f4b8e7401fab9a40bd209b95268f3b90a579783a6e45a4ade76a493034eaea8f

Sharing

Copy URL Twitter E-mail

General

Target

f4b8e7401fab9a40bd209b95268f3b90a579783a6e45a4ade76a493034eaea8f
Size

1.2MB
MD5

1754cc9b43c17e40536bd5db95ce2639
SHA1

758dff9097870caeb2c8b7a91ea77f000952d94b
SHA256

f4b8e7401fab9a40bd209b95268f3b90a579783a6e45a4ade76a493034eaea8f
SHA512

341d8bd948b494fecb119d8257d3223ffcdbba95944cae913ea546a92048b33cdb7e8f8224e24bc49496684b4b618eeb0d6b8a3b8a6fdbabaeb1bfe4ee3ca713
SSDEEP

24576:XXXtbUxPBS5XfiKTKH3FsxbDvERngCvWifZK7J3WFBj/:XXtaBH17RnFWifII

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
f4b8e7401fab9a40bd209b95268f3b90a579783a6e45a4ade76a493034eaea8f

Files

f4b8e7401fab9a40bd209b95268f3b90a579783a6e45a4ade76a493034eaea8f
.exe windows:4 windows x86 arch:x86

a00bb3d4847396d63ad4e7bf304a9d34

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

PDB Paths

u:\p4clients\rel_beta\Projects\GazelleProto\Client\HldsUpdateTool\vc70_release_static\HldsUpdateTool.pdb

Imports

shlwapi

SHDeleteKeyA

ws2_32

socket
connect
inet_addr
shutdown
select
__WSAFDIsSet
WSARecv
WSASend
gethostname
gethostbyname
ioctlsocket
WSAGetLastError
WSAStartup
getsockname
closesocket
htonl
htons
setsockopt
WSASetLastError

kernel32

FlushViewOfFile
SetEvent
CloseHandle
WaitForSingleObject
CreateEventA
GetFullPathNameA
GetModuleFileNameA
FormatMessageA
GetLastError
FindNextFileA
CopyFileA
FindClose
RemoveDirectoryA
FindFirstFileA
GetLongPathNameA
GetCurrentDirectoryA
SetCurrentDirectoryA
SetFileAttributesA
GetFileAttributesA
CreateDirectoryA
GetModuleHandleA
DeleteFileA
CreateProcessA
GetTempFileNameA
SetEndOfFile
SetFilePointer
GetFileSize
UnmapViewOfFile
LeaveCriticalSection
LockResource
LoadResource
FindResourceA
MapViewOfFile
CreateFileMappingA
ReadFile
CreateFileA
GetCurrentProcess
GetProcAddress
LoadLibraryA
GetVersionExA
WideCharToMultiByte
ReleaseSemaphore
CreateSemaphoreA
GetCurrentThreadId
GetCurrentProcessId
GetTempPathA
RaiseException
GetSystemTime
UnhandledExceptionFilter
GetStdHandle
WriteFile
HeapSize
GetTickCount
QueryPerformanceCounter
EnterCriticalSection
SetEnvironmentVariableW
DeleteCriticalSection
InitializeCriticalSection
Sleep
InterlockedIncrement
InterlockedDecrement
FlushFileBuffers
GetACP
GetOEMCP
SetHandleCount
GetFileType
GetStartupInfoA
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetUserDefaultLCID
EnumSystemLocalesA
IsValidLocale
IsValidCodePage
IsBadCodePtr
VirtualProtect
GetSystemInfo
VirtualQuery
GetTimeZoneInformation
SetStdHandle
GetLocaleInfoW
GetLocaleInfoA
MultiByteToWideChar
RtlUnwind
HeapFree
ExitProcess
HeapAlloc
HeapReAlloc
IsBadReadPtr
TerminateProcess
GetDriveTypeA
FileTimeToSystemTime
FileTimeToLocalFileTime
MoveFileA
SetEnvironmentVariableA
GetSystemTimeAsFileTime
GetCommandLineA
GetCPInfo
LCMapStringA
LCMapStringW
GetTimeFormatA
GetDateFormatA
CompareStringA
CompareStringW
GetStringTypeA
GetStringTypeW
TlsFree
SetLastError
TlsSetValue
TlsGetValue
TlsAlloc
HeapDestroy
HeapCreate
VirtualFree
VirtualAlloc
IsBadWritePtr
SetUnhandledExceptionFilter

user32

MessageBoxA

advapi32

CryptGenRandom
CryptAcquireContextA
CryptReleaseContext
RegDeleteKeyA
RegCreateKeyExA
RegDeleteValueA
RegSetValueExA
RegEnumValueA
RegQueryInfoKeyA
RegEnumKeyA
RegQueryValueExA
RegOpenKeyExA
RegCloseKey

Sections

.text
Size: 776KB - Virtual size: 774KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 240KB - Virtual size: 237KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 48KB - Virtual size: 55KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 16KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Size: 152KB - Virtual size: 149KB

IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

a00bb3d4847396d63ad4e7bf304a9d34

Headers

File Characteristics

PDB Paths

Imports

shlwapi

ws2_32

kernel32

user32

advapi32

Sections

.text Size: 776KB - Virtual size: 774KB

.rdata Size: 240KB - Virtual size: 237KB

.data Size: 48KB - Virtual size: 55KB

.rsrc Size: 16KB - Virtual size: 15KB

Size: 152KB - Virtual size: 149KB

.text
Size: 776KB - Virtual size: 774KB

.rdata
Size: 240KB - Virtual size: 237KB

.data
Size: 48KB - Virtual size: 55KB

.rsrc
Size: 16KB - Virtual size: 15KB