610b4cacda170c2e9134259ec9c128dc5f45b7c1257c9e6416f53df57cb5f9e1

Sharing

Copy URL Twitter E-mail

General

Target

610b4cacda170c2e9134259ec9c128dc5f45b7c1257c9e6416f53df57cb5f9e1
Size

653KB
MD5

4c122344cc1fe47d1830be14abe6e16e
SHA1

10cc5886aa4229a1c5501bd9a10814ba9c419547
SHA256

610b4cacda170c2e9134259ec9c128dc5f45b7c1257c9e6416f53df57cb5f9e1
SHA512

2a87aeed06a68bc3e93afa51bed740798a333c194b2a1a21e8f493f4034b0243e53fb1df0fb2a515eb1449ef126cbf1b710619e76763708d66eda2ec67c13ffc
SSDEEP

3072:smDFVsh3Cbwh7FcCxQeWOFAg14VtGi1hj:dDFVsh3LFcCieWuSVtvj

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
610b4cacda170c2e9134259ec9c128dc5f45b7c1257c9e6416f53df57cb5f9e1

Files

610b4cacda170c2e9134259ec9c128dc5f45b7c1257c9e6416f53df57cb5f9e1
.exe windows:6 windows x64 arch:x64

d591f95f3ee093d4efbea129a152376c

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

D:\AWStudio\AWTK\SDK\user_app\ziqi_carTools\bin\demo.pdb

Imports

awtk

window_manager_get_top_main_window
window_manager
tk_init_assets
widget_get_prop_bool
widget_dispatch_simple_event
widget_on
widget_child
log_notify_debugger
tk_set_lcd_orientation
value_change_event_cast
window_manager_get_top_window
pointer_event_cast
str_init
tk_run
tk_init
window_manager_close_window_force
window_manager_back
window_manager_back_to_home
str_from_wstr
widget_set_text_utf8
tk_ext_widgets_init
widget_set_child_text_utf8
widget_set_child_text_with_int
tk_pre_init
window_manager_switch_to
dialog_modal
widget_set_theme
window_open_and_close
widget_get_text
locale_info_change
locale_info
assets_manager_preload
assets_manager_set_theme
assets_manager
system_info_set_default_font
system_info
tk_atob
tk_atoi
str_reset
widget_lookup
log_set_log_level
tk_choose_files
tk_alloc
os_fs
fs_open_file
tk_exit
fs_file_tell
fs_file_eof
fs_file_close
fs_file_printf
fs_file_read_line
darray_foreach
tk_snprintf
tk_choose_folder
tk_choose_file
window_manager_set_cursor
widget_foreach
mledit_insert_text
widget_is_dialog
widget_get_window
log_get_log_level

ole32

CoInitializeEx

kernel32

IsProcessorFeaturePresent
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
QueryPerformanceCounter
GetModuleHandleW
GetStartupInfoW
IsDebuggerPresent
InitializeSListHead
GetSystemTimeAsFileTime
GetCurrentThreadId
GetCurrentProcessId
AllocConsole

vcruntime140

strstr
strchr
memcpy
__std_type_info_destroy_list
__current_exception
__current_exception_context
__C_specific_handler
memset

api-ms-win-crt-stdio-l1-1-0

fread
__p__commode
_set_fmode
freopen_s
__stdio_common_vsprintf
fwrite
fopen
fclose
__stdio_common_vfprintf
fflush
__acrt_iob_func

api-ms-win-crt-string-l1-1-0

strcat
strcmp
strtok
strncpy
strcpy
strlen

api-ms-win-crt-convert-l1-1-0

atoi
strtol

api-ms-win-crt-runtime-l1-1-0

_initialize_onexit_table
_register_thread_local_exe_atexit_callback
_c_exit
_cexit
_exit
exit
_register_onexit_function
_initterm
_seh_filter_dll
_initialize_wide_environment
_configure_wide_argv
_configure_narrow_argv
_set_app_type
_seh_filter_exe
strerror
_execute_onexit_table
_errno
_crt_atexit
_crt_at_quick_exit
terminate
_get_wide_winmain_command_line
_initialize_narrow_environment
_initterm_e

api-ms-win-crt-environment-l1-1-0

getenv

api-ms-win-crt-math-l1-1-0

__setusermatherr

api-ms-win-crt-locale-l1-1-0

_configthreadlocale

api-ms-win-crt-heap-l1-1-0

_set_new_mode

Sections

.text
Size: 102KB - Virtual size: 101KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 502KB - Virtual size: 514KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.idata
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.00cfg
Size: 512B - Virtual size: 373B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 26KB - Virtual size: 25KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

d591f95f3ee093d4efbea129a152376c

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

awtk

ole32

kernel32

vcruntime140

api-ms-win-crt-stdio-l1-1-0

api-ms-win-crt-string-l1-1-0

api-ms-win-crt-convert-l1-1-0

api-ms-win-crt-runtime-l1-1-0

api-ms-win-crt-environment-l1-1-0

api-ms-win-crt-math-l1-1-0

api-ms-win-crt-locale-l1-1-0

api-ms-win-crt-heap-l1-1-0

Sections

.text Size: 102KB - Virtual size: 101KB

.rdata Size: 8KB - Virtual size: 8KB

.data Size: 502KB - Virtual size: 514KB

.pdata Size: 2KB - Virtual size: 2KB

.idata Size: 8KB - Virtual size: 8KB

.00cfg Size: 512B - Virtual size: 373B

.rsrc Size: 26KB - Virtual size: 25KB

.reloc Size: 2KB - Virtual size: 1KB

.text
Size: 102KB - Virtual size: 101KB

.rdata
Size: 8KB - Virtual size: 8KB

.data
Size: 502KB - Virtual size: 514KB

.pdata
Size: 2KB - Virtual size: 2KB

.idata
Size: 8KB - Virtual size: 8KB

.00cfg
Size: 512B - Virtual size: 373B

.rsrc
Size: 26KB - Virtual size: 25KB

.reloc
Size: 2KB - Virtual size: 1KB