4ce0882a8cd8572572e42cddf945ef50f35d001baa7dc000272324f36117a8e6

Sharing

Copy URL Twitter E-mail

General

Target

4ce0882a8cd8572572e42cddf945ef50f35d001baa7dc000272324f36117a8e6
Size

576KB
MD5

528c1d6ecc41c071ef30ffb3e8ccfc94
SHA1

688713923429b19beafa9c535ca1fa10cbefe212
SHA256

4ce0882a8cd8572572e42cddf945ef50f35d001baa7dc000272324f36117a8e6
SHA512

df5ce35e4ab271f8c046001d00962d6f7b5545eace76023153e0f59413a98c82826fa72c8dbc7d81d6b844acea0b3293659f338cc1d81ff9f0c9459c222e4235
SSDEEP

12288:deEHpoEs+ihMUbvpTQjuMbCiVWTP4DV5e6SHU:ddoEsNh7vpTQChU

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
4ce0882a8cd8572572e42cddf945ef50f35d001baa7dc000272324f36117a8e6

Files

4ce0882a8cd8572572e42cddf945ef50f35d001baa7dc000272324f36117a8e6
.dll windows:4 windows x86 arch:x86

7bbcc23451fafd8c549dacecbb42955e

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

d:\o12-dist\jun06\autocvs\ctapi3\MS_German_Release\msth3ge.pdb

Imports

kernel32

GetModuleFileNameA
GetModuleHandleA
LeaveCriticalSection
EnterCriticalSection
DeleteCriticalSection
InitializeCriticalSectionAndSpinCount
WideCharToMultiByte
InterlockedIncrement
InterlockedDecrement
InterlockedExchange
MultiByteToWideChar
Sleep
InitializeCriticalSection
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
RaiseException
RtlUnwind
GetLastError
HeapFree
HeapAlloc
FindClose
FileTimeToSystemTime
FileTimeToLocalFileTime
GetDriveTypeA
FindFirstFileA
GetCurrentThreadId
GetCommandLineA
GetVersionExA
GetProcessHeap
LCMapStringA
LCMapStringW
GetCPInfo
GetProcAddress
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
SetLastError
HeapDestroy
HeapCreate
VirtualFree
VirtualAlloc
HeapReAlloc
CloseHandle
ReadFile
GetACP
GetOEMCP
SetFilePointer
ExitProcess
WriteFile
GetStdHandle
GetConsoleCP
GetConsoleMode
SetHandleCount
GetFileType
GetStartupInfoA
GetFullPathNameA
GetCurrentDirectoryA
HeapSize
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
GetSystemTimeAsFileTime
GetLocaleInfoA
GetStringTypeA
GetStringTypeW
GetUserDefaultLCID
EnumSystemLocalesA
IsValidLocale
IsValidCodePage
SetStdHandle
FlushFileBuffers
CreateFileA
LoadLibraryA
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
GetTimeZoneInformation
GetLocaleInfoW
SetEndOfFile
CompareStringA
CompareStringW
SetEnvironmentVariableA

Exports

Exports

ThesaurusCheck
ThesaurusCloseLex
ThesaurusGetOptions
ThesaurusGetString
ThesaurusInit
ThesaurusOpenLex
ThesaurusSetOptions
ThesaurusTerminate
ThesaurusVersion

Sections

.text
Size: 248KB - Virtual size: 247KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 44KB - Virtual size: 40KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 32KB - Virtual size: 38KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 1016B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 244KB - Virtual size: 244KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

7bbcc23451fafd8c549dacecbb42955e

Headers

File Characteristics

PDB Paths

Imports

kernel32

Exports

Exports

Sections

.text Size: 248KB - Virtual size: 247KB

.rdata Size: 44KB - Virtual size: 40KB

.data Size: 32KB - Virtual size: 38KB

.rsrc Size: 4KB - Virtual size: 1016B

.reloc Size: 244KB - Virtual size: 244KB

.text
Size: 248KB - Virtual size: 247KB

.rdata
Size: 44KB - Virtual size: 40KB

.data
Size: 32KB - Virtual size: 38KB

.rsrc
Size: 4KB - Virtual size: 1016B

.reloc
Size: 244KB - Virtual size: 244KB