42d96a6e09050fdab65bf84435225deba076db8aeced63046a41b6912a26b12f

Sharing

Copy URL Twitter E-mail

General

Target

42d96a6e09050fdab65bf84435225deba076db8aeced63046a41b6912a26b12f
Size

35KB
MD5

8aef0136737e77211adabc16fe0376df
SHA1

adaac36a114221678b4e31f00b5618fe145ac296
SHA256

42d96a6e09050fdab65bf84435225deba076db8aeced63046a41b6912a26b12f
SHA512

e513962985a67697c3d69a4caeee2c7ea5f9a03b2befad6b5e1e41890a0c0654a0b137bca27e01704733dea5b6191de7620031d27f9e3fc3a9eb48ba5ea58d45
SSDEEP

768:PgJdOsQ/bxbR345fE2p5uAQGPL4vzZq2o9W7GsxBbPr:PgXvEbX3qfZ5uLGCq2iW7z

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
42d96a6e09050fdab65bf84435225deba076db8aeced63046a41b6912a26b12f

Files

42d96a6e09050fdab65bf84435225deba076db8aeced63046a41b6912a26b12f
.exe windows:5 windows x86 arch:x86

7562a8c49eb1bf86da16e1b6734fb3cb

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

c:\graphviz-ms\bin\gvpack.pdb

Imports

gvplugin_neato_layout

neato_init_node
user_pos
init_nop
gvplugin_neato_layout_LTX_library

gvc

PSinputscale
Nop
common_init_edge
graph_init
late_int
Ndim
Concentrate
State
zmalloc
grealloc
gmalloc
parsePackModeInfo
Verbose
gvContextPlugins
packGraphs
dotneato_postprocess
attach_attrs

cgraph

agsetfile
agread
agisstrict
agfstsubg
agnxtsubg
agsubnode
agroot
agnxtattr
agxget
aghtmlstr
agstrdup_html
agset
agnnodes
aginit
agfstout
agnxtout
AgDefaultDisc
agopen
agxset
agnameof
agfstnode
agnxtnode
agnode
agbindrec
agsubg
agattr
agwrite
agedge

cdt

dtopen
dtclose
dtflatten
Dtoset

msvcr90

?terminate@@YAXXZ
_controlfp_s
_invoke_watson
_except_handler4_common
_decode_pointer
_onexit
_lock
__dllonexit
_unlock
_crt_debugger_hook
__set_app_type
_encode_pointer
__p__fmode
__p__commode
_adjust_fdiv
__setusermatherr
_configthreadlocale
_initterm_e
_initterm
__initenv
_XcptFilter
_exit
_cexit
__getmainargs
_amsg_exit
fclose
malloc
strncmp
strcmp
fprintf
strtol
strchr
fopen
printf
strlen
sprintf
free
exit
__iob_func

kernel32

IsDebuggerPresent
GetSystemTimeAsFileTime
GetCurrentProcessId
GetCurrentThreadId
GetTickCount
QueryPerformanceCounter
InterlockedExchange
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
InterlockedCompareExchange
Sleep

Exports

Exports

lt_preloaded_symbols

Sections

.text
Size: 12KB - Virtual size: 11KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 760B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

k3��u`
Size: 16KB - Virtual size: 20KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

7562a8c49eb1bf86da16e1b6734fb3cb

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

gvplugin_neato_layout

gvc

cgraph

cdt

msvcr90

kernel32

Exports

Exports

Sections

.text Size: 12KB - Virtual size: 11KB

.rdata Size: 3KB - Virtual size: 2KB

.data Size: 2KB - Virtual size: 2KB

.rsrc Size: 1024B - Virtual size: 760B

k3��u` Size: 16KB - Virtual size: 20KB

.text
Size: 12KB - Virtual size: 11KB

.rdata
Size: 3KB - Virtual size: 2KB

.data
Size: 2KB - Virtual size: 2KB

.rsrc
Size: 1024B - Virtual size: 760B

k3��u`
Size: 16KB - Virtual size: 20KB