2430ffdc08bf0eb0306e7d1ddaa9170a9bb527b29ac66f69d8e4153e61b32446

Sharing

Copy URL Twitter E-mail

General

Target

2430ffdc08bf0eb0306e7d1ddaa9170a9bb527b29ac66f69d8e4153e61b32446
Size

64KB
MD5

fb80a5a3912590d35f3212278ecc5b2b
SHA1

b32f4d363214f246a4789e5693e51b10f9101159
SHA256

2430ffdc08bf0eb0306e7d1ddaa9170a9bb527b29ac66f69d8e4153e61b32446
SHA512

889ea2d3b64c63e8ecda58d3b773ea97b0c1e0947029fd56fedfd2fa067b2b06577a2864158eff84cb58f8617e590af1e44f7ed22612c9039ed078266a14e736
SSDEEP

768:7WDJf2zwlxgal76bbXJwCqZzrYG5sIUvJAjZ6xlGP29uZltnQBjbZn:zCrUIZzrQIUBW6xlGP20ab

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2430ffdc08bf0eb0306e7d1ddaa9170a9bb527b29ac66f69d8e4153e61b32446

Files

2430ffdc08bf0eb0306e7d1ddaa9170a9bb527b29ac66f69d8e4153e61b32446
.exe windows:5 windows x86 arch:x86

97a8aab1db5ed86be49bdc13542480fd

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

c:\Users\mgupta\mgupta_noi-ravike-win7_806\customer\rim\wtle\3.3.0\wtle\product\builds\win32\wtshapertest\debug\wtshapertest.pdb

Imports

wtshaperdb

TsTag_fromString
TsUniEnc_decodeUTF8
TsUniEnc_decodeUTF16
TsShaper_bidiReorder
TsDynamicArray_initex
TsShaper_bidiSetLevels
TsShaper_markBoundaries
TsShaper_bidiMirrorChars
TsShaper_shape
TsDynamicArray_done
TsDynamicArray_append
TsShaper_new
TsShaper_bidiInit
TsOtCache_new
TsResource_initPathPlus
TsThaiDict_new
TsResource_done
TsShaperFont_new
TsShaperText_new
TsShaperText_init
TsOtLayoutManager_new
TsShaperText_done
TsShaper_optionsSetBaseChar
TsDynamicArray_element
TsShaper_optionsSet
TsShaper_optionsSetLineBreakModel
TsShaper_optionsSetDefaultScript
TsShaper_optionsSetLanguage
TsShaperFont_delete
TsShaper_delete
TsOtLayoutManager_delete
TsShaperText_delete
TsOtCache_delete
TsThaiDict_delete
TsMemMgr_delete
TsMemMgr_new
TsOtLayoutManager_findOtLayout

itypedb

FSS_get_glyphmap
FSS_free_char
FSS_init
FSS_add_font
FSS_set_font
FSS_exit
FSS_set_cmap
FSS_set_scale
FS_set_flags
FSS_get_kerning
FSS_free_table
FSS_get_table
FSS_map_char
FSS_get_gpos_pts
FSS_get_gpos_scale
vardiv_asm
varmul_asm

msvcr90d

_except_handler4_common
_decode_pointer
_onexit
_lock
__dllonexit
_unlock
_invoke_watson
_controlfp_s
?terminate@@YAXXZ
_crt_debugger_hook
_initterm_e
_initterm
_CrtDbgReportW
_CrtSetCheckCount
__initenv
exit
_cexit
_XcptFilter
_exit
__getmainargs
_amsg_exit
__set_app_type
_encode_pointer
__p__fmode
__p__commode
_adjust_fdiv
__setusermatherr
_configthreadlocale
_wassert
clock
fflush
__iob_func
printf
fclose
fprintf
fopen
free
calloc
malloc
memset
strncpy
atoi
strcmp
strcat
strcpy
getenv
strlen
strncat
rewind
fgetc
ftell
fseek
fputc
strchr
_CRT_RTC_INITW

kernel32

FreeLibrary
VirtualQuery
GetModuleFileNameW
GetProcessHeap
HeapAlloc
HeapFree
GetSystemTimeAsFileTime
GetCurrentProcessId
GetCurrentThreadId
GetTickCount
QueryPerformanceCounter
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
LoadLibraryA
GetProcAddress
lstrlenA
MultiByteToWideChar
WideCharToMultiByte
DebugBreak
RaiseException
IsDebuggerPresent
InterlockedCompareExchange
Sleep
InterlockedExchange

Sections

.text
Size: 36KB - Virtual size: 35KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 9KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 692B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

97a8aab1db5ed86be49bdc13542480fd

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

wtshaperdb

itypedb

msvcr90d

kernel32

Sections

.text Size: 36KB - Virtual size: 35KB

.rdata Size: 9KB - Virtual size: 9KB

.data Size: 12KB - Virtual size: 13KB

.rsrc Size: 1024B - Virtual size: 692B

.reloc Size: 4KB - Virtual size: 3KB

.text
Size: 36KB - Virtual size: 35KB

.rdata
Size: 9KB - Virtual size: 9KB

.data
Size: 12KB - Virtual size: 13KB

.rsrc
Size: 1024B - Virtual size: 692B

.reloc
Size: 4KB - Virtual size: 3KB