6767e53d7854e98190c2792b98bbcc2d67ca9faf30b3b60307590203f488371c

Sharing

Copy URL Twitter E-mail

General

Target

6767e53d7854e98190c2792b98bbcc2d67ca9faf30b3b60307590203f488371c
Size

3.6MB
MD5

4f1726af4777d38473b15c196eb52f45
SHA1

60363c63960661fbf9cfba356e531126bbd76387
SHA256

6767e53d7854e98190c2792b98bbcc2d67ca9faf30b3b60307590203f488371c
SHA512

6251289cefd6d5094c52f5e31128b1cc0d613d14ccaabdb9079037f8f8f3b0bcc43dd77eca55f9c61a9f42d9b68a677de595d04680cdbfbc9925546d151721be
SSDEEP

98304:w6Pt86JLP7L7xUPulg6Wsk14SMMMMMMMMMM0gCYMMCqM0upmUubRP0b:FPtpJk1Upnu9W

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
6767e53d7854e98190c2792b98bbcc2d67ca9faf30b3b60307590203f488371c

Files

6767e53d7854e98190c2792b98bbcc2d67ca9faf30b3b60307590203f488371c
.dll windows:5 windows x86 arch:x86

8458173816351243973eb10569043feb

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

C:\Jenkins\workspace\blackmesa\src\tools\pet\Release\pet.pdb

Imports

user32

GetClipboardData
EmptyClipboard
GetDesktopWindow
CloseClipboard
SetClipboardData
OpenClipboard
wsprintfA

tier0

?EnterScope@CVProfile@@QAEXPBDH0_NH@Z
ThreadSleep
ThreadInterlockedAssignIf64
DevWarning
?Lock@CThreadFastMutex@@ACEXII@Z
?ConWarning@@YAXPBDZZ
CallAssertFailedNotifyFunc
DoNewAssertDialog
ShouldUseNewAssertDialog
_ExitOnFatalAssert
_SpewMessage
_SpewInfo
Plat_MSTime
HushAsserts
GetCPUInformation
?DevMsg@@YAXPBDZZ
Plat_FloatTime
g_VProfCurrentProfile
?ExitScope@CVProfile@@QAEXXZ
?UnlockWrite@CThreadSpinRWLock@@QAEXXZ
?LockForWrite@CThreadSpinRWLock@@QAEXXZ
??0CThreadSpinRWLock@@QAE@XZ
?UnlockRead@CThreadSpinRWLock@@QAEXXZ
?LockForRead@CThreadSpinRWLock@@QAEXXZ
?ConMsg@@YAXPBDZZ
?ConColorMsg@@YAXABVColor@@PBDZZ
Error
g_pVCR
Msg
g_pMemAlloc
WriteMiniDump
DevMsg
COM_TimestampedLog
CommandLine_Tier0
Plat_IsInDebugSession
Warning

rpcrt4

UuidToStringA
UuidCreate
RpcStringFreeA
UuidFromStringA

vstdlib

RandomInt
KeyValuesSystem
RandomFloat

kernel32

GetSystemTimeAsFileTime
ReadFile
GetConsoleMode
GetConsoleCP
LoadLibraryExW
GetModuleFileNameW
WriteFile
LeaveCriticalSection
EnterCriticalSection
HeapFree
SetEndOfFile
GetTimeZoneInformation
CreateFileW
GetFullPathNameW
PeekNamedPipe
GetFileInformationByHandle
FlushFileBuffers
WriteConsoleW
SetStdHandle
OutputDebugStringW
SetFilePointerEx
EnumSystemLocalesW
GetUserDefaultLCID
IsValidLocale
GetLocaleInfoW
LCMapStringW
CompareStringW
CreateDirectoryW
SystemTimeToTzSpecificLocalTime
FindFirstFileExW
GetCPInfo
GetOEMCP
GetACP
IsValidCodePage
FreeEnvironmentStringsW
FindClose
GetStringTypeW
GetCurrentDirectoryW
VirtualQuery
HeapAlloc
GetProcessHeap
GetCurrentProcess
TerminateProcess
GetModuleFileNameA
GlobalAlloc
GlobalSize
GlobalLock
GlobalUnlock
GetSystemInfo
CloseHandle
GetExitCodeThread
WaitForMultipleObjects
CreateThread
IsProcessorFeaturePresent
GetCurrentThreadId
MultiByteToWideChar
WideCharToMultiByte
VirtualAlloc
VirtualFree
GetShortPathNameA
GetLongPathNameA
FileTimeToLocalFileTime
FileTimeToSystemTime
RaiseException
IsDebuggerPresent
GetCommandLineA
RtlUnwind
GetLastError
ExitProcess
GetModuleHandleExW
GetProcAddress
AreFileApisANSI
GetDriveTypeW
GetFullPathNameA
SetEnvironmentVariableA
GetEnvironmentStringsW
UnhandledExceptionFilter
SetUnhandledExceptionFilter
SetLastError
InitializeCriticalSectionAndSpinCount
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
GetStartupInfoW
GetModuleHandleW
GetStdHandle
GetFileType
DeleteCriticalSection
QueryPerformanceCounter
GetCurrentProcessId
ReadConsoleW

shell32

ShellExecuteA

psapi

GetProcessMemoryInfo

Exports

Exports

CreateInterface

Sections

.text
Size: 2.5MB - Virtual size: 2.5MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 741KB - Virtual size: 740KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 120KB - Virtual size: 376KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 262KB - Virtual size: 261KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

8458173816351243973eb10569043feb

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

user32

tier0

rpcrt4

vstdlib

kernel32

shell32

psapi

Exports

Exports

Sections

.text Size: 2.5MB - Virtual size: 2.5MB

.rdata Size: 741KB - Virtual size: 740KB

.data Size: 120KB - Virtual size: 376KB

.reloc Size: 262KB - Virtual size: 261KB

.text
Size: 2.5MB - Virtual size: 2.5MB

.rdata
Size: 741KB - Virtual size: 740KB

.data
Size: 120KB - Virtual size: 376KB

.reloc
Size: 262KB - Virtual size: 261KB