pclient[.]exe | Triage

Sharing

Copy URL Twitter E-mail

General

Target

pclient.exe
Size

1.9MB
MD5

6a4f246a181decbf79baa551f7ac30cb
SHA1

836b1426f19783493dc0a14d4e6df1dc6f11d71c
SHA256

87df205452e0a45ce91752b2a3445f2aac510ac86496176dd53ffd7f4c49f483
SHA512

4202cea33a34243ca2bcc9fdcf29d27e685c515b4c78e7d0cf8e955906d0f22e27ca2e9914d5ac25d16624194dc77e1604d3c5f8bbfcb2febd30cefb71f9917e
SSDEEP

24576:mepPgSXXd19gHSo2R1saXkaxidAXrw/hASIe4EVh9Bruskku4cWKlLM:mwYfcsa0vWJE3XvkWKl

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
pclient.exe

Files

pclient.exe
.exe windows:6 windows x64 arch:x64

596334ebd2e6f461f61a2c1820eaadcc

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

kernel32

GetVolumeNameForVolumeMountPointW
HeapCreate
CancelIo
SetEvent
ResetEvent
CreateEventW
GetSystemInfo
GetVersionExW
SetInformationJobObject
GetProcessAffinityMask
DeleteAtom
lstrlenW
AddAtomW
FoldStringW
SetThreadLocale
ReadConsoleOutputW
GetConsoleTitleW
WriteConsoleW
CloseHandle
SetFilePointerEx
GetConsoleMode
GetConsoleOutputCP
FlushFileBuffers
HeapReAlloc
HeapSize
GetProcessHeap
LCMapStringW
FlsFree
FlsSetValue
FlsGetValue
FlsAlloc
GetFileSize
FindNextChangeNotification
CreateFileW
GetModuleHandleA
GetProcAddress
LoadLibraryA
GetStringTypeW
GetFileType
QueryPerformanceCounter
GetCurrentProcessId
GetCurrentThreadId
GetSystemTimeAsFileTime
InitializeSListHead
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
IsDebuggerPresent
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetStartupInfoW
IsProcessorFeaturePresent
GetModuleHandleW
RtlUnwindEx
GetLastError
SetLastError
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
InitializeCriticalSectionAndSpinCount
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
FreeLibrary
LoadLibraryExW
EncodePointer
RaiseException
RtlPcToFileHeader
GetStdHandle
WriteFile
GetModuleFileNameW
GetCurrentProcess
ExitProcess
TerminateProcess
GetModuleHandleExW
HeapAlloc
HeapFree
FindClose
FindFirstFileExW
FindNextFileW
IsValidCodePage
GetACP
GetOEMCP
GetCPInfo
GetCommandLineA
GetCommandLineW
MultiByteToWideChar
WideCharToMultiByte
GetEnvironmentStringsW
FreeEnvironmentStringsW
SetStdHandle

winspool.drv

ResetPrinterW
ConnectToPrinterDlg
SetFormW
GetFormW
SetJobW
FindFirstPrinterChangeNotification
SetPrinterDataW
EnumPrinterDataExW
EnumPrinterDataW
GetPrinterDataExW
GetPrinterDataW
ScheduleJob
WritePrinter
SetPrinterW
FindClosePrinterChangeNotification

version

VerQueryValueW
GetFileVersionInfoW
GetFileVersionInfoSizeW
VerInstallFileW

comctl32

ord411
ord410
ord14
ord15
ord13
ord412

gdiplus

GdiplusStartup

userenv

GetProfilesDirectoryW
GetUserProfileDirectoryW

Sections

.text
Size: 1.4MB - Virtual size: 1.4MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 428KB - Virtual size: 427KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 47KB - Virtual size: 66KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

_RDATA
Size: 512B - Virtual size: 500B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

596334ebd2e6f461f61a2c1820eaadcc

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

winspool.drv

version

comctl32

gdiplus

userenv

Sections

.text Size: 1.4MB - Virtual size: 1.4MB

.rdata Size: 428KB - Virtual size: 427KB

.data Size: 47KB - Virtual size: 66KB

.pdata Size: 4KB - Virtual size: 4KB

_RDATA Size: 512B - Virtual size: 500B

.rsrc Size: 2KB - Virtual size: 1KB

.reloc Size: 2KB - Virtual size: 1KB

.text
Size: 1.4MB - Virtual size: 1.4MB

.rdata
Size: 428KB - Virtual size: 427KB

.data
Size: 47KB - Virtual size: 66KB

.pdata
Size: 4KB - Virtual size: 4KB

_RDATA
Size: 512B - Virtual size: 500B

.rsrc
Size: 2KB - Virtual size: 1KB

.reloc
Size: 2KB - Virtual size: 1KB