e27cef1eef9bb156182af23c3d1d16f034dd03cde96c30b6b462b2d3c9f85273

Sharing

Copy URL Twitter E-mail

General

Target

e27cef1eef9bb156182af23c3d1d16f034dd03cde96c30b6b462b2d3c9f85273
Size

89KB
MD5

2070049f37827ca0d965e34932615cb1
SHA1

0fc57e7a4fc13f69bff073f685e8ce776700475a
SHA256

e27cef1eef9bb156182af23c3d1d16f034dd03cde96c30b6b462b2d3c9f85273
SHA512

bc66d3ef633e6a681304ace6759736bac9af89595d9f64c3a30827dfa317e0519d23a3c7c8be2530c61c833b78455f2f487fd8e842332a3186efecb83b131fae
SSDEEP

1536:VedWBIS5SDGeL5+E+vpTStP6OIvTNQXQb0hu78L1fwH38yKcg++gxV8:VedWBr2L5+XBTGP6OIkPkBKcg++gD8

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
e27cef1eef9bb156182af23c3d1d16f034dd03cde96c30b6b462b2d3c9f85273

Files

e27cef1eef9bb156182af23c3d1d16f034dd03cde96c30b6b462b2d3c9f85273
.exe windows:5 windows x86 arch:x86

fdc3367f9f1bcb5ef617b65fe4d5539d

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

D:\192.168.2.24-SmartECGNet\SDK\Trunk\ECGView\ECGViewerOCX\Release\ReportCreator\GSTransformer.pdb

Imports

gsdll32

gsapi_init_with_args
gsapi_new_instance
gsapi_delete_instance
gsapi_exit
gsapi_set_arg_encoding

mfc100

ord265
ord1294
ord266
ord1296

msvcr100

fopen_s
fread
fprintf
ferror
ftell
fseek
fclose
strncmp
isspace
strchr
isalnum
tolower
isalpha
_vsnprintf_s
__getmainargs
_cexit
_exit
_XcptFilter
exit
__initenv
_initterm
_initterm_e
_configthreadlocale
__setusermatherr
_commode
_fmode
__set_app_type
?terminate@@YAXXZ
_unlock
__dllonexit
_lock
_onexit
_crt_debugger_hook
?_type_info_dtor_internal_method@type_info@@QAEXXZ
_except_handler4_common
_invoke_watson
_controlfp_s
fputc
memmove
_purecall
strncpy
__CxxFrameHandler3
memcpy
_amsg_exit
memset

kernel32

SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetSystemTimeAsFileTime
GetCurrentProcessId
GetCurrentThreadId
GetTickCount
QueryPerformanceCounter
GetCurrentProcess
TerminateProcess
DecodePointer
EncodePointer
HeapSetInformation
InterlockedCompareExchange
Sleep
InterlockedExchange
MultiByteToWideChar
WideCharToMultiByte
IsDebuggerPresent

Sections

.text
Size: 35KB - Virtual size: 35KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 9KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 38KB - Virtual size: 38KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

fdc3367f9f1bcb5ef617b65fe4d5539d

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

gsdll32

mfc100

msvcr100

kernel32

Sections

.text Size: 35KB - Virtual size: 35KB

.rdata Size: 9KB - Virtual size: 9KB

.data Size: 1024B - Virtual size: 1KB

.rsrc Size: 38KB - Virtual size: 38KB

.reloc Size: 4KB - Virtual size: 3KB

.text
Size: 35KB - Virtual size: 35KB

.rdata
Size: 9KB - Virtual size: 9KB

.data
Size: 1024B - Virtual size: 1KB

.rsrc
Size: 38KB - Virtual size: 38KB

.reloc
Size: 4KB - Virtual size: 3KB