a_1123_1[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

a_1123_1.exe
Size

330KB
MD5

3476eef737a91aa956782ff30923fba6
SHA1

deb2f4c3651be77277c9ca79b2fbb2a61ff03574
SHA256

3877d9675ca2cbe7e627a73820d8f0feb2e8fee83f6dee817c4799267030435a
SHA512

0ca62d11f9ff5427d370f1cba64f0524917b2bc3c297bfccd93399ab3e2ae9f779dd0552abdf4a897f6bb80250b9a8b0f51df97226e6ac16ccee35b865d7b867
SSDEEP

6144:ehK7YbpO7e+2maJL0LTXdhjs41cAOZntiyfYblroF:v0O7e+2mcLecrYyNF

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
a_1123_1.exe

Files

a_1123_1.exe
.exe windows:6 windows x86 arch:x86

61493b3334a78813767ad624489cb0fb

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

E:\repos\x86_driver_加載驅動\Release\a.pdb

Imports

shlwapi

PathIsDirectoryA

user32

wsprintfA
GetAsyncKeyState
GetWindowThreadProcessId

ntdll

RtlUnwind

kernel32

SetEndOfFile
SetStdHandle
SetEnvironmentVariableW
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetOEMCP
GetACP
IsValidCodePage
ReadConsoleW
FlushFileBuffers
SetFilePointerEx
GetFileSizeEx
GetConsoleMode
GetConsoleOutputCP
GetFileType
EnumSystemLocalesW
GetUserDefaultLCID
IsValidLocale
GetLocaleInfoW
LCMapStringW
CompareStringW
GetCommandLineW
GetCommandLineA
GetStdHandle
GetModuleFileNameW
FindNextFileW
FindFirstFileExW
FindClose
GetModuleHandleExW
ExitProcess
LoadLibraryExW
FreeLibrary
TlsFree
CreateFileW
WriteFile
CloseHandle
GetCurrentDirectoryA
CreateDirectoryA
ReadFile
DecodePointer
RaiseException
GetLastError
HeapDestroy
HeapAlloc
HeapReAlloc
HeapFree
HeapSize
GetProcessHeap
InitializeCriticalSectionEx
DeleteCriticalSection
Sleep
GetCurrentProcess
GetCurrentProcessId
TerminateProcess
OpenProcess
GetProcAddress
LoadResource
LockResource
SizeofResource
FindResourceA
WriteConsoleW
CopyFileA
MultiByteToWideChar
WideCharToMultiByte
EnterCriticalSection
LeaveCriticalSection
EncodePointer
LCMapStringEx
GetStringTypeW
GetCPInfo
InitializeCriticalSectionAndSpinCount
SetEvent
ResetEvent
WaitForSingleObjectEx
CreateEventW
GetModuleHandleW
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsProcessorFeaturePresent
IsDebuggerPresent
GetStartupInfoW
QueryPerformanceCounter
GetCurrentThreadId
GetSystemTimeAsFileTime
InitializeSListHead
OutputDebugStringW
TlsSetValue
TlsGetValue
TlsAlloc
SetLastError

shell32

ShellExecuteA

wininet

InternetOpenUrlA
InternetCloseHandle
InternetReadFile
HttpQueryInfoA
InternetOpenA

Sections

.text
Size: 158KB - Virtual size: 158KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 58KB - Virtual size: 58KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 27KB - Virtual size: 381.6MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 74KB - Virtual size: 74KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 10KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

61493b3334a78813767ad624489cb0fb

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

shlwapi

user32

ntdll

kernel32

shell32

wininet

Sections

.text Size: 158KB - Virtual size: 158KB

.rdata Size: 58KB - Virtual size: 58KB

.data Size: 27KB - Virtual size: 381.6MB

.rsrc Size: 74KB - Virtual size: 74KB

.reloc Size: 10KB - Virtual size: 10KB

.text
Size: 158KB - Virtual size: 158KB

.rdata
Size: 58KB - Virtual size: 58KB

.data
Size: 27KB - Virtual size: 381.6MB

.rsrc
Size: 74KB - Virtual size: 74KB

.reloc
Size: 10KB - Virtual size: 10KB