c85799b0d5d8dd258c0dbe5c834961d96b98221553a574fc56c0ce40b94efc5c

Sharing

Copy URL Twitter E-mail

General

Target

c85799b0d5d8dd258c0dbe5c834961d96b98221553a574fc56c0ce40b94efc5c
Size

26KB
MD5

8e8f2538707080cf686da232c6e92b9d
SHA1

8df72e138d8d6f83a9443e59948e8e6df0913740
SHA256

c85799b0d5d8dd258c0dbe5c834961d96b98221553a574fc56c0ce40b94efc5c
SHA512

079a7f4fcf3dff6ac0a5b3603069835198b1ea859cd90132c7accc49d37e556458173abdd3b4971f300ff95e56fd4ad4c41e5ca86ab2824e313e96522e770cda
SSDEEP

768:1/q/on9VtICoiEpa0fgMym1jP8LcdMMR:t9VtICoXa06Lc

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
c85799b0d5d8dd258c0dbe5c834961d96b98221553a574fc56c0ce40b94efc5c

Files

c85799b0d5d8dd258c0dbe5c834961d96b98221553a574fc56c0ce40b94efc5c
.dll windows:6 windows x64 arch:x64

c950965f94a86fb135bdb7b9514d087c

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

C:\assemblage\Builds\8259888855405531055kznjdirnej\MicroFile-master\MicroFile\assemblage_outdir_bin\MicroFile.pdb

Imports

kernel32

CreateFileW
CloseHandle
GetFileSize
ReadFile
WriteFile
lstrcpyW
lstrcpyA
lstrlenA
lstrlenW
RtlLookupFunctionEntry
RtlVirtualUnwind
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
IsProcessorFeaturePresent
QueryPerformanceCounter
GetCurrentProcessId
GetCurrentThreadId
GetSystemTimeAsFileTime
RtlCaptureContext
InitializeSListHead
IsDebuggerPresent

msvcp140

?_Xlength_error@std@@YAXPEBD@Z

vcruntime140_1

__CxxFrameHandler4

vcruntime140

_CxxThrowException
__C_specific_handler
__std_exception_destroy
__std_exception_copy
_purecall
memcpy
__std_type_info_destroy_list
memmove
memset

api-ms-win-crt-runtime-l1-1-0

_initialize_onexit_table
_cexit
_seh_filter_dll
_execute_onexit_table
_initterm
_initialize_narrow_environment
_invalid_parameter_noinfo
_errno
_invalid_parameter_noinfo_noreturn
_configure_narrow_argv
_initterm_e

