3c277d6c04c3ba184b5608b5a8e295f0N[.]exe

Sharing

Copy URL

Twitter E-mail

General

Target

3c277d6c04c3ba184b5608b5a8e295f0N.exe
Size

1.4MB
MD5

3c277d6c04c3ba184b5608b5a8e295f0
SHA1

134b7716f681622b7b215bfbb805bff8c43ae504
SHA256

d1413e610fc533470512f5584acafbed3414ef4339d75c59eab243962f48dbb8
SHA512

d0beac6790343ecb76c202bfc04fbd7888d3a51b892fd1c9a07729b68c59344741624cc5ec067c0fc9836f0ca99062bd3559bc9e270707b8d1b6dac7e008d366
SSDEEP

24576:2jlHId6yXTa8ywj/U1FElyUXpk6ztqTSnMW:2jl7n8XaK5STSnT

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
3c277d6c04c3ba184b5608b5a8e295f0N.exe

Files

3c277d6c04c3ba184b5608b5a8e295f0N.exe
.dll windows:4 windows x64 arch:x64

34c089b00e23a969ba345931b65885ab

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

C:\Build\Project\Medicine\Engine\2.0_MainTrunk\building\build\Project\Medicine\Engine\2.0\Trunk\Build\AMD64\free\MeDExt.pdb

Imports

kernel32

HeapValidate
HeapSize
HeapReAlloc
HeapFree
HeapDestroy
HeapCreate
HeapAlloc
GetVersionExW
GetVersionExA
GetTickCount
GetTempPathW
GetTempPathA
GetSystemTimeAsFileTime
GetSystemTime
GetSystemInfo
GetFullPathNameW
GetFullPathNameA
GetFileSize
GetFileAttributesExW
GetFileAttributesW
GetFileAttributesA
GetDiskFreeSpaceW
GetDiskFreeSpaceA
GetCurrentProcessId
FreeLibrary
FormatMessageW
FormatMessageA
FlushFileBuffers
DeleteFileW
DeleteFileA
CreateMutexW
CreateFileMappingW
CreateFileMappingA
CreateFileW
CreateFileA
AreFileApisANSI
TryEnterCriticalSection
HeapCompact
CreateEventW
__C_specific_handler
GetModuleFileNameW
DeviceIoControl
CancelIo
MoveFileW
SetFileAttributesW
GetFileTime
FindClose
RemoveDirectoryW
FindNextFileW
FindFirstFileW
GetFileInformationByHandle
GetLocalTime
ReleaseMutex
SetEvent
GetCurrentProcess
lstrcmpiW
GetModuleHandleA
GetVersion
lstrlenW
lstrcmpW
LocalAlloc
GetSystemDirectoryW
GetShortPathNameW
OpenMutexW
lstrlenA
lstrcmpA
InitializeSListHead
InterlockedPushEntrySList
InterlockedPopEntrySList
TerminateProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext
LoadLibraryA
LoadLibraryW
LocalFree
LockFile
LockFileEx
MapViewOfFile
MultiByteToWideChar
QueryPerformanceCounter
ReadFile
SetEndOfFile
SetFilePointer
Sleep
SystemTimeToFileTime
UnlockFile
UnlockFileEx
UnmapViewOfFile
WideCharToMultiByte
WriteFile
WaitForSingleObject
WaitForSingleObjectEx
OutputDebugStringA
OutputDebugStringW
GetProcessHeap
FlushViewOfFile
InitializeCriticalSection
DeleteCriticalSection
EnterCriticalSection
LeaveCriticalSection
GetModuleHandleW
GetProcAddress
GetLastError
GetCurrentThreadId
CreateSemaphoreW
ReleaseSemaphore
WaitForMultipleObjects
ResetEvent
GetPrivateProfileIntW
GetPrivateProfileStringW
SetLastError
GetVolumeInformationW
lstrcpynW
VerifyVersionInfoW
CloseHandle

advapi32

GetSecurityDescriptorSacl
RegEnumKeyExW
RegDeleteKeyW
EnumServicesStatusW
LockServiceDatabase
UnlockServiceDatabase
QueryServiceConfigW
RegOpenKeyA
RegQueryValueExA
RegOpenKeyW
AllocateAndInitializeSid
SetEntriesInAclW
InitializeSecurityDescriptor
SetSecurityDescriptorDacl
FreeSid
ConvertStringSecurityDescriptorToSecurityDescriptorW
ControlService
StartServiceW
DeleteService
CreateServiceW
RegCreateKeyExW
QueryServiceStatus
OpenSCManagerW
OpenServiceW
ChangeServiceConfigW
CloseServiceHandle
RegOpenKeyExW
RegQueryValueExW
RegDeleteValueW
RegSetValueExW
RegCloseKey
SetSecurityInfo

version

GetFileVersionInfoW
GetFileVersionInfoSizeW
VerQueryValueW

msvcrt

_beginthreadex
_endthreadex
strcspn
fabs
strspn
strrchr
_lrotr
_lrotl
wcscmp
__CxxFrameHandler
??3@YAXPEAX@Z
??2@YAPEAX_K@Z
_wcsicmp
wcsncat
wcsrchr
_vsnprintf
wcsncmp
wcsstr
?_set_se_translator@@YAP6AXIPEAU_EXCEPTION_POINTERS@@@ZP6AXI0@Z@Z
strncmp
swprintf
_purecall
_wcslwr
wcschr
_wcsupr
_initterm
??1type_info@@UEAA@XZ
__dllonexit
_onexit
?terminate@@YAXXZ
free
malloc
strcmp
localtime
memset
wcslen
_vsnwprintf
memmove
memcmp
memcpy
strlen
realloc
_CxxThrowException
_msize

user32

CharUpperW

Exports

Exports

MeDExtFinalize
MeDExtGet
MeDExtInitialize
MeDExtSet

Sections

.text
Size: 1.1MB - Virtual size: 1.1MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 151KB - Virtual size: 152KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 50KB - Virtual size: 56KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 36KB - Virtual size: 36KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 63KB - Virtual size: 62KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

34c089b00e23a969ba345931b65885ab

Headers

File Characteristics

PDB Paths

Imports

kernel32

advapi32

version

msvcrt

user32

Exports

Exports

Sections

.text Size: 1.1MB - Virtual size: 1.1MB

.rdata Size: 151KB - Virtual size: 152KB

.data Size: 50KB - Virtual size: 56KB

.pdata Size: 36KB - Virtual size: 36KB

.rsrc Size: 63KB - Virtual size: 62KB

.reloc Size: 6KB - Virtual size: 6KB

.text
Size: 1.1MB - Virtual size: 1.1MB

.rdata
Size: 151KB - Virtual size: 152KB

.data
Size: 50KB - Virtual size: 56KB

.pdata
Size: 36KB - Virtual size: 36KB

.rsrc
Size: 63KB - Virtual size: 62KB

.reloc
Size: 6KB - Virtual size: 6KB