C:\CodeBases\isdev\redist\Language Independent\i386\ISP\setup.pdb
Static task
static1
1 signatures
General
-
Target
ManageEngine_Remote_Access_Plus.exe
-
Size
639.6MB
-
MD5
dc5006dbaf218dd5f8e13de4e9316fc4
-
SHA1
33fce8812abdc993ece880664c99a871e1bec8b6
-
SHA256
5f1f85053cb68e9c16889246600a81d50a94f09f651de7b54493d6a09ac9d641
-
SHA512
223c78877fcb374ddcd544563a6342dd1a20a59a50460ed912d5b9f29fcfcd78e8cf0b819d9cb13950eceb755cb120597949103f4cba07b657608c10fddc01f3
-
SSDEEP
12582912:dFkM/K0M7JzBJ1wiMtc1PiXmtQn9sSHNHFoPdgk+7UEBsWNu7A2f10MZy37uzEmX:zkIPM7PJ1wBGc2q9rTFqOa02flyqN
Score
3/10
Malware Config
Signatures
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
resource ManageEngine_Remote_Access_Plus.exe
Files
-
ManageEngine_Remote_Access_Plus.exe.exe windows:5 windows x86 arch:x86
42669f99775f2f541a042cacf40fa06b
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
PDB Paths
Imports
comctl32
ord17
kernel32
CompareStringW
CompareStringA
GetSystemDefaultLangID
GetUserDefaultLangID
ExpandEnvironmentStringsW
GetCurrentDirectoryW
FileTimeToLocalFileTime
GetFileTime
SetFileAttributesW
HeapAlloc
HeapFree
GetProcessHeap
CopyFileW
GetSystemDefaultUILanguage
GlobalAlloc
LocalFree
MulDiv
GetVersionExW
InterlockedDecrement
InterlockedIncrement
GetTempPathW
CreateFileW
LoadLibraryA
GetSystemDirectoryA
FindResourceW
GlobalUnlock
GlobalLock
IsBadReadPtr
LockResource
LoadResource
MultiByteToWideChar
MoveFileExW
WriteProcessMemory
VirtualProtectEx
GetWindowsDirectoryW
GetSystemDirectoryW
FlushInstructionCache
SetThreadContext
GetThreadContext
ResumeThread
TerminateProcess
ExitProcess
MoveFileW
GetPrivateProfileIntW
LoadLibraryW
lstrcatW
lstrcpynW
lstrcmpiW
LoadLibraryExW
FreeLibrary
FindResourceExW
UnmapViewOfFile
MapViewOfFile
CreateFileMappingW
VirtualQuery
GetSystemInfo
GetSystemTimeAsFileTime
CreateEventW
CreateMutexW
ReleaseMutex
DeleteCriticalSection
InitializeCriticalSectionAndSpinCount
QueryPerformanceFrequency
FreeResource
GetPrivateProfileSectionNamesA
GetPrivateProfileStringA
GetPrivateProfileIntA
lstrcatA
lstrcmpiA
FlushFileBuffers
WriteConsoleW
SetStdHandle
OutputDebugStringW
SetFilePointerEx
GetConsoleMode
GetConsoleCP
SetErrorMode
RaiseException
WriteFile
SetFilePointer
GetFileSize
GetFileAttributesW
GetDiskFreeSpaceExW
GetDiskFreeSpaceW
FindFirstFileW
FindClose
CreateDirectoryW
VerLanguageNameW
IsValidLocale
GetLocaleInfoW
WideCharToMultiByte
lstrcpyA
GetTickCount
ExitThread
CreateThread
GetExitCodeProcess
ReadFile
GetCommandLineW
SizeofResource
FormatMessageW
GetCurrentProcess
WaitForSingleObject
SetLastError
GetLastError
DuplicateHandle
RemoveDirectoryW
DeleteFileW
SetCurrentDirectoryW
lstrlenW
lstrcpyW
GetProcAddress
GetModuleHandleW
GetModuleFileNameW
CreateProcessW
Sleep
CloseHandle
GlobalFree
ReadConsoleW
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetFileType
HeapReAlloc
GetStdHandle
HeapSize
GetModuleHandleExW
GetStringTypeW
GetCurrentThreadId
GetCPInfo
GetOEMCP
IsValidCodePage
GetStartupInfoW
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetACP
IsProcessorFeaturePresent
IsDebuggerPresent
RtlUnwind
FindNextFileW
lstrcmpW
GetCurrentThread
QueryPerformanceCounter
lstrcmpA
SystemTimeToFileTime
ResetEvent
SetEvent
GetDateFormatW
GetTimeFormatW
GetTempFileNameW
CompareFileTime
SetFileTime
OpenProcess
GetProcessTimes
InterlockedExchange
LoadLibraryExA
EnterCriticalSection
LeaveCriticalSection
EncodePointer
DecodePointer
LCMapStringW
GetVersion
GetCurrentProcessId
GetLocalTime
