ea45fd728fd5c5a7afe5de7f5bacdd18ceff239d992149c5dea22f38741c23fd

Sharing

Copy URL

Twitter E-mail

General

Target

ea45fd728fd5c5a7afe5de7f5bacdd18ceff239d992149c5dea22f38741c23fd
Size

2.4MB
MD5

9bfac89487593b06a2ba1807b7b722e5
SHA1

52eb1b6a79d3d4fa5a22c36a56921525cc48a2b4
SHA256

ea45fd728fd5c5a7afe5de7f5bacdd18ceff239d992149c5dea22f38741c23fd
SHA512

8e29b2cdbd98ceb6f2682eebf462283092cb21f86967b5cf1d87be0d6abaaeaad7bd228ce6ecaace6750bacbc2415dbcfabfece5627d3725591b6386fd99626b
SSDEEP

49152:r0ICAoneiMVFaSbP7eR3tu7w/PVrB0iHTIfLeMYa7x0:dsneioaSbP7eRdr/drB0E0fq9a7

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
ea45fd728fd5c5a7afe5de7f5bacdd18ceff239d992149c5dea22f38741c23fd

Files

ea45fd728fd5c5a7afe5de7f5bacdd18ceff239d992149c5dea22f38741c23fd
.exe windows:6 windows x64 arch:x64

821a950658071d7c7b3f8a6b22e9f581

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

D:\EPM\_EPM_main\ShareLib\DC\Output\Release_x64\TrayTip.pdb

Imports

mfc140u

ord3850
ord5220
ord6847
ord14209
ord8507
ord9068
ord3713
ord8656
ord11854
ord6729
ord10691
ord8947
ord3173
ord13513
ord11944
ord11940
ord1700
ord1722
ord1748
ord1734
ord1755
ord4776
ord4843
ord4788
ord4806
ord4800
ord4794
ord4853
ord4837
ord4782
ord4859
ord4814
ord4752
ord4767
ord4828
ord4360
ord9384
ord4352
ord2967
ord14211
ord7651
ord14217
ord6631
ord11406
ord13354
ord5723
ord2629
ord11806
ord3812
ord3279
ord3278
ord3172
ord11850
ord5340
ord5582
ord9946
ord8901
ord6284
ord286
ord266
ord1641
ord4656
ord2346
ord2350
ord5295
ord8731
ord10704
ord9975
ord13239
ord7826
ord7232
ord2187
ord1088
ord442
ord8167
ord8084
ord12544
ord8023
ord5183
ord2439
ord12222
ord12223
ord14210
ord7650
ord14216
ord9089
ord4011
ord3949
ord12625
ord7668
ord2011
ord11664
ord11665
ord14088
ord12212
ord7719
ord14288
ord6121
ord14290
ord6123
ord14289
ord6122
ord3731
ord5706
ord11921
ord11929
ord4445
ord7920
ord10124
ord11933
ord11901
ord12606
ord5080
ord5363
ord5552
ord9041
ord5339
ord5555
ord5083
ord5229
ord5062
ord7460
ord7461
ord7450
ord5227
ord7922
ord9941
ord8900
ord6614
ord3951
ord1033
ord296
ord13545
ord7716
ord9979
ord5451
ord5520
ord7444
ord7453
ord12229
ord1953
ord2683
ord4505
ord14021
ord5361
ord5286
ord6019
ord12525
ord11414
ord9966
ord9178
ord4276
ord14178
ord7606
ord13860
ord5491
ord7901
ord10539
ord8694
ord2636
ord11415
ord8830
ord11813
ord11085
ord3308
ord3307
ord3071
ord6000
ord13397
ord3210
ord3209
ord7913
ord2697
ord14360
ord11771
ord3718
ord9976
ord9978
ord10162
ord9977
ord11625
ord1450
ord983
ord7393
ord2212
ord1503
ord1489
ord1501
ord2370
ord1491

