2ab1ec8a26f78b6c3aa24581ef8e3ad0N[.]exe

Sharing

Copy URL

Twitter E-mail

General

Target

2ab1ec8a26f78b6c3aa24581ef8e3ad0N.exe
Size

77KB
MD5

2ab1ec8a26f78b6c3aa24581ef8e3ad0
SHA1

0c49c36ee0a0dfd6d277c15c9b463f911dd5fc6e
SHA256

be992497d31af9166461dee778d8af69683ee71e3fbab35fae8ede40aaff2668
SHA512

9e9fcae5be821fd4af019e47fb1154698bef751d0b0656b0693c1f3153d4c08cffe4eb791aae93e59b33553a6b035faf782ad5788eb8a96062854f04578e8bc2
SSDEEP

1536:IK++2321rRnz/3q4PgPBvJ60iXY9DyRr6cfPnqFfoJ4Swn5vTPIIV52r3nIY:6+2m19nzS4PgPpJZio9DerZCFf+bSrQF

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2ab1ec8a26f78b6c3aa24581ef8e3ad0N.exe

Files

2ab1ec8a26f78b6c3aa24581ef8e3ad0N.exe
.exe windows:5 windows x86 arch:x86

f9b61ccfb98544a6804be538785337d6

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

O:\ugnx85\ip23\wnti32\pdb\cmp_dwg_create___1346131201.pdb

Imports

libufun

UF_initialize
UF_PART_open
UF_free_string_array
UF_DRAW_ask_drawings
UF_OBJ_ask_name
UF_PART_close
UF_terminate
uc4624
uc4621
UF_PLOT_ask_default_job_name
UF_PLOT_save_cgm
UF_PLOT_print_file
uc4561
uc4565
uc4575
UF_translate_variable
UF_PLOT_ask_profile_names
UF_PLOT_ask_printer_names
UF_free
UF_CFI_ask_file_exist
UF_get_fail_message
UF_print_syslog

msvcr100

_crt_debugger_hook
_controlfp_s
_invoke_watson
_except_handler4_common
_onexit
_lock
sprintf
clock
strrchr
printf
malloc
free
fopen
fclose
fprintf
memset
_amsg_exit
__getmainargs
_cexit
_exit
_XcptFilter
exit
__initenv
_initterm
_initterm_e
_configthreadlocale
__setusermatherr
_commode
_fmode
__set_app_type
?terminate@@YAXXZ
_unlock
__dllonexit

kernel32

IsDebuggerPresent
UnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
GetSystemTimeAsFileTime
GetCurrentProcessId
GetCurrentThreadId
GetTickCount
QueryPerformanceCounter
DecodePointer
SetUnhandledExceptionFilter
EncodePointer
HeapSetInformation
InterlockedCompareExchange
Sleep
InterlockedExchange

Exports

Exports

?NXSigningResource@@YAXXZ

Sections

.text
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 1024B - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 888B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 65KB - Virtual size: 68KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

f9b61ccfb98544a6804be538785337d6

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

libufun

msvcr100

kernel32

Exports

Exports

Sections

.text Size: 5KB - Virtual size: 5KB

.rdata Size: 4KB - Virtual size: 3KB

.data Size: 1024B - Virtual size: 1KB

.rsrc Size: 1024B - Virtual size: 888B

.reloc Size: 65KB - Virtual size: 68KB

.text
Size: 5KB - Virtual size: 5KB

.rdata
Size: 4KB - Virtual size: 3KB

.data
Size: 1024B - Virtual size: 1KB

.rsrc
Size: 1024B - Virtual size: 888B

.reloc
Size: 65KB - Virtual size: 68KB