ecece9d16ce96b1ff488e7024bc6fee0N[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

ecece9d16ce96b1ff488e7024bc6fee0N.exe
Size

248KB
MD5

ecece9d16ce96b1ff488e7024bc6fee0
SHA1

80e09134e140e13c5c4427c51cfe09b6369192ea
SHA256

100f7ef5a835958d07ca3d1de627a94d43800eb78de90e2f6f8dce14a30e1d46
SHA512

03a9dc209702eeeb26dac635418018ec1db17c61c9f394880089de56e0247d7f3e850a77d4b5b32dec81629beaee69dc6cc36f25e45926d4947c67e4631b07e1
SSDEEP

6144:rwprKhuI+I3Vhc9eDqACHwIkdtXMZOHl:c3Ec9eePlctXM

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
ecece9d16ce96b1ff488e7024bc6fee0N.exe

Files

ecece9d16ce96b1ff488e7024bc6fee0N.exe
.dll windows:5 windows x86 arch:x86

8137d30f1d79df306b6dbb0aee008b0a

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

D:\__pkg\2023\_UI\MonitorPage\MonitorPage_v2.1.0.5\Debug\MonitorPage.pdb

Imports

mfc90ud

ord9359
ord7420
ord2701
ord7531
ord6446
ord2033
ord5987
ord2336
ord2339
ord8783
ord4661
ord1957
ord1951
ord7326
ord1958
ord2882
ord2931
ord2941
ord2963
ord2994
ord2964
ord2706
ord6077
ord7830
ord5942
ord6392
ord8964
ord2380
ord4386
ord922
ord6167
ord4500
ord2479
ord2425
ord1465
ord1409
ord4426
ord4503
ord5131
ord1186
ord1184
ord5231
ord1189
ord3182
ord8239
ord6106
ord6302
ord3378
ord6212
ord8330
ord283
ord8837
ord4740
ord3652
ord6125
ord2786
ord1868
ord1247
ord3368
ord7498
ord1551
ord8036
ord2745
ord5196
ord2166
ord7844
ord2405
ord600
ord8057
ord8951
ord8412
ord1369
ord299
ord4477
ord3629
ord1251
ord1720
ord5821
ord1124
ord519
ord4973
ord834
ord7805
ord9387
ord6057
ord3972
ord1078
ord1090
ord3085
ord1539
ord1813
ord1635
ord1637
ord267
ord3254
ord9376
ord924
ord724
ord682
ord355
ord4873
ord1860
ord3143
ord2782
ord7562
ord7299
ord3564
ord9365
ord7538
ord6434
ord2240
ord5531
ord6282
ord3702
ord6745
ord7604
ord7874
ord7275
ord6905
ord6901
ord8588
ord4623
ord4722
ord6655
ord6864
ord823
ord6412
ord6377
ord5872
ord3598
ord9358
ord2091
ord6929
ord9215
ord5668
ord2938
ord5673
ord8242
ord1145
ord3480
ord352
ord726
ord8200
ord3761
ord361
ord2970
ord2968
ord8266
ord1232
ord6158
ord9340
ord1388
ord5552
ord8150
ord9073
ord8595
ord2475
ord4465
ord5530
ord690
ord5054
ord1857
ord3140
ord6707
ord4323
ord8152
ord7603
ord7638
ord6804
ord5991
ord3337
ord7628
ord7626
ord4474
ord2716
ord5781
ord7868
ord9297
ord7462
ord1389
ord5747
ord8169
ord2861
ord2906
ord6537
ord9368
ord5738
ord9366
ord6121
ord6164
ord930
ord5779
ord5281
ord753
ord406
ord1769
ord3033
ord6466
ord7593
ord2032
ord8780
ord4659
ord2250
ord2251
ord2410
ord2411
ord2863
ord7203
ord7029
ord6407
ord7569
ord2565
ord5487
ord6816
ord6531
ord6565
ord6305
ord4008
ord1476
ord3462
ord5170
ord8530
ord2174
ord291
ord714
ord9110
ord8827
ord335
ord935
ord940
ord6271
ord7592
ord3245
ord1900
ord2849
ord5197
ord7015
ord6487
ord2307
ord8868
ord7644
ord7642
ord1218
ord1223
ord1227
ord1225
ord1229
ord3551
ord3571
ord3555
ord3561
ord3559
ord3557
ord3574
ord3569
ord3553
ord3576
ord3563
ord3546
ord3548
ord3566
ord3256
ord3243
ord2209
ord9367
ord5739
ord9369
ord5071
ord7298
ord8730
ord4493
ord1968
ord7548
ord2780
ord2385
ord2384
ord2306
ord7590
ord3804
ord4122
ord4320
ord6518
ord4097
ord4348
ord3807
ord3996
ord3796
ord4552
ord5598
ord5599
ord5589
ord3994
ord5994
ord6712
ord6465
ord3137
ord1854
ord5046
ord680
ord2302
ord3846
ord4372
ord4502
ord2151
ord3699
ord1133
ord292
ord1249
ord6279
ord4499
ord5859
ord937
ord477
ord2735
ord2265
ord804
ord1733
ord945
ord1501
ord3975
ord3950
ord7961
ord3345
ord1140
ord5062
ord2732
ord1922
ord3291
ord5690
ord2983
ord2988
ord9168
ord3347
ord9174
ord7848
ord7634
ord3781
ord8197
ord9064
ord8194
ord9051
ord6351
ord9056
ord8718
ord9002
ord8383
ord8243
ord8249
ord8105
ord8174
ord7967
ord5343
ord302
ord963
ord286
ord7953
ord8796
ord8359
ord3032
ord1768
ord4897
ord399
ord6041
ord2321
ord2320
ord8238
ord9066
ord750
ord446
ord942
ord2389
ord4288
ord784
ord1665
ord1628
ord1626
ord1654
ord1553
ord9196
ord1504
ord1617
ord2713
ord5342
ord425
ord1523
ord1664
ord1662
ord1516
ord1423
ord1503
ord336
ord948
ord715
ord952
ord354
ord2493
ord3365
ord2935
ord602
ord2472
ord961
ord3183
ord8241
ord2928
ord2923
ord347
ord1139
ord2746
ord722
ord723
ord5948
ord8111
ord6270
ord3377
ord6093
ord3667
ord8394
ord2987
ord874
ord1408
ord3523
ord3976
ord8005
ord3528
ord5998
ord7994
ord2773
ord5607
ord269
ord270
ord887
ord950
ord3120
ord1838
ord5014
ord631
ord3081
ord1809
ord8287
ord7189
ord504
ord701
ord6361
ord943

