3e289aba52f41caca9165322e568b3a0c51956fc8e62a11ca35daa820f891156

Sharing

Copy URL Twitter E-mail

General

Target

3e289aba52f41caca9165322e568b3a0c51956fc8e62a11ca35daa820f891156
Size

146KB
MD5

76cd07ec94240250592f8ef1263d4f1e
SHA1

2289e28ab28700f66845c191d760b8079fb7fd5f
SHA256

3e289aba52f41caca9165322e568b3a0c51956fc8e62a11ca35daa820f891156
SHA512

54d8e4ece058907af8738a7faadbe904088568395dafe3e08241a5d0bacac02bf6272d0ae157a19fbb338cc52d633f1ca0f8976a251f58e26e3da5a24fa4c855
SSDEEP

3072:R/z/urV/3jSDoUtW3okoYszWrGrbGL+iZqxt5JGTipUrywUVFrftKjpUZDj:RbqV/Gk+zCbGnaipl1lKjpUZDj

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
3e289aba52f41caca9165322e568b3a0c51956fc8e62a11ca35daa820f891156

Files

3e289aba52f41caca9165322e568b3a0c51956fc8e62a11ca35daa820f891156
.dll windows:5 windows x86 arch:x86

f07f0a9c90d8d934090b0cd14c1d16fa

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

D:\Work\engine\bin\Release_Win32\ILL.pdb

Imports

msvcp140

?_Xlength_error@std@@YAXPBD@Z
?_Xbad_alloc@std@@YAXXZ

vcruntime140

memset
__std_type_info_destroy_list
_CxxThrowException
_except_handler4_common
__std_exception_copy
memmove
__std_terminate
__std_exception_destroy
__CxxFrameHandler3
memcpy

api-ms-win-crt-stdio-l1-1-0

__stdio_common_vfprintf
__acrt_iob_func
__stdio_common_vsscanf
fopen
_pipe
fread
ftell
fseek
fwrite
fclose
__stdio_common_vsprintf

api-ms-win-crt-string-l1-1-0

strncpy
strncmp

api-ms-win-crt-runtime-l1-1-0

_initialize_onexit_table
_register_onexit_function
_execute_onexit_table
_initialize_narrow_environment
_crt_at_quick_exit
_cexit
terminate
_invalid_parameter_noinfo_noreturn
_crt_atexit
_configure_narrow_argv
_seh_filter_dll
_initterm
exit
_initterm_e

api-ms-win-crt-math-l1-1-0

_fdopen

api-ms-win-crt-environment-l1-1-0

getenv

api-ms-win-crt-heap-l1-1-0

_callnewh
malloc
free

kernel32

GetModuleHandleW
SetUnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
IsProcessorFeaturePresent
QueryPerformanceCounter
GetCurrentProcessId
GetCurrentThreadId
GetSystemTimeAsFileTime
DisableThreadLibraryCalls
InitializeSListHead
IsDebuggerPresent
GetStartupInfoW
UnhandledExceptionFilter

Exports

Exports

??0Image@ILL@@QAE@XZ
??0SubImage@ILL@@QAE@XZ
??4Image@ILL@@QAEAAV01@$$QAV01@@Z
??4Image@ILL@@QAEAAV01@ABV01@@Z
??4SubImage@ILL@@QAEAAV01@$$QAV01@@Z
??4SubImage@ILL@@QAEAAV01@ABV01@@Z
?Free@Image@ILL@@QAEXXZ
?Free@SubImage@ILL@@QAEXXZ
?GetSubimageSize@Image@ILL@@QBEIH@Z
?LoadImageFromFile@ILL@@YAXAAVImage@1@ABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@_NI@Z
?LoadImageFromMemory@ILL@@YAXAAVImage@1@PBXI_NI@Z
?SaveImageToFile@ILL@@YAXABVImage@1@ABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@Z

Sections

.text
Size: 127KB - Virtual size: 127KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 9KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.gfids
Size: 512B - Virtual size: 76B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 512B - Virtual size: 480B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

f07f0a9c90d8d934090b0cd14c1d16fa

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

msvcp140

vcruntime140

api-ms-win-crt-stdio-l1-1-0

api-ms-win-crt-string-l1-1-0

api-ms-win-crt-runtime-l1-1-0

api-ms-win-crt-math-l1-1-0

api-ms-win-crt-environment-l1-1-0

api-ms-win-crt-heap-l1-1-0

kernel32

Exports

Exports

Sections

.text Size: 127KB - Virtual size: 127KB

.rdata Size: 9KB - Virtual size: 8KB

.data Size: 5KB - Virtual size: 5KB

.gfids Size: 512B - Virtual size: 76B

.rsrc Size: 512B - Virtual size: 480B

.reloc Size: 2KB - Virtual size: 2KB

.text
Size: 127KB - Virtual size: 127KB

.rdata
Size: 9KB - Virtual size: 8KB

.data
Size: 5KB - Virtual size: 5KB

.gfids
Size: 512B - Virtual size: 76B

.rsrc
Size: 512B - Virtual size: 480B

.reloc
Size: 2KB - Virtual size: 2KB