G:\Users\John\Documents\Visual Studio 2015\Projects\DS3Manager\x64\Release\DS3Manager.pdb
Static task
static1
1 signatures
General
-
Target
DS3Manager.zip
-
Size
91KB
-
MD5
9227d4d1f3486d680778442836cbc501
-
SHA1
3a9f344b9dc8eeea0657464342fff13679146ac1
-
SHA256
17d3404a4195fd7453bbf213a5b25787246da086ff005b5c80186ceae7b8e9aa
-
SHA512
437b76144a1d6e1573d532ce7f86e29445ffd9f7f90044a35063f66d1539799185c1fdc6384fe345e4e799660fb726f25e10b6f3ffa10fefcb0962db48b7017f
-
SSDEEP
1536:GIBpZiYrP6fM8bC+u6+6dNfpuFStlOaIPrESJo7esaUmS/HX4BCOUOj05W03pAOF:GIBvWu+u6rKFSzOrjESt1Sffkj+W03Kc
Score
3/10
Malware Config
Signatures
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
resource unpack001/DS3Manager.exe
Files
-
DS3Manager.zip.zip
-
DS3Manager.exe.exe windows:6 windows x64 arch:x64
5a99c14d4eab74af0f5c1174fcf6d681
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
PDB Paths
Imports
kernel32
OpenProcess
CreateToolhelp32Snapshot
Sleep
CopyFileA
GetLastError
DeleteFileA
Process32Next
lstrcpyA
CloseHandle
GetWindowsDirectoryA
ExitProcess
lstrcpynA
ReadProcessMemory
lstrcmpiA
WriteConsoleW
SetFilePointerEx
HeapReAlloc
HeapSize
GetConsoleMode
GetConsoleCP
FlushFileBuffers
SetStdHandle
GetModuleHandleA
GetProcessHeap
SetEnvironmentVariableA
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineW
GetCommandLineA
GetCPInfo
GetOEMCP
IsValidCodePage
FindFirstFileExA
GetStringTypeW
GetTimeZoneInformation
GetFileType
LCMapStringW
Module32First
FindNextFileA
FindClose
GetCurrentProcess
Module32Next
FindFirstFileA
WriteProcessMemory
Process32First
CompareStringW
HeapAlloc
HeapFree
GetACP
WriteFile
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
UnhandledExceptionFilter
SetUnhandledExceptionFilter
TerminateProcess
IsProcessorFeaturePresent
IsDebuggerPresent
GetStartupInfoW
GetModuleHandleW
QueryPerformanceCounter
GetCurrentProcessId
GetCurrentThreadId
GetSystemTimeAsFileTime
InitializeSListHead
RtlPcToFileHeader
EncodePointer
RaiseException
RtlUnwindEx
SetLastError
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
InitializeCriticalSectionAndSpinCount
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
FreeLibrary
GetProcAddress
LoadLibraryExW
GetModuleHandleExW
GetModuleFileNameA
MultiByteToWideChar
WideCharToMultiByte
GetStdHandle
CreateFileW
user32
RegisterClassExA
UpdateWindow
SetForegroundWindow
EnableWindow
GetWindowThreadProcessId
GetMessageA
DispatchMessageA
GetWindowRect
GetFocus
LoadCursorA
DestroyWindow
PostMessageA
CreatePopupMenu
ShowWindow
GetClassInfoExA
GetWindowTextA
SetWindowTextA
MessageBoxA
SetMenu
RegisterClassA
DefWindowProcA
CreateWindowExA
SetFocus
TranslateMessage
SendMessageA
AppendMenuA
PostQuitMessage
GetDesktopWindow
CreateMenu
GetWindowTextLengthA
FindWindowA
gdi32
DeleteObject
CreateFontIndirectA
comdlg32
GetOpenFileNameA
advapi32
LookupPrivilegeValueA
OpenProcessToken
AdjustTokenPrivileges
shell32
ShellExecuteA
ShellExecuteExA
wininet
InternetOpenA
InternetCloseHandle
InternetReadFile
InternetOpenUrlA
Sections
.text Size: 123KB - Virtual size: 122KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 49KB - Virtual size: 48KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 3KB - Virtual size: 10KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.pdata Size: 8KB - Virtual size: 7KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.gfids Size: 512B - Virtual size: 232B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.rsrc Size: 512B - Virtual size: 488B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 2KB - Virtual size: 1KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