C:\Users\ieste\OneDrive\Desktop\maryware source\build\usermode\usermode.pdb
Static task
static1
1 signatures
General
-
Target
usermode.exe
-
Size
336KB
-
MD5
9da3ce1dd25dfa5d409daa9de0e37a1b
-
SHA1
82616509d89edd2c03c635bc32b121fd5fcd720b
-
SHA256
f0b55eee7092ca893f3f86bf8833632c1c62a5a1fdf4c15b9984a44182694bec
-
SHA512
d837178491af8491f7897b064babb000c85afa50632fefae25d4a37963e1f943f3143380fef4d3c9bc6ec82ed70e40cff32174614ba0132e510180b042ef479a
-
SSDEEP
6144:b+Vn3dMR6KE//LPO9v46Cu9AKocl/VQkmneaZ2EGsV5/y9in7F5WjD:b+RvljP2w0ldQkmescinqj
Score
3/10
Malware Config
Signatures
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
resource usermode.exe
Files
-
usermode.exe.exe windows:6 windows x64 arch:x64
655c7834f34c7230e3c631a42f5023cd
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
PDB Paths
Imports
d3d9
Direct3DCreate9Ex
kernel32
GlobalLock
GlobalUnlock
QueryPerformanceFrequency
QueryPerformanceCounter
Process32First
DeviceIoControl
CreateFileW
CreateToolhelp32Snapshot
Process32Next
CloseHandle
lstrcmpiA
GlobalFree
WakeAllConditionVariable
SleepConditionVariableSRW
RtlCaptureContext
RtlLookupFunctionEntry
GlobalAlloc
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
IsProcessorFeaturePresent
IsDebuggerPresent
GetModuleHandleW
GetCurrentProcessId
GetCurrentThreadId
GetSystemTimeAsFileTime
InitializeSListHead
Sleep
AcquireSRWLockExclusive
RtlVirtualUnwind
ReleaseSRWLockExclusive
user32
GetWindow
DispatchMessageA
GetWindowRect
DestroyWindow
SetWindowPos
GetSystemMetrics
ShowWindow
GetAsyncKeyState
SetWindowLongA
GetForegroundWindow
DefWindowProcA
CreateWindowExA
SetLayeredWindowAttributes
TranslateMessage
mouse_event
SetClipboardData
GetClipboardData
EmptyClipboard
LoadIconA
CloseClipboard
OpenClipboard
GetCursorPos
SetCursorPos
GetClientRect
ScreenToClient
SetCursor
ClientToScreen
PeekMessageA
GetDesktopWindow
RegisterClassExA
UpdateWindow
GetKeyState
LoadCursorA
GetActiveWindow
imm32
ImmReleaseContext
ImmGetContext
ImmSetCompositionWindow
msvcp140
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@_K@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@P6AAEAV01@AEAV01@@Z@Z
?setstate@?$basic_ios@DU?$char_traits@D@std@@@std@@QEAAXH_N@Z
?flush@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@XZ
?sputc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAAHD@Z
?put@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@D@Z
?widen@?$basic_ios@DU?$char_traits@D@std@@@std@@QEBADD@Z
?sputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAA_JPEBD_J@Z
?good@ios_base@std@@QEBA_NXZ
?_Osfx@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAXXZ
_Query_perf_frequency
?uncaught_exceptions@std@@YAHXZ
?cout@std@@3V?$basic_ostream@DU?$char_traits@D@std@@@1@A
?_Xlength_error@std@@YAXPEBD@Z
_Query_perf_counter
dwmapi
DwmExtendFrameIntoClientArea
vcruntime140_1
__CxxFrameHandler4
vcruntime140
_CxxThrowException
memmove
__C_specific_handler
__current_exception
__std_exception_copy
__std_exception_destroy
strstr
__std_terminate
memchr
memcmp
__current_exception_context
memcpy
memset
api-ms-win-crt-stdio-l1-1-0
__stdio_common_vsprintf_s
fseek
fclose
fflush
__acrt_iob_func
fwrite
ftell
_wfopen
fread
__stdio_common_vsscanf
__stdio_common_vfprintf
_set_fmode
__p__commode
__stdio_common_vsprintf
api-ms-win-crt-string-l1-1-0
strncpy
isprint
strcmp
api-ms-win-crt-utility-l1-1-0
qsort
api-ms-win-crt-heap-l1-1-0
_callnewh
_set_new_mode
malloc
free
api-ms-win-crt-convert-l1-1-0
atof
api-ms-win-crt-runtime-l1-1-0
_c_exit
system
__p___argv
__p___argc
_invalid_parameter_noinfo_noreturn
_exit
_initterm_e
terminate
_register_thread_local_exe_atexit_callback
_initterm
_get_initial_narrow_environment
_set_app_type
_seh_filter_exe
_cexit
_configure_narrow_argv
_crt_atexit
exit
_initialize_narrow_environment
_initialize_onexit_table
_register_onexit_function
api-ms-win-crt-math-l1-1-0
floorf
powf
cosf
ceilf
__setusermatherr
sinf
pow
sqrt
tanf
asin
atan2
atan2f
sqrtf
fmodf
api-ms-win-crt-locale-l1-1-0
_configthreadlocale
Sections
.text Size: 273KB - Virtual size: 273KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 48KB - Virtual size: 48KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 1024B - Virtual size: 3KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.pdata Size: 11KB - Virtual size: 11KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.rsrc Size: 512B - Virtual size: 488B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 512B - Virtual size: 164B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