838c015165852e5fc1a33cbeacb7bb59422feb7d98a9f7596aa8e298f8d7fe8c

Sharing

Copy URL Twitter E-mail

General

Target

838c015165852e5fc1a33cbeacb7bb59422feb7d98a9f7596aa8e298f8d7fe8c
Size

4.9MB
MD5

47ddfceb6e94f2a7b19785ca425fd41e
SHA1

c608c3b32ed2f4d47e87b4a2c8f8593b0c541156
SHA256

838c015165852e5fc1a33cbeacb7bb59422feb7d98a9f7596aa8e298f8d7fe8c
SHA512

83d5a2b7c95ab382adfac0ad0bf423c659973ea4c25e989482bceed6d68728c8b70faf185985772f70e34032ef2ebfea3b6d1b52d645ab329514760fe4f0e84a
SSDEEP

98304:iveHLe1+zUj8Yk8z7jVnpLJVQevHkc+fnS4dtuB4bys4J8iW0KJkl9:ivCojQ8z7h1J3/faSqtzus4zoe9

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
838c015165852e5fc1a33cbeacb7bb59422feb7d98a9f7596aa8e298f8d7fe8c

Files

838c015165852e5fc1a33cbeacb7bb59422feb7d98a9f7596aa8e298f8d7fe8c
.exe windows:5 windows x86 arch:x86

b67dfc11d9ad06bfcd975e838502769b

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

D:\Jenkins\workspace\softsupport_pc\EProtect_win_EPStable\svn_dir\bin\EPStableData.pdb

Imports

kernel32

GetVersionExW
VirtualQuery
LocalAlloc
LocalFree
GetModuleFileNameW
GetProcessAffinityMask
SetProcessAffinityMask
SetThreadAffinityMask
Sleep
ExitProcess
FreeLibrary
LoadLibraryA
GetModuleHandleA
GetProcAddress

netapi32

NetUserGetInfo

shlwapi

StrCmpIW

setupapi

SetupDiGetDeviceInstanceIdW

version

VerQueryValueW

iphlpapi

GetIpAddrTable

ws2_32

gethostname

user32

wsprintfW
GetProcessWindowStation
GetProcessWindowStation
GetUserObjectInformationW

gdi32

GetDeviceCaps

advapi32

RegQueryValueExW

shell32

SHGetFolderPathW

ole32

CoCreateInstance

oleaut32

SysStringLen

wtsapi32

WTSSendMessageW

Sections

.text
Size: - Virtual size: 1.7MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: - Virtual size: 454KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 28KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.ep0
Size: - Virtual size: 2.3MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.ep1
Size: 4.9MB - Virtual size: 4.9MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.reloc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1024B - Virtual size: 869B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

b67dfc11d9ad06bfcd975e838502769b

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

netapi32

shlwapi

setupapi

version

iphlpapi

ws2_32

user32

gdi32

advapi32

shell32

ole32

oleaut32

wtsapi32

Sections

.text Size: - Virtual size: 1.7MB

.rdata Size: - Virtual size: 454KB

.data Size: - Virtual size: 28KB

.ep0 Size: - Virtual size: 2.3MB

.ep1 Size: 4.9MB - Virtual size: 4.9MB

.reloc Size: 1KB - Virtual size: 1KB

.rsrc Size: 1024B - Virtual size: 869B

.text
Size: - Virtual size: 1.7MB

.rdata
Size: - Virtual size: 454KB

.data
Size: - Virtual size: 28KB

.ep0
Size: - Virtual size: 2.3MB

.ep1
Size: 4.9MB - Virtual size: 4.9MB

.reloc
Size: 1KB - Virtual size: 1KB

.rsrc
Size: 1024B - Virtual size: 869B