196c1790ca7aff244747d094bcc6e910N[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

196c1790ca7aff244747d094bcc6e910N.exe
Size

55KB
MD5

196c1790ca7aff244747d094bcc6e910
SHA1

180052c8f5c4353bde40b179b1ba39bb35fd068f
SHA256

29c2d766dc232944bd2766802537237d02aaf120ad6f94d4a2a675c4bf679878
SHA512

f18423c3753af1a89e33ac4d2c0a3f7ff432001d67d86b574a685b8fae4a0136013690e0d8475843c03f29db11100784b1b01cd2ccc1b2d2f459b1c0d4327975
SSDEEP

384:nmBFNPXfsxxenImGGdD1Nzu5ZPuVHaAQ4qOSh0CQFhmrKFsAqJWH7yL+w7CtpOI:m5PPs2ImJIPu1A50RyB/CyL+wePO

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
196c1790ca7aff244747d094bcc6e910N.exe

Files

196c1790ca7aff244747d094bcc6e910N.exe
.exe windows:5 windows x86 arch:x86

ee0fd68272279233cc87fcbb10e0aebe

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

d:\SyncServer64\3rdparty\xerces-c-3.1.1\xerces-c-3.1.1\Build\Win32\VC9\Debug\DOMPrint.pdb

Imports

xerces-c_3_1d

?writeChars@LocalFileFormatTarget@xercesc_3_1@@UAEXQBEKQAVXMLFormatter@2@@Z
?flush@LocalFileFormatTarget@xercesc_3_1@@UAEXXZ
?writeChars@StdOutFormatTarget@xercesc_3_1@@UAEXQBEKQAVXMLFormatter@2@@Z
?flush@StdOutFormatTarget@xercesc_3_1@@UAEXXZ
??0ErrorHandler@xercesc_3_1@@QAE@XZ
??1ErrorHandler@xercesc_3_1@@UAE@XZ
?transcode@XMLString@xercesc_3_1@@SAPADQB_WQAVMemoryManager@2@@Z
?release@XMLString@xercesc_3_1@@SAXPAPADQAVMemoryManager@2@@Z
??0DOMErrorHandler@xercesc_3_1@@IAE@XZ
?handleAttributesPSVI@AbstractDOMParser@xercesc_3_1@@UAEXQB_W0PAVPSVIAttributeList@2@@Z
??1XercesDOMParser@xercesc_3_1@@UAE@XZ
??1LocalFileFormatTarget@xercesc_3_1@@UAE@XZ
??1StdOutFormatTarget@xercesc_3_1@@UAE@XZ
??0DOMLSSerializerFilter@xercesc_3_1@@IAE@XZ
??1DOMLSSerializerFilter@xercesc_3_1@@UAE@XZ
?compareString@XMLString@xercesc_3_1@@SAHQB_W0@Z
?getSystemId@SAXParseException@xercesc_3_1@@QBEPB_WXZ
?getLineNumber@SAXParseException@xercesc_3_1@@QBE_KXZ
?getColumnNumber@SAXParseException@xercesc_3_1@@QBE_KXZ
?handlePartialElementPSVI@AbstractDOMParser@xercesc_3_1@@UAEXQB_W0PAVPSVIElement@2@@Z
?handleElementPSVI@AbstractDOMParser@xercesc_3_1@@UAEXQB_W0PAVPSVIElement@2@@Z
?TextDecl@AbstractDOMParser@xercesc_3_1@@UAEXQB_W0@Z
?startExtSubset@AbstractDOMParser@xercesc_3_1@@UAEXXZ
?startIntSubset@AbstractDOMParser@xercesc_3_1@@UAEXXZ
?startAttList@AbstractDOMParser@xercesc_3_1@@UAEXABVDTDElementDecl@2@@Z
?notationDecl@AbstractDOMParser@xercesc_3_1@@UAEXABVXMLNotationDecl@2@_N@Z
?resetDocType@AbstractDOMParser@xercesc_3_1@@UAEXXZ
?entityDecl@AbstractDOMParser@xercesc_3_1@@UAEXABVDTDEntityDecl@2@_N1@Z
?endExtSubset@AbstractDOMParser@xercesc_3_1@@UAEXXZ
?endIntSubset@AbstractDOMParser@xercesc_3_1@@UAEXXZ
?endAttList@AbstractDOMParser@xercesc_3_1@@UAEXABVDTDElementDecl@2@@Z
?elementDecl@AbstractDOMParser@xercesc_3_1@@UAEXABVDTDElementDecl@2@_N@Z
?doctypeWhitespace@AbstractDOMParser@xercesc_3_1@@UAEXQB_WK@Z
?doctypePI@AbstractDOMParser@xercesc_3_1@@UAEXQB_W0@Z
?doctypeDecl@AbstractDOMParser@xercesc_3_1@@UAEXABVDTDElementDecl@2@QB_W1_N2@Z
?doctypeComment@AbstractDOMParser@xercesc_3_1@@UAEXQB_W@Z
?attDef@AbstractDOMParser@xercesc_3_1@@UAEXABVDTDElementDecl@2@ABVDTDAttDef@2@_N@Z
?startInputSource@XercesDOMParser@xercesc_3_1@@UAEXABVInputSource@2@@Z
?resolveEntity@XercesDOMParser@xercesc_3_1@@UAEPAVInputSource@2@PAVXMLResourceIdentifier@2@@Z
?resetEntities@XercesDOMParser@xercesc_3_1@@UAEXXZ
