59092f50d84041bbad7bd16c0f6fba55c20ff0188f2d2deb3271aafa733b56f7

Sharing

Copy URL Twitter E-mail

General

Target

59092f50d84041bbad7bd16c0f6fba55c20ff0188f2d2deb3271aafa733b56f7
Size

144KB
MD5

c3e5142532fb2803b0a4fe471e13c77f
SHA1

7ae234d22593f9c78d5eb0eb46e8b6372006e4ca
SHA256

59092f50d84041bbad7bd16c0f6fba55c20ff0188f2d2deb3271aafa733b56f7
SHA512

cc790e341b17c0527d4976437caf6d5f375f5cda35a07bc4ced9db6709e5178ac1f4b651a22b20998c4b7f24b5815a01db0db3834581255f4e7e67e64730087a
SSDEEP

3072:aynB4mzk3NOOLhWPon8GtwnrxFSRf+zVtMiDJkH:ayUHhWQ+zVtMkkH

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
59092f50d84041bbad7bd16c0f6fba55c20ff0188f2d2deb3271aafa733b56f7

Files

59092f50d84041bbad7bd16c0f6fba55c20ff0188f2d2deb3271aafa733b56f7
.exe windows:6 windows x86 arch:x86

1d6e44266655a42537ae7a814e648f2d

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

C:\Dev\srcLegacy\YAPIRuntime\YAPIRuntime\Release\YAPIRuntime.pdb

Imports

kernel32

OutputDebugStringA
LoadLibraryA
GetLastError
GetProcAddress
FreeLibrary
CreateFileA
WriteFile
CloseHandle
DecodePointer
WriteConsoleW
CreateFileW
SetFilePointerEx
GetConsoleMode
GetConsoleOutputCP
FlushFileBuffers
HeapReAlloc
HeapSize
GetProcessHeap
LCMapStringW
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
IsProcessorFeaturePresent
QueryPerformanceCounter
GetCurrentProcessId
GetCurrentThreadId
GetSystemTimeAsFileTime
InitializeSListHead
IsDebuggerPresent
GetStartupInfoW
GetModuleHandleW
MultiByteToWideChar
WideCharToMultiByte
LocalFree
RtlUnwind
RaiseException
SetLastError
EncodePointer
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
InitializeCriticalSectionAndSpinCount
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
LoadLibraryExW
GetStdHandle
GetModuleFileNameW
ExitProcess
GetModuleHandleExW
HeapAlloc
HeapFree
FindClose
FindFirstFileExW
FindNextFileW
IsValidCodePage
GetACP
GetOEMCP
GetCPInfo
GetCommandLineA
GetCommandLineW
GetEnvironmentStringsW
FreeEnvironmentStringsW
SetStdHandle
GetFileType
GetStringTypeW

user32

wvsprintfA
MessageBoxA
wsprintfA

ole32

CoTaskMemFree
CoInitialize
CoTaskMemAlloc

oleaut32

GetErrorInfo
SafeArrayPutElement
SafeArrayDestroy
SafeArrayUnaccessData
SafeArrayAccessData
SafeArrayCreateVector
VariantClear
SysFreeString
SysAllocString

Sections

.text
Size: 53KB - Virtual size: 52KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 25KB - Virtual size: 25KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 57KB - Virtual size: 57KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

1d6e44266655a42537ae7a814e648f2d

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

user32

ole32

oleaut32

Sections

.text Size: 53KB - Virtual size: 52KB

.rdata Size: 25KB - Virtual size: 25KB

.data Size: 2KB - Virtual size: 4KB

.rsrc Size: 57KB - Virtual size: 57KB

.reloc Size: 4KB - Virtual size: 4KB

.text
Size: 53KB - Virtual size: 52KB

.rdata
Size: 25KB - Virtual size: 25KB

.data
Size: 2KB - Virtual size: 4KB

.rsrc
Size: 57KB - Virtual size: 57KB

.reloc
Size: 4KB - Virtual size: 4KB