3e33a26f112e1110abb685f4bede6fa59745eb8a4ac91502363e84782b14fc55

Sharing

Copy URL Twitter E-mail

General

Target

3e33a26f112e1110abb685f4bede6fa59745eb8a4ac91502363e84782b14fc55
Size

483KB
MD5

6a5cede3e561de332c01c125db6fdc13
SHA1

f5cab3929334de37ea115f630b9b3dc96151af4b
SHA256

3e33a26f112e1110abb685f4bede6fa59745eb8a4ac91502363e84782b14fc55
SHA512

54d69448e12d5e1e8cfa05c9f4c0e06c9f31f108068d200c1584277d0f0339bdef72c3e611f9f230534009e09061a54eaf4f04f0d0188db9e92f60937bb4f2cb
SSDEEP

6144:ws0/z5ra/SBeupW4Yas/EFzO3IoS8q3ZqdqE+WY0JDE+rl7epn71g6Ts:LKYaZFq3Ih8eK+N0JDY71ts

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
3e33a26f112e1110abb685f4bede6fa59745eb8a4ac91502363e84782b14fc55

Files

3e33a26f112e1110abb685f4bede6fa59745eb8a4ac91502363e84782b14fc55
.dll windows:6 windows x86 arch:x86

79ad5058465f02c074e83fa1d59741a6

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

C:\projects\winevdm\Release\vm86.pdb

Imports

libwine

wine_ldt_get_ptr
wine_ldt_free_entries
wine_ldt
wine_ldt_copy
wine_get_cs
wine_get_gs
wine_get_ds
wine_ldt_alloc_entries
wine_ldt_set_entry
wine_get_fs
wine_get_ss
wine_get_es

user32

wsprintfA
MessageBoxA

imagehlp

SymGetModuleInfo
SymInitialize
SymGetLineFromAddr
SymFromAddr

kernel32

K32EnumProcessModules
IsDebuggerPresent
InitializeSListHead
DisableThreadLibraryCalls
GetSystemTimeAsFileTime
QueryPerformanceCounter
IsProcessorFeaturePresent
TerminateProcess
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetModuleHandleW
GetProcessHeap
GetCurrentProcessId
GetProcAddress
AddVectoredExceptionHandler
HeapAlloc
ResetEvent
CreateThread
TryEnterCriticalSection
HeapFree
EnterCriticalSection
GetCurrentProcess
WaitForMultipleObjects
K32GetModuleFileNameExW
LeaveCriticalSection
InitializeCriticalSection
WaitForSingleObject
GetCurrentThreadId
ExitThread
GetModuleHandleA
RtlCaptureStackBackTrace
OpenProcess
CreateEventW
GetExitCodeThread
SetEvent
LoadLibraryA
CloseHandle
RaiseException
K32GetModuleInformation

vcruntime140

_except_handler4_common
strrchr
wcsrchr
memset
__std_type_info_destroy_list
__std_exception_copy
__std_exception_destroy
_CxxThrowException
memcpy
__CxxFrameHandler3

api-ms-win-crt-runtime-l1-1-0

_cexit
_execute_onexit_table
_initialize_onexit_table
_initialize_narrow_environment
_configure_narrow_argv
exit
_seh_filter_dll
_initterm_e
_initterm

api-ms-win-crt-heap-l1-1-0

malloc
calloc
_callnewh
free

api-ms-win-crt-stdio-l1-1-0

__stdio_common_vsprintf
fflush
__acrt_iob_func
__stdio_common_vfprintf
__stdio_common_vfwprintf

api-ms-win-crt-math-l1-1-0

_libm_sse2_sqrt_precise

Exports

Exports

disassemble_debug
init_vm86
load_x87function
wine_call_to_16_regs_vm86
wine_call_to_16_vm86

Sections

.text
Size: 358KB - Virtual size: 357KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 76KB - Virtual size: 75KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 68KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 480B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 43KB - Virtual size: 42KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

79ad5058465f02c074e83fa1d59741a6

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

libwine

user32

imagehlp

kernel32

vcruntime140

api-ms-win-crt-runtime-l1-1-0

api-ms-win-crt-heap-l1-1-0

api-ms-win-crt-stdio-l1-1-0

api-ms-win-crt-math-l1-1-0

Exports

Exports

Sections

.text Size: 358KB - Virtual size: 357KB

.rdata Size: 76KB - Virtual size: 75KB

.data Size: 4KB - Virtual size: 68KB

.rsrc Size: 512B - Virtual size: 480B

.reloc Size: 43KB - Virtual size: 42KB

.text
Size: 358KB - Virtual size: 357KB

.rdata
Size: 76KB - Virtual size: 75KB

.data
Size: 4KB - Virtual size: 68KB

.rsrc
Size: 512B - Virtual size: 480B

.reloc
Size: 43KB - Virtual size: 42KB