msvcr90d

_unlock
__dllonexit
_encode_pointer
memset
_lock
_onexit
_CRT_RTC_INITW
?terminate@@YAXXZ
_malloc_dbg
_free_dbg
_encoded_null
_CrtSetCheckCount
_initterm
?what@exception@std@@UBEPBDXZ
??0exception@std@@QAE@ABQBD@Z
_invalid_parameter
??0exception@std@@QAE@XZ
??1exception@std@@UAE@XZ
??0exception@std@@QAE@ABV01@@Z
wcsncpy_s
_CxxThrowException
_wtoi
wcscat_s
_decode_pointer
_time64
_mktime64
_gmtime64_s
_localtime64_s
_snprintf_s
_errno
_CrtDbgReport
strcpy
wcscpy
_vsnprintf_s
_vsnwprintf_s
_snwprintf_s
strcpy_s
calloc
_recalloc
memcmp
_wcsicmp
memcpy_s
memmove_s
memcpy
wcscmp
__RTDynamicCast
_CrtDbgReportW
wcslen
wcscpy_s
__CxxFrameHandler3
malloc
free
__clean_type_info_names_internal
_except_handler4_common
?_type_info_dtor_internal_method@type_info@@QAEXXZ
_crt_debugger_hook
__CppXcptFilter
_adjust_fdiv
_amsg_exit
_initterm_e

