a80833ab8ba2fe8af4c13b370c0d81bf0a939acc45416de8f40932c7188eca58

Sharing

Copy URL

Twitter E-mail

General

Target

a80833ab8ba2fe8af4c13b370c0d81bf0a939acc45416de8f40932c7188eca58
Size

1.6MB
MD5

86fcaabeee9da97ecad4f4fc0dfa17fc
SHA1

01d152202ac8f8654e6a5bfedc2806125f7a0050
SHA256

a80833ab8ba2fe8af4c13b370c0d81bf0a939acc45416de8f40932c7188eca58
SHA512

8df2e6d906a952396f450a384b937ce67ec0ac849332f72467994c0e060887c62ce6d12588ed3106756c3e05cf71a836af9902888c4013e2e4a5381754528ff0
SSDEEP

24576:EP5qkoHgyeLThUwt2rR8FfBhRJUEbDk1ulUh:jgpLt2r4PRSEk1ul

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
a80833ab8ba2fe8af4c13b370c0d81bf0a939acc45416de8f40932c7188eca58

Files

a80833ab8ba2fe8af4c13b370c0d81bf0a939acc45416de8f40932c7188eca58
.exe windows:6 windows x64 arch:x64

d74a7ab8517e7ea97269d099407db825

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

c:\constructicon\builds\gfx\six\23.19\install\Neoma\InstallNeoma\IN_Apps\Bin\Win64a\B_rel\Setup.pdb

Imports

kernel32

GetLastError
WaitForSingleObject
GetExitCodeProcess
CreateProcessW
GetModuleFileNameW
SetDefaultDllDirectories
lstrlenW
MultiByteToWideChar
CreateFileW
GetLogicalDriveStringsW
HeapAlloc
HeapFree
GetProcessHeap
GetCurrentProcess
GetSystemInfo
GetProcAddress
LocalAlloc
LocalFree
WideCharToMultiByte
GetUserDefaultUILanguage
CloseHandle
FindNextFileW
SetEvent
CreateEventA
HeapSize
WriteConsoleW
SetEnvironmentVariableA
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineW
GetCommandLineA
GetOEMCP
IsValidCodePage
GetTimeZoneInformation
HeapReAlloc
SetStdHandle
ReadConsoleW
GetConsoleMode
GetConsoleCP
FlushFileBuffers
EnumSystemLocalesW
GetUserDefaultLCID
IsValidLocale
OutputDebugStringW
GetDriveTypeW
FindClose
GetModuleHandleW
RaiseException
VirtualProtect
VirtualQuery
FreeLibrary
LoadLibraryExA
FormatMessageA
GetStringTypeW
GetCurrentDirectoryW
FindFirstFileExW
GetFileAttributesExW
GetFullPathNameW
SetEndOfFile
SetFilePointerEx
AreFileApisANSI
GetFileInformationByHandleEx
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSectionEx
DeleteCriticalSection
EncodePointer
DecodePointer
LCMapStringEx
GetCPInfo
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
UnhandledExceptionFilter
SetUnhandledExceptionFilter
TerminateProcess
IsProcessorFeaturePresent
InitializeCriticalSectionAndSpinCount
CreateEventW
IsDebuggerPresent
GetStartupInfoW
QueryPerformanceCounter
GetCurrentProcessId
GetCurrentThreadId
GetSystemTimeAsFileTime
InitializeSListHead
RtlPcToFileHeader
RtlUnwindEx
SetLastError
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
LoadLibraryExW
ExitProcess
GetModuleHandleExW
GetFileType
PeekNamedPipe
SystemTimeToTzSpecificLocalTime
FileTimeToSystemTime
ReadFile
GetStdHandle
WriteFile
GetACP
CompareStringW
LCMapStringW
GetLocaleInfoW
RtlUnwind

imagehlp

ImageGetCertificateData
ImageEnumerateCertificates

crypt32

CertGetNameStringW
CertFreeCertificateContext
CryptVerifyMessageSignature

Sections

.text
Size: 360KB - Virtual size: 359KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 111KB - Virtual size: 111KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 6KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 23KB - Virtual size: 22KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

_RDATA
Size: 512B - Virtual size: 244B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 568KB - Virtual size: 567KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 568KB - Virtual size: 572KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

d74a7ab8517e7ea97269d099407db825

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

imagehlp

crypt32

Sections

.text Size: 360KB - Virtual size: 359KB

.rdata Size: 111KB - Virtual size: 111KB

.data Size: 6KB - Virtual size: 12KB

.pdata Size: 23KB - Virtual size: 22KB

_RDATA Size: 512B - Virtual size: 244B

.rsrc Size: 568KB - Virtual size: 567KB

.reloc Size: 568KB - Virtual size: 572KB

.text
Size: 360KB - Virtual size: 359KB

.rdata
Size: 111KB - Virtual size: 111KB

.data
Size: 6KB - Virtual size: 12KB

.pdata
Size: 23KB - Virtual size: 22KB

_RDATA
Size: 512B - Virtual size: 244B

.rsrc
Size: 568KB - Virtual size: 567KB

.reloc
Size: 568KB - Virtual size: 572KB