00e8b299fc2cafcdb7e5ebcc515a4ac0N[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

00e8b299fc2cafcdb7e5ebcc515a4ac0N.exe
Size

41KB
MD5

00e8b299fc2cafcdb7e5ebcc515a4ac0
SHA1

ffaa77a8ee8030440b73d1a625c1cb59809d9492
SHA256

708f4b53cda60b0dc157214b91bb1d9aa0584b050fb3e11816805bb9c5d3dcc3
SHA512

4c1f0417bbbcebc73f0481e909a24ee98a7b3b9b3330d257b574b29fef776272d1fdb3177b7411f1f19e36a7a0fc0a53c22c04277de8bcaa8a33e012f998ce4e
SSDEEP

384:tVxMOww4AX/NGVmSEhjQ8z01WmNisYpEGTBDdHLOCONIFIPu2:tVxMQ/gVmSEhj3z01WmHYpTLr3OCFmu

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
00e8b299fc2cafcdb7e5ebcc515a4ac0N.exe

Files

00e8b299fc2cafcdb7e5ebcc515a4ac0N.exe
.exe windows:6 windows x86 arch:x86

a5144bcbc00ee0467e4abb9ff49d1859

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

c:\users\金龙\documents\visual studio 2013\Projects\Win32Project5\Debug\Win32Project5.pdb

Imports

user32

LoadIconW
LoadCursorW
EndPaint
BeginPaint
UpdateWindow
TranslateAcceleratorW
LoadAcceleratorsW
EndDialog
DialogBoxParamW
ShowWindow
DestroyWindow
CreateWindowExW
RegisterClassExW
PostQuitMessage
DefWindowProcW
DispatchMessageW
TranslateMessage
GetMessageW
LoadStringW
MessageBoxW

msvcr120d

__crtGetShowWindowMode
_amsg_exit
__wgetmainargs
__set_app_type
_CrtDbgReportW
_CrtSetCheckCount
_XcptFilter
_exit
_cexit
_configthreadlocale
__setusermatherr
_initterm_e
_initterm
_wcmdln
_fmode
_commode
_crt_debugger_hook
__crtUnhandledException
__crtTerminateProcess
?terminate@@YAXXZ
__crtSetUnhandledExceptionFilter
_lock
_unlock
_calloc_dbg
__dllonexit
_onexit
_invoke_watson
_controlfp_s
_except_handler4_common
wcscpy_s
_wmakepath_s
_wsplitpath_s
_CRT_RTC_INITW
exit

kernel32

GetModuleHandleW
GetModuleFileNameW
FreeLibrary
VirtualQuery
GetProcessHeap
HeapFree
HeapAlloc
DecodePointer
GetSystemTimeAsFileTime
GetCurrentThreadId
GetCurrentProcessId
QueryPerformanceCounter
IsProcessorFeaturePresent
WideCharToMultiByte
MultiByteToWideChar
LoadLibraryExW
GetProcAddress
GetLastError
RaiseException
EncodePointer
IsDebuggerPresent

Sections

.textbss
Size: - Virtual size: 64KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.text
Size: 17KB - Virtual size: 16KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 9KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

a5144bcbc00ee0467e4abb9ff49d1859

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

user32

msvcr120d

kernel32

Sections

.textbss Size: - Virtual size: 64KB

.text Size: 17KB - Virtual size: 16KB

.rdata Size: 8KB - Virtual size: 8KB

.data Size: 512B - Virtual size: 1KB

.idata Size: 3KB - Virtual size: 2KB

.rsrc Size: 9KB - Virtual size: 9KB

.reloc Size: 1KB - Virtual size: 1KB

.textbss
Size: - Virtual size: 64KB

.text
Size: 17KB - Virtual size: 16KB

.rdata
Size: 8KB - Virtual size: 8KB

.data
Size: 512B - Virtual size: 1KB

.idata
Size: 3KB - Virtual size: 2KB

.rsrc
Size: 9KB - Virtual size: 9KB

.reloc
Size: 1KB - Virtual size: 1KB