kernel32

GetLastError
OutputDebugStringW
OutputDebugStringA
OpenEventA
SetEvent
CloseHandle
LocalFileTimeToFileTime
FileTimeToLocalFileTime
FileTimeToSystemTime
MulDiv
Sleep
GetTickCount
GetModuleFileNameW
GetPrivateProfileStringW
LocalFree
LocalAlloc
InterlockedExchange
InterlockedCompareExchange
IsDebuggerPresent
VirtualAlloc
DebugBreak
WideCharToMultiByte
GetProcAddress
LoadLibraryA
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
QueryPerformanceCounter
GetCurrentThreadId
GetCurrentProcessId
GetSystemTimeAsFileTime
HeapFree
HeapAlloc
GetProcessHeap
VirtualQuery
FreeLibrary
UnmapViewOfFile
GetSystemInfo
MapViewOfFile
CreateFileMappingA
GetCurrentThread
OpenFileMappingA
InterlockedIncrement
InterlockedDecrement
lstrlenW
lstrcmpiW
FreeResource
FindResourceW
GetVersionExW
LoadResource
LockResource
MultiByteToWideChar
GetCPInfo
lstrlenA
GetVersion
RaiseException

user32

DrawIconEx
GetSystemMetrics
FillRect
GetSysColorBrush
DestroyCursor
SetCursor
PostMessageW
DestroyIcon
CreateIconIndirect
GetDC
GetIconInfo
LoadImageW
MoveWindow
PeekMessageW
GetSysColor
SystemParametersInfoW
ReleaseDC
GetMenuItemInfoW
CopyRect
IsRectEmpty
PtInRect
SetRect
SetRectEmpty
EqualRect
InflateRect
OffsetRect
IntersectRect
UnionRect
IsMenu
MessageBoxA
SubtractRect

gdi32

CreateCompatibleDC
GetStockObject
SetTextColor
SetBkColor
CreateCompatibleBitmap
CreateDIBSection
GetPixel
GetObjectW
CreateSolidBrush
DeleteObject
SelectObject
SetPixel
CreateBitmap
DeleteDC
GetTextExtentPoint32W
BitBlt

advapi32

OpenThreadToken
SetThreadToken
RegOpenKeyExW
RegQueryValueExW
RegCloseKey
RevertToSelf

shell32

ShellExecuteExW

comctl32

ImageList_GetIconSize
_TrackMouseEvent

oleaut32

SysFreeString

msvcp90d

?c_str@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEPBDXZ
??0_Container_base_secure@std@@QAE@XZ
?_Orphan_all@_Container_base_secure@std@@QBEXXZ
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@@Z
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBD@Z
??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ
??1_Container_base_secure@std@@QAE@XZ
?_Debug_message@std@@YAXPB_W0I@Z
??0_Lockit@std@@QAE@H@Z
??1_Lockit@std@@QAE@XZ

Exports

Exports

InitDialog

Sections

.text
Size: 178KB - Virtual size: 178KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 51KB - Virtual size: 51KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 6KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 10KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

8137d30f1d79df306b6dbb0aee008b0a

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

mfc90ud

msvcr90d

kernel32

user32

gdi32

advapi32

shell32

comctl32

oleaut32

msvcp90d

Exports

Exports

Sections

.text Size: 178KB - Virtual size: 178KB

.rdata Size: 51KB - Virtual size: 51KB

.data Size: 1KB - Virtual size: 2KB

.rsrc Size: 6KB - Virtual size: 5KB

.reloc Size: 10KB - Virtual size: 9KB

.text
Size: 178KB - Virtual size: 178KB

.rdata
Size: 51KB - Virtual size: 51KB

.data
Size: 1KB - Virtual size: 2KB

.rsrc
Size: 6KB - Virtual size: 5KB

.reloc
Size: 10KB - Virtual size: 9KB