c1eff3a872d0877a27b5fd715ec6122c849b7f74410e21584e56c6c6acbdcaeb

Sharing

Copy URL Twitter E-mail

General

Target

c1eff3a872d0877a27b5fd715ec6122c849b7f74410e21584e56c6c6acbdcaeb
Size

286KB
MD5

62e86e2fb642cf3e5f1f00e77a31321e
SHA1

45e62c0db8b66cc3d59007bde802f8fb0c8fbffd
SHA256

c1eff3a872d0877a27b5fd715ec6122c849b7f74410e21584e56c6c6acbdcaeb
SHA512

0d090d80e9207711cdd342eb836d20abf45e0befb8d9a672a236cb2cb65bab56b90e5e0c1f2d2e4f1cd4abf383219f58bb790b12a9ba6c987e5f4639dcb88c2a
SSDEEP

6144:FR2eVXgOJVwuwE7o9h+sdYDHXXHWWwcH0bAZVT7UvztvRplvy:2vOJx7oT+sdYDHXXHWNcHAq7U71tvy

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
c1eff3a872d0877a27b5fd715ec6122c849b7f74410e21584e56c6c6acbdcaeb

Files

c1eff3a872d0877a27b5fd715ec6122c849b7f74410e21584e56c6c6acbdcaeb
.exe windows:4 windows x86 arch:x86

2e27991bb1faa865d07e322c98c6ad9c

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

PDB Paths

d:\Source\Wdprj\WDExe\Release\WDExe.pdb

Imports

msvcrt

_controlfp
_except_handler3
__set_app_type
__p__fmode
__p__commode
_adjust_fdiv
__setusermatherr
_initterm
__getmainargs
_acmdln
exit
_XcptFilter
_exit
??1type_info@@UAE@XZ
_onexit
__dllonexit
isdigit
vsprintf
_mbclen
_mbsinc
_ismbcspace
atoi
realloc
_mbspbrk
_mbsrchr
_makepath
memmove
_mbsstr
wcscat
wcslen
wcschr
_mbschr
memchr
_vsnprintf
_purecall
_mbscmp
strcat
_mbsnbcpy
sprintf
strlen
strncmp
strcpy
_stricmp
_mbsicmp
memcpy
memset
free
malloc
??2@YAPAXI@Z
??3@YAXPAX@Z
__CxxFrameHandler
_CxxThrowException

kernel32

GetTempPathA
RaiseException
InterlockedExchange
LocalAlloc
GetStartupInfoA
CreateThread
TerminateThread
ResumeThread
MultiByteToWideChar
GetCurrentThreadId
TlsFree
TlsAlloc
VirtualProtect
VirtualQuery
TlsGetValue
TlsSetValue
GetModuleHandleA
GetFullPathNameA
GetVersionExA
FindNextFileA
GetFileAttributesA
FindClose
FindFirstFileA
CreateDirectoryA
CopyFileA
MoveFileA
DeleteFileA
SetEndOfFile
FlushFileBuffers
UnlockFile
LockFile
SetFilePointer
WriteFile
SetLastError
CreateFileA
SetErrorMode
LeaveCriticalSection
EnterCriticalSection
DeleteCriticalSection
InitializeCriticalSection
CreateMailslotA
ExpandEnvironmentStringsA
GetLocalTime
GetComputerNameA
GetProfileStringA
ReadFile
CreateFileMappingA
GetLastError
CloseHandle
MapViewOfFile
UnmapViewOfFile
LoadLibraryA
GetModuleFileNameA
CreateMutexA
WaitForSingleObject
ReleaseMutex
GetCurrentProcessId
FindResourceA
LoadResource
LockResource
FreeResource
FreeLibrary
CreateEventA
GetTempFileNameA
OpenFileMappingA
GetProcAddress
GetSystemDefaultLangID
FormatMessageA
LocalFree
GetPrivateProfileIntA
GetPrivateProfileStringA
GetCommandLineA
CreateProcessA
Sleep
GetMailslotInfo
GetExitCodeProcess

Exports

Exports

CommandeComposante
DeclareProxy

Sections

.text
Size: 52KB - Virtual size: 49KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 20KB - Virtual size: 18KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 80KB - Virtual size: 76KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

2e27991bb1faa865d07e322c98c6ad9c

Headers

File Characteristics

PDB Paths

Imports

msvcrt

kernel32

Exports

Exports

Sections

.text Size: 52KB - Virtual size: 49KB

.rdata Size: 20KB - Virtual size: 18KB

.data Size: 4KB - Virtual size: 4KB

.rsrc Size: 80KB - Virtual size: 76KB

.text
Size: 52KB - Virtual size: 49KB

.rdata
Size: 20KB - Virtual size: 18KB

.data
Size: 4KB - Virtual size: 4KB

.rsrc
Size: 80KB - Virtual size: 76KB