kernel32

SystemTimeToFileTime
LoadLibraryA
GetProcAddress
GetModuleFileNameW
GetSystemTime
SetThreadLocale
DeleteCriticalSection
GetLastError
InitializeCriticalSectionEx
OutputDebugStringW
LocalFree
FileTimeToSystemTime
FreeResource
LockResource
LoadResource
FreeLibrary
SetUnhandledExceptionFilter
GetVersionExW
VirtualQuery
GetModuleFileNameA
CreateProcessW
CloseHandle
WaitForSingleObject
CreateMutexW
OpenMutexW
ReleaseMutex
GetSystemDirectoryW
DeleteFileW
GetEnvironmentVariableW
SetEnvironmentVariableW
CreateFileW
ReadFile
WriteFile
GetPrivateProfileStringW
InitializeCriticalSectionAndSpinCount
TerminateProcess
GetCurrentProcess
IsProcessorFeaturePresent
GetStartupInfoW
FindResourceW
UnhandledExceptionFilter
IsDebuggerPresent
RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext
InitializeSListHead
GetSystemTimeAsFileTime
GetCurrentThreadId
GetCurrentProcessId
QueryPerformanceCounter
GetModuleHandleW
CreateEventW
WaitForSingleObjectEx
ResetEvent
SetEvent
LeaveCriticalSection
EnterCriticalSection

user32

EnableWindow
SetTimer
SystemParametersInfoW
SendMessageW
GetDlgCtrlID
GetWindow
MoveWindow
KillTimer
AdjustWindowRectEx
ClientToScreen
BeginPaint
EndPaint
GetClientRect
LoadIconW

gdi32

CreateFontW
GetTextExtentPointA
SelectObject
DeleteObject
GetTextMetricsA

advapi32

RegSetValueExA
RegSetValueExW
RegCreateKeyExW
RegQueryValueExW
RegCloseKey
RegQueryValueExA
RegOpenKeyExW
RegCreateKeyW
RegEnumValueW
RegQueryInfoKeyW
RegDeleteValueW

shell32

ShellExecuteW

oleaut32

VariantClear
SysAllocString
SysFreeString

msvcp140

?_Xlength_error@std@@YAXPEBD@Z

vcruntime140

memset
__C_specific_handler
wcschr
_CxxThrowException
wcsrchr
__std_terminate
__CxxFrameHandler3
memmove
strrchr
__RTDynamicCast
memcmp

api-ms-win-crt-heap-l1-1-0

_set_new_mode
free

api-ms-win-crt-runtime-l1-1-0

_exit
_seh_filter_exe
_set_app_type
_crt_atexit
_register_onexit_function
_initialize_onexit_table
terminate
_configure_wide_argv
_register_thread_local_exe_atexit_callback
_c_exit
_cexit
_initialize_wide_environment
_invalid_parameter_noinfo_noreturn
exit
_initterm_e
_initterm
_get_wide_winmain_command_line

api-ms-win-crt-stdio-l1-1-0

__p__commode
_set_fmode
__stdio_common_vsprintf_s
__stdio_common_vswprintf_s
__stdio_common_vswscanf

api-ms-win-crt-string-l1-1-0

_wcsicmp
wcscat_s
strcpy_s
strcat_s
wcscpy_s

api-ms-win-crt-time-l1-1-0

_time64

api-ms-win-crt-math-l1-1-0

__setusermatherr

api-ms-win-crt-locale-l1-1-0

_configthreadlocale

Sections

.text
Size: 46KB - Virtual size: 45KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 32KB - Virtual size: 32KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1.7MB - Virtual size: 1.7MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 568KB - Virtual size: 572KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

821a950658071d7c7b3f8a6b22e9f581

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

mfc140u

kernel32

user32

gdi32

advapi32

shell32

oleaut32

msvcp140

vcruntime140

api-ms-win-crt-heap-l1-1-0

api-ms-win-crt-runtime-l1-1-0

api-ms-win-crt-stdio-l1-1-0

api-ms-win-crt-string-l1-1-0

api-ms-win-crt-time-l1-1-0

api-ms-win-crt-math-l1-1-0

api-ms-win-crt-locale-l1-1-0

Sections

.text Size: 46KB - Virtual size: 45KB

.rdata Size: 32KB - Virtual size: 32KB

.data Size: 1KB - Virtual size: 4KB

.pdata Size: 4KB - Virtual size: 3KB

.rsrc Size: 1.7MB - Virtual size: 1.7MB

.reloc Size: 568KB - Virtual size: 572KB

.text
Size: 46KB - Virtual size: 45KB

.rdata
Size: 32KB - Virtual size: 32KB

.data
Size: 1KB - Virtual size: 4KB

.pdata
Size: 4KB - Virtual size: 3KB

.rsrc
Size: 1.7MB - Virtual size: 1.7MB

.reloc
Size: 568KB - Virtual size: 572KB