D:\J\WS\workspace\VS_4\build\bin\CoreChecker.pdb
Static task
static1
1 signatures
Behavioral task
behavioral1
Sample
71eb8a49ba1124e1df361780e12a252e541a7a34658f758c21085ea44a181e48.exe
Resource
win7-20240508-en
windows7-x64
0 signatures
150 seconds
Behavioral task
behavioral2
Sample
71eb8a49ba1124e1df361780e12a252e541a7a34658f758c21085ea44a181e48.exe
Resource
win10v2004-20240508-en
windows10-2004-x64
0 signatures
150 seconds
General
-
Target
71eb8a49ba1124e1df361780e12a252e541a7a34658f758c21085ea44a181e48
-
Size
249KB
-
MD5
ec2d21052956686bc7079b3d5daa8429
-
SHA1
221b2eea7b3e9629621c8649c4d0862d4b2c2328
-
SHA256
71eb8a49ba1124e1df361780e12a252e541a7a34658f758c21085ea44a181e48
-
SHA512
964dd3d8431c0e10f9548c1b9fb020092893ba4db22da44455994ffcc18902519a863556d9069b8dfac54105ae95fd0e7636bf8efe155c7ddf8f625801e2a68a
-
SSDEEP
6144:mIW2XKqI1J6xf/TwhiAT6ofukv5qUvXRLHsrRMubU:4qI1J6xf/TwhiGJLl
Score
3/10
Malware Config
Signatures
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
resource 71eb8a49ba1124e1df361780e12a252e541a7a34658f758c21085ea44a181e48
Files
-
71eb8a49ba1124e1df361780e12a252e541a7a34658f758c21085ea44a181e48.exe windows:6 windows x86 arch:x86
d27383f73c97c9cd99237ebccaf8f5e6
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE
PDB Paths
Imports
corecheckerlauncher
??0BrokenCodecs@Utils@Core@Movavi@@QAE@ABV?$map@V?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@V?$vector@V?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@V?$allocator@V?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@2@@2@U?$less@V?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@2@V?$allocator@U?$pair@$$CBV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@V?$vector@V?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@V?$allocator@V?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@2@@2@@std@@@2@@std@@@Z
??1BrokenCodecs@Utils@Core@Movavi@@QAE@XZ
??0BrokenCodecs@Utils@Core@Movavi@@QAE@ABU0123@@Z
??4BrokenCodecs@Utils@Core@Movavi@@QAEAAU0123@$$QAU0123@@Z
??BBrokenPlugins@Utils@Core@Movavi@@QAEAAV?$vector@V?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@V?$allocator@V?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@2@@std@@XZ
??BBrokenPlugins@Utils@Core@Movavi@@QBE?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@XZ
??0BrokenPlugins@Utils@Core@Movavi@@QAE@XZ
??0BrokenPlugins@Utils@Core@Movavi@@QAE@ABV?$vector@V?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@V?$allocator@V?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@2@@std@@@Z
??1BrokenPlugins@Utils@Core@Movavi@@QAE@XZ
??0BrokenPlugins@Utils@Core@Movavi@@QAE@ABU0123@@Z
??4BrokenPlugins@Utils@Core@Movavi@@QAEAAU0123@$$QAU0123@@Z
??AStatisticInfo@Utils@Core@Movavi@@QAEAAV?$map@V?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@V12@U?$less@V?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@2@V?$allocator@U?$pair@$$CBV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@V12@@std@@@2@@std@@PBD@Z
??0BrokenCodecs@Utils@Core@Movavi@@QAE@XZ
??BStatisticInfo@Utils@Core@Movavi@@QBE?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@XZ
?Add@StatisticInfo@Utils@Core@Movavi@@QAEXABU1234@@Z
??0StatisticInfo@Utils@Core@Movavi@@QAE@XZ
??1StatisticInfo@Utils@Core@Movavi@@QAE@XZ
??0StatisticInfo@Utils@Core@Movavi@@QAE@$$QAU0123@@Z
??4StatisticInfo@Utils@Core@Movavi@@QAEAAU0123@$$QAU0123@@Z
??8CheckType@Utils@Core@Movavi@@QBE_NU0123@@Z
??0CheckType@Utils@Core@Movavi@@QAE@XZ
??0CheckType@Utils@Core@Movavi@@QAE@ABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@Z
??0CheckType@Utils@Core@Movavi@@QAE@W4Type@0123@@Z
?FromHex@Utils@Core@Movavi@@YA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@ABV45@@Z
??0BrokenCodecs@Utils@Core@Movavi@@QAE@ABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@Z
??BBrokenCodecs@Utils@Core@Movavi@@QBE_NXZ
??BBrokenCodecs@Utils@Core@Movavi@@QBE?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@XZ
??AStatisticInfo@Utils@Core@Movavi@@QAEAAV?$map@V?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@V12@U?$less@V?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@2@V?$allocator@U?$pair@$$CBV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@V12@@std@@@2@@std@@ABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@5@@Z
plugincheckfuncs
?GetFFPlugin@Utils@Core@Movavi@@YA?AV?$vector@V?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@V?$allocator@V?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@2@@std@@XZ
?GetErrorPlugin@Utils@Core@Movavi@@YA?AV?$vector@V?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@V?$allocator@V?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@2@@std@@XZ
?CheckPlugins@Utils@Core@Movavi@@YA?AV?$vector@V?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@V?$allocator@V?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@2@@std@@XZ
?GetDefaultCheckPlugin@Utils@Core@Movavi@@YA?AV?$vector@V?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@V?$allocator@V?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@2@@std@@XZ
