55857eb114f6d4bf33fc6cf70db23cb0N[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

55857eb114f6d4bf33fc6cf70db23cb0N.exe
Size

624KB
MD5

55857eb114f6d4bf33fc6cf70db23cb0
SHA1

5558ad04c8cc95713020f9cae1b32f7096e865d5
SHA256

a21a61f3276696c4a3cc77c99bfe0c994a4f2cd6e2cf86746b324676a3acd658
SHA512

80cfc8c8968aaff3d3632d3a61d36ea57519e2b44cf8115e163d2626a6adc35f6fba49d064e0fa1fae4e9e7ef32796a1f43c8ed029d7427fba9efd0efeeb73c3
SSDEEP

12288:GTbX93WquPKwRIxxHnnlg4GdNKiLWsaE:GfJWqixIjrGdNVLWsaE

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
55857eb114f6d4bf33fc6cf70db23cb0N.exe

Files

55857eb114f6d4bf33fc6cf70db23cb0N.exe
.dll windows:5 windows x86 arch:x86

96a09ea942b1714873a7bb0a4bcfebbc

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

D:\wusuo\develop\ati\ZwSoftwareInspect\Out\Debug\Win32\Pdb\SoftwareInspectCore.pdb

Imports

version

GetFileVersionInfoSizeW
VerQueryValueW
GetFileVersionInfoW

mfc140ud

ord11212
ord4819
ord4757
ord15117
ord9533
ord2379
ord13921
ord13920
ord17050
ord14599
ord9592
ord17260
ord7727
ord17262
ord7729
ord17261
ord7728
ord1095
ord8268
ord4493
ord7198
ord14215
ord9885
ord14233
ord14183
ord6303
ord6711
ord6991
ord11164
ord6679
ord6994
ord6306
ord6537
ord6282
ord9264
ord9265
ord9254
ord6535
ord9889
ord12076
ord11017
ord1830
ord1842
ord6510
ord17250
ord14462
ord17197
ord5403
ord10008
ord269
ord2663
ord5096
ord2978
ord15341
ord878
ord1660
ord1475
ord8159
ord2774
ord17188
ord1878
ord14757
ord5658
ord7120
ord10204
ord16994
ord16982
ord16995
ord10458
ord5584
ord14913
ord9626
ord1674
ord296
ord14698
ord8439
ord6131
ord6042
ord5201
ord2780
ord2776
ord1582
ord2869
ord2073
ord6052
ord6378
ord8374
ord1067
ord5636
ord3458
ord1258
ord538
ord5762
ord10072
ord15089
ord16983
ord5585
ord14914
ord3575
ord3569
ord7201
ord1941
ord1938
ord1673
ord1671
ord1145
ord292
ord286
ord291
ord302
ord3588
ord16878
ord9830
ord7148
ord6124
ord1885
ord270
ord267
ord1645
ord1653
ord9511
ord17182
ord14609
ord14610
ord2887
ord10210
ord9164
ord5153
ord3024
ord1606
ord10108
ord14223
ord12265
ord15098
ord15030
ord5501
ord9589
ord10024
ord2520
ord16938
ord2793
ord2678
ord2535
ord2765
ord2643
ord518
ord2587
ord2805
ord2767
ord2806
ord2803
ord1160
ord337
ord2617
ord2616
ord2753
ord1161
ord338
ord1658
ord8693
ord4490
ord9896
ord1662
ord1652
ord6470

