ffce223419c194082365d519d40ea49279fbc0d9b8925f10c2b07d52f6bf8ad6

Sharing

Copy URL Twitter E-mail

General

Target

ffce223419c194082365d519d40ea49279fbc0d9b8925f10c2b07d52f6bf8ad6
Size

251KB
MD5

9f4ce0daf0f31e346e79f6eb080c2023
SHA1

2261ffa1ac7dc9da27739ca60448b65a2f78a8b4
SHA256

ffce223419c194082365d519d40ea49279fbc0d9b8925f10c2b07d52f6bf8ad6
SHA512

4e4287fda0e743293eb5fe0d610c664e72dca4bc5b388775f09905b8315fb5f2742c2063267927ebba6a6e6819fd9663fa4a517b8ba6902482021c43dda36a3f
SSDEEP

6144:2fRNWPQOWbrgX0JYu7JgoSla8/+qPWZ7e:2mQOWPgX8Jr807

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
ffce223419c194082365d519d40ea49279fbc0d9b8925f10c2b07d52f6bf8ad6

Files

ffce223419c194082365d519d40ea49279fbc0d9b8925f10c2b07d52f6bf8ad6
.exe windows:6 windows x64 arch:x64

4ffc74ccce14ef4c597b4dfa02d18723

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

D:\WorkSpace\FileDetail\FileInfoCollect\x64\Release\FileInfoCollect.pdb

Imports

shell32

CommandLineToArgvW

wintrust

WinVerifyTrust
CryptCATAdminEnumCatalogFromHash
CryptCATAdminAcquireContext
CryptCATCatalogInfoFromContext
CryptCATAdminReleaseContext
CryptCATAdminReleaseCatalogContext
CryptCATAdminCalcHashFromFileHandle

crypt32

CryptMsgUpdate
CryptBinaryToStringA
CryptMsgOpenToDecode
CryptQueryObject
CertCloseStore
CryptMsgGetParam
CertFindCertificateInStore
CertOpenStore
CertComparePublicKeyInfo
CertGetNameStringA
CertFindExtension
CryptMsgClose
CryptDecodeObject
CertFreeCertificateContext

shlwapi

PathFileExistsW

advapi32

RegQueryValueExW
CryptAcquireContextW
CryptCreateHash
CryptHashData
CryptDestroyHash
CryptGetHashParam
CryptReleaseContext
LookupPrivilegeValueW
AdjustTokenPrivileges
RegCloseKey
RegOpenKeyExW
OpenProcessToken

version

GetFileVersionInfoSizeW
VerQueryValueW
GetFileVersionInfoW

kernel32

SetStdHandle
GetStringTypeW
FlushFileBuffers
ReadFile
ReadConsoleW
HeapSize
HeapReAlloc
WriteConsoleW
SetEndOfFile
UnhandledExceptionFilter
GetProcessHeap
SetEnvironmentVariableW
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineW
Sleep
LocalFree
CreateFileW
UnmapViewOfFile
CloseHandle
GetFileSize
CreateFileMappingW
MapViewOfFile
FindFirstFileW
FindNextFileW
GetCurrentProcess
FindClose
GetSystemDirectoryW
GetFileAttributesExW
DeleteFileW
GetProcAddress
GetModuleHandleW
WideCharToMultiByte
MultiByteToWideChar
FileTimeToSystemTime
FileTimeToLocalFileTime
SystemTimeToFileTime
GetModuleFileNameW
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
SetUnhandledExceptionFilter
TerminateProcess
IsProcessorFeaturePresent
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSectionAndSpinCount
DeleteCriticalSection
CreateEventW
IsDebuggerPresent
GetStartupInfoW
QueryPerformanceCounter
GetCurrentProcessId
GetCurrentThreadId
GetSystemTimeAsFileTime
InitializeSListHead
GetCPInfo
RtlUnwindEx
RtlPcToFileHeader
RaiseException
GetLastError
SetLastError
EncodePointer
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
FreeLibrary
LoadLibraryExW
ExitProcess
GetModuleHandleExW
GetStdHandle
WriteFile
GetCommandLineA
HeapAlloc
HeapFree
CompareStringW
LCMapStringW
GetFileType
GetConsoleCP
GetConsoleMode
GetFileSizeEx
SetFilePointerEx
FindFirstFileExW
IsValidCodePage
GetACP
GetOEMCP

Sections

.text
Size: 183KB - Virtual size: 183KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 52KB - Virtual size: 52KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1024B - Virtual size: 648B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

4ffc74ccce14ef4c597b4dfa02d18723

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

shell32

wintrust

crypt32

shlwapi

advapi32

version

kernel32

Sections

.text Size: 183KB - Virtual size: 183KB

.rdata Size: 52KB - Virtual size: 52KB

.data Size: 3KB - Virtual size: 7KB

.pdata Size: 8KB - Virtual size: 8KB

.rsrc Size: 1024B - Virtual size: 648B

.reloc Size: 2KB - Virtual size: 1KB

.text
Size: 183KB - Virtual size: 183KB

.rdata
Size: 52KB - Virtual size: 52KB

.data
Size: 3KB - Virtual size: 7KB

.pdata
Size: 8KB - Virtual size: 8KB

.rsrc
Size: 1024B - Virtual size: 648B

.reloc
Size: 2KB - Virtual size: 1KB