codeccheckfuncs
?GetDefaultCheckCodecs@Utils@Core@Movavi@@YA?AV?$map@V?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@V?$vector@V?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@V?$allocator@V?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@2@@2@U?$less@V?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@2@V?$allocator@U?$pair@$$CBV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@V?$vector@V?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@V?$allocator@V?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@2@@2@@std@@@2@@std@@XZ
?SetBrokenCodecs@Utils@Core@Movavi@@YAXV?$map@V?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@V?$vector@V?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@V?$allocator@V?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@2@@2@U?$less@V?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@2@V?$allocator@U?$pair@$$CBV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@V?$vector@V?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@V?$allocator@V?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@2@@2@@std@@@2@@std@@@Z
?CheckCodec@Utils@Core@Movavi@@YA?AV?$map@V?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@V?$vector@V?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@V?$allocator@V?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@2@@2@U?$less@V?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@2@V?$allocator@U?$pair@$$CBV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@V?$vector@V?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@V?$allocator@V?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@2@@2@@std@@@2@@std@@ABV?$vector@V?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@V?$allocator@V?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@2@@5@@Z
glog
??0LogMessage@google@@QAE@PBDH@Z
??0LogMessage@google@@QAE@PBDHH@Z
??1LogMessage@google@@QAE@XZ
?stream@LogMessage@google@@QAEAAV?$basic_ostream@DU?$char_traits@D@std@@@std@@XZ
coremanager
?IsInitialized@CoreManager@Core@Movavi@@QBE_NXZ
?WaitUntilInitialized@CoreManager@Core@Movavi@@QAEXXZ
?Instance@CoreManager@Core@Movavi@@SAAAV123@XZ
?Uninitialize@CoreManager@Core@Movavi@@QAEXXZ
?Initialize@CoreManager@Core@Movavi@@QAEXV?$function@$$A6AXXZ@std@@ABV?$map@V?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@V?$map@V?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@V?$vector@V?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@V?$allocator@V?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@2@@2@U?$less@V?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@2@V?$allocator@U?$pair@$$CBV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@V?$vector@V?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@V?$allocator@V?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@2@@2@@std@@@2@@2@U?$less@V?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@2@V?$allocator@U?$pair@$$CBV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@V?$map@V?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@V?$vector@V?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@V?$allocator@V?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@2@@2@U?$less@V?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@2@V?$allocator@U?$pair@$$CBV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@V?$vector@V?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@V?$allocator@V?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@2@@2@@std@@@2@@2@@std@@@2@@5@ABV?$intrusive_ptr@VICoreTracker@Proc@Movavi@@@boost@@ABV?$intrusive_ptr@VIPatentActivator@Proc@Movavi@@@8@@Z
fndos
?EntryWrapperWchar@Core@Movavi@@YAHHQAPA_WV?$function@$$A6AHHPAPAD@Z@std@@@Z
utils
?RemoveFormatType@Utils@Core@Movavi@@YA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@ABV45@W4FormatType@123@@Z
?SetModuleOption@Utils@Core@Movavi@@YAXAAV?$map@V?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@V?$map@V?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@V?$vector@V?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@V?$allocator@V?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@2@@2@U?$less@V?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@2@V?$allocator@U?$pair@$$CBV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@V?$vector@V?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@V?$allocator@V?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@2@@2@@std@@@2@@2@U?$less@V?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@2@V?$allocator@U?$pair@$$CBV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@V?$map@V?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@V?$vector@V?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@V?$allocator@V?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@2@@2@U?$less@V?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@2@V?$allocator@U?$pair@$$CBV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@V?$vector@V?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@V?$allocator@V?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@2@@2@@std@@@2@@2@@std@@@2@@std@@ABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@5@1ABV?$vector@V?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@V?$allocator@V?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@2@@5@@Z
