenRandom
DeregisterEventSource
RegisterEventSourceW
ReportEventW
RegCloseKey
RegCreateKeyExW
CryptAcquireContextW

Sections

.text
Size: 806KB - Virtual size: 805KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 274KB - Virtual size: 274KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 17KB - Virtual size: 25KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.gfids
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.tls
Size: 512B - Virtual size: 9B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 612KB - Virtual size: 616KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

220339eb2fc40a854cda6a1bafbbef7f

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

exmancorelib

vulcancontrol

kernel32

shell32

ole32

shlwapi

iphlpapi

advapi32

Sections

.text Size: 806KB - Virtual size: 805KB

.rdata Size: 274KB - Virtual size: 274KB

.data Size: 17KB - Virtual size: 25KB

.gfids Size: 2KB - Virtual size: 2KB

.tls Size: 512B - Virtual size: 9B

.rsrc Size: 2KB - Virtual size: 2KB

.reloc Size: 612KB - Virtual size: 616KB

.text
Size: 806KB - Virtual size: 805KB

.rdata
Size: 274KB - Virtual size: 274KB

.data
Size: 17KB - Virtual size: 25KB

.gfids
Size: 2KB - Virtual size: 2KB

.tls
Size: 512B - Virtual size: 9B

.rsrc
Size: 2KB - Virtual size: 2KB

.reloc
Size: 612KB - Virtual size: 616KB