516b9dbfd4406a25847623e39eab237b5173ff90eccf3c4c82ceb964e05e6cc1

Sharing

Copy URL

Twitter E-mail

General

Target

516b9dbfd4406a25847623e39eab237b5173ff90eccf3c4c82ceb964e05e6cc1
Size

522KB
MD5

7d438c174dad956499554a555727491d
SHA1

41695514e59db44a4afbacbe479d3b186907b630
SHA256

516b9dbfd4406a25847623e39eab237b5173ff90eccf3c4c82ceb964e05e6cc1
SHA512

7790e91e53040c723840e9819bf3ae434700897b69da27c7a633a3e359ef0dd04f0b409eca16f29653ccae170318bdd28d066a31e1892c6078ee6f1816b631cf
SSDEEP

12288:Kvtq2DS651iRMFpj/18xmPAT1k6RAlNcQsvqsVGzh3iX/:Kvtq2DS65/paxmPAT1k6RUN2qCKO

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
516b9dbfd4406a25847623e39eab237b5173ff90eccf3c4c82ceb964e05e6cc1

Files

516b9dbfd4406a25847623e39eab237b5173ff90eccf3c4c82ceb964e05e6cc1
.dll windows:5 windows x86 arch:x86

bb59c0a6ef21dae80a8d7d798ea0d35e

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

D:\builds\build-sourcemod-msvc12\windows-1.11\OUTPUT\core\sourcemod.2.bms\windows-x86\sourcemod.2.bms.pdb

Imports

kernel32

GetLastError
FreeLibrary
GetProcAddress
LoadLibraryA
FormatMessageA
GetFileAttributesA
SetEndOfFile
ReadConsoleW
ReadFile
HeapReAlloc
HeapSize
CreateFileW
GetConsoleMode
GetConsoleOutputCP
FlushFileBuffers
SetStdHandle
GetStringTypeW
SetFilePointerEx
GetFileSizeEx
CreateDirectoryW
GetProcessHeap
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineW
GetCurrentThreadId
MultiByteToWideChar
WideCharToMultiByte
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
IsProcessorFeaturePresent
CloseHandle
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSectionAndSpinCount
DeleteCriticalSection
SetEvent
ResetEvent
WaitForSingleObjectEx
CreateEventW
GetModuleHandleW
IsDebuggerPresent
GetStartupInfoW
QueryPerformanceCounter
GetCurrentProcessId
GetSystemTimeAsFileTime
InitializeSListHead
RtlUnwind
RaiseException
InterlockedFlushSList
SetLastError
EncodePointer
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
LoadLibraryExW
GetStdHandle
GetFileType
GetModuleFileNameW
GetModuleHandleExW
WriteConsoleW
ExitProcess
HeapFree
HeapAlloc
LCMapStringW
DecodePointer
WriteFile
FindClose
FindFirstFileExW
FindNextFileW
IsValidCodePage
GetACP
GetOEMCP
GetCPInfo
GetCommandLineA

tier0

g_VProfCurrentProfile
?OutputReport@CVProfile@@QAEXHPBDH@Z
?Pause@CVProfile@@QAEXXZ
?ExitScope@CVProfile@@QAEXXZ
?EnterScope@CVProfile@@QAEXPBDH0_NH@Z
?Resume@CVProfNode@@QAEXXZ
Warning
GetSpewOutputFunc
SpewOutputFunc
MemFreeScratch
MemAllocScratch
DevMsg
?DevMsg@@YAXPBDZZ
g_pMemAlloc

vstdlib

RandomFloat
RandomInt
KeyValuesSystem
RandomSeed

Exports

Exports

CreateInterface
cvar

Sections

.text
Size: 374KB - Virtual size: 373KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 100KB - Virtual size: 99KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 22KB - Virtual size: 83KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 880B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 24KB - Virtual size: 23KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

bb59c0a6ef21dae80a8d7d798ea0d35e

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

tier0

vstdlib

Exports

Exports

Sections

.text Size: 374KB - Virtual size: 373KB

.rdata Size: 100KB - Virtual size: 99KB

.data Size: 22KB - Virtual size: 83KB

.rsrc Size: 1024B - Virtual size: 880B

.reloc Size: 24KB - Virtual size: 23KB

.text
Size: 374KB - Virtual size: 373KB

.rdata
Size: 100KB - Virtual size: 99KB

.data
Size: 22KB - Virtual size: 83KB

.rsrc
Size: 1024B - Virtual size: 880B

.reloc
Size: 24KB - Virtual size: 23KB