dee72eba12e6799e7d8d032362e740e9cfbc742dc844a1a9429f668328ce1815

Sharing

Copy URL Twitter E-mail

General

Target

dee72eba12e6799e7d8d032362e740e9cfbc742dc844a1a9429f668328ce1815
Size

108KB
MD5

220b366d9f0b8fab0718434b21224d00
SHA1

2dc6d3fc4fa50eb30f4b336eb77017240e04b158
SHA256

dee72eba12e6799e7d8d032362e740e9cfbc742dc844a1a9429f668328ce1815
SHA512

f2cd09dd1d07e5c9de622f49cbcc0069127101255c3c50796caa5cca30feacbd57fd9a1b4da5476dda2a224572e8421ecc59611392415e4ca8603d7a43b1995c
SSDEEP

768:eizJZeCAuSYxd4dsN+o5fPjfuEdGJSly95eO9C2zucDOOq8x8xakOh0yzv:zJUCKYx6dW+o5fPjny95v9DKZOh0y

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
dee72eba12e6799e7d8d032362e740e9cfbc742dc844a1a9429f668328ce1815

Files

dee72eba12e6799e7d8d032362e740e9cfbc742dc844a1a9429f668328ce1815
.exe windows:4 windows x86 arch:x86

978f439e91185d7fd2f6e9ec59aa71c4

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

c:\Users\cao\Desktop\NewHide\Debug\NewHide.pdb

Imports

mfc80d

ord901
ord267
ord270
ord739
ord674
ord1985
ord8685
ord303
ord4077
ord310
ord6867
ord419
ord1070
ord662
ord888
ord1569
ord1565
ord1563
ord893
ord269
ord316
ord3200

msvcr80d

strlen
memset
fopen
fseek
ftell
printf
__getmainargs
_exit
_XcptFilter
_cexit
__initenv
_CrtSetCheckCount
_initterm
__CxxFrameHandler3
memcpy
_resetstkoflw
_CrtDbgReportW
wcslen
wcscpy_s
malloc
free
calloc
_recalloc
_unlock
_encode_pointer
__dllonexit
_lock
_onexit
_decode_pointer
_except_handler4_common
_configthreadlocale
__setusermatherr
_snprintf_s
_errno
_CxxThrowException
_CrtDbgReport
strcpy
wcscpy
_vsnprintf_s
_vsnwprintf_s
_snwprintf_s
wcsncpy_s
strcpy_s
memcmp
_wcsicmp
memmove_s
exit
fgetc
fputc
fclose
rewind
fread
_adjust_fdiv
__p__commode
__p__fmode
__set_app_type
_invoke_watson
_controlfp_s
?_type_info_dtor_internal_method@type_info@@QAEXXZ
_crt_debugger_hook
?terminate@@YAXXZ
_initterm_e
_amsg_exit
sscanf
strncpy

kernel32

GetModuleFileNameA
GetModuleFileNameW
InterlockedDecrement
InterlockedIncrement
OpenFileMappingA
GetCurrentThread
CreateFileMappingA
MapViewOfFile
GetSystemInfo
UnmapViewOfFile
VirtualAlloc
OutputDebugStringW
OutputDebugStringA
OpenEventA
SetEvent
CloseHandle
RaiseException
GetThreadLocale
GetLocaleInfoA
GetACP
GetVersionExA
FatalAppExitA
GetSystemTimeAsFileTime
GetCurrentProcessId
GetCurrentThreadId
GetTickCount
QueryPerformanceCounter
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
InterlockedCompareExchange
Sleep
GetLastError
lstrlenA
lstrcmpiA
lstrcmpiW
GetStringTypeExA
GetStringTypeExW
WideCharToMultiByte
lstrlenW
CompareStringA
CompareStringW
GetEnvironmentVariableA
MultiByteToWideChar
InterlockedExchange
GetVersion
GetEnvironmentVariableW

user32

CharUpperW
CharLowerA
CharLowerW
CharUpperA

oleaut32

SysFreeString

msvcp80d

?_Unlock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAEXXZ
?_Lock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAEXXZ
?uncaught_exception@std@@YA_NXZ
?_Osfx@?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEXXZ
?good@ios_base@std@@QBE_NXZ
?tie@?$basic_ios@DU?$char_traits@D@std@@@std@@QBEPAV?$basic_ostream@DU?$char_traits@D@std@@@2@XZ
?flush@?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV12@XZ
?width@ios_base@std@@QBEHXZ
?flags@ios_base@std@@QBEHXZ
?fill@?$basic_ios@DU?$char_traits@D@std@@@std@@QBEDXZ
?rdbuf@?$basic_ios@DU?$char_traits@D@std@@@std@@QBEPAV?$basic_streambuf@DU?$char_traits@D@std@@@2@XZ
?sputc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAEHD@Z
?eof@?$char_traits@D@std@@SAHXZ
?eq_int_type@?$char_traits@D@std@@SA_NABH0@Z
?setstate@?$basic_ios@DU?$char_traits@D@std@@@std@@QAEXH_N@Z
?width@ios_base@std@@QAEHH@Z
?cout@std@@3V?$basic_ostream@DU?$char_traits@D@std@@@1@A
?length@?$char_traits@D@std@@SAIPBD@Z
?sputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAEHPBDH@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@K@Z

advapi32

OpenThreadToken
RevertToSelf
SetThreadToken

Sections

.textbss
Size: - Virtual size: 64KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.text
Size: 64KB - Virtual size: 61KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 24KB - Virtual size: 22KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 8KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

978f439e91185d7fd2f6e9ec59aa71c4

Headers

File Characteristics

PDB Paths

Imports

mfc80d

msvcr80d

kernel32

user32

oleaut32

msvcp80d

advapi32

Sections

.textbss Size: - Virtual size: 64KB

.text Size: 64KB - Virtual size: 61KB

.rdata Size: 24KB - Virtual size: 22KB

.data Size: 4KB - Virtual size: 2KB

.idata Size: 8KB - Virtual size: 5KB

.rsrc Size: 4KB - Virtual size: 1KB

.textbss
Size: - Virtual size: 64KB

.text
Size: 64KB - Virtual size: 61KB

.rdata
Size: 24KB - Virtual size: 22KB

.data
Size: 4KB - Virtual size: 2KB

.idata
Size: 8KB - Virtual size: 5KB

.rsrc
Size: 4KB - Virtual size: 1KB