2b10b83baef319a9264ff0dfa3c28f72181293300d52b00e2972d95d6cf8ccc8[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

2b10b83baef319a9264ff0dfa3c28f72181293300d52b00e2972d95d6cf8ccc8.exe
Size

114KB
MD5

c1b156cb3d8edbae170fe6eda78d8d90
SHA1

ed47f9ef744d5a940dc6c8dc9c9f394d4c9c519c
SHA256

2b10b83baef319a9264ff0dfa3c28f72181293300d52b00e2972d95d6cf8ccc8
SHA512

7735152c357b8944a188835b4dbc9eafb61addc53b90c3168b44350693b47b86885f0dcf290b22526c1ba2e202d9df1b5e1d8269ac05bf27d7ef449846b3791c
SSDEEP

1536:XUOHD8zYCSD9yaKJdW41+mLrPz51GrD8pKnZkEvU3d+st8SKx6wdGCq2iW7z:kyD8z8DidlLrtIH8pB3d+sthKjGCH

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2b10b83baef319a9264ff0dfa3c28f72181293300d52b00e2972d95d6cf8ccc8.exe

Files

2b10b83baef319a9264ff0dfa3c28f72181293300d52b00e2972d95d6cf8ccc8.exe
.exe windows:5 windows x86 arch:x86

287f6562ce70f2877f44beedecee24b5

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

E:\svn_code\Common\Plowshare\Trunk\Src\Symbol\Release\CrashService.pdb

Imports

exceptionhandler

?kDebugCrashService@switches@@3QB_WB
?kDumpDoneClientCmdlineFile@switches@@3QB_WB
?kWaitServiceInit@switches@@3QB_WB
?kServicePipe@switches@@3QB_WB
??0CCrashGenerationServer@exceptionpad@@QAE@ABV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@P6AXPAXPBVCRemoteClientInfo@1@@Z1P6AX12PBV23@@Z131P6AX1K@Z1_N4@Z
??1CCrashGenerationServer@exceptionpad@@QAE@XZ
?Start@CCrashGenerationServer@exceptionpad@@QAE_NXZ
?kDumpPath@switches@@3QB_WB
?GetClientProcessHandle@CRemoteClientInfo@exceptionpad@@QBEPAXXZ

kernel32

Sleep
CreateProcessA
CreateMutexW
SetEvent
GetModuleFileNameW
GetLastError
OpenEventW
CloseHandle
GetCommandLineW
LocalFree
GetCurrentProcess
WaitForSingleObject
GetExitCodeProcess
GetModuleHandleW
GetCurrentProcessId
GetCurrentThreadId
GetProcAddress
InitializeCriticalSectionAndSpinCount
LeaveCriticalSection
EnterCriticalSection
DeleteCriticalSection
WriteConsoleW
GetConsoleOutputCP
WriteConsoleA
GetProcessHeap
SetEndOfFile
GetLocaleInfoA
InterlockedDecrement
InterlockedIncrement
TerminateProcess
GetStringTypeW
InitializeCriticalSection
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
GetStartupInfoW
RaiseException
RtlUnwind
HeapAlloc
HeapFree
MultiByteToWideChar
ReadFile
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
SetLastError
ExitProcess
WriteFile
GetStdHandle
GetModuleFileNameA
FreeEnvironmentStringsW
GetEnvironmentStringsW
SetHandleCount
GetFileType
GetStartupInfoA
HeapCreate
VirtualFree
QueryPerformanceCounter
GetTickCount
GetSystemTimeAsFileTime
SetStdHandle
HeapSize
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
LCMapStringA
WideCharToMultiByte
LCMapStringW
VirtualAlloc
HeapReAlloc
CreateFileW
SetFilePointer
GetConsoleCP
GetConsoleMode
FlushFileBuffers
LoadLibraryA
CreateFileA
GetStringTypeA

user32

MessageBoxW
GetMessageW
PostQuitMessage
PostMessageW
TranslateMessage
CreateWindowExW
UpdateWindow
DefWindowProcW
DispatchMessageW
RegisterClassExW

shell32

CommandLineToArgvW

Sections

.text
Size: 68KB - Virtual size: 68KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 15KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 7KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

�.C2�uT
Size: 16KB - Virtual size: 20KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

287f6562ce70f2877f44beedecee24b5

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

exceptionhandler

kernel32

user32

shell32

Sections

.text Size: 68KB - Virtual size: 68KB

.rdata Size: 15KB - Virtual size: 14KB

.data Size: 4KB - Virtual size: 11KB

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 7KB - Virtual size: 7KB

�.C2�uT Size: 16KB - Virtual size: 20KB

.text
Size: 68KB - Virtual size: 68KB

.rdata
Size: 15KB - Virtual size: 14KB

.data
Size: 4KB - Virtual size: 11KB

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 7KB - Virtual size: 7KB

�.C2�uT
Size: 16KB - Virtual size: 20KB