kernel32

GetProcessHeap
RaiseException
GetLastError
SetLastError
InitializeCriticalSectionAndSpinCount
DeleteCriticalSection
GetModuleFileNameW
GetPrivateProfileIntW
GetPrivateProfileStringW
CreateDirectoryW
CopyFileW
GetFileTime
CloseHandle
FileTimeToLocalFileTime
FileTimeToSystemTime
lstrcmpiW
CreateFileW
GetComputerNameW
WideCharToMultiByte
DeviceIoControl
OutputDebugStringA
GetModuleHandleA
GetModuleHandleW
HeapReAlloc
HeapSize
LocalAlloc
LocalFree
MultiByteToWideChar
EnterCriticalSection
LeaveCriticalSection
SetEvent
WaitForSingleObjectEx
CreateEventW
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
IsProcessorFeaturePresent
IsDebuggerPresent
GetStartupInfoW
QueryPerformanceCounter
GetCurrentProcessId
GetCurrentThreadId
GetSystemTimeAsFileTime
InitializeSListHead
VirtualQuery
FreeLibrary
HeapAlloc
HeapDestroy
LoadLibraryW
HeapFree
ResetEvent
OutputDebugStringW
GetProcAddress
DecodePointer

user32

PeekMessageW
wsprintfW
UnregisterClassW
PostQuitMessage
MessageBoxA

advapi32

GetUserNameW
RegEnumKeyExW
RegQueryValueExW
RegQueryInfoKeyW
RegOpenKeyExW
RegCloseKey

shell32

SHGetSpecialFolderPathW

shlwapi

PathIsDirectoryW
PathFileExistsW

oleaut32

VarUdateFromDate
SysFreeString
VarDateFromStr

msvcp140d

?id@?$collate@D@std@@2V0locale@2@A
?cout@std@@3V?$basic_ostream@DU?$char_traits@D@std@@@1@A
?id@?$ctype@D@std@@2V0locale@2@A
?_Incref@facet@locale@std@@UAEXXZ
?_Decref@facet@locale@std@@UAEPAV_Facet_base@3@XZ
?_Xregex_error@std@@YAXW4error_type@regex_constants@1@@Z
?flush@?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV12@XZ
?put@?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV12@D@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@PBX@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@K@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@P6AAAV01@AAV01@@Z@Z
?_Osfx@?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEXXZ
??0_Lockit@std@@QAE@H@Z
??1_Lockit@std@@QAE@XZ
?_Xbad_alloc@std@@YAXXZ
?uncaught_exception@std@@YA_NXZ
?_Debug_message@std@@YAXPB_W0I@Z
?_Xlength_error@std@@YAXPBD@Z
?_Xout_of_range@std@@YAXPBD@Z
_Strcoll
_Strxfrm
??0_Locinfo@std@@QAE@PBD@Z
??1_Locinfo@std@@QAE@XZ
?_Getcoll@_Locinfo@std@@QBE?AU_Collvec@@XZ
?c_str@?$_Yarn@D@std@@QBEPBDXZ
??2_Crt_new_delete@std@@SAPAXI@Z
?widen@?$basic_ios@DU?$char_traits@D@std@@@std@@QBEDD@Z
??3_Crt_new_delete@std@@SAXPAX@Z
??Bid@locale@std@@QAEIXZ
??0facet@locale@std@@IAE@I@Z
??1facet@locale@std@@MAE@XZ
?_Init@locale@std@@CAPAV_Locimp@12@_N@Z
?_Getgloballocale@locale@std@@CAPAV_Locimp@12@XZ
?is@?$ctype@D@std@@QBE_NFD@Z
?tolower@?$ctype@D@std@@QBEDD@Z
?tolower@?$ctype@D@std@@QBEPBDPADPBD@Z
?_Getcat@?$ctype@D@std@@SAIPAPBVfacet@locale@2@PBV42@@Z
?good@ios_base@std@@QBE_NXZ
?flags@ios_base@std@@QBEHXZ
?width@ios_base@std@@QBE_JXZ
?width@ios_base@std@@QAE_J_J@Z
?sputc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAEHD@Z
?sputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAE_JPBD_J@Z
?setstate@?$basic_ios@DU?$char_traits@D@std@@@std@@QAEXH_N@Z
?tie@?$basic_ios@DU?$char_traits@D@std@@@std@@QBEPAV?$basic_ostream@DU?$char_traits@D@std@@@2@XZ
?rdbuf@?$basic_ios@DU?$char_traits@D@std@@@std@@QBEPAV?$basic_streambuf@DU?$char_traits@D@std@@@2@XZ
?fill@?$basic_ios@DU?$char_traits@D@std@@@std@@QBEDXZ

