c:\slaveroot\workspace\Simulator\OS\windows8\Release\release\platform\windows\Bin\AppTemplates\Win32\Corona.App.pdb
Static task
static1
Behavioral task
behavioral1
Sample
3a8f041dc1ee338e0c43df5ca740eff0N.exe
Resource
win7-20240704-en
Behavioral task
behavioral2
Sample
3a8f041dc1ee338e0c43df5ca740eff0N.exe
Resource
win10v2004-20240709-en
General
-
Target
3a8f041dc1ee338e0c43df5ca740eff0N.exe
-
Size
58KB
-
MD5
3a8f041dc1ee338e0c43df5ca740eff0
-
SHA1
d51e1f39e09f4863e8ded9e5c9d01ab4be8009a5
-
SHA256
7d2b2cf09b10cd9f1c5415c32fb54b6f4ecbc465824dea9246fb2c76b7c86c0b
-
SHA512
e160ebb4c6c7d846473bf8a0df3bad082951a3fcd005f0e5fb78957019ff783f6beac2dc81f89b9359cb9176e1cb41366848653ff71f3758b6134121a1290003
-
SSDEEP
768:8xF2pKYXmKvSzEsv31HEyuiIabwW/qGQPy/9R/2HdIw6bS66cJy3PLzkG:8xF2pKIzkXJEy3cbP+6xfcJAPP
Malware Config
Signatures
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
resource 3a8f041dc1ee338e0c43df5ca740eff0N.exe
Files
-
3a8f041dc1ee338e0c43df5ca740eff0N.exe.exe windows:5 windows x86 arch:x86
3340622192ab89b2478c6d744b87435f
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
PDB Paths
Imports
kernel32
EncodePointer
IsDebuggerPresent
IsProcessorFeaturePresent
QueryPerformanceCounter
GetCurrentProcessId
GetCurrentThreadId
GetSystemTimeAsFileTime
LocalFree
LoadLibraryW
GetProcAddress
DecodePointer
user32
GetMessageW
PostQuitMessage
LoadImageW
PostMessageW
LoadCursorW
GetClientRect
SetFocus
TranslateMessage
LoadIconW
SetWindowPos
ShowWindow
CreateWindowExW
GetSystemMetrics
IsWindowVisible
UpdateWindow
DefWindowProcW
DispatchMessageW
RegisterClassExW
gdi32
GetStockObject
shell32
CommandLineToArgvW
coronalabs.corona.native
CoronaWin32RuntimeNewRef
CoronaWin32LaunchSettingsNewRef
CoronaWin32LaunchSettingsSetMainWindowHandle
CoronaWin32RuntimeRun
CoronaWin32LaunchSettingsSetResourceDirectory
CoronaWin32LaunchSettingsAddLaunchArgument
CoronaWin32LaunchSettingsDeleteRef
CoronaWin32RuntimeDeleteRef
CoronaWin32LaunchSettingsSetRenderSurfaceHandle
comctl32
ord17
msvcp120
?_Xlength_error@std@@YAXPBD@Z
?_Xout_of_range@std@@YAXPBD@Z
?_Xbad_alloc@std@@YAXXZ
?_Syserror_map@std@@YAPBDH@Z
?_Winerror_map@std@@YAPBDH@Z
msvcr120
__crtSetUnhandledExceptionFilter
_invoke_watson
?terminate@@YAXXZ
_CxxThrowException
__CxxFrameHandler3
memcpy
_except_handler4_common
__crtTerminateProcess
__crtUnhandledException
_crt_debugger_hook
_controlfp_s
_commode
memmove
_purecall
??3@YAXPAX@Z
??2@YAPAXI@Z
_lock
_unlock
_calloc_crt
__dllonexit
_onexit
??1type_info@@UAE@XZ
_XcptFilter
__crtGetShowWindowMode
_amsg_exit
__wgetmainargs
__set_app_type
exit
_exit
_cexit
_configthreadlocale
__setusermatherr
_initterm_e
_initterm
_wcmdln
_fmode
memset
Sections
.text Size: 6KB - Virtual size: 5KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 4KB - Virtual size: 4KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 512B - Virtual size: 1KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rsrc Size: 45KB - Virtual size: 44KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 1024B - Virtual size: 768B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