api-ms-win-crt-heap-l1-1-0

_callnewh
free
malloc

Exports

Exports

??0MicroBinary@@QEAA@AEBV0@@Z
??0MicroBinary@@QEAA@PEB_W@Z
??0MicroData@@QEAA@AEBV0@@Z
??0MicroData@@QEAA@PEB_WK@Z
??0MicroFile@@QEAA@AEBV0@@Z
??0MicroFile@@QEAA@PEB_W@Z
??0MicroText@@QEAA@AEBV0@@Z
??0MicroText@@QEAA@PEB_WI@Z
??1MicroBinary@@QEAA@XZ
??1MicroData@@QEAA@XZ
??1MicroFile@@QEAA@XZ
??1MicroText@@QEAA@XZ
??4MicroBinary@@QEAAAEAV0@AEBV0@@Z
??4MicroBinary@@QEAAAEAV0@H@Z
??4MicroData@@QEAAAEAV0@AEBV0@@Z
??4MicroData@@QEAAXH@Z
??4MicroFile@@QEAAAEAV0@AEBV0@@Z
??4MicroFile@@QEAAAEAV0@H@Z
??4MicroText@@QEAAAEAV0@AEBV0@@Z
??4MicroText@@QEAAAEAV0@H@Z
??DMicroFile@@QEAAAEAEXZ
??DMicroText@@QEAAAEADXZ
??EMicroData@@QEAAHH@Z
??EMicroFile@@QEAAHH@Z
??EMicroText@@QEAAHH@Z
??FMicroData@@QEAAHH@Z
??FMicroFile@@QEAAHH@Z
??FMicroText@@QEAAHH@Z
??IMicroText@@QEAAAEA_WXZ
??YMicroData@@QEAAHK@Z
??YMicroFile@@QEAAHK@Z
??ZMicroData@@QEAAHK@Z
??ZMicroFile@@QEAAHK@Z
??_7MicroBinary@@6B@
??_7MicroData@@6B@
??_7MicroFile@@6B@
??_7MicroText@@6B@
?Clear@MicroFile@@QEAAXXZ
?Clear@MicroText@@QEAAXXZ
?Gate@MicroFile@@QEAAHPEAX@Z
?Get@MicroBinary@@QEAAHPEAG@Z
?Get@MicroBinary@@QEAAHPEAK@Z
?Get@MicroBinary@@UEAAHPEAE@Z
?Get@MicroData@@QEAAHPEAX@Z
?Get@MicroData@@UEAAHPEAE@Z
?Get@MicroText@@QEAAHPEAD@Z
?Get@MicroText@@QEAAHPEA_W@Z
?Get@MicroText@@UEAAHPEAE@Z
?Load@MicroFile@@UEAAHXZ
?Load@MicroText@@UEAAHXZ
?Pop@MicroData@@QEAAXPEAX@Z
?Pop@MicroFile@@QEAAXPEAXK@Z
?Pop@MicroText@@QEAAXPEADH@Z
?Pop@MicroText@@QEAAXPEA_WH@Z
?Push@MicroData@@QEAAXPEBX@Z
?Push@MicroFile@@QEAAXPEBXK@Z
?Push@MicroText@@QEAAXPEBD@Z
?Push@MicroText@@QEAAXPEB_W@Z
?Save@MicroFile@@UEAAHXZ
?Save@MicroText@@UEAAHXZ
?Set@MicroBinary@@QEAAHG@Z
?Set@MicroBinary@@QEAAHK@Z
?Set@MicroBinary@@UEAAHE@Z
?Set@MicroData@@QEAAHPEBX@Z
?Set@MicroData@@UEAAHE@Z
?Set@MicroText@@QEAAHPEBD@Z
?Set@MicroText@@QEAAHPEB_W@Z
?Set@MicroText@@UEAAHE@Z
?Size@MicroData@@QEAAKXZ
?Size@MicroFile@@QEAAKXZ
?Size@MicroText@@QEAAKXZ
?Sub@MicroFile@@QEAAXPEAXH@Z
?__autoclassinit2@MicroBinary@@QEAAX_K@Z
?__autoclassinit2@MicroData@@QEAAX_K@Z
?__autoclassinit2@MicroFile@@QEAAX_K@Z
?__autoclassinit2@MicroText@@QEAAX_K@Z

Sections

.text
Size: 12KB - Virtual size: 12KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 9KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 512B - Virtual size: 248B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 128B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

c950965f94a86fb135bdb7b9514d087c

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

msvcp140

vcruntime140_1

vcruntime140

api-ms-win-crt-runtime-l1-1-0

api-ms-win-crt-heap-l1-1-0

Exports

Exports

Sections

.text Size: 12KB - Virtual size: 12KB

.rdata Size: 9KB - Virtual size: 8KB

.data Size: 512B - Virtual size: 1KB

.pdata Size: 2KB - Virtual size: 1KB

.rsrc Size: 512B - Virtual size: 248B

.reloc Size: 512B - Virtual size: 128B

.text
Size: 12KB - Virtual size: 12KB

.rdata
Size: 9KB - Virtual size: 8KB

.data
Size: 512B - Virtual size: 1KB

.pdata
Size: 2KB - Virtual size: 1KB

.rsrc
Size: 512B - Virtual size: 248B

.reloc
Size: 512B - Virtual size: 128B