8cb41632eecdf2fc291cffdcef7f92bbfa913ac18bd57c8ca29a91f61e9bb874

Sharing

Copy URL Twitter E-mail

General

Target

8cb41632eecdf2fc291cffdcef7f92bbfa913ac18bd57c8ca29a91f61e9bb874
Size

101KB
MD5

5638add8acf5d01c6528177c41b187fb
SHA1

7bf5fc475087bbc3a025368e2ce0452fb08a96a6
SHA256

8cb41632eecdf2fc291cffdcef7f92bbfa913ac18bd57c8ca29a91f61e9bb874
SHA512

71da9bc777b8877f03274efffe0d37243b0b5b82fbcf730bcdbe535db7718c3b9ee55872695ceb3ca3adfb26ba1ddbe5c6230451224971e1c5ba4755ed8cf336
SSDEEP

1536:w60+yJ3qQKLNe362o+/LGhV7+mvrhtX48cMZk58AlhQ:w6m8tMLgNS8cMZk58IQ

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
8cb41632eecdf2fc291cffdcef7f92bbfa913ac18bd57c8ca29a91f61e9bb874

Files

8cb41632eecdf2fc291cffdcef7f92bbfa913ac18bd57c8ca29a91f61e9bb874
.exe windows:5 windows x86 arch:x86

ce367253cbf6f8b0e1b49510688c8b74

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

D:\BuildAgent\_work\71\s\SADK\Private\Src\CryptoKits\JuShan\CryptoKitWebServices\x86\Release\ImportSSLCert.pdb

Imports

kernel32

SetLastError
WriteFile
ReadFile
GetProcessHeap
SetEndOfFile
WriteConsoleW
GetConsoleOutputCP
WriteConsoleA
CreateFileA
LoadLibraryA
HeapSize
FlushFileBuffers
SetStdHandle
InitializeCriticalSectionAndSpinCount
CreateFileW
MultiByteToWideChar
GetLastError
WideCharToMultiByte
LocalFree
DeleteFileW
CloseHandle
LocalAlloc
GetProcAddress
GetModuleFileNameW
LoadLibraryW
WaitForSingleObject
CreateProcessW
FreeLibrary
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
GetCommandLineA
HeapFree
RaiseException
RtlUnwind
GetCPInfo
InterlockedIncrement
InterlockedDecrement
GetACP
GetOEMCP
IsValidCodePage
GetModuleHandleW
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
GetCurrentThreadId
HeapAlloc
EnterCriticalSection
LeaveCriticalSection
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
DeleteCriticalSection
Sleep
ExitProcess
GetModuleFileNameA
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
HeapCreate
VirtualFree
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
GetSystemTimeAsFileTime
GetConsoleCP
GetConsoleMode
VirtualAlloc
HeapReAlloc
SetFilePointer
LCMapStringA
LCMapStringW
GetStringTypeA
GetStringTypeW
GetLocaleInfoA

advapi32

RegCloseKey
GetTraceEnableLevel
RegOpenKeyExW
UnregisterTraceGuids
TraceEvent
GetTraceLoggerHandle
RegQueryValueExW
GetTraceEnableFlags
ControlTraceW
RegisterTraceGuidsW

shell32

SHGetSpecialFolderPathW

shlwapi

PathFileExistsW
PathRemoveFileSpecW

Sections

.text
Size: 69KB - Virtual size: 69KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 18KB - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 448B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 7KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

ce367253cbf6f8b0e1b49510688c8b74

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

advapi32

shell32

shlwapi

Sections

.text Size: 69KB - Virtual size: 69KB

.rdata Size: 18KB - Virtual size: 17KB

.data Size: 4KB - Virtual size: 11KB

.rsrc Size: 512B - Virtual size: 448B

.reloc Size: 7KB - Virtual size: 7KB

.text
Size: 69KB - Virtual size: 69KB

.rdata
Size: 18KB - Virtual size: 17KB

.data
Size: 4KB - Virtual size: 11KB

.rsrc
Size: 512B - Virtual size: 448B

.reloc
Size: 7KB - Virtual size: 7KB