C:\Users\ilhan\Desktop\socket_pc\usermode\x64\Release\usermode.pdb
Static task
static1
1 signatures
General
-
Target
usermode.exe
-
Size
13KB
-
MD5
6a591e4175179db1f4509efb58a9db68
-
SHA1
5d9631f1a9dfcdcb1c0731edb4bd297c9e2fc58c
-
SHA256
5bec8f54b3cf7d0dc332af80ae5f2fdc487703a3c03a6585ff8f1b817f29fad6
-
SHA512
380839768bc2925aa8197ad4525c05c17283affaa9850fadbf073dd14d08fde0b257f43a2b56aef9da362d943abede9cba9cf231c5f3de1c9995de8de3833d2e
-
SSDEEP
192:/0bilZbOB/XVIJvb8MizVbC5BwbWZnwlTesQ5tfXrWO:/02j6B/XVIJj4eCAsbO
Score
3/10
Malware Config
Signatures
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
resource usermode.exe
Files
-
usermode.exe.exe windows:6 windows x64 arch:x64
a97d3909587a67aee6c5b720147762bb
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
PDB Paths
Imports
kernel32
SetConsoleTitleA
Sleep
GetConsoleScreenBufferInfo
SetConsoleTextAttribute
GetStdHandle
IsDebuggerPresent
InitializeSListHead
GetSystemTimeAsFileTime
GetCurrentThreadId
GetCurrentProcessId
QueryPerformanceCounter
IsProcessorFeaturePresent
TerminateProcess
GetCurrentProcess
SetUnhandledExceptionFilter
UnhandledExceptionFilter
RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext
GetModuleHandleW
ws2_32
WSAStartup
closesocket
socket
connect
recv
WSACleanup
htons
htonl
send
msvcp140
??5?$basic_istream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@AEAH@Z
?get@?$basic_istream@DU?$char_traits@D@std@@@std@@QEAAHXZ
?cin@std@@3V?$basic_istream@DU?$char_traits@D@std@@@1@A
vcruntime140
__current_exception_context
__current_exception
memset
__C_specific_handler
api-ms-win-crt-runtime-l1-1-0
_initialize_onexit_table
_register_onexit_function
_register_thread_local_exe_atexit_callback
_c_exit
terminate
_initterm
_get_initial_narrow_environment
_initterm_e
_crt_atexit
_cexit
_initialize_narrow_environment
_configure_narrow_argv
__p___argc
_set_app_type
_seh_filter_exe
system
exit
__p___argv
_exit
api-ms-win-crt-stdio-l1-1-0
_set_fmode
__stdio_common_vfprintf
__acrt_iob_func
__p__commode
api-ms-win-crt-math-l1-1-0
__setusermatherr
api-ms-win-crt-locale-l1-1-0
_configthreadlocale
api-ms-win-crt-heap-l1-1-0
_set_new_mode
Sections
.text Size: 5KB - Virtual size: 4KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 5KB - Virtual size: 4KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 512B - Virtual size: 1KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.pdata Size: 512B - Virtual size: 444B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.rsrc Size: 512B - Virtual size: 480B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 512B - Virtual size: 44B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