E:\build\nw30_win32\node-webkit\src\outst\nw\initialexe\nw.exe.pdb
Static task
static1
1 signatures
General
-
Target
nw.exe
-
Size
1.7MB
-
MD5
cc279b530076353f4e5e673024768924
-
SHA1
6a8c1e722d6ada817e43cc54f82fd70aa37a2439
-
SHA256
bb89a9d1b4fbeee14b771b4b34e3de52d54d8eb8e17d6190970e3da73c60f541
-
SHA512
3516be58ab0156bdb0babeca14dc8c7510615747f155d36d4dfe56eb028a58618076a55fbd0e693bee87aaa7769c9efa77435de80dfe3e447c9aa8ffc7f72637
-
SSDEEP
24576:9dJyzZFoi5wsdHQKGLJs0MRTsRUa/VNCoerTTiGRrmqyDZ9tW19:TsqiysdwKGLeF0d/terTTBAhWn
Score
3/10
Malware Config
Signatures
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
resource nw.exe
Files
-
nw.exe.exe windows:5 windows x86 arch:x86
e1e4258fa284f0069bd0aa3a940397c2
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE
PDB Paths
Imports
nw_elf
SignalChromeElf
GetInstallDetailsPayload
advapi32
ImpersonateNamedPipeClient
SetEntriesInAclW
GetSecurityInfo
OpenProcessToken
GetTokenInformation
ConvertSidToStringSidW
RegCreateKeyExW
RegOpenKeyExW
RegCloseKey
RegQueryValueExW
RegDeleteValueW
RegSetValueExW
SystemFunction036
GetSidSubAuthority
EventRegister
EventUnregister
EventWrite
RevertToSelf
RegDisablePredefinedCache
ConvertStringSecurityDescriptorToSecurityDescriptorW
GetSecurityDescriptorSacl
SetSecurityInfo
ConvertStringSidToSidW
GetLengthSid
SetTokenInformation
GetAce
SetKernelObjectSecurity
GetKernelObjectSecurity
DuplicateTokenEx
FreeSid
ImpersonateLoggedOnUser
MapGenericMask
GetNamedSecurityInfoW
IsValidSid
EqualSid
AccessCheck
CreateProcessAsUserW
SetThreadToken
CreateRestrictedToken
DuplicateToken
LookupPrivilegeValueW
CopySid
CreateWellKnownSid
InitializeSid
kernel32
GetThreadLocale
GetSystemDefaultLCID
GetCurrentThreadId
GetModuleFileNameW
CreateEventW
GetLastError
SetLastError
GetCurrentProcess
DuplicateHandle
GetProcessId
WaitForSingleObject
GetCurrentDirectoryW
SetCurrentDirectoryW
LoadLibraryExW
GetProcAddress
SetProcessShutdownParameters
VirtualAlloc
VirtualFree
MultiByteToWideChar
WideCharToMultiByte
GetNativeSystemInfo
CreateSemaphoreW
ReleaseSemaphore
CloseHandle
ExitProcess
InitializeCriticalSection
DeleteCriticalSection
EnterCriticalSection
LeaveCriticalSection
GetCommandLineW
LocalFree
GetModuleHandleW
ReleaseSRWLockExclusive
LoadLibraryW
GetModuleHandleA
ExpandEnvironmentStringsW
DeleteFileW
OutputDebugStringA
WriteFile
CreateFileW
GetCurrentProcessId
GetLocalTime
GetTickCount
FormatMessageA
OpenProcess
TerminateProcess
GetExitCodeProcess
SetFilePointerEx
ReadFile
GetFileSizeEx
SetEndOfFile
SetFileTime
GetFileInformationByHandle
FlushFileBuffers
HeapCreate
HeapDestroy
UnmapViewOfFile
CreateFileMappingW
MapViewOfFile
VirtualQuery
GetCurrentThread
Sleep
IsDebuggerPresent
RaiseException
CreateThread
GetThreadId
SetThreadPriority
GetThreadPriority
GetSystemTimeAsFileTime
TzSpecificLocalTimeToSystemTime
SystemTimeToFileTime
FileTimeToSystemTime
SystemTimeToTzSpecificLocalTime
QueryPerformanceFrequency
QueryPerformanceCounter
QueryThreadCycleTime
TryAcquireSRWLockExclusive
AcquireSRWLockExclusive
GetVersionExW
GetFileAttributesW
SetFileAttributesW
RemoveDirectoryW
MoveFileW
ReplaceFileW
CreateDirectoryW
GetTempPathW
GetLongPathNameW
QueryDosDeviceW
GetSystemDirectoryW
GetWindowsDirectoryW
UnregisterWaitEx
RegisterWaitForSingleObject
SetUnhandledExceptionFilter
RtlCaptureStackBackTrace
HeapAlloc
HeapFree
HeapReAlloc
HeapSize
TlsGetValue
GetProcessTimes
