45f99b959f8376258db1f500b9d347c8bbf1753d0ff8b5245a4fb28c280a299a

Sharing

Copy URL Twitter E-mail

General

Target

45f99b959f8376258db1f500b9d347c8bbf1753d0ff8b5245a4fb28c280a299a
Size

292KB
MD5

01d4597271bf8e7b34c56ed0ddde48de
SHA1

ad68887f645ea8b173e2501e95536fb703d1bd4e
SHA256

45f99b959f8376258db1f500b9d347c8bbf1753d0ff8b5245a4fb28c280a299a
SHA512

bc2d987d4ad3d2150e3189b17ca2234b96f92a5579bf1ea06f549a14934126b3c8a72dd9028671176df143d5e6b0367405324db1f362aa8a2af976a9a7d3b8cc
SSDEEP

6144:shEvEI/7PBYHOagU1hmeAoLn9GEt/rOge:sEEI/7JkOm4An9

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
45f99b959f8376258db1f500b9d347c8bbf1753d0ff8b5245a4fb28c280a299a

Files

45f99b959f8376258db1f500b9d347c8bbf1753d0ff8b5245a4fb28c280a299a
.dll windows:4 windows x86 arch:x86

31e6177552c3ebdfb12f37aa7ef1c8bf

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

e:\jpcad\work\jpcad\BIN\release\PICTIFF.pdb

Imports

kernel32

GlobalFree
GlobalLock
GlobalAlloc
GlobalUnlock
InterlockedCompareExchange
GetSystemTimeAsFileTime
GetCurrentProcessId
GetCurrentThreadId
GetTickCount
QueryPerformanceCounter
DisableThreadLibraryCalls
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetCurrentProcess
Sleep
InterlockedExchange
RaiseException
lstrlenA
LocalAlloc
LocalFree
GlobalReAlloc
GlobalSize
CreateFileA
UnmapViewOfFile
CreateFileMappingA
MapViewOfFile
GetFileSize
CloseHandle
SetFilePointer
WriteFile
ReadFile
TerminateProcess

zlib8

ord8
ord10
ord25
ord23
ord4
ord6
ord20
ord9
ord19
ord22

msvcr80

fread
fseek
fwrite
fclose
strncpy
free
_encode_pointer
_malloc_crt
_encoded_null
_decode_pointer
_initterm
_initterm_e
_amsg_exit
_adjust_fdiv
__CppXcptFilter
_crt_debugger_hook
?terminate@@YAXXZ
?_type_info_dtor_internal_method@type_info@@QAEXXZ
__clean_type_info_names_internal
_unlock
__dllonexit
_lock
_onexit
_except_handler4_common
malloc
getenv
sscanf
sprintf
_setjmp3
longjmp
_CIsqrt
_CIlog
_CIexp
strncmp
fprintf
qsort
memset
memcpy
_purecall
??2@YAPAXI@Z
??3@YAXPAX@Z
_stricmp
tmpfile
__CxxFrameHandler3

user32

wsprintfA
wvsprintfA
GetFocus
MessageBoxA

Exports

Exports

_GetReader@8
_ReleaseReader@4

Sections

.text
Size: 148KB - Virtual size: 146KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 124KB - Virtual size: 120KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 8KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

31e6177552c3ebdfb12f37aa7ef1c8bf

Headers

File Characteristics

PDB Paths

Imports

kernel32

zlib8

msvcr80

user32

Exports

Exports

Sections

.text Size: 148KB - Virtual size: 146KB

.rdata Size: 124KB - Virtual size: 120KB

.data Size: 4KB - Virtual size: 3KB

.rsrc Size: 4KB - Virtual size: 1KB

.reloc Size: 8KB - Virtual size: 4KB

.text
Size: 148KB - Virtual size: 146KB

.rdata
Size: 124KB - Virtual size: 120KB

.data
Size: 4KB - Virtual size: 3KB

.rsrc
Size: 4KB - Virtual size: 1KB

.reloc
Size: 8KB - Virtual size: 4KB