?expandSystemId@XercesDOMParser@xercesc_3_1@@UAE_NQB_WAAVXMLBuffer@2@@Z
?endInputSource@XercesDOMParser@xercesc_3_1@@UAEXABVInputSource@2@@Z
?resetErrors@XercesDOMParser@xercesc_3_1@@UAEXXZ
?error@XercesDOMParser@xercesc_3_1@@UAEXIQB_WW4ErrTypes@XMLErrorReporter@2@000_K2@Z
?createAttrNS@AbstractDOMParser@xercesc_3_1@@MAEPAVDOMAttr@2@PB_W000@Z
?createAttr@AbstractDOMParser@xercesc_3_1@@MAEPAVDOMAttr@2@PB_W@Z
?createElementNS@AbstractDOMParser@xercesc_3_1@@MAEPAVDOMElement@2@PB_W000@Z
?createElement@AbstractDOMParser@xercesc_3_1@@MAEPAVDOMElement@2@PB_W@Z
?createText@AbstractDOMParser@xercesc_3_1@@MAEPAVDOMText@2@PB_WK@Z
?createCDATASection@AbstractDOMParser@xercesc_3_1@@MAEPAVDOMCDATASection@2@PB_WK@Z
?setPSVIHandler@AbstractDOMParser@xercesc_3_1@@UAEXQAVPSVIHandler@2@@Z
?XMLDecl@AbstractDOMParser@xercesc_3_1@@UAEXQB_W000@Z
?startEntityReference@AbstractDOMParser@xercesc_3_1@@UAEXABVXMLEntityDecl@2@@Z
?startElement@AbstractDOMParser@xercesc_3_1@@UAEXABVXMLElementDecl@2@IQB_WABV?$RefVectorOf@VXMLAttr@xercesc_3_1@@@2@K_N3@Z
?startDocument@AbstractDOMParser@xercesc_3_1@@UAEXXZ
?resetDocument@AbstractDOMParser@xercesc_3_1@@UAEXXZ
?ignorableWhitespace@AbstractDOMParser@xercesc_3_1@@UAEXQB_WK_N@Z
?endEntityReference@AbstractDOMParser@xercesc_3_1@@UAEXABVXMLEntityDecl@2@@Z
?endElement@AbstractDOMParser@xercesc_3_1@@UAEXABVXMLElementDecl@2@I_NQB_W@Z
?endDocument@AbstractDOMParser@xercesc_3_1@@UAEXXZ
?docPI@AbstractDOMParser@xercesc_3_1@@UAEXQB_W0@Z
?docComment@AbstractDOMParser@xercesc_3_1@@UAEXQB_W@Z
?docCharacters@AbstractDOMParser@xercesc_3_1@@UAEXQB_WK_N@Z
?fgXercescDefaultLocale@XMLUni@xercesc_3_1@@2QBDB
?Initialize@XMLPlatformUtils@xercesc_3_1@@SAXQBD0QAVPanicHandler@2@QAVMemoryManager@2@@Z
?getMessage@XMLException@xercesc_3_1@@QBEPB_WXZ
?Terminate@XMLPlatformUtils@xercesc_3_1@@SAXXZ
?fgMemoryManager@XMLPlatformUtils@xercesc_3_1@@2PAVMemoryManager@2@A
?transcode@XMLString@xercesc_3_1@@SAPA_WQBDQAVMemoryManager@2@@Z
??2XMemory@xercesc_3_1@@SAPAXI@Z
??0XercesDOMParser@xercesc_3_1@@QAE@QAVXMLValidator@1@QAVMemoryManager@1@QAVXMLGrammarPool@1@@Z
?setValidationScheme@AbstractDOMParser@xercesc_3_1@@QAEXW4ValSchemes@12@@Z
?setDoNamespaces@AbstractDOMParser@xercesc_3_1@@QAEX_N@Z
?setDoSchema@AbstractDOMParser@xercesc_3_1@@QAEX_N@Z
?setHandleMultipleImports@AbstractDOMParser@xercesc_3_1@@QAEX_N@Z
?setValidationSchemaFullChecking@AbstractDOMParser@xercesc_3_1@@QAEX_N@Z
?setCreateEntityReferenceNodes@AbstractDOMParser@xercesc_3_1@@QAEX_N@Z
?parse@AbstractDOMParser@xercesc_3_1@@QAEXQBD@Z
?setErrorHandler@XercesDOMParser@xercesc_3_1@@QAEXQAVErrorHandler@2@@Z
?loadDOMExceptionMsg@DOMImplementation@xercesc_3_1@@SA_NFQA_WK@Z
?getDOMImplementation@DOMImplementationRegistry@xercesc_3_1@@SAPAVDOMImplementation@2@PB_W@Z
?fgDOMErrorHandler@XMLUni@xercesc_3_1@@2QB_WB
?fgDOMWRTSplitCdataSections@XMLUni@xercesc_3_1@@2QB_WB
?fgDOMWRTDiscardDefaultContent@XMLUni@xercesc_3_1@@2QB_WB
?fgDOMWRTFormatPrettyPrint@XMLUni@xercesc_3_1@@2QB_WB
?fgDOMWRTBOM@XMLUni@xercesc_3_1@@2QB_WB
??0LocalFileFormatTarget@xercesc_3_1@@QAE@QBDQAVMemoryManager@1@@Z
??0StdOutFormatTarget@xercesc_3_1@@QAE@XZ
?getDocument@AbstractDOMParser@xercesc_3_1@@QAEPAVDOMDocument@2@XZ
?getMessage@DOMException@xercesc_3_1@@QBEPB_WXZ
?release@XMLString@xercesc_3_1@@SAXPAPA_WQAVMemoryManager@2@@Z
??1DOMErrorHandler@xercesc_3_1@@UAE@XZ
??3XMemory@xercesc_3_1@@SAXPAX@Z