GetModuleHandleExW
GetUserDefaultLangID
FreeLibrary
FindClose
FindNextFileW
FindFirstFileExW
SetEnvironmentVariableW
GetEnvironmentVariableW
FlushViewOfFile
IsWow64Process
SwitchToThread
CreateIoCompletionPort
PostQueuedCompletionStatus
SetInformationJobObject
GetQueuedCompletionStatus
TlsAlloc
TlsFree
TlsSetValue
VirtualQueryEx
GetSystemInfo
HeapSetInformation
ResetEvent
SetEvent
VirtualProtect
DecodePointer
CreateProcessW
InitOnceExecuteOnce
GetTimeZoneInformation
OutputDebugStringW
LockFileEx
UnlockFileEx
GetFileType
GetStdHandle
SetConsoleCtrlHandler
VirtualAllocEx
TerminateJobObject
GetUserDefaultLCID
ProcessIdToSessionId
SetHandleInformation
AssignProcessToJobObject
WriteProcessMemory
GetProcessHandleCount
GetProcessHeaps
SignalObjectAndWait
VirtualProtectEx
ReadProcessMemory
VirtualFreeEx
CreateNamedPipeW
CreateRemoteThread
CreateJobObjectW
CreateMutexW
SearchPathW
lstrlenW
DebugBreak
LoadLibraryExA
GetThreadContext
SuspendThread
TransactNamedPipe
SetNamedPipeHandleState
WaitNamedPipeW
DisconnectNamedPipe
ConnectNamedPipe
GetFileInformationByHandleEx
GetVersion
SleepEx
SetFilePointer
GetThreadTimes
WriteConsoleW
SetEnvironmentVariableA
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineA
GetOEMCP
IsValidCodePage
EnumSystemLocalesW
IsValidLocale
ResumeThread
ReadConsoleW
SetStdHandle
GetFullPathNameW
GetConsoleMode
GetConsoleCP
PeekNamedPipe
GetDriveTypeW
GetACP
RtlUnwind
GetCPInfo
GetLocaleInfoW
LCMapStringW
CompareStringW
EncodePointer
GetStringTypeW
InitializeSListHead
GetStartupInfoW
IsProcessorFeaturePresent
UnhandledExceptionFilter
WaitForSingleObjectEx
InitializeCriticalSectionAndSpinCount
psapi
GetProcessMemoryInfo
GetPerformanceInfo
QueryWorkingSetEx
shell32
SHGetKnownFolderPath
SHGetFolderPathW
CommandLineToArgvW
shlwapi
PathMatchSpecW
user32
RegisterClassW
PostThreadMessageW
PeekMessageW
SetProcessDPIAware
GetMessageW
GetUserObjectInformationW
CreateDesktopW
SetProcessWindowStation
GetThreadDesktop
CreateWindowStationW
GetProcessWindowStation
CloseWindowStation
CloseDesktop
wsprintfW
UnregisterClassW
DefWindowProcW
SetWindowLongW
GetWindowLongW
CreateWindowExW
DestroyWindow
RegisterClassExW
DispatchMessageW
TranslateMessage
PostQuitMessage
MsgWaitForMultipleObjectsEx
GetQueueStatus
SetTimer
PostMessageW
KillTimer
version
VerQueryValueW
GetFileVersionInfoSizeW
GetFileVersionInfoW
winmm
timeBeginPeriod
timeGetTime
timeEndPeriod
winhttp
WinHttpSetTimeouts
WinHttpOpen
WinHttpConnect
WinHttpOpenRequest
WinHttpAddRequestHeaders
WinHttpSendRequest
WinHttpWriteData
WinHttpReadData
WinHttpReceiveResponse
WinHttpCloseHandle
WinHttpQueryHeaders
WinHttpCrackUrl
Exports
Exports
GetHandleVerifier
IsSandboxedProcess
Sections
.text Size: 999KB - Virtual size: 998KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
_text32 Size: 68KB - Virtual size: 67KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 304KB - Virtual size: 304KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 6KB - Virtual size: 19KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.didat Size: 512B - Virtual size: 56B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
CPADinfo Size: 512B - Virtual size: 40B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rsrc Size: 362KB - Virtual size: 361KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 39KB - Virtual size: 39KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