058d67f476ac319642eea1aed05bc1c21775090f7f383f68c5d3c6397ebc1878

Sharing

Copy URL Twitter E-mail

General

Target

058d67f476ac319642eea1aed05bc1c21775090f7f383f68c5d3c6397ebc1878
Size

182KB
MD5

b126ed4b23c3acd4c59ad6ec2298c5d5
SHA1

6c0c09bfab64fe19067591b2b059ebceecb75684
SHA256

058d67f476ac319642eea1aed05bc1c21775090f7f383f68c5d3c6397ebc1878
SHA512

989b45332450e5b9c58f36f9fae98cf77f2313f0d9baf5e90905fa58abfdaba3cb12eda4b52935b9f167310d965ea95849e927d8973971930f9fca70a0588755
SSDEEP

3072:V3I9MRGJ87ALa7Jyy9SrFeSUXqVcMIv9LvzimxbnPdZOgWsn8:5I9MP7+yUESUXh1v/tPdZOgW

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
058d67f476ac319642eea1aed05bc1c21775090f7f383f68c5d3c6397ebc1878

Files

058d67f476ac319642eea1aed05bc1c21775090f7f383f68c5d3c6397ebc1878
.exe windows:5 windows x86 arch:x86

7ed96ce6c70bd115a67ee2777a918152

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

C:\Documents and Settings\jxr2\My Documents\Dev\FusionStorm\Nimbus\ProbeCfgMonitor\Windows\Win32\trunk\Release\ProbeCfgMonitor.pdb

Imports

rpcrt4

UuidToStringA
RpcStringFreeA

mfc90

ord3620
ord1607
ord945
ord6152
ord1252
ord1166
ord662
ord941
ord2084
ord6493
ord1062
ord757
ord553
ord817
ord6707
ord571
ord582
ord783
ord3491
ord300
ord316
ord1254
ord306
ord899
ord601
ord310
ord404
ord663
ord820
ord5926
ord2950
ord2948
ord3525
ord400
ord5520
ord2698
ord3179
ord5753
ord1555
ord3213
ord305
ord1611
ord6793
ord265
ord2539
ord5997
ord5963
ord1603
ord314
ord398
ord798
ord800

msvcr90

strerror
_errno
memset
sprintf
isalnum
isdigit
strncpy
memcpy
_stat32
getenv
tolower
strchr
printf
_ctime32
_fstat32
fopen
rename
fclose
strrchr
__iob_func
fflush
vfprintf
strstr
fputs
vsprintf
isprint
fprintf
strtok
atol
atof
memmove
realloc
strncat
_time32
rand
srand
fread
feof
clock
_localtime32
_mktime32
isspace
ferror
fgets
islower
isupper
_unlock
__dllonexit
_encode_pointer
_lock
_onexit
_decode_pointer
_amsg_exit
__getmainargs
_cexit
_exit
_XcptFilter
__initenv
_initterm
_CxxThrowException
_configthreadlocale
__setusermatherr
_adjust_fdiv
__p__commode
__p__fmode
__set_app_type
?terminate@@YAXXZ
_crt_debugger_hook
?_type_info_dtor_internal_method@type_info@@QAEXXZ
_except_handler4_common
_invoke_watson
_controlfp_s
??0exception@std@@QAE@XZ
_localtime64_s
strftime
_time64
_invalid_parameter_noinfo
??0exception@std@@QAE@ABQBD@Z
??1exception@std@@UAE@XZ
?what@exception@std@@UBEPBDXZ
??0exception@std@@QAE@ABV01@@Z
remove
exit
_mbsrchr
malloc
_mbstok
_purecall
_beginthreadex
_strdup
free
strncmp
_putenv
_unlink
_fileno
_getpid
__CxxFrameHandler3
atoi
_initterm_e

kernel32

CreateIoCompletionPort
CreateFileA
SetLastError
DeleteCriticalSection
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSection
GetFileAttributesA
GetLastError
GetCurrentProcess
ResetEvent
FreeLibrary
GetProcAddress
PostQueuedCompletionStatus
CreateEventA
InterlockedDecrement
InterlockedIncrement
SetEvent
CloseHandle
WaitForSingleObject
ReadDirectoryChangesW
GetCurrentThread
SetThreadPriority
Sleep
CreateDirectoryA
GetCurrentDirectoryA
TerminateThread
GetQueuedCompletionStatus
LoadLibraryA
GetThreadPriority
GetSystemTimeAsFileTime
GetCurrentProcessId
GetTickCount
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
TerminateProcess
InterlockedCompareExchange
InterlockedExchange
QueryPerformanceFrequency
QueryPerformanceCounter
FormatMessageA
lstrlenA
LocalFree
GetCurrentThreadId
GetLocalTime
CreateMutexA
ReleaseMutex
WaitForMultipleObjects
SetConsoleCtrlHandler

user32

TranslateMessage
PeekMessageA
MsgWaitForMultipleObjects
MessageBeep
GetMessageA
PostMessageA
PostThreadMessageA
DispatchMessageA

advapi32

OpenProcessToken
AdjustTokenPrivileges
LookupPrivilegeValueA

ole32

CoCreateGuid

msvcp90

??$?HDU?$char_traits@D@std@@V?$allocator@D@1@@std@@YA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@ABV10@0@Z
??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@@Z
?npos@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@2IB
?find_last_of@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIPBDI@Z
?compare@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEHPBD@Z
??4?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@ABV01@@Z
??Y?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@PBD@Z
?substr@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBE?AV12@II@Z
?rfind@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIPBDII@Z
??$?MDU?$char_traits@D@std@@V?$allocator@D@1@@std@@YA_NABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@0@Z
??$?HDU?$char_traits@D@std@@V?$allocator@D@1@@std@@YA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@ABV10@PBD@Z
??A?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAADI@Z
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ
??4?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@PBD@Z
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBD@Z

ws2_32

send
sendto
recvfrom
recv
getsockname
closesocket
gethostname
WSAEnumNetworkEvents
WSAGetLastError
inet_ntoa
ntohs
inet_addr
connect
gethostbyname
htons
bind
socket
WSAIoctl
listen
setsockopt
WSACleanup
shutdown
WSAStartup
accept
WSAEventSelect

Sections

.text
Size: 133KB - Virtual size: 132KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 20KB - Virtual size: 19KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 16KB - Virtual size: 21KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 11KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

7ed96ce6c70bd115a67ee2777a918152

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

rpcrt4

mfc90

msvcr90

kernel32

user32

advapi32

ole32

msvcp90

ws2_32

Sections

.text Size: 133KB - Virtual size: 132KB

.rdata Size: 20KB - Virtual size: 19KB

.data Size: 16KB - Virtual size: 21KB

.reloc Size: 11KB - Virtual size: 11KB

.text
Size: 133KB - Virtual size: 132KB

.rdata
Size: 20KB - Virtual size: 19KB

.data
Size: 16KB - Virtual size: 21KB

.reloc
Size: 11KB - Virtual size: 11KB