81f982290a39c9fe5f2ea1e6b2fa5d42fecf4f2dcbbcaf643cc9b93a91195f4f

Sharing

Copy URL Twitter E-mail

General

Target

81f982290a39c9fe5f2ea1e6b2fa5d42fecf4f2dcbbcaf643cc9b93a91195f4f
Size

398KB
MD5

21fb9f5a676ac0876cb71f473b7dab0f
SHA1

3516f4bfdc19f1cd33748cd6b54826a94152756b
SHA256

81f982290a39c9fe5f2ea1e6b2fa5d42fecf4f2dcbbcaf643cc9b93a91195f4f
SHA512

f635ea672a4f42cefb751837ac50bd94f6521b3333aeeba09dd033b08fa784af39dfc02447c6fe3b603a70ca03ed6ae7c35084e1734e570820f05700ddd0329e
SSDEEP

6144:rXKw+NcytyECHDnM/j54ET1nXY4Dqo1DGRtcjqRgnOlUCb0FG/4JKDnORgjqtcfd:eOytlC45n1Ido1Dk

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
81f982290a39c9fe5f2ea1e6b2fa5d42fecf4f2dcbbcaf643cc9b93a91195f4f

Files

81f982290a39c9fe5f2ea1e6b2fa5d42fecf4f2dcbbcaf643cc9b93a91195f4f
.exe windows:5 windows x64 arch:x64

a7b08b460a6fae48064342534c83ec11

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

D:\DCSharpCenter\Source\bin\CommServer.pdb

Imports

appplug

?gCrashHandler@@YAJPEAU_EXCEPTION_POINTERS@@@Z

msvcr100d

_recalloc
memcmp
_wcsicmp
wcslen
__setusermatherr
_unlock
__dllonexit
_lock
wcsncpy_s
?what@exception@std@@UEBAPEBDXZ
??0exception@std@@QEAA@AEBV01@@Z
??3@YAXPEAX@Z
??_V@YAXPEAX@Z
_CrtDbgReportW
sprintf_s
strcpy_s
strncpy_s
_CRT_RTC_INITW
wcscpy_s
_snwprintf_s
_vsnwprintf_s
_vsnprintf_s
wcscpy
strcpy
_CrtDbgReport
_errno
_onexit
_snprintf_s
__CxxFrameHandler3
memset
strchr
free
calloc
_CxxThrowException
memmove_s
__C_specific_handler
?terminate@@YAXXZ
?_type_info_dtor_internal_method@type_info@@QEAAXXZ
__crt_debugger_hook
__p__fmode
__p__commode
_configthreadlocale
__set_app_type
?_query_new_mode@@YAHXZ
__wgetmainargs
??1exception@std@@UEAA@XZ
??0exception@std@@QEAA@AEBQEBD@Z
strlen
memcpy
memmove
_vsnprintf
__CxxUnregisterExceptionObject
__CxxDetectRethrow
__CxxRegisterExceptionObject
__CxxExceptionFilter
__CxxQueryExceptionSize
exit
system
strcmp
sprintf
printf
?__ExceptionPtrCopy@@YAXPEAXPEBX@Z
_cexit
_amsg_exit
__FrameUnwindFilter
_XcptFilter

kernel32

GetCurrentThreadId
GetTickCount
QueryPerformanceCounter
LocalFree
CreateMutexA
Sleep
GetStdHandle
GetConsoleScreenBufferInfo
SetConsoleTitleA
SetConsoleScreenBufferSize
SetConsoleWindowInfo
GlobalFree
GlobalReAlloc
GlobalUnlock
GlobalSize
GlobalLock
GlobalAlloc
OutputDebugStringA
lstrlenA
CloseHandle
GetSystemTimeAsFileTime
CreateThread
GetLastError
DuplicateHandle
GetCurrentProcess
GetCurrentThread
ResumeThread
GetThreadContext
SuspendThread
GetModuleFileNameA
GetModuleFileNameW
GetProcAddress
GetModuleHandleW
VirtualQueryEx
TerminateProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext
lstrlenW
LoadLibraryW
WideCharToMultiByte
HeapAlloc
HeapFree
GetProcessHeap
VirtualQuery
FreeLibrary
WaitForSingleObject
DecodePointer
EncodePointer
OpenFileMappingA
CreateFileMappingA
MapViewOfFile
GetSystemInfo
UnmapViewOfFile
VirtualAlloc
MultiByteToWideChar
OutputDebugStringW
OpenEventA
SetEvent
DeleteCriticalSection
InitializeCriticalSectionAndSpinCount
RaiseException
GetCurrentProcessId

