xidconv[.]exe | Triage

General

Target

xidconv.exe
Size

128KB
MD5

f0b9f63406f04f016b16861fc881df3b
SHA1

18251f45eb08310ff5bac1f8f146166aeb2cf97d
SHA256

3519a203303781ede657ba3549c594fc655ee0dc4078108c5489953a73761168
SHA512

9cdc410e638ef02d57b191887780cedd60f8f1c5be9d1b297949e43a6023592b1d50c9ae0a38fa7251d4270c2d84b8ea3da015494de4a6c571ffd1d00240a635
SSDEEP

3072:bNAF1Z5LQtRGYibzbPHL8Ag0FululDUBN:u5QRibPHL8AOyUBN

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
xidconv.exe

Files

xidconv.exe
.exe windows:4 windows x86 arch:x86

4a0fb43d5a016088fa6b8f41b3df4747

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

PDB Paths

c:\Nct\svn\PC_Tools\XIDConverter\bin\Release\xidconv.pdb

Imports

kernel32

InterlockedExchange
GetACP
GetLocaleInfoA
GetVersionExA
RaiseException
InitializeCriticalSection
DeleteCriticalSection
SetConsoleCtrlHandler
HeapDestroy
HeapFree
HeapAlloc
HeapCreate
HeapReAlloc
WideCharToMultiByte
MultiByteToWideChar
GetLastError
GetSystemInfo
VirtualProtect
GetStringTypeW
GetStringTypeA
IsBadCodePtr
ExitProcess
RtlUnwind
GetModuleHandleA
GetCommandLineA
QueryPerformanceCounter
GetTickCount
GetCurrentThreadId
GetCurrentProcessId
GetSystemTimeAsFileTime
GetModuleFileNameA
VirtualQuery
VirtualFree
VirtualAlloc
IsBadWritePtr
GetProcAddress
TerminateProcess
GetCurrentProcess
HeapSize
ReadFile
CloseHandle
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
SetFilePointer
WriteFile
SetUnhandledExceptionFilter
GetOEMCP
GetCPInfo
LCMapStringA
LCMapStringW
UnhandledExceptionFilter
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
LoadLibraryA
SetStdHandle
FlushFileBuffers
CreateFileA
IsBadReadPtr
SetEndOfFile

Sections

.text
Size: 92KB - Virtual size: 91KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 28KB - Virtual size: 27KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

4a0fb43d5a016088fa6b8f41b3df4747

Headers

File Characteristics

PDB Paths

Imports

kernel32

Sections

.text Size: 92KB - Virtual size: 91KB

.rdata Size: 28KB - Virtual size: 27KB

.data Size: 4KB - Virtual size: 9KB

.text
Size: 92KB - Virtual size: 91KB

.rdata
Size: 28KB - Virtual size: 27KB

.data
Size: 4KB - Virtual size: 9KB