b8b7a68e3f66701488e1f29abd135c00N[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

b8b7a68e3f66701488e1f29abd135c00N.exe
Size

93KB
MD5

b8b7a68e3f66701488e1f29abd135c00
SHA1

3ae14d50b306d56ee6de602523d3d7ccad1d9841
SHA256

5cc7b9618b7d30f4e6036bd200ad351fb28f9666083fcaefeff59e9ba0b03db9
SHA512

b2ead5e864c62bfe8d5d420da836217789cdbaaed10a93e2f23bead42102f361352b9f71a1ed51f636e2a51a9ebd4c6d97077d2becfa24dff151e9b60eae2f60
SSDEEP

1536:euto4tbJ3F2gaVgQV5yjm9gp0VFckTkqoOVs4u698SEgsI4r0wjYrwXM09XUDJU3:eutztbJ3F1ah5ym0kgqoOVs4l73PwjYw

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
b8b7a68e3f66701488e1f29abd135c00N.exe

Files

b8b7a68e3f66701488e1f29abd135c00N.exe
.exe windows:5 windows x86 arch:x86

c288af89692380cca3e6e49775ee2c9b

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

o:\ugnx85\ip23\wnti32\pdb\ug_convert_part___1348678838.pdb

Imports

libmodl

?UNITSCONV_convert@@YA_NIPAUUNITSCONV_conversion_results_s@@@Z

libpart

?UPDATE_do_update@@YAXXZ
?PART_is_family_template@@YA_NI@Z
?CONTEXT_ask_work_part@@YAIXZ
?ES_cycle_entities_by_type@@YAXIHPAI@Z

libpartdisp

?pat010@@YAHXZ

libpartmodl

?UDF_save_part@@YAXPAPADPAH@Z
?set_udf_status@@YAXPAH@Z
?bui_Export_UserFeature_uf@@YAXP6AXXZ@Z

libsyss

?SM_alloc@@YAPAXI@Z
?MACH__checking_level@@3HA
?ENV_ask_version@@YAXPAUENV_version_s@@@Z
?mbtst@@YAXQAHPBH@Z
?SM_free@@YAXPAX@Z

libufun

UF_MISC_set_program_name
UF_initialize
uc4565
uc4560
UF_ASSEM_ask_assem_options
UF_ASSEM_set_assem_options
uc4549
UF_ASSEM_ask_child_of_instance
uc4601
uc4519
uc4573
UF_terminate
UF_get_fail_message
UF_PART_ask_part_name
uc4509
uc4518
UF_free
UF_free_string_array
UF_MODL_export_exp
UF_PART_close
uc4578
UF_PART_save_as
uc4575
UF_PART_save
uc4508
uc4548
uc4576
UF_PART_set_display_part
UF_ASSEM_cycle_inst_of_part
UF_PART_ask_units
UF_PART_open

msvcr100

memset
_crt_debugger_hook
_controlfp_s
_invoke_watson
_except_handler4_common
_onexit
_lock
__dllonexit
_unlock
?terminate@@YAXXZ
__set_app_type
_fmode
_commode
__setusermatherr
_configthreadlocale
_initterm_e
_initterm
__initenv
exit
_XcptFilter
_exit
_cexit
__getmainargs
_amsg_exit
printf

kernel32

Sleep
IsDebuggerPresent
UnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
GetSystemTimeAsFileTime
GetCurrentProcessId
GetCurrentThreadId
GetTickCount
QueryPerformanceCounter
DecodePointer
SetUnhandledExceptionFilter
EncodePointer
HeapSetInformation
InterlockedCompareExchange
InterlockedExchange

Exports

Exports

?NXSigningResource@@YAXXZ

Sections

.text
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 1024B - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 888B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 77KB - Virtual size: 80KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

c288af89692380cca3e6e49775ee2c9b

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

libmodl

libpart

libpartdisp

libpartmodl

libsyss

libufun

msvcr100

kernel32

Exports

Exports

Sections

.text Size: 8KB - Virtual size: 7KB

.rdata Size: 5KB - Virtual size: 4KB

.data Size: 1024B - Virtual size: 1KB

.rsrc Size: 1024B - Virtual size: 888B

.reloc Size: 77KB - Virtual size: 80KB

.text
Size: 8KB - Virtual size: 7KB

.rdata
Size: 5KB - Virtual size: 4KB

.data
Size: 1024B - Virtual size: 1KB

.rsrc
Size: 1024B - Virtual size: 888B

.reloc
Size: 77KB - Virtual size: 80KB