cdd410efed7738a5a7da59ecf3cb0b9a70243238761cd5e3d824d85696fc84fe

Sharing

Copy URL Twitter E-mail

General

Target

cdd410efed7738a5a7da59ecf3cb0b9a70243238761cd5e3d824d85696fc84fe
Size

690KB
MD5

a0c9a8628c617329906caf8648806159
SHA1

6516ef6c8856b4247d66bb5bb1d9240b723ed016
SHA256

cdd410efed7738a5a7da59ecf3cb0b9a70243238761cd5e3d824d85696fc84fe
SHA512

d8a70d4e58eddadfd48bed709035d367956be28eb52ee42ec4fab37c67b808e21ebaae0016f5a55665dee28d765c1076652217db8a6364372e5476eb7b24b29a
SSDEEP

12288:aD25gBJTBBv6dsMm7mPkcslmsydmRK9pPhPAXLjwfVSWPIKQeMe7yNSPtblof4Ic:aD25iJNBVh8Ptpof4If6S/h

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
cdd410efed7738a5a7da59ecf3cb0b9a70243238761cd5e3d824d85696fc84fe

Files

cdd410efed7738a5a7da59ecf3cb0b9a70243238761cd5e3d824d85696fc84fe
.exe windows:6 windows x64 arch:x64

c6d36b8d0400645a6d40019696fd0ee0

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

G:\rg\ws\VFX_VFX_Installer_Win_master\stage\rgdeploy-output\rguninstaller.pdb

Imports

kernel32

WriteFile
GetLastError
CreateFileA
CloseHandle
HeapAlloc
GetProcessHeap
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSection
DeleteCriticalSection
GetEnvironmentVariableA
Sleep
QueryPerformanceFrequency
CreateProcessA
QueryPerformanceCounter
SetInformationJobObject
AssignProcessToJobObject
CreateJobObjectW
GetQueuedCompletionStatus
InitializeCriticalSectionEx
ResumeThread
RaiseException
DecodePointer
HeapFree
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
GetCurrentThreadId
FindClose
GetUserDefaultLCID
IsValidLocale
GetLocaleInfoW
WaitNamedPipeA
SetNamedPipeHandleState
ReadFile
RemoveDirectoryA
MultiByteToWideChar
EnumSystemLocalesW
SetStdHandle
ReadConsoleW
SetEnvironmentVariableW
FindFirstFileExW
IsValidCodePage
GetACP
GetOEMCP
GetEnvironmentStringsW
FreeEnvironmentStringsW
LCMapStringW
CompareStringW
GetTimeFormatW
GetDateFormatW
FlushFileBuffers
GetFileSizeEx
GetConsoleMode
GetConsoleOutputCP
GetCommandLineW
GetCommandLineA
GetStdHandle
GetModuleFileNameW
ExitProcess
HeapReAlloc
HeapSize
WriteConsoleW
CreateIoCompletionPort
InitializeSListHead
GetTimeZoneInformation
GetModuleHandleExW
InitializeCriticalSectionAndSpinCount
SetEvent
ResetEvent
WaitForSingleObjectEx
CreateEventW
GetModuleHandleW
GetProcAddress
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
IsProcessorFeaturePresent
IsDebuggerPresent
GetStartupInfoW
GetCurrentProcessId
GetSystemTimeAsFileTime
RtlUnwind
FormatMessageA
WideCharToMultiByte
EncodePointer
LCMapStringEx
GetLocaleInfoEx
GetStringTypeW
CompareStringEx
GetCPInfo
GetCurrentDirectoryW
CreateFileW
DeleteFileW
FindFirstFileW
FindNextFileW
GetFileInformationByHandle
GetFullPathNameW
SetFilePointerEx
SetLastError
GetModuleHandleA
AreFileApisANSI
OutputDebugStringW
RtlUnwindEx
RtlPcToFileHeader
FreeLibrary
LoadLibraryExW
GetDriveTypeW
GetFileType
PeekNamedPipe
SystemTimeToTzSpecificLocalTime
FileTimeToSystemTime

advapi32

RegDeleteKeyW
GetUserNameW

Sections

.text
Size: 520KB - Virtual size: 519KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 127KB - Virtual size: 127KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 13KB - Virtual size: 21KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 23KB - Virtual size: 22KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

_RDATA
Size: 512B - Virtual size: 244B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 512B - Virtual size: 488B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

c6d36b8d0400645a6d40019696fd0ee0

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

advapi32

Sections

.text Size: 520KB - Virtual size: 519KB

.rdata Size: 127KB - Virtual size: 127KB

.data Size: 13KB - Virtual size: 21KB

.pdata Size: 23KB - Virtual size: 22KB

_RDATA Size: 512B - Virtual size: 244B

.rsrc Size: 512B - Virtual size: 488B

.reloc Size: 4KB - Virtual size: 4KB

.text
Size: 520KB - Virtual size: 519KB

.rdata
Size: 127KB - Virtual size: 127KB

.data
Size: 13KB - Virtual size: 21KB

.pdata
Size: 23KB - Virtual size: 22KB

_RDATA
Size: 512B - Virtual size: 244B

.rsrc
Size: 512B - Virtual size: 488B

.reloc
Size: 4KB - Virtual size: 4KB