800c500043c0eb7450b3684351cc3105f8627f31ab8f3ecaa1ad11352f0be5bf

Sharing

Copy URL Twitter E-mail

General

Target

800c500043c0eb7450b3684351cc3105f8627f31ab8f3ecaa1ad11352f0be5bf
Size

1.4MB
MD5

b60f2c52556b9d0ec4785bf4ef700c58
SHA1

2879b055b6b4dd941ca9edfa0daed74b3e198745
SHA256

800c500043c0eb7450b3684351cc3105f8627f31ab8f3ecaa1ad11352f0be5bf
SHA512

12f88986bf4245bec234e700fa201eab8d1b7ef0cfcb620f058340a902deb17229fea032edfcbaf6ed6ca7fe61618a80db7641ca38baabe8d7fd2aebaca2d787
SSDEEP

24576:aGgpEM7q16GKg/jHXjlwaTagFaeR/MZjW5iJWNp8UZn3sr:aGgtq16GKcHXjlw4Fau/wJWNpJnc

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
800c500043c0eb7450b3684351cc3105f8627f31ab8f3ecaa1ad11352f0be5bf

Files

800c500043c0eb7450b3684351cc3105f8627f31ab8f3ecaa1ad11352f0be5bf
.dll windows:6 windows x64 arch:x64

290807976c740cd2beae7e7dfdc29bcc

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

C:\code\fme\install\solidvalidation.pdb

Imports

mpir_fme

__gmpq_clear
__gmpq_equal
__gmpq_cmp_si
__gmpn_copyi
__gmpn_sub_n
__gmpn_com_n
__gmpn_mul
__gmpn_add_n
__gmpq_sub
__gmpq_set_si
__gmpq_set_d
__gmpq_set
__gmpq_mul
__gmpq_init
__gmpq_div
__gmpq_cmp
__gmpq_add

mpfr_fme

mpfr_set_q
mpfr_set_emin
mpfr_subnormalize
mpfr_get_d
mpfr_get_emin

kernel32

CreateFileMappingA
SetEndOfFile
CreateFileW
WriteConsoleW
SetStdHandle
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineW
GetCommandLineA
GetOEMCP
IsValidCodePage
FindNextFileA
FindFirstFileExA
FindClose
GetACP
SetFilePointerEx
ReadConsoleW
GetConsoleMode
GetConsoleCP
WriteFile
FlushFileBuffers
GetFileType
GetStdHandle
EnumSystemLocalesW
GetUserDefaultLCID
IsValidLocale
GetModuleFileNameA
ReadFile
GetModuleHandleExW
ExitProcess
LoadLibraryExW
FreeLibrary
RtlUnwindEx
RaiseException
RtlPcToFileHeader
InterlockedFlushSList
TerminateProcess
QueryPerformanceCounter
IsProcessorFeaturePresent
GetStartupInfoW
SetUnhandledExceptionFilter
UnhandledExceptionFilter
RtlVirtualUnwind
LeaveCriticalSection
EnterCriticalSection
ReleaseMutex
WaitForSingleObject
HeapAlloc
GetProcessHeap
HeapFree
VirtualQuery
VirtualLock
VirtualAlloc
VirtualFree
DebugBreak
GetLastError
GetSystemInfo
IsBadCodePtr
VirtualQueryEx
GetCurrentProcessId
CreateMutexA
GetCurrentThreadId
CloseHandle
InitializeCriticalSection
DeleteCriticalSection
CreateEventA
SetEvent
UnmapViewOfFile
OpenProcess
GetCurrentProcess
OpenMutexA
MapViewOfFileEx
MapViewOfFile
OpenFileMappingA
RtlUnwind
OutputDebugStringA
IsDebuggerPresent
RtlLookupFunctionEntry
RtlCaptureContext
InitializeSListHead
WaitForSingleObjectEx
WideCharToMultiByte
MultiByteToWideChar
GetStringTypeW
EncodePointer
DecodePointer
SetLastError
InitializeCriticalSectionAndSpinCount
CreateEventW
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
GetSystemTimeAsFileTime
GetModuleHandleW
GetProcAddress
LCMapStringW
GetLocaleInfoW
GetCPInfo
ResetEvent

stk

??1?$UString@$0A@@ex@stk@@QEAA@XZ
??0?$UString@$0A@@ex@stk@@QEAA@PEBD_KVEncoding@12@@Z

Exports

Exports

FME_validateFMEShell
FME_validateFMEVoids

Sections

.text
Size: 1013KB - Virtual size: 1012KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 207KB - Virtual size: 207KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 121KB - Virtual size: 128KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 36KB - Virtual size: 36KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

_RDATA
Size: 512B - Virtual size: 148B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 6KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

290807976c740cd2beae7e7dfdc29bcc

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

mpir_fme

mpfr_fme

kernel32

stk

Exports

Exports

Sections

.text Size: 1013KB - Virtual size: 1012KB

.rdata Size: 207KB - Virtual size: 207KB

.data Size: 121KB - Virtual size: 128KB

.pdata Size: 36KB - Virtual size: 36KB

_RDATA Size: 512B - Virtual size: 148B

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 6KB - Virtual size: 5KB

.text
Size: 1013KB - Virtual size: 1012KB

.rdata
Size: 207KB - Virtual size: 207KB

.data
Size: 121KB - Virtual size: 128KB

.pdata
Size: 36KB - Virtual size: 36KB

_RDATA
Size: 512B - Virtual size: 148B

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 6KB - Virtual size: 5KB