d35fca38a09495717e1da68f665f17802092002cb561a1a70c83c04dde676aff

Sharing

Copy URL

Twitter E-mail

General

Target

d35fca38a09495717e1da68f665f17802092002cb561a1a70c83c04dde676aff
Size

318KB
MD5

54b1071b3b3003dbcf32201be18e5259
SHA1

6eb76177d4bcdc3b5a6c08baecfffc4996ae2948
SHA256

d35fca38a09495717e1da68f665f17802092002cb561a1a70c83c04dde676aff
SHA512

1cbbd92b33082bc396fe53d4abee666e719bee46310305eb9f7efdb688b389d83fc17b172a49df85a95510cf36e50b7101d366d1decc12b04087fa1ce9ecad60
SSDEEP

6144:nEe47t+eL9CJ25M8fFrIJlU2aQbt6ddcqjT:ERRZCk52JlXazdco

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
d35fca38a09495717e1da68f665f17802092002cb561a1a70c83c04dde676aff

Files

d35fca38a09495717e1da68f665f17802092002cb561a1a70c83c04dde676aff
.dll windows:6 windows x64 arch:x64

ae2b62f184bfc60016ef393ccfdfa379

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

C:\Users\Administrator\Documents\vcpkg\buildtrees\pcre\x64-o1-windows-rel\pcre32.pdb

Imports

kernel32

ReleaseMutex
WaitForSingleObject
CreateMutexA
GetSystemInfo
VirtualAlloc
VirtualFree
IsDebuggerPresent
InitializeSListHead
DisableThreadLibraryCalls
GetSystemTimeAsFileTime
GetCurrentThreadId
GetCurrentProcessId
QueryPerformanceCounter
IsProcessorFeaturePresent
TerminateProcess
GetCurrentProcess
SetUnhandledExceptionFilter
UnhandledExceptionFilter
RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext

vcruntime140

memcmp
memcpy
memmove
memset
strchr
__C_specific_handler
__std_type_info_destroy_list

api-ms-win-crt-string-l1-1-0

islower
isxdigit
isdigit
isalpha
isupper
isspace
tolower
toupper
iscntrl
isgraph
isprint
isalnum
ispunct

api-ms-win-crt-heap-l1-1-0

free
malloc

api-ms-win-crt-runtime-l1-1-0

_configure_narrow_argv
_execute_onexit_table
_cexit
_initterm_e
_initialize_narrow_environment
_seh_filter_dll
_initterm
_initialize_onexit_table

Exports

Exports

pcre32_assign_jit_stack
pcre32_callout
pcre32_compile
pcre32_compile2
pcre32_config
pcre32_copy_named_substring
pcre32_copy_substring
pcre32_dfa_exec
pcre32_exec
pcre32_free
pcre32_free_study
pcre32_free_substring
pcre32_free_substring_list
pcre32_fullinfo
pcre32_get_named_substring
pcre32_get_stringnumber
pcre32_get_stringtable_entries
pcre32_get_substring
pcre32_get_substring_list
pcre32_jit_exec
pcre32_jit_free_unused_memory
pcre32_jit_stack_alloc
pcre32_jit_stack_free
pcre32_maketables
pcre32_malloc
pcre32_pattern_to_host_byte_order
pcre32_refcount
pcre32_stack_free
pcre32_stack_guard
pcre32_stack_malloc
pcre32_study
pcre32_utf32_to_host_byte_order
pcre32_version

Sections

.text
Size: 224KB - Virtual size: 224KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 88KB - Virtual size: 88KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 512B - Virtual size: 480B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 92B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

ae2b62f184bfc60016ef393ccfdfa379

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

vcruntime140

api-ms-win-crt-string-l1-1-0

api-ms-win-crt-heap-l1-1-0

api-ms-win-crt-runtime-l1-1-0

Exports

Exports

Sections

.text Size: 224KB - Virtual size: 224KB

.rdata Size: 88KB - Virtual size: 88KB

.data Size: 512B - Virtual size: 2KB

.pdata Size: 2KB - Virtual size: 2KB

.rsrc Size: 512B - Virtual size: 480B

.reloc Size: 512B - Virtual size: 92B

.text
Size: 224KB - Virtual size: 224KB

.rdata
Size: 88KB - Virtual size: 88KB

.data
Size: 512B - Virtual size: 2KB

.pdata
Size: 2KB - Virtual size: 2KB

.rsrc
Size: 512B - Virtual size: 480B

.reloc
Size: 512B - Virtual size: 92B