fc897750f3dc0cb70093f90c004c1d76048cde71e94179a3da7ba2f95df2914c

Sharing

Copy URL Twitter E-mail

General

Target

fc897750f3dc0cb70093f90c004c1d76048cde71e94179a3da7ba2f95df2914c
Size

1024KB
MD5

f4dbd0cbe118f824960b290c2754a103
SHA1

dbdfcd71458f1ce62d6d488d5a1cf1aaaa8232b2
SHA256

fc897750f3dc0cb70093f90c004c1d76048cde71e94179a3da7ba2f95df2914c
SHA512

45c16b942a2668b6dd0ffc735d4a306112d9267c3e9a66da4a3052d7b7e9943943de8b9ef518cd95c7dee14bf2e2f7378a84141d2fe135bf6af744be013fce16
SSDEEP

24576:cZZQmo152iZviw5Oy+j7gFI/RYud2+bIxvazs:MiFigm/RYud2+bIFazs

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
fc897750f3dc0cb70093f90c004c1d76048cde71e94179a3da7ba2f95df2914c

Files

fc897750f3dc0cb70093f90c004c1d76048cde71e94179a3da7ba2f95df2914c
.exe windows:5 windows x86 arch:x86

500f87be4af08f57c07b264ec889c970

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

D:\Jenkins\.jenkins\workspace\support\computer_center\computercenter\Release\computercenter.pdb

Imports

kernel32

InterlockedCompareExchange
WaitForMultipleObjects
GetTickCount
CreateProcessW
GetStartupInfoW
InterlockedIncrement
InterlockedDecrement
FreeLibrary
VirtualProtect
GetCurrentProcessId
SetUnhandledExceptionFilter
LoadLibraryW
LoadLibraryExW
DeleteFileW
IsBadReadPtr
GetCommandLineW
WritePrivateProfileStringW
ReleaseMutex
FindClose
lstrlenW
GetFullPathNameW
FindFirstFileW
FindNextFileW
GetModuleFileNameA
GetPrivateProfileStringA
WideCharToMultiByte
lstrcmpW
LocalFree
TerminateProcess
GetFileSizeEx
WriteFile
ReadFile
FlushFileBuffers
GetSystemDirectoryW
CreateFileW
CreateTimerQueue
UnregisterWaitEx
QueryDepthSList
ReleaseSemaphore
DuplicateHandle
GetModuleHandleA
UnregisterWait
RegisterWaitForSingleObject
SetThreadAffinityMask
GetProcessAffinityMask
GetNumaHighestNodeNumber
DeleteTimerQueueTimer
ChangeTimerQueueTimer
CreateTimerQueueTimer
GetLogicalProcessorInformation
GetThreadPriority
SetThreadPriority
SignalObjectAndWait
TryEnterCriticalSection
InterlockedExchange
CreateEventW
WaitForSingleObjectEx
CloseHandle
WaitForSingleObject
SetEvent
SetLastError
GetCurrentThreadId
MultiByteToWideChar
GetPrivateProfileStringW
GetPrivateProfileIntW
FindResourceExW
FindResourceW
GetModuleHandleW
GetModuleFileNameW
lstrcmpiW
SizeofResource
LoadResource
DeleteCriticalSection
InitializeCriticalSectionAndSpinCount
LeaveCriticalSection
EnterCriticalSection
InitializeCriticalSection
GetLastError
RaiseException
GetCurrentProcess
GetProcessHeap
HeapSize
SetEnvironmentVariableA
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineA
GetOEMCP
IsValidCodePage
FindFirstFileExW
WriteConsoleW
SetStdHandle
ReadConsoleW
EnumSystemLocalesW
GetUserDefaultLCID
IsValidLocale
GetCurrentThread
GetACP
GetStdHandle
ExitProcess
GetTimeZoneInformation
GetConsoleMode
GetConsoleCP
SetFilePointerEx
GetFileType
SetConsoleCtrlHandler
GetFileAttributesExW
GetModuleHandleExW
FreeLibraryAndExitThread
ExitThread
HeapFree
HeapReAlloc
CreateThread
InterlockedFlushSList
RtlUnwind
CreateMutexW
HeapAlloc
HeapDestroy
DecodePointer
GetProcAddress
LockResource
GetThreadTimes
IsDebuggerPresent
OutputDebugStringW
EncodePointer
InitializeSListHead
InterlockedPopEntrySList
InterlockedPushEntrySList
FlushInstructionCache
IsProcessorFeaturePresent
VirtualAlloc
VirtualFree
LoadLibraryExA
GetStringTypeW
FormatMessageW
SwitchToThread
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
GetSystemTimeAsFileTime
CompareStringW
LCMapStringW
GetLocaleInfoW
GetCPInfo
UnhandledExceptionFilter
QueryPerformanceCounter
GetVersionExW
MapViewOfFile
UnmapViewOfFile
CreateFileMappingW
OpenFileMappingW
DeviceIoControl
lstrcmpA
lstrcmpiA
CreateFileA
Sleep
FreeResource
GetSystemWindowsDirectoryW
ConnectNamedPipe
CreateIoCompletionPort
GetQueuedCompletionStatus
PostQueuedCompletionStatus
WaitForMultipleObjectsEx
DisconnectNamedPipe
CreateNamedPipeW
CreateDirectoryW
SetEndOfFile