lstrlenA
user32
DialogBoxIndirectParamW
MoveWindow
SendMessageW
WaitForInputIdle
wsprintfW
GetDlgItem
SetDlgItemTextW
EndDialog
SetForegroundWindow
SetWindowTextW
GetWindowRect
MessageBoxW
GetWindowLongW
SetWindowLongW
LoadIconW
TranslateMessage
DispatchMessageW
PeekMessageW
SetActiveWindow
SystemParametersInfoW
GetWindow
FillRect
GetSysColor
MapWindowPoints
RemovePropW
GetPropW
SetPropW
EndPaint
BeginPaint
EnableMenuItem
GetSystemMetrics
SetFocus
ExitWindowsEx
CharUpperW
wsprintfA
CallWindowProcW
CreateWindowExW
DrawIcon
DrawTextW
UpdateWindow
GetWindowDC
InvalidateRect
DrawFocusRect
CopyRect
InflateRect
EnumChildWindows
GetClassNameW
MapDialogRect
RegisterClassExW
GetDlgItemTextW
IntersectRect
MonitorFromPoint
DefWindowProcW
GetMessageW
LoadStringW
LoadImageW
ReleaseDC
GetDC
CreateDialogParamW
GetParent
GetWindowTextW
CharNextW
GetDesktopWindow
GetClientRect
IsWindowEnabled
CreateDialogIndirectParamW
IsWindowVisible
IsDialogMessageW
FindWindowExW
ScreenToClient
EnableWindow
MsgWaitForMultipleObjects
SendDlgItemMessageW
SetWindowPos
ShowWindow
DestroyWindow
IsWindow
PostMessageW
gdi32
SetTextColor
SetBkMode
SetBkColor
SaveDC
RestoreDC
CreateSolidBrush
UnrealizeObject
CreateHalftonePalette
GetDIBColorTable
SelectPalette
SelectObject
RealizePalette
GetSystemPaletteEntries
GetDeviceCaps
DeleteDC
CreatePalette
CreateCompatibleDC
BitBlt
GetObjectW
TranslateCharsetInfo
DeleteObject
CreateFontIndirectW
CreateCompatibleBitmap
CreateDCW
CreatePatternBrush
GetStockObject
GetTextExtentPoint32W
DeleteMetaFile
CreateDIBitmap
CreateBitmap
CreateRectRgn
PatBlt
PlayMetaFile
SelectClipRgn
SetMapMode
SetMetaFileBitsEx
SetPixel
StretchBlt
SetStretchBltMode
SetViewportExtEx
SetViewportOrgEx
SetWindowExtEx
SetWindowOrgEx
TextOutW
advapi32
RegEnumValueW
RegQueryValueExW
SetEntriesInAclW
RegQueryInfoKeyW
RegEnumKeyExW
RegDeleteValueW
RegDeleteKeyW
SetSecurityDescriptorOwner
SetSecurityDescriptorGroup
SetSecurityDescriptorDacl
InitializeSecurityDescriptor
CreateWellKnownSid
RegSetValueExW
RegOpenKeyExW
RegCreateKeyExW
RegCloseKey
RegOpenKeyW
OpenProcessToken
AdjustTokenPrivileges
AllocateAndInitializeSid
FreeSid
LookupPrivilegeValueW
RegEnumKeyW
OpenThreadToken
GetTokenInformation
EqualSid
shell32
ShellExecuteExW
SHGetSpecialFolderLocation
SHGetMalloc
SHGetPathFromIDListW
ole32
CoTaskMemFree
CoTaskMemRealloc
CoTaskMemAlloc
CoCreateInstance
CoInitializeSecurity
CreateStreamOnHGlobal
CoInitializeEx
CoUninitialize
oleaut32
VarUI4FromStr
VarBstrCmp
VariantChangeType
VarBstrCat
SysAllocString
SysFreeString
SysStringLen
SysAllocStringLen
SysReAllocStringLen
GetErrorInfo
SysStringByteLen
VariantInit
SysAllocStringByteLen
VariantClear
shlwapi
PathFileExistsW
rpcrt4
UuidCreate
RpcStringFreeW
UuidToStringW
gdiplus
GdipFree
GdipDrawImageRectI
GdipSetInterpolationMode
GdipDeleteGraphics
GdipCreateFromHDC
GdipCreateBitmapFromResource
GdipCreateBitmapFromStreamICM
GdipCreateBitmapFromFile
GdipCreateBitmapFromStream
GdipDisposeImage
GdipCloneImage
GdiplusStartup
GdipGetImageWidth
GdipGetImageHeight
GdipAlloc
Sections
.text Size: 421KB - Virtual size: 420KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 99KB - Virtual size: 98KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 9KB - Virtual size: 18KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rsrc Size: 294KB - Virtual size: 294KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 96KB - Virtual size: 96KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