012415b2b1e4fda7643e502839e80f8aaeb9e0a6ddfac9d27583131944d2b64f[.]exe

Sharing

Copy URL

Twitter E-mail

General

Target

012415b2b1e4fda7643e502839e80f8aaeb9e0a6ddfac9d27583131944d2b64f.exe
Size

81KB
MD5

e885268e2de11aae55e0e0a304437ab0
SHA1

d132652ffc5032c4207d293d357cbc6a133570f1
SHA256

012415b2b1e4fda7643e502839e80f8aaeb9e0a6ddfac9d27583131944d2b64f
SHA512

f5087a8bb3a5777c251e5cd364f419fce332439253d8915665ebd79a0c599cf2f5cedf873b6b2d2f0150c29172fa03e70c668de963839875a57fa78b6e3f8a0c
SSDEEP

1536:k8o+MaL7FdLDABpj8V7I9FcDYRJit1HJoNDIOFIO2nToIfTNz:lMaLpdXABpwJYGWBlPiTBfTZ

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
012415b2b1e4fda7643e502839e80f8aaeb9e0a6ddfac9d27583131944d2b64f.exe

Files

012415b2b1e4fda7643e502839e80f8aaeb9e0a6ddfac9d27583131944d2b64f.exe
.dll windows:4 windows x64 arch:x64

8662511fe37ba4a006d248965a0bcd30

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

d:\cadbase\z_64lib\zlib\1_2_7\zlibvc\x64\release\zlibwapi.pdb

Imports

msvcr80

_amsg_exit
__C_specific_handler
__CppXcptFilter
__crt_debugger_hook
_decode_pointer
__clean_type_info_names_internal
_unlock
__dllonexit
_lock
_onexit
_encoded_null
_initterm_e
_initterm
_malloc_crt
_encode_pointer
_vsnprintf
_errno
memchr
strerror
sprintf
wcstombs
malloc
free
_wopen
_lseeki64
_open
_read
_close
_write
memcpy
memset

kernel32

GetCurrentProcessId
GetCurrentThreadId
GetTickCount
QueryPerformanceCounter
DisableThreadLibraryCalls
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
Sleep
GetSystemTimeAsFileTime

Exports

Exports

adler32
adler32_combine
compress
compress2
compressBound
crc32
crc32_combine
deflate
deflateBound
deflateCopy
deflateEnd
deflateInit2_
deflateInit_
deflateParams
deflatePending
deflatePrime
deflateReset
deflateResetKeep
deflateSetDictionary
deflateSetHeader
deflateTune
get_crc_table
gzbuffer
gzclearerr
gzclose
gzclose_r
gzclose_w
gzdirect
gzdopen
gzeof
gzerror
gzflush
gzgetc
gzgetc_
gzgets
gzoffset
gzopen
gzopen_w
gzprintf
gzputc
gzputs
gzread
gzrewind
gzseek
gzsetparams
gztell
gzungetc
gzwrite
inflate
inflateBack
inflateBackEnd
inflateBackInit_
inflateCopy
inflateEnd
inflateGetHeader
inflateInit2_
inflateInit_
inflateMark
inflatePrime
inflateReset
inflateReset2
inflateResetKeep
inflateSetDictionary
inflateSync
inflateSyncPoint
inflateUndermine
uncompress
zError
zlibCompileFlags
zlibVersion

Sections

.text
Size: 53KB - Virtual size: 52KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 23KB - Virtual size: 23KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 276B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

8662511fe37ba4a006d248965a0bcd30

Headers

File Characteristics

PDB Paths

Imports

msvcr80

kernel32

Exports

Exports

Sections

.text Size: 53KB - Virtual size: 52KB

.rdata Size: 23KB - Virtual size: 23KB

.data Size: 512B - Virtual size: 1KB

.pdata Size: 2KB - Virtual size: 2KB

.reloc Size: 512B - Virtual size: 276B

.text
Size: 53KB - Virtual size: 52KB

.rdata
Size: 23KB - Virtual size: 23KB

.data
Size: 512B - Virtual size: 1KB

.pdata
Size: 2KB - Virtual size: 2KB

.reloc
Size: 512B - Virtual size: 276B