ip_info_api.pdb
Static task
static1
1 signatures
General
-
Target
ip_info_api.exe
-
Size
2.0MB
-
MD5
ee93e1e4d4d016ff6cc00b1dbdfb303e
-
SHA1
7484800681a030b1f387c3a258ffd7303cc5af7c
-
SHA256
2bbc8486113bb3d60330c8091049cadaaa3869be9f5f5cd47fe5a6f078dbae04
-
SHA512
f223a891328d7a13bbb39ef6dc52df31b33d9915ea1212f595aea8dd04302931d13f2a9eaae54289643673c1a9557f7d3c7ed264ace1d643f43bba496b3ec0f0
-
SSDEEP
49152:e1LF1dWqBqjqOb7SILi6MOT7OmcJR9juyZ:oF2anZ
Score
3/10
Malware Config
Signatures
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
resource ip_info_api.exe
Files
-
ip_info_api.exe.exe windows:6 windows x64 arch:x64
98d8b07d47d3b5eaed62a853c5ac3532
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
PDB Paths
Imports
bcryptprimitives
ProcessPrng
api-ms-win-core-synch-l1-2-0
WaitOnAddress
WakeByAddressSingle
WakeByAddressAll
ntdll
NtCancelIoFileEx
RtlNtStatusToDosError
NtDeviceIoControlFile
NtCreateFile
NtWriteFile
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
NtReadFile
ws2_32
WSAIoctl
WSASend
send
shutdown
accept
listen
ioctlsocket
bind
WSASocketW
closesocket
WSAGetLastError
socket
WSAStartup
WSACleanup
freeaddrinfo
getaddrinfo
recv
kernel32
CreateIoCompletionPort
PostQueuedCompletionStatus
SetHandleInformation
SetFileCompletionNotificationModes
Sleep
GetModuleHandleA
GetProcAddress
GetSystemInfo
GetLastError
AddVectoredExceptionHandler
SetThreadStackGuarantee
GetCurrentThread
SwitchToThread
WaitForSingleObject
QueryPerformanceCounter
SetLastError
GetCurrentDirectoryW
GetEnvironmentVariableW
SetEnvironmentVariableW
GetCurrentProcess
SetFileInformationByHandle
GetStdHandle
GetCurrentProcessId
QueryPerformanceFrequency
GetSystemTimePreciseAsFileTime
HeapFree
HeapReAlloc
lstrlenW
ReleaseMutex
GetProcessHeap
HeapAlloc
FindClose
CreateFileW
GetFileInformationByHandle
GetFileInformationByHandleEx
FindFirstFileW
GetFinalPathNameByHandleW
GetConsoleMode
GetModuleHandleW
FormatMessageW
MultiByteToWideChar
WriteConsoleW
WideCharToMultiByte
CreateThread
GetFullPathNameW
WaitForSingleObjectEx
LoadLibraryA
CreateMutexA
CloseHandle
GetCurrentThreadId
GetSystemTimeAsFileTime
InitializeSListHead
IsDebuggerPresent
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetQueuedCompletionStatusEx
IsProcessorFeaturePresent
vcruntime140
__current_exception_context
__current_exception
memcpy
__C_specific_handler
__CxxFrameHandler3
_CxxThrowException
memset
memmove
memcmp
api-ms-win-crt-math-l1-1-0
pow
__setusermatherr
api-ms-win-crt-runtime-l1-1-0
_seh_filter_exe
_configure_narrow_argv
__p___argc
_exit
_set_app_type
_initterm
_initterm_e
_crt_atexit
_initialize_narrow_environment
_register_onexit_function
_initialize_onexit_table
__p___argv
terminate
exit
_register_thread_local_exe_atexit_callback
_c_exit
_cexit
_get_initial_narrow_environment
api-ms-win-crt-stdio-l1-1-0
_set_fmode
__p__commode
api-ms-win-crt-locale-l1-1-0
_configthreadlocale
api-ms-win-crt-heap-l1-1-0
_set_new_mode
free
Sections
.text Size: 1.4MB - Virtual size: 1.4MB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 567KB - Virtual size: 566KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 8KB - Virtual size: 8KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.pdata Size: 71KB - Virtual size: 70KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 13KB - Virtual size: 12KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