user32

CloseClipboard
EmptyClipboard
SetClipboardData
OpenClipboard

oleaut32

SetErrorInfo
VariantClear
VariantChangeType
GetErrorInfo
CreateErrorInfo
SysStringByteLen
SysAllocStringByteLen
VariantInit
VariantCopy
SysFreeString

dbghelp

SymGetSymFromAddr64
StackWalk64
SymSetOptions
SymGetOptions
SymInitialize
SymFunctionTableAccess64
SymLoadModule64
SymGetModuleInfo64
SymUnDName64
UnDecorateSymbolName
SymCleanup

mfc100d

ord2267
ord987
ord15180
ord2407
ord2409
ord2413
ord1405
ord1647
ord8961
ord322
ord2387
ord1718

advapi32

RevertToSelf
OpenThreadToken
SetThreadToken

baseapp

??4CMultiReadSingleWriteLock@@QEAAAEAV0@AEBV0@@Z

basefun

?SafeStrcpy@@YAXPEAD0H@Z
?SafeScanf@@YAHPEADH@Z

svrahe

?gExitSvrAHE@@YAXXZ
?gInitiaSvrAHE@@YAXXZ

svrcalc

?gInitiaSvrCalc@@YAXXZ
?gExitSvrCalc@@YAXXZ

ws2_32

WSAStartup

msvcp100d

?_Xlength_error@std@@YAXPEBD@Z
?_Debug_message@std@@YAXPEB_W0I@Z
??1_Container_base12@std@@QEAA@XZ
??0_Container_base12@std@@QEAA@XZ
?_Orphan_all@_Container_base12@std@@QEAAXXZ
?_Incref@facet@locale@std@@QEAAXXZ
??1_Lockit@std@@QEAA@XZ
??0_Lockit@std@@QEAA@H@Z
?_Xout_of_range@std@@YAXPEBD@Z

mscoree

_CorExeMain

Exports

Exports

??4CMultiReadSingleWriteLock@@QEAAAEAV0@AEBV0@@Z

Sections

.text
Size: 66KB - Virtual size: 65KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.nep
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 313KB - Virtual size: 313KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 5KB - Virtual size: 38KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

a7b08b460a6fae48064342534c83ec11

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

appplug

msvcr100d

kernel32

user32

oleaut32

dbghelp

mfc100d

advapi32

baseapp

basefun

svrahe

svrcalc

ws2_32

msvcp100d

mscoree

Exports

Exports

Sections

.text Size: 66KB - Virtual size: 65KB

.nep Size: 5KB - Virtual size: 4KB

.rdata Size: 313KB - Virtual size: 313KB

.data Size: 5KB - Virtual size: 38KB

.pdata Size: 3KB - Virtual size: 3KB

.rsrc Size: 2KB - Virtual size: 1KB

.reloc Size: 1KB - Virtual size: 1KB

.text
Size: 66KB - Virtual size: 65KB

.nep
Size: 5KB - Virtual size: 4KB

.rdata
Size: 313KB - Virtual size: 313KB

.data
Size: 5KB - Virtual size: 38KB

.pdata
Size: 3KB - Virtual size: 3KB

.rsrc
Size: 2KB - Virtual size: 1KB

.reloc
Size: 1KB - Virtual size: 1KB