9a35a06c45b061168a67b6c7f416e95e96d6b5075750e7def10233a92c3bb15f

Sharing

Copy URL Twitter E-mail

General

Target

9a35a06c45b061168a67b6c7f416e95e96d6b5075750e7def10233a92c3bb15f
Size

1.4MB
MD5

17d3b57b2e5e831d2d2b9894b6f69ba4
SHA1

c16a6181c1e938beddf761ae28800f66fa303a0f
SHA256

9a35a06c45b061168a67b6c7f416e95e96d6b5075750e7def10233a92c3bb15f
SHA512

7c73faba5f49b8dbcdd33ab710e7a6bd3178128228d6ddd39bafe27fa99ebcaafcc1db18280fe3453e16565e518c690ca4b175a6bba02b91ba600a63cc68a511
SSDEEP

12288:YgJB7fUKOW4admlbXc3ajG+hjQKymY8efKCpD7Gj9G6G1qT8nQkCu83L3Wl/np9L:YiIW4EqbsqjnhMgeiCl7G0nehbGZpbD

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
9a35a06c45b061168a67b6c7f416e95e96d6b5075750e7def10233a92c3bb15f

Files

9a35a06c45b061168a67b6c7f416e95e96d6b5075750e7def10233a92c3bb15f
.exe windows:6 windows x64 arch:x64

1b9ba3103b8b1ccc17c3fe62facfe8e3

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

c:\jenkins\workspace\build_jobs\pisces\bin\x64\Release\FsPisces.pdb

Imports

kernel32

CloseThreadpoolCleanupGroup
CloseThreadpoolCleanupGroupMembers
SetThreadpoolThreadMaximum
CreateThreadpoolCleanupGroup
RaiseException
TerminateProcess
CreateFileW
FlushFileBuffers
SetUnhandledExceptionFilter
SetErrorMode
WaitForSingleObject
Sleep
CreateThread
GetCurrentThreadId
GetModuleHandleW
LoadLibraryExW
RegisterApplicationRecoveryCallback
ApplicationRecoveryInProgress
ApplicationRecoveryFinished
CreateDirectoryW
DeleteFileW
FindClose
FindFirstFileW
FindNextFileW
GetFileAttributesW
SetThreadpoolThreadMinimum
GetModuleFileNameW
MoveFileExW
MultiByteToWideChar
WideCharToMultiByte
OutputDebugStringA
SetLastError
ProcessIdToSessionId
GetSystemTime
GetLocalTime
GetTimeZoneInformation
GetFileInformationByHandle
SetFilePointerEx
ReleaseMutex
GetTickCount64
HeapAlloc
HeapFree
GetProcessHeap
CreateMutexW
OpenMutexW
LocalFree
WriteConsoleW
CreateThreadpool
CloseThreadpool
GetCurrentProcessId
DeleteCriticalSection
InitializeCriticalSection
GetCommandLineW
CreateThreadpoolWork
FreeLibrary
GetProcAddress
SubmitThreadpoolWork
GetOverlappedResult
LoadLibraryW
CreateEventW
LeaveCriticalSection
WaitForMultipleObjects
GetCurrentProcess
WriteFile
EnterCriticalSection
CloseThreadpoolWork
ReadFile
CloseHandle
GetLastError
ExpandEnvironmentStringsW
RemoveDirectoryW
ReleaseSRWLockExclusive
AcquireSRWLockExclusive
TryAcquireSRWLockExclusive
QueryPerformanceCounter
WakeAllConditionVariable
SleepConditionVariableSRW
InitializeCriticalSectionEx
GetSystemTimeAsFileTime
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
UnhandledExceptionFilter
IsProcessorFeaturePresent
IsDebuggerPresent
GetStartupInfoW
InitializeSListHead
RtlUnwindEx
RtlPcToFileHeader
EncodePointer
InitializeCriticalSectionAndSpinCount
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
SetConsoleCtrlHandler
GetModuleHandleExW
ExitProcess
GetStdHandle
GetFileType
FlsAlloc
FlsGetValue
FlsSetValue
FlsFree
LCMapStringW
FindFirstFileExW
IsValidCodePage
GetACP
GetOEMCP
GetCPInfo
GetCommandLineA
GetEnvironmentStringsW
FreeEnvironmentStringsW
SetStdHandle
GetStringTypeW
GetConsoleOutputCP
GetConsoleMode
HeapSize
HeapReAlloc

advapi32

GetSidSubAuthorityCount
GetSidSubAuthority
FreeSid
CheckTokenMembership
AllocateAndInitializeSid
ConvertStringSecurityDescriptorToSecurityDescriptorA
ConvertSidToStringSidW
RegQueryValueExW
RegOpenKeyExW
RegCloseKey
OpenProcessToken
GetTokenInformation

Sections

.text
Size: 157KB - Virtual size: 157KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 65KB - Virtual size: 64KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 9KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

_RDATA
Size: 512B - Virtual size: 500B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1.2MB - Virtual size: 1.8MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

1b9ba3103b8b1ccc17c3fe62facfe8e3

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

advapi32

Sections

.text Size: 157KB - Virtual size: 157KB

.rdata Size: 65KB - Virtual size: 64KB

.data Size: 4KB - Virtual size: 10KB

.pdata Size: 9KB - Virtual size: 8KB

_RDATA Size: 512B - Virtual size: 500B

.rsrc Size: 2KB - Virtual size: 2KB

.reloc Size: 1.2MB - Virtual size: 1.8MB

.text
Size: 157KB - Virtual size: 157KB

.rdata
Size: 65KB - Virtual size: 64KB

.data
Size: 4KB - Virtual size: 10KB

.pdata
Size: 9KB - Virtual size: 8KB

_RDATA
Size: 512B - Virtual size: 500B

.rsrc
Size: 2KB - Virtual size: 2KB

.reloc
Size: 1.2MB - Virtual size: 1.8MB