d94246655c4e2d01659ea9a41dd48ed0N[.]exe | Triage

Sharing

Copy URL Twitter E-mail

General

Target

d94246655c4e2d01659ea9a41dd48ed0N.exe
Size

74KB
MD5

d94246655c4e2d01659ea9a41dd48ed0
SHA1

39a573cf50409e7368cd4e9c940fd063aa07ed33
SHA256

9d15e627ed9faad94f0652aa729cd62895169d06773f3c9129c87667a7c5e7b3
SHA512

5aee20b6eb30f12a10cd74ea5bfeb3313626dd9a964d87e20be197023c8f08a0458ccc5f0c93343146bfed7d2b97851744651eb6d15670a2424c7dbe5fea0a3b
SSDEEP

1536:fhuWtPkMidykU215MFc7F2AwEkBXqtgbgsMXayS:ZTWMiTUQ5MFCIYYqtgbghayS

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
d94246655c4e2d01659ea9a41dd48ed0N.exe

Files

d94246655c4e2d01659ea9a41dd48ed0N.exe
.dll windows:5 windows x86 arch:x86

510cfcde9ffe6dfb5d6623e700710224

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

wpdtrace.pdb

Imports

kernel32

TlsSetValue
HeapAlloc
GetProcessHeap
HeapFree
TlsGetValue
GetCurrentProcessId
lstrcatA
GetModuleFileNameA
ExpandEnvironmentStringsA
GetLocalTime
SetFilePointerEx
SetEndOfFile
CopyFileA
TlsFree
TlsAlloc
ReleaseMutex
WriteFile
WaitForSingleObject
QueryPerformanceCounter
GetTickCount
GetCurrentThreadId
GetSystemTimeAsFileTime
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
Sleep

msvcrt

_snprintf
strncat
free
_initterm
_adjust_fdiv
malloc
_splitpath

Exports

Exports

WPDTRACE_DecrementIndentLevel
WPDTRACE_GetIndentLevel
WPDTRACE_GetTraceSettings
WPDTRACE_IncrementIndentLevel
WPDTRACE_Init
WPDTRACE_OutputString
WPDTRACE_SetTraceSettings
WPDTRACE_Term

Sections

.text
Size: 7KB - Virtual size: 7KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 64KB - Virtual size: 64KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 992B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 414B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