sample_product[.]exe

Sharing

Copy URL

Twitter E-mail

General

Target

sample_product.exe
Size

65KB
MD5

8a818e8375b69e289a5b8754d7ce921d
SHA1

d2b15f64c55edb15f5213c49420a6122f1452704
SHA256

809a3b5e2b284e0458a0a9742ef3cb892506da57b8c932f0da45fda09738836a
SHA512

78b66d347fdd4544ff4b3e8071396fd37529f6efb2091331eca43ff8d87f2eb156c0f6024a7b481fb3448f2319c034b955c62da5909bd1cf458d7edfd210afc4
SSDEEP

768:mhXjhudTJ+tuNlO+qQytzvfrIUBERmT3ZrTE6AS07I+W/PjzVBIYt:GjhresdzvF07TsvVB

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
sample_product.exe

Files

sample_product.exe
.exe windows:6 windows x64 arch:x64

b84a8ed4508219c8da73ab71fce00b6e

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

C:\Users\Shadow\source\repos\obama-gaming\devkit\release\sample_product.pdb

Imports

msvcrt

_aligned_free
_aligned_malloc
memmove
memset
printf
strcat_s
strcmp
vswprintf_s

sdk

?bp_attach@@YA_N_K@Z
?bp_create@@YA_N_K@Z
?bp_destroy@@YA_NXZ
?bp_detach@@YA_NXZ
?bp_get_peb@@YA_KXZ
?bp_read@@YA_NPEAX0_K@Z
?bp_register_thread@@YAXXZ
?bp_render_add_font@@YAXPEA_WHEPEAPEAX@Z
?bp_render_begin_clipping@@YAXHHHH@Z
?bp_render_begin_fonts@@YAXXZ
?bp_render_begin_frame@@YAXXZ
?bp_render_create@@YA_N_K@Z
?bp_render_destroy@@YA_NXZ
?bp_render_end_clipping@@YAXXZ
?bp_render_end_fonts@@YAXXZ
?bp_render_end_frame@@YAXXZ
?bp_render_get_cursor@@YAXPEAH0@Z
?bp_render_get_key@@YA_NH@Z
?bp_render_rect@@YQXMMMMI@Z
?bp_render_start@@YAXHHHH@Z
?bp_render_stop@@YAXXZ
?bp_render_text_raw@@YQXPEAXPEB_WMMEI@Z

kernel32

CloseHandle
CreateEventA
CreateFileA
CreateThread
CreateToolhelp32Snapshot
GetEnvironmentVariableA
Process32First
Process32Next
SetEvent
Sleep
SwitchToThread
WaitForSingleObject
WriteFile

Sections

.text
Size: 51KB - Virtual size: 50KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 468B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.CRT
Size: 512B - Virtual size: 48B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.init
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 56B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

b84a8ed4508219c8da73ab71fce00b6e

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

msvcrt

sdk

kernel32

Sections

.text Size: 51KB - Virtual size: 50KB

.rdata Size: 3KB - Virtual size: 3KB

.data Size: 512B - Virtual size: 468B

.pdata Size: 2KB - Virtual size: 1KB

.CRT Size: 512B - Virtual size: 48B

.init Size: 6KB - Virtual size: 6KB

.reloc Size: 512B - Virtual size: 56B

.text
Size: 51KB - Virtual size: 50KB

.rdata
Size: 3KB - Virtual size: 3KB

.data
Size: 512B - Virtual size: 468B

.pdata
Size: 2KB - Virtual size: 1KB

.CRT
Size: 512B - Virtual size: 48B

.init
Size: 6KB - Virtual size: 6KB

.reloc
Size: 512B - Virtual size: 56B