00dfcaaf545f9dcbe428e6f5041b2f90N[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

00dfcaaf545f9dcbe428e6f5041b2f90N.exe
Size

440KB
MD5

00dfcaaf545f9dcbe428e6f5041b2f90
SHA1

83ec084a07a1eb438839d47b49af58dc45e33aa7
SHA256

479e3e57e594c3ab56d7758c175c7f78026adf54bec2583fe80338a171f64bbc
SHA512

1ce4daf0bfb94c2da32c0b9c5d552b561c7d2c6e403303597ff7bf59ee49406d562e3c58c0b9acf57adada1815969a7c2174a2a6b208f9a676d2dbcd5bd0e4c3
SSDEEP

6144:BVCZ0UBicdiK8SZf6o2JKIQrKkflqOXMHAGT:+dKpQ7E1

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
00dfcaaf545f9dcbe428e6f5041b2f90N.exe

Files

00dfcaaf545f9dcbe428e6f5041b2f90N.exe
.exe windows:4 windows x86 arch:x86

97bea6be7224197d1410ce468f53ec7f

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

e:\YLM_Work\VC++_Work\AUTOTEST\Debug\AUTOTEST.pdb

Imports

mfc80d

ord8233
ord1403
ord1492
ord926
ord5594
ord4077
ord929
ord386
ord4495
ord1680
ord2795
ord5949
ord6187
ord4007
ord7004
ord2163
ord2232
ord2233
ord2591
ord6976
ord1875
ord6738
ord4663
ord8674
ord5288
ord8676
ord2075
ord3003
ord3013
ord3294
ord3276
ord3274
ord3292
ord3304
ord3281
ord3297
ord3302
ord3285
ord3287
ord3289
ord3283
ord3299
ord3279
ord1189
ord1185
ord1187
ord1183
ord1178
ord7056
ord7058
ord8200
ord2164
ord5969
ord6463
ord4783
ord1813
ord3005
ord7007
ord5864
ord8672
ord6849
ord2519
ord6952
ord5930
ord1927
ord5507
ord2187
ord2190
ord8123
ord9163
ord2111
ord2112
ord2255
ord2256
ord2657
ord6286
ord6646
ord6476
ord5892
ord6983
ord714
ord2645
ord3091
ord5057
ord4862
ord400
ord5951
ord6183
ord8348
ord8164
ord5532
ord8100
ord3853
ord4271
ord5905
ord2541
ord6480
ord6607
ord5944
ord7476
ord3824
ord7376
ord1893
ord7585
ord6957
ord2688
ord2653
ord8630
ord3659
ord3651
ord6272
ord725
ord6446
ord5563
ord1687
ord2802
ord5094
ord6173
ord6172
ord5003
ord869
ord886
ord639
ord660
ord5960
ord1874
ord4662
ord7018
ord6951
ord1928
ord8126
ord9164
ord5556
ord6616
ord6619
ord6073
ord6078
ord6075
ord6094
ord6096
ord6080
ord6521
ord5860
ord5851
ord6751
ord6534
ord6141
ord6975
ord1364
ord2681
ord1767
ord2901
ord1363
ord5518
ord5289
ord5996
ord7851
ord8236
ord5792
ord4656
ord6695
ord1493
ord1095
ord310
ord6044
ord6297
ord5059
ord4877
ord870
ord5656
ord883
ord9227
ord358
ord640
ord467
ord655
ord430
ord2118
ord1873
ord7008
ord8125
ord9226
ord6615
ord6618
ord6520
ord5857
ord5850
ord6082
ord6525
ord5884
ord6140
ord5197
ord699
ord2404
ord2405
ord1693
ord2814
ord764
ord7873
ord1332
ord3200
ord7491
ord5369
ord7930
ord8005
ord2126
ord457
ord3093
ord5386
ord5793
ord7607
ord5222
ord6692
ord6293
ord4330
ord4340
ord8042
ord4343
ord4688
ord4052
ord2992
ord8628
ord3309
ord3310
ord3311
ord3308
ord3307
ord877
ord649
ord3477
ord7878
ord5381
ord3604
ord4853
ord8051
ord5375
ord5096
ord695
ord647
ord348
ord4477
ord1771
ord2905
ord5918
ord2105
ord2742
ord875
ord5060
ord4878
ord871
ord747
ord652
ord641
ord432
ord5952
ord5964
ord1812
ord3004
ord7009
ord6948
ord5506
ord2119
ord5632
ord3314
ord3315
ord4199
ord7246
ord1199
ord6660
ord4146
ord5803
ord6000
ord6783
ord6780
ord3652
ord2525
ord3089
ord880
ord2965
ord7772
ord3373
ord8012
ord5666
ord5989
ord6966
ord1694
ord2815
ord3321
ord5936
ord1569
ord1565
ord1563
ord2401
ord2495
ord5590
ord7909
ord8343
ord2534
ord4016
ord6733
ord3599
ord4629
ord1760
ord2893
ord4188
ord2154
ord2335
ord2345
ord7251
ord6092
ord6314
ord2331
ord2572
ord8449
ord8447
ord2560
ord2540
ord1880
ord1203
ord2654
ord2689
ord2690
ord5280
ord3977
ord3913
ord8527
ord8523
ord2723
ord8283
ord8461
ord5451
ord3858
ord7954
ord7270
ord7819
ord7668
ord1589
ord900
ord632
ord1228
ord360
ord6901
ord7041
ord701
ord8430
ord8653
ord910
ord674
ord888
ord908
ord5663
ord5621
ord8675
ord5287
ord8673
ord6017
ord2700
ord2655
ord7576
ord893
ord1165
ord5295
ord1346
ord6881
ord8607
ord7282
ord5321
ord2533
ord4122
ord7040
ord7042
ord5511
ord6274
ord7052
ord7017
ord7559
ord3516
ord3811
ord3980
ord5998
ord3788
ord3983
ord3519
ord3692
ord3511
ord5159
ord5160
ord5150
ord3690
ord5514
ord6182
ord5948
ord2902
ord1768
ord7691
ord4646
ord662
ord316
ord6168
ord6170
ord6174
ord5095
ord5053
ord772
ord901
ord1442

