C:\Users\Bariys\Desktop\esp-hwmon\be_output\backend.pdb
Static task
static1
1 signatures
General
-
Target
backend.exe
-
Size
322KB
-
MD5
aa05e1b05f78734d67515d2997e13932
-
SHA1
576149cda0130116ec21e2b70516240a4b61b837
-
SHA256
3b8a1309a9c21bc5d46f791193767fc51dbe61d05a716fd7d0904b634e8be54f
-
SHA512
adc54573db123500a19882c2e755f36613f656ab259c90d86845525dd82555914849cfa97f26fc550a63959093728b043c7c5b76edbcfd1d3ac76437f9c35344
-
SSDEEP
6144:GcsGEPiWJdOV/R5b80yG7C7hWH75oL1J+Jbu9oU5C:Uz0/7bGG7C7hy75oLqBu9
Score
3/10
Malware Config
Signatures
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
resource backend.exe
Files
-
backend.exe.exe windows:6 windows x64 arch:x64
Password: esphwmon
643486ec50147d2c774d9300a990021d
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
PDB Paths
Imports
kernel32
SetWaitableTimer
GetQueuedCompletionStatus
SetLastError
GetLastError
PostQueuedCompletionStatus
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
IsProcessorFeaturePresent
QueryPerformanceCounter
GetCurrentProcessId
Sleep
TlsSetValue
TlsGetValue
SetCommTimeouts
CreateFileA
FormatMessageA
CreateIoCompletionPort
TlsAlloc
WideCharToMultiByte
FormatMessageW
GetOverlappedResult
GetCurrentThreadId
GetSystemTimeAsFileTime
InitializeSListHead
IsDebuggerPresent
GetModuleHandleW
LocalFree
DeleteCriticalSection
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSectionAndSpinCount
CloseHandle
SetEvent
SleepEx
CreateEventW
GetCommState
SetCommState
TlsFree
WaitForMultipleObjects
TerminateThread
QueueUserAPC
WaitForSingleObject
WriteFile
msvcp140
?flush@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@XZ
?__ExceptionPtrCreate@@YAXPEAX@Z
?__ExceptionPtrDestroy@@YAXPEAX@Z
?__ExceptionPtrCopy@@YAXPEAXPEBX@Z
?__ExceptionPtrAssign@@YAXPEAXPEBX@Z
?__ExceptionPtrCurrentException@@YAXPEAX@Z
?__ExceptionPtrRethrow@@YAXPEBX@Z
?__ExceptionPtrCopyException@@YAXPEAXPEBX1@Z
?_Xout_of_range@std@@YAXPEBD@Z
_Mtx_init_in_situ
_Mtx_destroy_in_situ
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@H@Z
_Query_perf_counter
_Query_perf_frequency
?put@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@D@Z
?uncaught_exceptions@std@@YAHXZ
?cerr@std@@3V?$basic_ostream@DU?$char_traits@D@std@@@1@A
?_Osfx@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAXXZ
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@P6AAEAV01@AEAV01@@Z@Z
?cout@std@@3V?$basic_ostream@DU?$char_traits@D@std@@@1@A
?uncaught_exception@std@@YA_NXZ
?_Xlength_error@std@@YAXPEBD@Z
?widen@?$basic_ios@DU?$char_traits@D@std@@@std@@QEBADD@Z
?fill@?$basic_ios@DU?$char_traits@D@std@@@std@@QEBADXZ
?rdbuf@?$basic_ios@DU?$char_traits@D@std@@@std@@QEBAPEAV?$basic_streambuf@DU?$char_traits@D@std@@@2@XZ
?tie@?$basic_ios@DU?$char_traits@D@std@@@std@@QEBAPEAV?$basic_ostream@DU?$char_traits@D@std@@@2@XZ
?setstate@?$basic_ios@DU?$char_traits@D@std@@@std@@QEAAXH_N@Z
?sputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAA_JPEBD_J@Z
?sputc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAAHD@Z
?width@ios_base@std@@QEAA_J_J@Z
?width@ios_base@std@@QEBA_JXZ
?flags@ios_base@std@@QEBAHXZ
?good@ios_base@std@@QEBA_NXZ
vcruntime140
__current_exception
__C_specific_handler
memset
memmove
memcpy
_CxxThrowException
__std_exception_destroy
__current_exception_context
__std_terminate
__CxxFrameHandler3
_purecall
__std_type_info_compare
__CxxQueryExceptionSize
__CxxExceptionFilter
__CxxRegisterExceptionObject
__CxxDetectRethrow
__CxxUnregisterExceptionObject
__FrameUnwindFilter
__std_exception_copy
vcruntime140_1
__CxxFrameHandler4
api-ms-win-crt-stdio-l1-1-0
_set_fmode
__stdio_common_vsprintf
__p__commode
api-ms-win-crt-string-l1-1-0
strncpy
strcpy_s
api-ms-win-crt-runtime-l1-1-0
_register_thread_local_exe_atexit_callback
_c_exit
__p___argv
__p___argc
abort
_exit
exit
_initterm_e
_initterm
_get_initial_narrow_environment
_initialize_narrow_environment
_configure_narrow_argv
_set_app_type
_seh_filter_exe
_beginthreadex
terminate
_crt_atexit
_register_onexit_function
_invalid_parameter_noinfo_noreturn
_initialize_onexit_table
_cexit
api-ms-win-crt-heap-l1-1-0
_set_new_mode
malloc
_callnewh
free
api-ms-win-crt-math-l1-1-0
__setusermatherr
api-ms-win-crt-locale-l1-1-0
_configthreadlocale
ws2_32
WSACleanup
WSAStartup
mscoree
_CorExeMain
Sections
.text Size: 75KB - Virtual size: 75KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.nep Size: 4KB - Virtual size: 3KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 230KB - Virtual size: 230KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 8KB - Virtual size: 15KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.pdata Size: 2KB - Virtual size: 1KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.rsrc Size: 512B - Virtual size: 480B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 1024B - Virtual size: 780B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