cd8f03f1fb4eb9407ab91bd44ae6117776c045bd8feed3f54f2c991e523cc33a

Sharing

Copy URL

Twitter E-mail

General

Target

cd8f03f1fb4eb9407ab91bd44ae6117776c045bd8feed3f54f2c991e523cc33a
Size

854KB
MD5

4d8f4ecb9a9df0fb6c752064f2f806c3
SHA1

5a3ab41b33224b9a93d55ae044ce115be5ff9a9d
SHA256

cd8f03f1fb4eb9407ab91bd44ae6117776c045bd8feed3f54f2c991e523cc33a
SHA512

8185558a81d8effc0d3241b996567752f968cdae64647a5414f5ac35c24a2bfb5f4e50a27ac424311a4b7f8e5a35b16e5178560f9a76ddc10851299f8ca60e79
SSDEEP

6144:Ag2PlElh0vaziFF+++KudidedGaPMTvl+wJf5khETPxXkMB1H/L:WlElh0/+++Ku9wDvfCOxX/n

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
cd8f03f1fb4eb9407ab91bd44ae6117776c045bd8feed3f54f2c991e523cc33a

Files

cd8f03f1fb4eb9407ab91bd44ae6117776c045bd8feed3f54f2c991e523cc33a
.exe windows:6 windows x64 arch:x64

56360e142fff388863b0f5cbb149c3d1

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

F:\vcpkg\buildtrees\jinja2cpplight\x64-windows-dbg\jinja2cpplight_unittests.pdb

Imports

kernel32

GetStdHandle
GetCommandLineA
GetTempPathA
GetTempFileNameA
DebugBreak
OutputDebugStringA
CloseHandle
DuplicateHandle
SetErrorMode
CreatePipe
SetEvent
WaitForSingleObject
CreateEventA
WaitForMultipleObjects
GetCurrentProcess
GetCurrentProcessId
GetExitCodeProcess
CreateProcessA
OpenProcess
GetModuleFileNameA
FormatMessageA
GetConsoleScreenBufferInfo
SetConsoleTextAttribute
FreeLibrary
VirtualQuery
GetProcessHeap
HeapFree
HeapAlloc
GetLastError
GetModuleHandleW
GetStartupInfoW
InitializeSListHead
GetSystemTimeAsFileTime
GetCurrentThreadId
QueryPerformanceCounter
WideCharToMultiByte
MultiByteToWideChar
RaiseException
IsDebuggerPresent
SleepConditionVariableSRW
WakeAllConditionVariable
AcquireSRWLockExclusive
ReleaseSRWLockExclusive
IsProcessorFeaturePresent
TerminateProcess
SetUnhandledExceptionFilter
UnhandledExceptionFilter
RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext
GetProcAddress

msvcp140d

?setp@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAXPEAD00@Z
?_Pninc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAPEADXZ
??1?$basic_ios@DU?$char_traits@D@std@@@std@@UEAA@XZ
?setstate@?$basic_ios@DU?$char_traits@D@std@@@std@@QEAAXH_N@Z
?tie@?$basic_ios@DU?$char_traits@D@std@@@std@@QEBAPEAV?$basic_ostream@DU?$char_traits@D@std@@@2@XZ
?rdbuf@?$basic_ios@DU?$char_traits@D@std@@@std@@QEBAPEAV?$basic_streambuf@DU?$char_traits@D@std@@@2@XZ
?fill@?$basic_ios@DU?$char_traits@D@std@@@std@@QEBADXZ
?widen@?$basic_ios@DU?$char_traits@D@std@@@std@@QEBADD@Z
??0?$basic_ios@DU?$char_traits@D@std@@@std@@IEAA@XZ
??0?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAA@PEAV?$basic_streambuf@DU?$char_traits@D@std@@@1@_N@Z
??1?$basic_ostream@DU?$char_traits@D@std@@@std@@UEAA@XZ
?_Osfx@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAXXZ
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@P6AAEAV01@AEAV01@@Z@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@H@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@M@Z
?put@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@D@Z
?flush@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@XZ
??0?$basic_iostream@DU?$char_traits@D@std@@@std@@QEAA@PEAV?$basic_streambuf@DU?$char_traits@D@std@@@1@@Z
??1?$basic_iostream@DU?$char_traits@D@std@@@std@@UEAA@XZ
?imbue@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAXAEBVlocale@2@@Z
?sync@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAHXZ
?setbuf@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAPEAV12@PEAD_J@Z
?xsputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JPEBD_J@Z
?xsgetn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JPEAD_J@Z
?uflow@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAHXZ
?showmanyc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JXZ
?_Unlock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@UEAAXXZ
?_Lock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@UEAAXXZ
?cout@std@@3V?$basic_ostream@DU?$char_traits@D@std@@@1@A
?_Xout_of_range@std@@YAXPEBD@Z
?setf@ios_base@std@@QEAAHH@Z
?setf@ios_base@std@@QEAAHHH@Z
?fill@?$basic_ios@DU?$char_traits@D@std@@@std@@QEAADD@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@P6AAEAVios_base@1@AEAV21@@Z@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@I@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@K@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@_J@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@_K@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@N@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@PEBX@Z
?write@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@PEBD_J@Z
?setbase@std@@YA?AU?$_Smanip@H@1@H@Z
?setprecision@std@@YA?AU?$_Smanip@_J@1@_J@Z
?setw@std@@YA?AU?$_Smanip@_J@1@_J@Z
?cerr@std@@3V?$basic_ostream@DU?$char_traits@D@std@@@1@A
??Bios_base@std@@QEBA_NXZ
?eof@ios_base@std@@QEBA_NXZ
??0?$basic_istream@DU?$char_traits@D@std@@@std@@QEAA@PEAV?$basic_streambuf@DU?$char_traits@D@std@@@1@_N@Z
??1?$basic_istream@DU?$char_traits@D@std@@@std@@UEAA@XZ
??5?$basic_istream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@AEAH@Z
?setg@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAXPEAD00@Z
?gbump@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAXH@Z
?egptr@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEBAPEADXZ
?pptr@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEBAPEADXZ
?pbase@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEBAPEADXZ
?gptr@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEBAPEADXZ
?eback@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEBAPEADXZ
?sputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAA_JPEBD_J@Z
?setp@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAXPEAD0@Z
?sputc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAAHD@Z
??1?$basic_streambuf@DU?$char_traits@D@std@@@std@@UEAA@XZ
??0?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAA@XZ
?width@ios_base@std@@QEAA_J_J@Z
?width@ios_base@std@@QEBA_JXZ
?flags@ios_base@std@@QEBAHXZ
?good@ios_base@std@@QEBA_NXZ
?uncaught_exception@std@@YA_NXZ
?_Xlength_error@std@@YAXPEBD@Z
??1_Lockit@std@@QEAA@XZ
??0_Lockit@std@@QEAA@H@Z
?_W_Getmonths@_Locinfo@std@@QEBAPEBGXZ
?epptr@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEBAPEADXZ
?_W_Getdays@_Locinfo@std@@QEBAPEBGXZ
?_Getmonths@_Locinfo@std@@QEBAPEBDXZ
?_Xbad_alloc@std@@YAXXZ
_Mbrtowc
?_Getcvt@_Locinfo@std@@QEBA?AU_Cvtvec@@XZ
?_Getdays@_Locinfo@std@@QEBAPEBDXZ