netapi32

Netbios

iphlpapi

GetAdaptersInfo

vcruntime140d

__std_exception_destroy
__vcrt_LoadLibraryExW
__vcrt_GetModuleHandleW
__vcrt_GetModuleFileNameW
__std_type_info_destroy_list
_except_handler4_common
__vcrt_InitializeCriticalSectionEx
_CxxThrowException
memset
__std_exception_copy
strchr
memmove
memcpy
memcmp
memchr
__CxxFrameHandler3

ucrtbased

__stdio_common_vsnprintf_s
_seh_filter_dll
_configure_narrow_argv
_initialize_narrow_environment
_initialize_onexit_table
_register_onexit_function
_execute_onexit_table
_crt_atexit
_crt_at_quick_exit
_cexit
terminate
_initterm
_initterm_e
strcpy_s
strcat_s
__stdio_common_vsprintf_s
_wmakepath_s
_wsplitpath_s
_free_dbg
_malloc_dbg
_CrtDbgReport
__stdio_common_vfwprintf
__acrt_iob_func
strcpy
_errno
_invalid_parameter_noinfo
_localtime64_s
_recalloc
realloc
calloc
wcsftime
_wtoi
strlen
_CrtDbgReportW
malloc
free
_wsplitpath
__stdio_common_vsnwprintf_s
__stdio_common_vswprintf_s
__stdio_common_vswprintf
_wcsicmp
wcslen
wcscpy
wcscat
wcscpy_s
_invalid_parameter
__stdio_common_vsprintf

Exports

Exports

??0CSoftwareInspectAPI@@QAE@ABV0@@Z
??0CSoftwareInspectAPI@@QAE@XZ
??1CSoftwareInspectAPI@@UAE@XZ
??4CSoftwareInspectAPI@@QAEAAV0@ABV0@@Z
??_7CSoftwareInspectAPI@@6B@
?GetIniVersionNum@CSoftwareInspectAPI@@QBE?AV?$CStringT@_WV?$StrTraitMFC_DLL@_WV?$ChTraitsCRT@_W@ATL@@@@@ATL@@XZ
?GetMAC@CSoftwareInspectAPI@@QBE?AV?$CStringT@_WV?$StrTraitMFC_DLL@_WV?$ChTraitsCRT@_W@ATL@@@@@ATL@@XZ
?GetSoftInfo@CSoftwareInspectAPI@@QBE?AV?$vector@USoftInfo@@V?$allocator@USoftInfo@@@std@@@std@@H@Z

Sections

.text
Size: 413KB - Virtual size: 413KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 174KB - Virtual size: 173KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 10KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.tls
Size: 1024B - Virtual size: 777B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.00cfg
Size: 512B - Virtual size: 260B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 19KB - Virtual size: 18KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

96a09ea942b1714873a7bb0a4bcfebbc

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

version

mfc140ud

kernel32

user32

advapi32

shell32

shlwapi

oleaut32

msvcp140d

netapi32

iphlpapi

vcruntime140d

ucrtbased

Exports

Exports

Sections

.text Size: 413KB - Virtual size: 413KB

.rdata Size: 174KB - Virtual size: 173KB

.data Size: 2KB - Virtual size: 13KB

.idata Size: 10KB - Virtual size: 10KB

.tls Size: 1024B - Virtual size: 777B

.00cfg Size: 512B - Virtual size: 260B

.rsrc Size: 2KB - Virtual size: 2KB

.reloc Size: 19KB - Virtual size: 18KB

.text
Size: 413KB - Virtual size: 413KB

.rdata
Size: 174KB - Virtual size: 173KB

.data
Size: 2KB - Virtual size: 13KB

.idata
Size: 10KB - Virtual size: 10KB

.tls
Size: 1024B - Virtual size: 777B

.00cfg
Size: 512B - Virtual size: 260B

.rsrc
Size: 2KB - Virtual size: 2KB

.reloc
Size: 19KB - Virtual size: 18KB