msvcr80d

_controlfp_s
_crt_debugger_hook
?_type_info_dtor_internal_method@type_info@@QAEXXZ
_initterm_e
_initterm
_CrtSetCheckCount
_acmdln
_ismbblead
exit
_cexit
_XcptFilter
_exit
__getmainargs
_amsg_exit
__set_app_type
__p__fmode
__p__commode
_adjust_fdiv
__CxxFrameHandler3
memset
printf
_resetstkoflw
_CrtDbgReportW
wcslen
wcscpy_s
malloc
free
calloc
_recalloc
atoi
vsprintf_s
??_V@YAXPAX@Z
_CRT_RTC_INITW
_unlock
__dllonexit
_encode_pointer
_lock
_onexit
_decode_pointer
?terminate@@YAXXZ
_except_handler4_common
_setmbcp
memmove_s
_wcsicmp
memcmp
strcpy_s
wcsncpy_s
_snwprintf_s
_vsnwprintf_s
_vsnprintf_s
wcscpy
strcpy
_CrtDbgReport
_CxxThrowException
_errno
_invoke_watson
_snprintf_s
_configthreadlocale
__setusermatherr

kernel32

lstrlenA
lstrcmpiA
lstrcmpiW
GetStringTypeExA
GetStringTypeExW
WideCharToMultiByte
lstrlenW
CompareStringA
CompareStringW
GetEnvironmentVariableA
MultiByteToWideChar
InterlockedExchange
GetVersion
GetEnvironmentVariableW
WaitForMultipleObjects
SetEvent
CreateEventA
ResetEvent
GetModuleFileNameA
DebugBreak
IsDebuggerPresent
GetProcAddress
LoadLibraryA
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
QueryPerformanceCounter
GetLastError
GetCurrentThreadId
GetCurrentProcessId
GetSystemTimeAsFileTime
HeapFree
HeapAlloc
GetProcessHeap
GetModuleFileNameW
VirtualQuery
FreeLibrary
MulDiv
GetVersionExA
GetACP
GetLocaleInfoA
GetThreadLocale
CloseHandle
OpenEventA
OutputDebugStringA
OutputDebugStringW
VirtualAlloc
UnmapViewOfFile
GetSystemInfo
MapViewOfFile
CreateFileMappingA
GetCurrentThread
OpenFileMappingA
InterlockedIncrement
InterlockedDecrement
Sleep
InterlockedCompareExchange
GetTickCount
RaiseException
GetStartupInfoA

user32

IntersectRect
OffsetRect
InflateRect
EqualRect
SetRectEmpty
UnionRect
SubtractRect
CharLowerA
IsRectEmpty
CopyRect
CharUpperW
CharUpperA
SetWindowLongA
PostMessageA
PtInRect
CharLowerW
GetWindowLongA
SetRect

ole32

CoInitialize

oleaut32

SysFreeString

ws2_32

ioctlsocket
connect
closesocket
recv
select
send
__WSAFDIsSet
setsockopt
inet_addr
socket
recvfrom
bind
htonl
WSAStartup
htons
getsockopt

pdi

dbdata_get_ied_value
dbdata_write_ied_value

lvpdi

lv_dbdata_open_close
lv_dbdata_get_ied_info
lv_dbdata_open_db
lv_dbdata_get_db_connect_name
lv_dbdata_get_sta_info
lv_multicomm_close_multi_comm
lv_multicomm_send_multi_comm
lv_multicomm_init_multi_comm
lv_multicomm_get_data
lv_dbdata_get_ied_pt

advapi32

RevertToSelf
SetThreadToken
OpenThreadToken

Sections

.textbss
Size: - Virtual size: 64KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.text
Size: 144KB - Virtual size: 140KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 44KB - Virtual size: 43KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 12KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 232KB - Virtual size: 231KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

97bea6be7224197d1410ce468f53ec7f

Headers

File Characteristics

PDB Paths

Imports

mfc80d

msvcr80d

kernel32

user32

ole32

oleaut32

ws2_32

pdi

lvpdi

advapi32

Sections

.textbss Size: - Virtual size: 64KB

.text Size: 144KB - Virtual size: 140KB

.rdata Size: 44KB - Virtual size: 43KB

.data Size: 4KB - Virtual size: 11KB

.idata Size: 12KB - Virtual size: 9KB

.rsrc Size: 232KB - Virtual size: 231KB

.textbss
Size: - Virtual size: 64KB

.text
Size: 144KB - Virtual size: 140KB

.rdata
Size: 44KB - Virtual size: 43KB

.data
Size: 4KB - Virtual size: 11KB

.idata
Size: 12KB - Virtual size: 9KB

.rsrc
Size: 232KB - Virtual size: 231KB