6c0439a667c712a201409640a37ed7be2a3334e73843469a7f2e4a5f33a07c08

Sharing

Copy URL Twitter E-mail

General

Target

6c0439a667c712a201409640a37ed7be2a3334e73843469a7f2e4a5f33a07c08
Size

4.7MB
MD5

dd5dd56a83b5c8c6c2cc691d9b3678f2
SHA1

035027a833dcf85c6f2aeac096eaf36f39584f11
SHA256

6c0439a667c712a201409640a37ed7be2a3334e73843469a7f2e4a5f33a07c08
SHA512

f4cc4ffe7326faef0e327659988077304a0555416d5656270693986072de94983c65fe43fe10865bc8e85022548c71eafaba95d6fa55d4d7032a203356355981
SSDEEP

98304:dKe/JaIugemPHX2WHSQeE1CVCJREnF2scD6r:4pWHsE1unF2s

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
6c0439a667c712a201409640a37ed7be2a3334e73843469a7f2e4a5f33a07c08

Files

6c0439a667c712a201409640a37ed7be2a3334e73843469a7f2e4a5f33a07c08
.exe windows:5 windows x86 arch:x86

37b52e76a8588828228a55eaa8ebfbc7

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

E:\JenkinsHome\.jenkins\workspace\build\trunk\bin\CulServer\CulServerUpdate.pdb

Imports

kernel32

SetFilePointerEx
CreateDirectoryW
RemoveDirectoryW
FindClose
GetFileAttributesW
GetModuleHandleA
GetFileAttributesExW
CreateFileA
DeleteFileW
CopyFileA
MoveFileExW
GetTimeZoneInformation
GetSystemTimeAsFileTime
GetModuleFileNameA
GetModuleFileNameW
GetCurrentThreadId
GetCurrentProcessId
GetTickCount
AreFileApisANSI
TryEnterCriticalSection
HeapCreate
HeapFree
EnterCriticalSection
GetFullPathNameW
InterlockedCompareExchange
GetDiskFreeSpaceW
OutputDebugStringA
LockFile
LeaveCriticalSection
InitializeCriticalSection
SetFilePointer
GetFullPathNameA
UnlockFileEx
CreateFileW
CreateMutexW
GetVersionExW
UnmapViewOfFile
HeapValidate
HeapSize
MultiByteToWideChar
GetTempPathA
FormatMessageW
GetDiskFreeSpaceA
GetFileAttributesA
OutputDebugStringW
FlushViewOfFile
LoadLibraryA
WaitForSingleObjectEx
GetVersionExA
DeleteFileA
HeapReAlloc
GetSystemInfo
LoadLibraryW
HeapAlloc
HeapCompact
HeapDestroy
UnlockFile
CreateFileMappingA
LockFileEx
GetFileSize
DeleteCriticalSection
GetProcessHeap
SystemTimeToFileTime
FreeLibrary
WideCharToMultiByte
GetSystemTime
FormatMessageA
QueryPerformanceCounter
FlushFileBuffers
SetFileAttributesA
WriteConsoleW
SetStdHandle
SetEndOfFile
WriteFile
ReadFile
MapViewOfFile
CreateFileMappingW
GetModuleHandleW
LocalFree
GetProcAddress
ExpandEnvironmentStringsA
FindResourceW
LoadResource
Process32FirstW
Process32NextW
CreateToolhelp32Snapshot
OpenProcess
FreeResource
TerminateProcess
GetCurrentProcess
SizeofResource
GetLastError
Sleep
CloseHandle
WaitForSingleObject
GetTempPathW
SetEnvironmentVariableA
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetOEMCP
IsValidCodePage
FindNextFileA
FindFirstFileExA
GetConsoleCP
EnumSystemLocalesW
GetUserDefaultLCID
IsValidLocale
DuplicateHandle
GetCurrentThread
SetLastError
InitializeCriticalSectionAndSpinCount
CreateEventW
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
EncodePointer
DecodePointer
GetStringTypeW
CompareStringW
LCMapStringW
GetLocaleInfoW
GetCPInfo
SetEvent
ResetEvent
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsProcessorFeaturePresent
IsDebuggerPresent
GetStartupInfoW
InitializeSListHead
CreateTimerQueue
SignalObjectAndWait
SwitchToThread
CreateThread
SetThreadPriority
GetThreadPriority
GetLogicalProcessorInformation
CreateTimerQueueTimer
ChangeTimerQueueTimer
DeleteTimerQueueTimer
GetNumaHighestNodeNumber
GetProcessAffinityMask
SetThreadAffinityMask
RegisterWaitForSingleObject
UnregisterWait
GetThreadTimes
FreeLibraryAndExitThread
LoadLibraryExW
VirtualAlloc
VirtualFree
VirtualProtect
ReleaseSemaphore
InterlockedPopEntrySList
InterlockedPushEntrySList
InterlockedFlushSList
QueryDepthSList
UnregisterWaitEx
RaiseException
RtlUnwind
ExitThread
GetModuleHandleExW
ExitProcess
GetStdHandle
GetCommandLineA
GetCommandLineW
GetACP
GetConsoleMode
ReadConsoleW
GetFileType
GetDateFormatW
GetTimeFormatW

advapi32

OpenServiceW
ChangeServiceConfig2W
CreateServiceW
CloseServiceHandle
OpenSCManagerW
DeleteService
ControlService
StartServiceW
RegCloseKey
RegQueryValueExA
RegCreateKeyExA
RegSetValueExA

shell32

ShellExecuteExW

version

GetFileVersionInfoW
VerQueryValueW
GetFileVersionInfoSizeW

Sections

.text
Size: 932KB - Virtual size: 931KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 137KB - Virtual size: 136KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 15KB - Virtual size: 21KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.gfids
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.tls
Size: 512B - Virtual size: 9B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 3.6MB - Virtual size: 3.6MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 35KB - Virtual size: 34KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

37b52e76a8588828228a55eaa8ebfbc7

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

advapi32

shell32

version

Sections

.text Size: 932KB - Virtual size: 931KB

.rdata Size: 137KB - Virtual size: 136KB

.data Size: 15KB - Virtual size: 21KB

.gfids Size: 4KB - Virtual size: 4KB

.tls Size: 512B - Virtual size: 9B

.rsrc Size: 3.6MB - Virtual size: 3.6MB

.reloc Size: 35KB - Virtual size: 34KB

.text
Size: 932KB - Virtual size: 931KB

.rdata
Size: 137KB - Virtual size: 136KB

.data
Size: 15KB - Virtual size: 21KB

.gfids
Size: 4KB - Virtual size: 4KB

.tls
Size: 512B - Virtual size: 9B

.rsrc
Size: 3.6MB - Virtual size: 3.6MB

.reloc
Size: 35KB - Virtual size: 34KB