556b20e68cfb4a16331168af919abfa9ccd23418fb0c63e3669e468ae4eb7dd7

Sharing

Copy URL Twitter E-mail

General

Target

556b20e68cfb4a16331168af919abfa9ccd23418fb0c63e3669e468ae4eb7dd7
Size

168KB
MD5

bd6e6b08e24a4def5b80fae83b00aabe
SHA1

ce6777f502451706463b00921676f89351d6d831
SHA256

556b20e68cfb4a16331168af919abfa9ccd23418fb0c63e3669e468ae4eb7dd7
SHA512

eba49a35b8a1e63cfeeadc21d70ca6fb23f45ccdc6559314be4511e37c8bd826130407cd9cee1e58fef02f6b69a145e5ea667a2bd1b8648fe485c1e1bd7d9fe2
SSDEEP

3072:NptlhvlxIzaiNu0HG6+PPnWNjhS37jLv7bguE6q9PSKNEySUG1Z32vXU:Xxxku0HG6+PPqhS37P7bguE6q9PSeEy8

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
556b20e68cfb4a16331168af919abfa9ccd23418fb0c63e3669e468ae4eb7dd7

Files

556b20e68cfb4a16331168af919abfa9ccd23418fb0c63e3669e468ae4eb7dd7
.dll windows:6 windows x86 arch:x86

04d5f09fcfc9be27e35dcbe9be04caee

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

C:\agent1\_work\12\s\Build\Bin\Config\Win32\Release\C3Comp.pdb

Imports

pccore

?wstricmp@@YAHPB_W0@Z
?wstrdpi@@YAPA_WPB_W@Z
?wstrdup@@YAPA_WPBD@Z
?wstrnicmp@@YAHPB_W0H@Z
?Mid@CString@@QBE?AV1@I@Z
?Expand@CString@@QAEXI@Z
?Compress@CString@@QAEXXZ
??YCString@@QAEABV0@ABV0@@Z
??YCString@@QAEABV0@_W@Z
?FindRev@CStrPtr@@QBEI_W@Z
??0CString@@QAE@ABV0@@Z
?Left@CString@@QBE?AV1@I@Z
??H@YA?AVCString@@ABV0@0@Z
??H@YA?AVCString@@ABV0@PB_W@Z
??H@YA?AVCString@@ABV0@_W@Z
?AfxCompare@@YAHABVCString@@0@Z
?Delete@CString@@QAEXII@Z
?wstrcpy@@YAXPA_WPB_W@Z
?Printf@CString@@QAAXPB_WZZ
??8CStrPtr@@QBEHPB_W@Z
??0CPrintf@@QAA@PB_WZZ
??1CPrintf@@QAE@XZ
?wtoupper@@YA_W_W@Z
?wisalpha@@YAH_W@Z
?wisdigit@@YAH_W@Z
?wstrchr@@YAPA_WPB_W_W@Z
??0CModule@@QAE@I@Z
??1CModule@@QAE@XZ
?InitLib@CModule@@QAEHPAX@Z
?Terminate@CModule@@QAEHXZ
??4CString@@QAEABV0@ABVCEntity@@@Z
?Format@CString@@QAAXPB_WZZ
?IsEmpty@CStrPtr@@QBEHXZ
?AfxFree@@YAXPAXH@Z
?wstrcat@@YAXPA_WPB_W@Z
??0CString@@QAE@ABVCEntity@@@Z
??0CString@@QAE@PB_W@Z
?wstrdup@@YAPA_WPB_W@Z
?wstrlen@@YAHPB_W@Z
?AfxMalloc@@YAPAXI@Z
?ThrowUserException@@YAXPBDI@Z
??1CFormat@@QAE@XZ
??0CFormat@@QAA@VCEntity@@ZZ
?GetLength@CString@@QBEIXZ
??4CString@@QAEABV0@ABV0@@Z
??1CString@@QAE@XZ
??0CString@@QAE@XZ
??9CStrPtr@@QBEHPB_W@Z

pcctrl

??0CRange@@QAE@XZ
??0CRange@@QAE@H@Z

pcdialog

?IsOkay@CError@@QBEHXZ
??1CError@@QAE@XZ
?SetRange@CError@@QAEXABVCRange@@@Z
?Set@CError@@QAEXABVCEntity@@@Z
?Set@CError@@QAEXPB_W@Z
??0CError@@QAE@H@Z

vcruntime140

__current_exception_context
__current_exception
_purecall
_except_handler4_common
__std_type_info_destroy_list
__std_terminate
__CxxFrameHandler3
memcpy
memset

api-ms-win-crt-string-l1-1-0

isxdigit

api-ms-win-crt-convert-l1-1-0

wcstoul

api-ms-win-crt-heap-l1-1-0

free
malloc

api-ms-win-crt-math-l1-1-0

_libm_sse2_pow_precise

api-ms-win-crt-runtime-l1-1-0

_execute_onexit_table
_initialize_narrow_environment
_initialize_onexit_table
_seh_filter_dll
_initterm_e
_initterm
terminate
_configure_narrow_argv
_cexit

kernel32

IsProcessorFeaturePresent
QueryPerformanceCounter
GetCurrentProcessId
GetCurrentThreadId
GetSystemTimeAsFileTime
InitializeSListHead
IsDebuggerPresent
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetCurrentProcess
TerminateProcess

Exports

Exports

?C3CheckSource@@YAHPBE@Z
?C3CompileCode@@YAHABUCCompileIn@@AAUCCompileOut@@H@Z
?C3CompileExpr@@YAHABUCCompileIn@@AAUCCompileOut@@@Z
?C3CompileFunc@@YAHABUCCompileIn@@AAUCCompileOut@@@Z
?C3ExecuteCode@@YAKPBEPAUIDataServer@@PAK@Z
?C3ExpandSource@@YAHPBEPAUINameServer@@ABV?$CArray@VCString@@@@AAVCString@@@Z
?C3MakeFuncLib@@YAHAAPAUIFuncLibrary@@@Z
?C3MakeIdentLib@@YAHAAPAUIIdentLibrary@@@Z
?C3SyntaxColors@@YAHAAV?$CArray@UCColorSpan@@@@AAHPB_WI@Z
?C3SyntaxTokens@@YAHAAV?$CArray@UCTokenSpan@@@@AAHPB_WI@Z

Sections

.text
Size: 110KB - Virtual size: 109KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 16KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 33KB - Virtual size: 33KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

04d5f09fcfc9be27e35dcbe9be04caee

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

pccore

pcctrl

pcdialog

vcruntime140

api-ms-win-crt-string-l1-1-0

api-ms-win-crt-convert-l1-1-0

api-ms-win-crt-heap-l1-1-0

api-ms-win-crt-math-l1-1-0

api-ms-win-crt-runtime-l1-1-0

kernel32

Exports

Exports

Sections

.text Size: 110KB - Virtual size: 109KB

.rdata Size: 16KB - Virtual size: 16KB

.data Size: 1024B - Virtual size: 1KB

.rsrc Size: 33KB - Virtual size: 33KB

.reloc Size: 6KB - Virtual size: 6KB

.text
Size: 110KB - Virtual size: 109KB

.rdata
Size: 16KB - Virtual size: 16KB

.data
Size: 1024B - Virtual size: 1KB

.rsrc
Size: 33KB - Virtual size: 33KB

.reloc
Size: 6KB - Virtual size: 6KB