a8e67d488cf07dbceca332d5519ebab949b5747d6398b2f16c29b9be07fae4a7

Sharing

Copy URL Twitter E-mail

General

Target

a8e67d488cf07dbceca332d5519ebab949b5747d6398b2f16c29b9be07fae4a7
Size

205KB
MD5

fc8e6ed5522fd0210bf14218536df608
SHA1

3a4be0c022a5d2a02d6e593edd3e64b965f78218
SHA256

a8e67d488cf07dbceca332d5519ebab949b5747d6398b2f16c29b9be07fae4a7
SHA512

b16e957bf3adc9999dbf40ea32da388f8d8fc69c50a2cd01b47f5b211fc81047f801f3cee51ac5979034239c163c82a09bc598341616ded87fa3b4e1e796c364
SSDEEP

6144:0Qi3jPD4SSYdeyi6ALbvAutotCnG0aGwP/K:0v3jPD4SSYdeyilLkutoUG0ad/K

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
a8e67d488cf07dbceca332d5519ebab949b5747d6398b2f16c29b9be07fae4a7

Files

a8e67d488cf07dbceca332d5519ebab949b5747d6398b2f16c29b9be07fae4a7
.exe windows:6 windows x86 arch:x86

f9c03ac0a8cebbbe0436671e200cae8d

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

O:\webex-player\output\maps\release\nbrconvert.pdb

Imports

shlwapi

PathAppendW
PathGetDriveNumberW
PathFileExistsW
PathBuildRootW

kernel32

LoadLibraryExW
LoadResource
SizeofResource
FindResourceW
lstrcmpiW
MultiByteToWideChar
GetCommandLineW
GetFileAttributesW
FormatMessageW
GetPrivateProfileStringW
CreateDirectoryW
GetDriveTypeW
lstrlenW
CreateFileW
WritePrivateProfileStringW
WideCharToMultiByte
VirtualQuery
lstrcatW
IsBadReadPtr
VirtualFree
SetFilePointerEx
GetConsoleMode
GetModuleHandleW
FlushFileBuffers
GetStringTypeW
SetStdHandle
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineA
GetCPInfo
GetOEMCP
IsValidCodePage
FindNextFileW
FindFirstFileExW
FindClose
LCMapStringW
GetModuleFileNameW
LocalFree
LoadLibraryW
GetProcAddress
FreeLibrary
GetVersionExW
GetSystemDirectoryW
GetCurrentThread
GetCurrentProcess
InitializeCriticalSectionAndSpinCount
CloseHandle
DeleteFileW
GetCurrentThreadId
DeleteCriticalSection
InitializeCriticalSectionEx
LeaveCriticalSection
EnterCriticalSection
SetLastError
GetLastError
RaiseException
VirtualAlloc
DecodePointer
WriteConsoleW
LoadLibraryExA
RtlUnwind
TlsAlloc
TlsGetValue
GetConsoleCP
HeapReAlloc
HeapSize
GetFileType
GetACP
WriteFile
GetStdHandle
GetModuleHandleExW
ExitProcess
FlushInstructionCache
InterlockedPushEntrySList
InterlockedPopEntrySList
TlsFree
UnhandledExceptionFilter
SetUnhandledExceptionFilter
TerminateProcess
IsProcessorFeaturePresent
IsDebuggerPresent
GetStartupInfoW
QueryPerformanceCounter
GetCurrentProcessId
GetSystemTimeAsFileTime
InitializeSListHead
OutputDebugStringW
EncodePointer
HeapAlloc
HeapFree
GetProcessHeap
TlsSetValue

user32

DefWindowProcW
CallWindowProcW
UnregisterClassW
PostMessageW
LoadStringW
MessageBoxW
PostQuitMessage
GetDesktopWindow
CharNextW
DestroyWindow
DispatchMessageW
TranslateMessage
GetMessageW
LoadCursorW
SetWindowLongW
GetWindowLongW
CreateWindowExW
GetClassInfoExW
RegisterClassExW

advapi32

RevertToSelf
MapGenericMask
ImpersonateSelf
GetFileSecurityW
AccessCheck
RegSetValueExW
RegQueryValueExW
RegQueryInfoKeyW
RegOpenKeyExW
RegEnumKeyExW
RegDeleteValueW
RegDeleteKeyW
RegCreateKeyExW
RegCloseKey
GetTokenInformation
FreeSid
EqualSid
AllocateAndInitializeSid
OpenThreadToken
OpenProcessToken

shell32

ShellExecuteExW
SHGetPathFromIDListW
SHGetSpecialFolderLocation
SHFileOperationW

ole32

CoTaskMemAlloc
OleUninitialize
OleInitialize
CoCreateInstance
CoTaskMemFree
CoTaskMemRealloc

oleaut32

SysFreeString
SysAllocString
VarUI4FromStr

Sections

.text
Size: 113KB - Virtual size: 113KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 67KB - Virtual size: 66KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 13KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 7KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

f9c03ac0a8cebbbe0436671e200cae8d

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

shlwapi

kernel32

user32

advapi32

shell32

ole32

oleaut32

Sections

.text Size: 113KB - Virtual size: 113KB

.rdata Size: 67KB - Virtual size: 66KB

.data Size: 3KB - Virtual size: 6KB

.rsrc Size: 13KB - Virtual size: 12KB

.reloc Size: 7KB - Virtual size: 7KB

.text
Size: 113KB - Virtual size: 113KB

.rdata
Size: 67KB - Virtual size: 66KB

.data
Size: 3KB - Virtual size: 6KB

.rsrc
Size: 13KB - Virtual size: 12KB

.reloc
Size: 7KB - Virtual size: 7KB