45743bf4c347c7a7f4679bf820344e8a53d2397ea76e1562a646a03ea4368dc3

Sharing

Copy URL Twitter E-mail

General

Target

45743bf4c347c7a7f4679bf820344e8a53d2397ea76e1562a646a03ea4368dc3
Size

114KB
MD5

31b9004cc455f83ffb377ca93b01adf4
SHA1

abad78e0d092d5bd3aac1fb234adfcf9cf3701b2
SHA256

45743bf4c347c7a7f4679bf820344e8a53d2397ea76e1562a646a03ea4368dc3
SHA512

22ed64079709c2fa00a94389106cdf25d87ce13417162b0468c233e39d118276250bd04103b78a74cc5d36eb40687edf5e87b335e4b33ffec908848a16669613
SSDEEP

768:+g6hKqMM+/33vvEliJZl8hC9Sbh9Sb8nV:M+PUwJZYCC7V

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
45743bf4c347c7a7f4679bf820344e8a53d2397ea76e1562a646a03ea4368dc3

Files

45743bf4c347c7a7f4679bf820344e8a53d2397ea76e1562a646a03ea4368dc3
.exe windows:6 windows x86 arch:x86

3f4f4905fcdb86f780760fa2fd1d7d1e

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

E:\fupan\Release\VDBagsClear.pdb

Imports

kernel32

DeleteCriticalSection
InitializeCriticalSectionAndSpinCount
GetLastError
InitializeCriticalSectionEx
CreateEventW
OutputDebugStringW
InitializeSListHead
GetSystemTimeAsFileTime
GetCurrentThreadId
GetModuleHandleW
CloseHandle
GetProcAddress
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
IsProcessorFeaturePresent
IsDebuggerPresent
GetStartupInfoW
QueryPerformanceCounter
GetCurrentProcessId

user32

CreatePopupMenu
DestroyMenu

advapi32

RegCloseKey
RegEnumKeyExW
RegOpenKeyExW
RegDeleteValueW
RegQueryValueExW

shell32

SHGetDesktopFolder

ole32

CoUninitialize
CoInitialize
CoTaskMemFree

msvcp140

?_Xlength_error@std@@YAXPBD@Z
?_Xout_of_range@std@@YAXPBD@Z

shlwapi

StrRetToStrW

vcruntime140

memcpy
__std_exception_copy
_except_handler4_common
__std_exception_destroy
memset
__CxxFrameHandler3
_CxxThrowException
memmove

api-ms-win-crt-runtime-l1-1-0

_exit
exit
_invalid_parameter_noinfo_noreturn
_controlfp_s
_register_thread_local_exe_atexit_callback
_initterm_e
_initterm
_get_wide_winmain_command_line
_initialize_wide_environment
_configure_wide_argv
_c_exit
_set_app_type
_seh_filter_exe
_cexit
_crt_atexit
_register_onexit_function
_initialize_onexit_table
terminate

api-ms-win-crt-string-l1-1-0

towlower
wcscat_s
wcscpy_s

api-ms-win-crt-heap-l1-1-0

malloc
_callnewh
free
_set_new_mode

api-ms-win-crt-math-l1-1-0

__setusermatherr

api-ms-win-crt-stdio-l1-1-0

_set_fmode
__p__commode

api-ms-win-crt-locale-l1-1-0

_configthreadlocale

Sections

.text
Size: 13KB - Virtual size: 12KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 92KB - Virtual size: 92KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 964B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

3f4f4905fcdb86f780760fa2fd1d7d1e

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

user32

advapi32

shell32

ole32

msvcp140

shlwapi

vcruntime140

api-ms-win-crt-runtime-l1-1-0

api-ms-win-crt-string-l1-1-0

api-ms-win-crt-heap-l1-1-0

api-ms-win-crt-math-l1-1-0

api-ms-win-crt-stdio-l1-1-0

api-ms-win-crt-locale-l1-1-0

Sections

.text Size: 13KB - Virtual size: 12KB

.rdata Size: 6KB - Virtual size: 6KB

.data Size: 512B - Virtual size: 1KB

.rsrc Size: 92KB - Virtual size: 92KB

.reloc Size: 1024B - Virtual size: 964B

.text
Size: 13KB - Virtual size: 12KB

.rdata
Size: 6KB - Virtual size: 6KB

.data
Size: 512B - Virtual size: 1KB

.rsrc
Size: 92KB - Virtual size: 92KB

.reloc
Size: 1024B - Virtual size: 964B