fd0473260f6ed84b5efcd5ad4dae2670ed94c282a3ceabdf15a48f8ba2fb1271

Sharing

Copy URL Twitter E-mail

General

Target

fd0473260f6ed84b5efcd5ad4dae2670ed94c282a3ceabdf15a48f8ba2fb1271
Size

64KB
MD5

b7d90b0df63407b3ad4e1d7bb7df4d1a
SHA1

2a0cf1b6b0f6a4b17725c3a5d9e3e19930de4224
SHA256

fd0473260f6ed84b5efcd5ad4dae2670ed94c282a3ceabdf15a48f8ba2fb1271
SHA512

4138dc09b1959ef0e15335bfb890879bd167c265226707528266bcc23ae9affe3fdccf94ce5dfc23c39e6d9c77ca5a666dbdf534ab9765a908c0647c4d14665d
SSDEEP

768:ZNnZJduWPht8TOwC82RjbhkxCT0XN2i6UUh0iESCm4qT0Xe5yfp:tVPT8TOw2Rjbhc7NK0iM1

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
fd0473260f6ed84b5efcd5ad4dae2670ed94c282a3ceabdf15a48f8ba2fb1271

Files

fd0473260f6ed84b5efcd5ad4dae2670ed94c282a3ceabdf15a48f8ba2fb1271
.exe windows:6 windows x64 arch:x64

5cc999bbffd76073d900cd63c9d0c5df

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

G:\svwsvss\svws2023\IVWCode\WS.root\WS\Target\bin\Release\Storage_Mpps.pdb

Imports

ws.platform.dbconnection

CreateCommonInfo
?FreeDBSignalton@CDBSignalton@@SAXXZ
?GetCommonInfo@CDBSignalton@@SAPEAUICommonInfo@@XZ
CreateDBAccess
?CreateNewDBAccess@CDBSignalton@@SAPEAVIDBAccess@@V?$CStringT@_WV?$StrTraitMFC_DLL@_WV?$ChTraitsCRT@_W@ATL@@@@@ATL@@@Z

ws.platform.utility

GetAppPath

mfc140u

ord1503
ord286
ord266
ord1033
ord8161
ord983
ord1450
ord491
ord1122
ord4561
ord4578
ord5382
ord1641
ord5138
ord2802
ord4656
ord12240
ord4954
ord961
ord1427
ord11654
ord14299
ord2815
ord2369
ord2921
ord296
ord285
ord5709
ord2903
ord4913
ord1667
ord8058
ord1501
ord8452
ord7745
ord12442
ord7888
ord1489
ord12443
ord12563
ord8416
ord280
ord1491
ord8451

kernel32

IsDebuggerPresent
InitializeSListHead
GetSystemTimeAsFileTime
GetCurrentProcessId
QueryPerformanceCounter
IsProcessorFeaturePresent
TerminateProcess
GetCurrentProcess
LocalFree
OutputDebugStringW
SetUnhandledExceptionFilter
UnhandledExceptionFilter
RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext
GetProcAddress
CreateEventW
InitializeCriticalSectionAndSpinCount
GetCommandLineW
GetModuleHandleW
SetConsoleCtrlHandler
GetCurrentThreadId
CreateMutexW
GetLogicalDrives
ReleaseMutex
GetModuleFileNameW
OpenMutexW
CreateThread
Sleep
GetTickCount
CloseHandle
GetExitCodeProcess
WaitForSingleObject
CreateProcessW
DeleteCriticalSection
GetLastError
InitializeCriticalSectionEx

user32

GetLastInputInfo
SendMessageW
FindWindowW
MessageBoxW
PostThreadMessageW

shell32

ShellExecuteW

ole32

CoInitialize

oleaut32

VarDateFromStr
VarUdateFromDate
SystemTimeToVariantTime
SysAllocString
SysFreeString
VariantInit
VariantClear
VariantTimeToSystemTime
GetErrorInfo

msvcp140

?_Xlength_error@std@@YAXPEBD@Z

ws.platform.config

?GetXMLMgr@CXMLCfgManager@@SAPEAV1@XZ
?GetLocalPath@CStorageMode@@QEAA?AV?$CStringT@_WV?$StrTraitMFC_DLL@_WV?$ChTraitsCRT@_W@ATL@@@@@ATL@@XZ
?GetL2StoragePath@CStorageMode@@QEAA?AV?$CStringT@_WV?$StrTraitMFC_DLL@_WV?$ChTraitsCRT@_W@ATL@@@@@ATL@@XZ
?GetStorageMode@CXMLCfgManager@@QEAAPEAVCStorageMode@@XZ
?GetStorageMode@CStorageMode@@QEAAIXZ
?GetTranslateString@@YAPEB_WPEB_W@Z
?InitLanguage@@YAHXZ

vcruntime140_1

__CxxFrameHandler4

vcruntime140

__current_exception_context
__current_exception
_CxxThrowException
__std_exception_copy
__std_exception_destroy
memset
__C_specific_handler

api-ms-win-crt-heap-l1-1-0

_set_new_mode
free

api-ms-win-crt-runtime-l1-1-0

__p___argc
_exit
_initterm_e
_initterm
_get_initial_wide_environment
_c_exit
_configure_wide_argv
_register_thread_local_exe_atexit_callback
_set_app_type
_seh_filter_exe
_cexit
_crt_atexit
_register_onexit_function
_initialize_onexit_table
_invalid_parameter_noinfo_noreturn
terminate
exit
__p___wargv
_initialize_wide_environment

api-ms-win-crt-time-l1-1-0

_localtime64_s
wcsftime
_time64

api-ms-win-crt-stdio-l1-1-0

__p__commode
_set_fmode
__acrt_iob_func
__stdio_common_vfwprintf

api-ms-win-crt-convert-l1-1-0

_wtoi

api-ms-win-crt-locale-l1-1-0

_configthreadlocale
setlocale

api-ms-win-crt-math-l1-1-0

__setusermatherr
ceil

Sections

.text
Size: 18KB - Virtual size: 18KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 16KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 1024B - Virtual size: 1008B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 26KB - Virtual size: 26KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 108B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

5cc999bbffd76073d900cd63c9d0c5df

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

ws.platform.dbconnection

ws.platform.utility

mfc140u

kernel32

user32

shell32

ole32

oleaut32

msvcp140

ws.platform.config

vcruntime140_1

vcruntime140

api-ms-win-crt-heap-l1-1-0

api-ms-win-crt-runtime-l1-1-0

api-ms-win-crt-time-l1-1-0

api-ms-win-crt-stdio-l1-1-0

api-ms-win-crt-convert-l1-1-0

api-ms-win-crt-locale-l1-1-0

api-ms-win-crt-math-l1-1-0

Sections

.text Size: 18KB - Virtual size: 18KB

.rdata Size: 16KB - Virtual size: 16KB

.data Size: 512B - Virtual size: 2KB

.pdata Size: 1024B - Virtual size: 1008B

.rsrc Size: 26KB - Virtual size: 26KB

.reloc Size: 512B - Virtual size: 108B

.text
Size: 18KB - Virtual size: 18KB

.rdata
Size: 16KB - Virtual size: 16KB

.data
Size: 512B - Virtual size: 2KB

.pdata
Size: 1024B - Virtual size: 1008B

.rsrc
Size: 26KB - Virtual size: 26KB

.reloc
Size: 512B - Virtual size: 108B