4e0858f1dfd8fc17826b6b6c7ccb1f1255ce19eabf38ce3faf7585130fcffe9c

Sharing

Copy URL

Twitter E-mail

General

Target

4e0858f1dfd8fc17826b6b6c7ccb1f1255ce19eabf38ce3faf7585130fcffe9c
Size

452KB
MD5

ee1cdae5e209e46ef9e48f063e02980e
SHA1

f0886e73d4bdcca2ee587a2d5e22ed81b00b1651
SHA256

4e0858f1dfd8fc17826b6b6c7ccb1f1255ce19eabf38ce3faf7585130fcffe9c
SHA512

0849bd67529ccf0b9b810dd36f541b97cae66b8655bb97a3debf547d18466344608cb7d7bbd7e13806d349e06697bb9b6d841f81488d2ae724c91e7a5c986eba
SSDEEP

1536:joGGmQQO3AVNEzzP7P7cINEnchdyXBPA+3:P3032ezRenchan3

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
4e0858f1dfd8fc17826b6b6c7ccb1f1255ce19eabf38ce3faf7585130fcffe9c

Files

4e0858f1dfd8fc17826b6b6c7ccb1f1255ce19eabf38ce3faf7585130fcffe9c
.exe windows:6 windows x64 arch:x64

ee26418c484eee0205ad5832dd8e4e61

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

D:\develope\ScreencastV6A\x64\Release\GIFPlayer.pdb

Imports

kernel32

GetLastError
GetProcAddress
IsDebuggerPresent
CreateEventW
CloseHandle
GetLocalTime
WriteFile
DeleteFileW
VerifyVersionInfoW
VerSetConditionMask
MapViewOfFileEx
SetFilePointerEx
ReadFile
CreateFileW
GetFileSizeEx
InitializeCriticalSectionEx
DeleteCriticalSection
RaiseException
InitializeCriticalSectionAndSpinCount
GetModuleHandleW
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
IsProcessorFeaturePresent
GetStartupInfoW
QueryPerformanceCounter
OutputDebugStringW
GetCurrentProcessId
GetCurrentThreadId
GetSystemTimeAsFileTime
InitializeSListHead
GetSystemInfo
VirtualProtect
VirtualQuery
LoadLibraryExA
FreeLibrary

user32

SetLayeredWindowAttributes
DestroyWindow
LoadCursorW
SetForegroundWindow
EndPaint
BeginPaint
DispatchMessageW
GetMessageW
SetTimer
CreateWindowExW
AllowSetForegroundWindow
MessageBoxW
SetProcessDPIAware
RegisterClassExW
DefWindowProcW
PostQuitMessage
PostMessageW
PeekMessageW
wvsprintfA
MonitorFromWindow
GetAncestor
GetClientRect

ole32

CoInitializeEx

msvcp140

?_Xlength_error@std@@YAXPEBD@Z

gdiplus

GdipGetPropertyItemSize
GdipImageGetFrameCount
GdipImageGetFrameDimensionsCount
GdipGetImageHeight
GdipGetImageWidth
GdipCreateBitmapFromFile
GdipCreateBitmapFromStream
GdipImageSelectActiveFrame
GdipBitmapUnlockBits
GdipBitmapLockBits
GdipSaveImageToFile
GdiplusStartup
GdipGetImageEncoders
GdipGetImageEncodersSize
GdipDisposeImage
GdipCloneImage
GdipAlloc
GdipFree
GdipGetPropertyItem

vcruntime140_1

__CxxFrameHandler4

vcruntime140

memcpy
__std_exception_copy
__std_exception_destroy
memmove
memset
__C_specific_handler
__current_exception
__current_exception_context
_CxxThrowException

api-ms-win-crt-heap-l1-1-0

free
calloc
_set_new_mode
malloc

api-ms-win-crt-runtime-l1-1-0

_initialize_onexit_table
_register_onexit_function
_crt_atexit
_cexit
terminate
_invalid_parameter_noinfo_noreturn
_set_app_type
exit
_configure_wide_argv
_initialize_wide_environment
_get_wide_winmain_command_line
_initterm
_initterm_e
_exit
_c_exit
_register_thread_local_exe_atexit_callback
__p___argc
_seh_filter_exe
__p___wargv

api-ms-win-crt-stdio-l1-1-0

__p__commode
__stdio_common_vsprintf
_set_fmode
__stdio_common_vswprintf

api-ms-win-crt-locale-l1-1-0

setlocale
_configthreadlocale

api-ms-win-crt-convert-l1-1-0

_wtoi64

api-ms-win-crt-math-l1-1-0

__setusermatherr

Sections

.text
Size: 21KB - Virtual size: 20KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 18KB - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 38KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 409KB - Virtual size: 409KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 256B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

ee26418c484eee0205ad5832dd8e4e61

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

user32

ole32

msvcp140

gdiplus

vcruntime140_1

vcruntime140

api-ms-win-crt-heap-l1-1-0

api-ms-win-crt-runtime-l1-1-0

api-ms-win-crt-stdio-l1-1-0

api-ms-win-crt-locale-l1-1-0

api-ms-win-crt-convert-l1-1-0

api-ms-win-crt-math-l1-1-0

Sections

.text Size: 21KB - Virtual size: 20KB

.rdata Size: 18KB - Virtual size: 17KB

.data Size: 1024B - Virtual size: 38KB

.pdata Size: 1KB - Virtual size: 1KB

.rsrc Size: 409KB - Virtual size: 409KB

.reloc Size: 512B - Virtual size: 256B

.text
Size: 21KB - Virtual size: 20KB

.rdata
Size: 18KB - Virtual size: 17KB

.data
Size: 1024B - Virtual size: 38KB

.pdata
Size: 1KB - Virtual size: 1KB

.rsrc
Size: 409KB - Virtual size: 409KB

.reloc
Size: 512B - Virtual size: 256B