user32

RegisterClassExW
wsprintfW
SendNotifyMessageW
RegisterWindowMessageW
GetMessageW
LoadIconW
GetParent
SendMessageW
FindWindowW
PostQuitMessage
PostMessageW
WaitForInputIdle
LoadCursorW
SetWindowLongW
TranslateMessage
DispatchMessageW
PeekMessageW
CallWindowProcW
DefWindowProcW
GetWindowLongW
KillTimer
SetTimer
DestroyWindow
GetClassInfoExW
CreateWindowExW
IsWindow
ShowWindow
CharNextW
UnregisterClassW

advapi32

OpenProcessToken
GetTokenInformation
RegQueryValueExA
RegOpenKeyExA
RegEnumKeyExA
RegCreateKeyW
RegSetValueExW
RegQueryInfoKeyW
RegDeleteValueW
RegDeleteKeyW
RegCreateKeyExW
RegEnumKeyExW
RegQueryValueExW
RegOpenKeyExW
RegCloseKey

shell32

Shell_NotifyIconW
ShellExecuteExW
ShellExecuteW

ole32

CoCreateInstance
CoTaskMemAlloc
CoTaskMemRealloc
CoTaskMemFree
CoCreateGuid
CoUninitialize
CoInitialize
CLSIDFromProgID

oleaut32

SysAllocString
SysFreeString
VarUI4FromStr

shlwapi

PathFindFileNameW
PathFileExistsW
PathRemoveFileSpecW
PathAppendW
PathCombineW
StrCmpIW
StrTrimA
StrCmpNIW
SHSetValueA
SHGetValueA
StrStrIA
PathIsRelativeW
StrStrIW
PathAppendA
PathFileExistsA
PathRemoveFileSpecA
PathUnquoteSpacesW
PathIsDirectoryW

comctl32

InitCommonControlsEx

version

GetFileVersionInfoSizeW
GetFileVersionInfoW
VerQueryValueW

wininet

InternetGetConnectedState

iphlpapi

GetAdaptersInfo

crypt32

CertGetNameStringW

wintrust

WTHelperProvDataFromStateData
WinVerifyTrust

urlmon

URLDownloadToCacheFileW
URLDownloadToFileW

Sections

.text
Size: 639KB - Virtual size: 639KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 323KB - Virtual size: 323KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 19KB - Virtual size: 28KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 34KB - Virtual size: 34KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

500f87be4af08f57c07b264ec889c970

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

user32

advapi32

shell32

ole32

oleaut32

shlwapi

comctl32

version

wininet

iphlpapi

crypt32

wintrust

urlmon

Sections

.text Size: 639KB - Virtual size: 639KB

.rdata Size: 323KB - Virtual size: 323KB

.data Size: 19KB - Virtual size: 28KB

.rsrc Size: 2KB - Virtual size: 2KB

.reloc Size: 34KB - Virtual size: 34KB

.text
Size: 639KB - Virtual size: 639KB

.rdata
Size: 323KB - Virtual size: 323KB

.data
Size: 19KB - Virtual size: 28KB

.rsrc
Size: 2KB - Virtual size: 2KB

.reloc
Size: 34KB - Virtual size: 34KB