?Start@WatchDog@Utils@Core@Movavi@@QAEXXZ
??0WatchDog@Utils@Core@Movavi@@QAE@IV?$function@$$A6AXXZ@std@@@Z
??1WatchDog@Utils@Core@Movavi@@UAE@XZ
coreintext
?OPT_DISABLED_PLUGINS@CoreManagerOptions@Core@Movavi@@3V?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@B
?MODULE_PLUGIN_LOADER@CoreManagerOptions@Core@Movavi@@3V?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@B
fndpointer
?intrusive_ptr_release@Movavi@@YAXPBVIRefCountable@1@@Z
?intrusive_ptr_add_ref@Movavi@@YAXPBVIRefCountable@1@@Z
msvcp140
?_Xout_of_range@std@@YAXPBD@Z
_Mbrtowc
?_Getcvt@_Locinfo@std@@QBE?AU_Cvtvec@@XZ
?_W_Getdays@_Locinfo@std@@QBEPBGXZ
?_W_Getmonths@_Locinfo@std@@QBEPBGXZ
??0?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAE@XZ
??1?$basic_streambuf@DU?$char_traits@D@std@@@std@@UAE@XZ
?sputc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAEHD@Z
?sputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAE_JPBD_J@Z
?_Pninc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAEPADXZ
??1?$basic_ios@DU?$char_traits@D@std@@@std@@UAE@XZ
?setstate@?$basic_ios@DU?$char_traits@D@std@@@std@@QAEXH_N@Z
??0?$basic_ios@DU?$char_traits@D@std@@@std@@IAE@XZ
??0?$basic_ostream@DU?$char_traits@D@std@@@std@@QAE@PAV?$basic_streambuf@DU?$char_traits@D@std@@@1@_N@Z
??1?$basic_ostream@DU?$char_traits@D@std@@@std@@UAE@XZ
?_Osfx@?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEXXZ
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@P6AAAVios_base@1@AAV21@@Z@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@H@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@I@Z
?flush@?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV12@XZ
?setw@std@@YA?AU?$_Smanip@_J@1@_J@Z
?_Xlength_error@std@@YAXPBD@Z
?_Unlock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@UAEXXZ
?imbue@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAEXABVlocale@2@@Z
?setbuf@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAEPAV12@PAD_J@Z
?showmanyc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAE_JXZ
?sync@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAEHXZ
?uflow@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAEHXZ
?xsgetn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAE_JPAD_J@Z
?xsputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAE_JPBD_J@Z
?cout@std@@3V?$basic_ostream@DU?$char_traits@D@std@@@1@A
?uncaught_exception@std@@YA_NXZ
?__ExceptionPtrCreate@@YAXPAX@Z
?__ExceptionPtrDestroy@@YAXPAX@Z
?__ExceptionPtrCopy@@YAXPAXPBX@Z
?__ExceptionPtrCurrentException@@YAXPAX@Z
?__ExceptionPtrRethrow@@YAXPBX@Z
?_Xbad_alloc@std@@YAXXZ
?_Lock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@UAEXXZ
vcruntime140
__std_type_info_destroy_list
__current_exception_context
__current_exception
_except_handler4_common
__CxxFrameHandler3
_purecall
__std_type_info_name
__RTtypeid
__std_terminate
__std_exception_copy
__std_exception_destroy
__std_type_info_compare
memset
__RTDynamicCast
memcpy
_CxxThrowException
memmove
api-ms-win-crt-runtime-l1-1-0
_register_onexit_function
_execute_onexit_table
_crt_atexit
_initialize_onexit_table
_controlfp_s
_cexit
__p___wargv
terminate
_crt_at_quick_exit
__p___argc
_configure_narrow_argv
_exit
_initterm_e
_initterm
_get_initial_wide_environment
_initialize_wide_environment
_initialize_narrow_environment
_set_app_type
_seh_filter_exe
abort
exit
_c_exit
_invalid_parameter_noinfo_noreturn
_seh_filter_dll
_register_thread_local_exe_atexit_callback
_configure_wide_argv
api-ms-win-crt-heap-l1-1-0
_set_new_mode
calloc
free
_callnewh
malloc
api-ms-win-crt-math-l1-1-0
__setusermatherr
api-ms-win-crt-stdio-l1-1-0
__p__commode
_set_fmode
api-ms-win-crt-locale-l1-1-0
_configthreadlocale
kernel32
GetCurrentProcessId
GetCurrentThreadId
GetSystemTimeAsFileTime
IsDebuggerPresent
QueryPerformanceCounter
InitializeSListHead
GetProcAddress
GetModuleHandleW
CreateEventW
WaitForSingleObjectEx
UnhandledExceptionFilter
TerminateProcess
GetCurrentProcess
IsProcessorFeaturePresent
SetUnhandledExceptionFilter
GetStartupInfoW
ResetEvent
SetEvent
DeleteCriticalSection
InitializeCriticalSectionAndSpinCount
LeaveCriticalSection
EnterCriticalSection
CloseHandle
Sections
.text Size: 161KB - Virtual size: 161KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 57KB - Virtual size: 56KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 15KB - Virtual size: 15KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rsrc Size: 512B - Virtual size: 436B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 14KB - Virtual size: 14KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