316c2f5d6b138552e38a2679cc576a00N[.]exe

Sharing

Copy URL

Twitter E-mail

General

Target

316c2f5d6b138552e38a2679cc576a00N.exe
Size

1.4MB
MD5

316c2f5d6b138552e38a2679cc576a00
SHA1

4cf8d375967cc88406dd6b66ad45202c1aa30bac
SHA256

f7224920a223b8f5d23438200e7807ec739ce7bc0555bea097d4679d2ab6ee2b
SHA512

5b40285e34c70bf85e0db13b53d984fde6bb38661c3f40d193a6933906a0b87d3d0a9f282b5bba9726370f23c4300e320cb6c5c9066d57a0ba9e35384284a4a6
SSDEEP

24576:2jlHId6yXTa8ywj/U1FElyUXpk6ztqTSnMW:2jl7n8XaK5STSnT

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
316c2f5d6b138552e38a2679cc576a00N.exe

Files

316c2f5d6b138552e38a2679cc576a00N.exe
.dll windows:4 windows x64 arch:x64

34c089b00e23a969ba345931b65885ab

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

C:\Build\Project\Medicine\Engine\2.0_MainTrunk\building\build\Project\Medicine\Engine\2.0\Trunk\Build\AMD64\free\MeDExt.pdb

Imports

kernel32

HeapValidate
HeapSize
HeapReAlloc
HeapFree
HeapDestroy
HeapCreate
HeapAlloc
GetVersionExW
GetVersionExA
GetTickCount
GetTempPathW
GetTempPathA
GetSystemTimeAsFileTime
GetSystemTime
GetSystemInfo
GetFullPathNameW
GetFullPathNameA
GetFileSize
GetFileAttributesExW
GetFileAttributesW
GetFileAttributesA
GetDiskFreeSpaceW
GetDiskFreeSpaceA
GetCurrentProcessId
FreeLibrary
FormatMessageW
FormatMessageA
FlushFileBuffers
DeleteFileW
DeleteFileA
CreateMutexW
CreateFileMappingW
CreateFileMappingA
CreateFileW
CreateFileA
AreFileApisANSI
TryEnterCriticalSection
HeapCompact
CreateEventW
__C_specific_handler
GetModuleFileNameW
DeviceIoControl
CancelIo
MoveFileW
SetFileAttributesW
GetFileTime
FindClose
RemoveDirectoryW
FindNextFileW
FindFirstFileW
GetFileInformationByHandle
GetLocalTime
ReleaseMutex
SetEvent
GetCurrentProcess
lstrcmpiW
GetModuleHandleA
GetVersion
lstrlenW
lstrcmpW
LocalAlloc
GetSystemDirectoryW
GetShortPathNameW
OpenMutexW
lstrlenA
lstrcmpA
InitializeSListHead
InterlockedPushEntrySList
InterlockedPopEntrySList
TerminateProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext
LoadLibraryA
LoadLibraryW
LocalFree
LockFile
LockFileEx
MapViewOfFile
MultiByteToWideChar
QueryPerformanceCounter
ReadFile
SetEndOfFile
SetFilePointer
Sleep
SystemTimeToFileTime
UnlockFile
UnlockFileEx
UnmapViewOfFile
WideCharToMultiByte
WriteFile
WaitForSingleObject
WaitForSingleObjectEx
OutputDebugStringA
OutputDebugStringW
GetProcessHeap
FlushViewOfFile
InitializeCriticalSection
DeleteCriticalSection
EnterCriticalSection
LeaveCriticalSection
GetModuleHandleW
GetProcAddress
GetLastError
GetCurrentThreadId
CreateSemaphoreW
ReleaseSemaphore
WaitForMultipleObjects
ResetEvent
GetPrivateProfileIntW
GetPrivateProfileStringW
SetLastError
GetVolumeInformationW
lstrcpynW
VerifyVersionInfoW
CloseHandle

advapi32

GetSecurityDescriptorSacl
RegEnumKeyExW
RegDeleteKeyW
EnumServicesStatusW
LockServiceDatabase
UnlockServiceDatabase
QueryServiceConfigW
RegOpenKeyA
RegQueryValueExA
RegOpenKeyW
AllocateAndInitializeSid
SetEntriesInAclW
InitializeSecurityDescriptor
SetSecurityDescriptorDacl
FreeSid
ConvertStringSecurityDescriptorToSecurityDescriptorW
ControlService
StartServiceW
DeleteService
CreateServiceW
RegCreateKeyExW
QueryServiceStatus
OpenSCManagerW
OpenServiceW
ChangeServiceConfigW
CloseServiceHandle
RegOpenKeyExW
RegQueryValueExW
RegDeleteValueW
RegSetValueExW
RegCloseKey
SetSecurityInfo

version

GetFileVersionInfoW
GetFileVersionInfoSizeW
VerQueryValueW

msvcrt

_beginthreadex
_endthreadex
strcspn
fabs
strspn
strrchr
_lrotr
_lrotl
wcscmp
__CxxFrameHandler
??3@YAXPEAX@Z
??2@YAPEAX_K@Z
_wcsicmp
wcsncat
wcsrchr
_vsnprintf
wcsncmp
wcsstr
?_set_se_translator@@YAP6AXIPEAU_EXCEPTION_POINTERS@@@ZP6AXI0@Z@Z
strncmp
swprintf
_purecall
_wcslwr
wcschr
_wcsupr
_initterm
??1type_info@@UEAA@XZ
__dllonexit
_onexit
?terminate@@YAXXZ
free
malloc
strcmp
localtime
memset
wcslen
_vsnwprintf
memmove
memcmp
memcpy
strlen
realloc
_CxxThrowException
_msize

user32

CharUpperW

Exports

Exports

MeDExtFinalize
MeDExtGet
MeDExtInitialize
MeDExtSet

Sections

.text
Size: 1.1MB - Virtual size: 1.1MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 151KB - Virtual size: 152KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 50KB - Virtual size: 56KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 36KB - Virtual size: 36KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 63KB - Virtual size: 62KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

34c089b00e23a969ba345931b65885ab

Headers

File Characteristics

PDB Paths

Imports

kernel32

advapi32

version

msvcrt

user32

Exports

Exports

Sections

.text Size: 1.1MB - Virtual size: 1.1MB

.rdata Size: 151KB - Virtual size: 152KB

.data Size: 50KB - Virtual size: 56KB

.pdata Size: 36KB - Virtual size: 36KB

.rsrc Size: 63KB - Virtual size: 62KB

.reloc Size: 6KB - Virtual size: 6KB

.text
Size: 1.1MB - Virtual size: 1.1MB

.rdata
Size: 151KB - Virtual size: 152KB

.data
Size: 50KB - Virtual size: 56KB

.pdata
Size: 36KB - Virtual size: 36KB

.rsrc
Size: 63KB - Virtual size: 62KB

.reloc
Size: 6KB - Virtual size: 6KB