f0221f169cdefd56215f48068cd5a892b0fb2c86f60263c00f6c6c0881a8afd2

Sharing

Copy URL Twitter E-mail

General

Target

f0221f169cdefd56215f48068cd5a892b0fb2c86f60263c00f6c6c0881a8afd2
Size

119KB
MD5

38b9927ec8f3f9cc34a8cd896ed1ef2c
SHA1

26152204b9511a00e52681a28cda698c335be967
SHA256

f0221f169cdefd56215f48068cd5a892b0fb2c86f60263c00f6c6c0881a8afd2
SHA512

0367086bad5a6a7642847e99bf67ba72ae23d6fd8d773477801231aa50f66ea7153f4568a430efa736d74c795f68e17e2a5232fa158a316925666fdf22d423fb
SSDEEP

1536:vXXTfcbh5Fk3Od5hoSE5qezthI/Ei56bU68fVjhsKq6jUdVwk:ohXcjfhIt56bU6QjhBq6jUdSk

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
f0221f169cdefd56215f48068cd5a892b0fb2c86f60263c00f6c6c0881a8afd2

Files

f0221f169cdefd56215f48068cd5a892b0fb2c86f60263c00f6c6c0881a8afd2
.exe windows:5 windows x86 arch:x86

1b723515c08499dd8d00c7fe7e5ca73e

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

c:\CruiseControl\projects\3dxware6\driver\exe\3dxsrv\bin\win32i\release\3dxsrv.pdb

Imports

spwini

ord56
ord58
ord49
ord2
ord3
ord50
ord37
ord21
ord20
ord22
ord1
ord51
ord55
ord57
ord59

kernel32

LoadLibraryA
MultiByteToWideChar
WideCharToMultiByte
CloseHandle
GetLastError
GetCurrentProcess
GetCurrentProcessId
GetCurrentThreadId
CreateFileW
GetTempPathW
GetProcAddress
LoadLibraryW
GetModuleFileNameW
GetLocalTime
WaitCommEvent
ExitProcess
GetCommandLineW
InterlockedExchange
GetCurrentThread
SetPriorityClass
SetUnhandledExceptionFilter
Sleep
OutputDebugStringW
FreeLibrary
GetVersionExW
GetModuleHandleW
FindNextFileW
FindClose
FindFirstFileW
GetLocaleInfoW
GetUserDefaultLCID
CreateDirectoryW
DebugBreak
IsDebuggerPresent
RaiseException
GetSystemTimeAsFileTime
InterlockedCompareExchange
GetStartupInfoW
TerminateProcess
UnhandledExceptionFilter
HeapFree
HeapAlloc
GetProcessHeap
VirtualQuery
QueryPerformanceCounter
GetTickCount
SetThreadPriority

user32

MsgWaitForMultipleObjects
DispatchMessageW
TranslateMessage
PeekMessageW
SendMessageW
FindWindowW
RegisterWindowMessageW
DestroyWindow
LoadStringW
DefWindowProcW
MessageBoxW
CreateWindowExW
RegisterClassW
LoadCursorW
IsWindow
wsprintfW
UnhookWindowsHookEx
SetWindowsHookExW
GetDlgItem
EndDialog
IsChild
GetParent
GetGUIThreadInfo
GetForegroundWindow
GetWindowThreadProcessId
GetClassNameW

gdi32

GetStockObject

advapi32

OpenProcessToken
RegCloseKey
RegDeleteValueW
RegDeleteKeyW
FreeSid
EqualSid
AllocateAndInitializeSid
GetTokenInformation
OpenThreadToken

shell32

ShellExecuteW
SHGetFolderPathW

shlwapi

PathAppendW

msvcr90

swprintf_s
_crt_debugger_hook
__set_app_type
_encode_pointer
__p__fmode
__p__commode
_adjust_fdiv
__setusermatherr
_configthreadlocale
_initterm_e
_initterm
_wcmdln
exit
_XcptFilter
_exit
_controlfp_s
_invoke_watson
_decode_pointer
_onexit
_lock
__dllonexit
_unlock
?terminate@@YAXXZ
_cexit
__wgetmainargs
_amsg_exit
strlen
_swprintf
wcscat
wcscpy
wcsrchr
memcpy
_ftime64
memset
swscanf
wcsstr
wcsncpy
strcmp
wcscmp
_wcsupr
sprintf
strcpy
wcsncat
_wcsnset
malloc
free
fclose
fwprintf
_wfopen
wcslen
_waccess
_vswprintf
toupper
fread
_wfopen_s
_errno
wcscpy_s
_except_handler4_common

Sections

.text
Size: 63KB - Virtual size: 63KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 6KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 13KB - Virtual size: 58KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 28KB - Virtual size: 28KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 7KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

1b723515c08499dd8d00c7fe7e5ca73e

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

spwini

kernel32

user32

gdi32

advapi32

shell32

shlwapi

msvcr90

Sections

.text Size: 63KB - Virtual size: 63KB

.rdata Size: 6KB - Virtual size: 5KB

.data Size: 13KB - Virtual size: 58KB

.rsrc Size: 28KB - Virtual size: 28KB

.reloc Size: 7KB - Virtual size: 6KB

.text
Size: 63KB - Virtual size: 63KB

.rdata
Size: 6KB - Virtual size: 5KB

.data
Size: 13KB - Virtual size: 58KB

.rsrc
Size: 28KB - Virtual size: 28KB

.reloc
Size: 7KB - Virtual size: 6KB