c9b7f8c905dae11faf7e8894e8d3b00ddf1442a5098740a57a8adb9a3ad4714d

Sharing

Copy URL Twitter E-mail

General

Target

c9b7f8c905dae11faf7e8894e8d3b00ddf1442a5098740a57a8adb9a3ad4714d
Size

10.0MB
MD5

e9c367fa5a472e057898226adb0622ba
SHA1

d8f240259e278fc52acf7a62c67f07e7b080536c
SHA256

c9b7f8c905dae11faf7e8894e8d3b00ddf1442a5098740a57a8adb9a3ad4714d
SHA512

c348318c64e5645a777e5f87603b4467a210dda778dca59cc3a2ce6da2bcff2ff57dc8f8488d1df08ccbe8d4a84f3f7e5b9fd68b677bef73baa5bec426fd9cb7
SSDEEP

196608:v1qA6/soOpfoUYsJp1quvV3MwBUevG8QsXQipB40k:jqmCapdpfUCG9Opu

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
c9b7f8c905dae11faf7e8894e8d3b00ddf1442a5098740a57a8adb9a3ad4714d

Files

c9b7f8c905dae11faf7e8894e8d3b00ddf1442a5098740a57a8adb9a3ad4714d
.exe windows:4 windows x86 arch:x86

b3190060a1dc83b7a807e88655cd6442

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

l:\amwork\branches\brcloudv2\src\tools\packagebuilder\release\wrapper.pdb

Imports

shlwapi

PathIsDirectoryW

kernel32

CreateProcessW
GetExitCodeProcess
WaitForSingleObject
WritePrivateProfileStringW
GetTempPathW
WideCharToMultiByte
SetFilePointerEx
GetPrivateProfileStringA
ReadFile
CloseHandle
GetModuleFileNameW
CreateDirectoryW
CreateFileW
WriteFile
WritePrivateProfileStringA
MultiByteToWideChar
DeleteFileW
SetUnhandledExceptionFilter
GetSystemTimeAsFileTime
GetLastError
IsDebuggerPresent
GetPrivateProfileStringW
QueryPerformanceCounter
GetCurrentProcessId
GetCurrentThreadId
GetTickCount
Sleep
InterlockedExchange
InterlockedCompareExchange
GetStartupInfoW
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter

user32

wsprintfW

advapi32

RegQueryValueExW
RegCloseKey
RegOpenKeyExW

shell32

SHGetFolderPathW
ShellExecuteW

msvcp80

??$?HDU?$char_traits@D@std@@V?$allocator@D@1@@std@@YA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@ABV10@0@Z
??$?8DU?$char_traits@D@std@@V?$allocator@D@1@@std@@YA_NABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@PBD@Z
??$?HDU?$char_traits@D@std@@V?$allocator@D@1@@std@@YA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@PBDABV10@@Z
??$?9_WU?$char_traits@_W@std@@V?$allocator@_W@1@@std@@YA_NABV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@0@PB_W@Z
??$?9DU?$char_traits@D@std@@V?$allocator@D@1@@std@@YA_NABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@PBD@Z
??Y?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@PBD@Z
??4?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@PBD@Z
??4?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@ABV01@@Z
?npos@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@2IB
?swap@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEXAAV12@@Z
??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@@Z
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBD@Z
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ
?clear@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEXXZ
??Y?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEAAV01@PB_W@Z
?find@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIABV12@I@Z
??0?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE@PB_W@Z
??4?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEAAV01@PB_W@Z
??1?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE@XZ

msvcr80

strtok
??2@YAPAXI@Z
srand
??_V@YAXPAX@Z
??3@YAXPAX@Z
_time64
_amsg_exit
__wgetmainargs
_cexit
_exit
_XcptFilter
exit
_wcmdln
_initterm
_initterm_e
_configthreadlocale
__setusermatherr
_adjust_fdiv
__p__commode
__p__fmode
_encode_pointer
__set_app_type
_crt_debugger_hook
?terminate@@YAXXZ
?_type_info_dtor_internal_method@type_info@@QAEXXZ
_unlock
__dllonexit
_lock
_onexit
_decode_pointer
_except_handler4_common
_invoke_watson
_controlfp_s
??0exception@std@@QAE@ABV01@@Z
??0exception@std@@QAE@ABQBD@Z
rand
??0exception@std@@QAE@XZ
??1exception@std@@UAE@XZ
?what@exception@std@@UBEPBDXZ
_CxxThrowException
__CxxFrameHandler3
memset
_invalid_parameter_noinfo

Sections

.text
Size: 16KB - Virtual size: 13KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 8KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 12KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

b3190060a1dc83b7a807e88655cd6442

Headers

File Characteristics

PDB Paths

Imports

shlwapi

kernel32

user32

advapi32

shell32

msvcp80

msvcr80

Sections

.text Size: 16KB - Virtual size: 13KB

.rdata Size: 8KB - Virtual size: 6KB

.data Size: 4KB - Virtual size: 1KB

.rsrc Size: 12KB - Virtual size: 10KB

.text
Size: 16KB - Virtual size: 13KB

.rdata
Size: 8KB - Virtual size: 6KB

.data
Size: 4KB - Virtual size: 1KB

.rsrc
Size: 12KB - Virtual size: 10KB