vcruntime140d

__vcrt_GetModuleHandleW
__current_exception_context
__current_exception
__std_type_info_destroy_list
__C_specific_handler_noexcept
__RTDynamicCast
__C_specific_handler
wcsstr
strstr
strrchr
strchr
memchr
memset
_CxxThrowException
__std_exception_destroy
__std_exception_copy
memmove
__vcrt_GetModuleFileNameW
memcmp
_purecall
memcpy
__vcrt_LoadLibraryExW

vcruntime140_1d

__CxxFrameHandler4

ucrtbased

_set_abort_behavior
_set_error_mode
strtol
_strtoui64
getenv
strcmp
_strdup
strerror
_stricmp
strncmp
_localtime64
isdigit
isxdigit
isspace
toupper
_getcwd
_mkdir
_isatty
_open_osfhandle
_ftime64
tolower
_CrtDbgReportW
_callnewh
_seh_filter_exe
_set_app_type
__setusermatherr
_configure_narrow_argv
_initialize_narrow_environment
_get_initial_narrow_environment
_initterm
_initterm_e
_set_fmode
__p___argc
__p___argv
_cexit
_c_exit
_register_thread_local_exe_atexit_callback
_configthreadlocale
_set_new_mode
__p__commode
_seh_filter_dll
_initialize_onexit_table
abort
_execute_onexit_table
_crt_atexit
_crt_at_quick_exit
strcpy_s
strcat_s
__stdio_common_vsprintf_s
_free_dbg
terminate
_wmakepath_s
_wsplitpath_s
wcscpy_s
_fdopen
_close
_creat
_dup
_dup2
_read
_write
_exit
malloc
free
fabs
_stat64i32
wcscmp
_errno
__stdio_common_vsnprintf_s
remove
fwrite
ftell
fseek
fread
fputc
fopen
_fileno
fflush
fclose
_CrtDbgReport
_invalid_parameter
strlen
_calloc_dbg
wcslen
__stdio_common_vfprintf
__acrt_iob_func
_register_onexit_function
exit
_wcsicmp

Sections

.text
Size: 573KB - Virtual size: 573KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 195KB - Virtual size: 194KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 9KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 53KB - Virtual size: 52KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.idata
Size: 14KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.tls
Size: 1024B - Virtual size: 777B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.00cfg
Size: 512B - Virtual size: 373B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

56360e142fff388863b0f5cbb149c3d1

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

msvcp140d

vcruntime140d

vcruntime140_1d

ucrtbased

Sections

.text Size: 573KB - Virtual size: 573KB

.rdata Size: 195KB - Virtual size: 194KB

.data Size: 9KB - Virtual size: 11KB

.pdata Size: 53KB - Virtual size: 52KB

.idata Size: 14KB - Virtual size: 13KB

.tls Size: 1024B - Virtual size: 777B

.00cfg Size: 512B - Virtual size: 373B

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 5KB - Virtual size: 5KB

.text
Size: 573KB - Virtual size: 573KB

.rdata
Size: 195KB - Virtual size: 194KB

.data
Size: 9KB - Virtual size: 11KB

.pdata
Size: 53KB - Virtual size: 52KB

.idata
Size: 14KB - Virtual size: 13KB

.tls
Size: 1024B - Virtual size: 777B

.00cfg
Size: 512B - Virtual size: 373B

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 5KB - Virtual size: 5KB