msvcp90d

??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@P6AAAV01@AAV01@@Z@Z
?endl@std@@YAAAV?$basic_ostream@DU?$char_traits@D@std@@@1@AAV21@@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@F@Z
?cerr@std@@3V?$basic_ostream@DU?$char_traits@D@std@@@1@A
?setstate@?$basic_ios@DU?$char_traits@D@std@@@std@@QAEXH_N@Z
?width@ios_base@std@@QAEHH@Z
?sputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAEHPBDH@Z
?eq_int_type@?$char_traits@D@std@@SA_NABH0@Z
?eof@?$char_traits@D@std@@SAHXZ
?sputc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAEHD@Z
?rdbuf@?$basic_ios@DU?$char_traits@D@std@@@std@@QBEPAV?$basic_streambuf@DU?$char_traits@D@std@@@2@XZ
?fill@?$basic_ios@DU?$char_traits@D@std@@@std@@QBEDXZ
?flags@ios_base@std@@QBEHXZ
?width@ios_base@std@@QBEHXZ
?length@?$char_traits@D@std@@SAIPBD@Z
?flush@?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV12@XZ
?tie@?$basic_ios@DU?$char_traits@D@std@@@std@@QBEPAV?$basic_ostream@DU?$char_traits@D@std@@@2@XZ
?good@ios_base@std@@QBE_NXZ
?_Osfx@?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEXXZ
?uncaught_exception@std@@YA_NXZ
?_Lock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAEXXZ
?_Unlock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAEXXZ
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@_K@Z
?cout@std@@3V?$basic_ostream@DU?$char_traits@D@std@@@1@A

msvcr90d

__p__commode
_adjust_fdiv
__setusermatherr
_configthreadlocale
__p__fmode
strcmp
strncmp
??2@YAPAXI@Z
??3@YAXPAX@Z
_encode_pointer
__set_app_type
_amsg_exit
__getmainargs
_exit
_XcptFilter
_cexit
exit
__initenv
_CrtSetCheckCount
_CrtDbgReportW
_initterm
_initterm_e
_crt_debugger_hook
?terminate@@YAXXZ
?_type_info_dtor_internal_method@type_info@@QAEXXZ
_controlfp_s
_invoke_watson
_unlock
__dllonexit
_lock
_onexit
__CxxFrameHandler3
_except_handler4_common
_decode_pointer

kernel32

GetCurrentProcessId
GetCurrentThreadId
GetTickCount
QueryPerformanceCounter
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
InterlockedCompareExchange
Sleep
InterlockedExchange
GetSystemTimeAsFileTime

Sections

.textbss
Size: - Virtual size: 64KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.text
Size: 27KB - Virtual size: 26KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 10KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 11KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

ee0fd68272279233cc87fcbb10e0aebe

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

xerces-c_3_1d

msvcp90d

msvcr90d

kernel32

Sections

.textbss Size: - Virtual size: 64KB

.text Size: 27KB - Virtual size: 26KB

.rdata Size: 10KB - Virtual size: 10KB

.data Size: 1KB - Virtual size: 2KB

.idata Size: 11KB - Virtual size: 11KB

.rsrc Size: 3KB - Virtual size: 3KB

.textbss
Size: - Virtual size: 64KB

.text
Size: 27KB - Virtual size: 26KB

.rdata
Size: 10KB - Virtual size: 10KB

.data
Size: 1KB - Virtual size: 2KB

.idata
Size: 11KB - Virtual size: 11KB

.rsrc
Size: 3KB - Virtual size: 3KB