b40aa52ac98a66c012c7e61c5405940789a50973373963a1d456512ae37b0c47

Sharing

Copy URL Twitter E-mail

General

Target

b40aa52ac98a66c012c7e61c5405940789a50973373963a1d456512ae37b0c47
Size

369KB
MD5

35b54118684fb763755cacd90b54d559
SHA1

c384ede284817e01c14ba2a279bd14f73223be74
SHA256

b40aa52ac98a66c012c7e61c5405940789a50973373963a1d456512ae37b0c47
SHA512

13a6755fc129760fc21f5db8f522c77700f8a99e67782b424f627d06a7e32aaf77d15a5ebb63ea1c6c7f398dac0da89b42608bad1c34157a5896f164971a6a81
SSDEEP

6144:H8g+0/XQwT2SE+y1Py1NlWf3t1dwJ1rVRePldNSOmx:cg+0YwT2SEb1Py1NlWf3t1dwJpXWldN+

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
b40aa52ac98a66c012c7e61c5405940789a50973373963a1d456512ae37b0c47

Files

b40aa52ac98a66c012c7e61c5405940789a50973373963a1d456512ae37b0c47
.exe windows:5 windows x86 arch:x86

36b03f9f76e7c4f5ce682bf7c2b7c044

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

D:\source\tlhj\build\Win32\verify.pdb

Imports

kernel32

GetCurrentThread
GetProcessHeap
SetThreadAffinityMask
WideCharToMultiByte
LoadResource
LockResource
SizeofResource
FindResourceA
FindResourceExA
Sleep
GetTickCount64
GetCurrentProcess
IsBadReadPtr
InitializeCriticalSection
LeaveCriticalSection
MultiByteToWideChar
GetProcAddress
EnterCriticalSection
GetModuleFileNameA
GetModuleHandleA
DeleteCriticalSection
OutputDebugStringA
GetCurrentProcessId
GetTickCount
CreateDirectoryA
GetLocalTime
GetCurrentThreadId
WaitForSingleObject
SetEvent
CreateEventA
ResetEvent
GetThreadId
CloseHandle
ReadFile
ExitProcess
HeapFree
GetVolumeInformationA
DeviceIoControl
FlushFileBuffers
SetStdHandle
CreateFileA
LoadLibraryA
GetWindowsDirectoryA
CreateThread
TerminateThread
GetExitCodeThread
HeapValidate
InterlockedIncrement
RtlMoveMemory
lstrcpyn
QueryPerformanceFrequency
HeapSize
HeapReAlloc
HeapDestroy
RaiseException
GetSystemTimeAsFileTime
QueryPerformanceCounter
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
TerminateProcess
InterlockedCompareExchange
InterlockedExchange
WriteFile
LCMapStringA
GetCommandLineA
GetVersion
RtlUnwind
TlsSetValue
TlsAlloc
TlsFree
SetLastError
TlsGetValue
GetLastError
SetHandleCount
GetComputerNameA
HeapAlloc
GetStdHandle
GetFileType
GetStartupInfoA
FreeEnvironmentStringsA
FreeEnvironmentStringsW
GetEnvironmentStrings
GetEnvironmentStringsW
GetEnvironmentVariableA
GetVersionExA
HeapCreate
VirtualFree
VirtualAlloc
IsBadWritePtr
GetCPInfo
GetACP
GetOEMCP
SetFilePointer
InterlockedDecrement
GetStringTypeA
GetStringTypeW
IsBadCodePtr
LCMapStringW
GetFileSize

user32

PostMessageA
DispatchMessageA
TranslateMessage
PeekMessageA
MessageBoxA
wsprintfA
GetMessageA

msvcp90

?npos@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@2IB
??1?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE@XZ
??0?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE@PB_W@Z
??Y?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@ABV01@@Z
??4?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@PBD@Z
??4?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@ABV01@@Z
??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@@Z
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBD@Z
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ
?empty@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QBE_NXZ
?c_str@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QBEPB_WXZ
?clear@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEXXZ
??Y?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEAAV01@PB_W@Z
??4?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEAAV01@PB_W@Z
??4?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEAAV01@ABV01@@Z
??0?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE@ABV01@@Z
??0?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE@XZ
?find@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QBEIPB_WI@Z

iphlpapi

GetAdaptersAddresses

msvcr90

_configthreadlocale
__setusermatherr
_adjust_fdiv
__p__commode
__p__fmode
__set_app_type
_crt_debugger_hook
?terminate@@YAXXZ
?_type_info_dtor_internal_method@type_info@@QAEXXZ
_except_handler4_common
_invoke_watson
_controlfp_s
_invalid_parameter_noinfo
_initterm_e
malloc
??0exception@std@@QAE@ABV01@@Z
??0exception@std@@QAE@ABQBD@Z
??0exception@std@@QAE@XZ
??1exception@std@@UAE@XZ
?what@exception@std@@UBEPBDXZ
vsprintf
_mbscmp
strstr
sprintf_s
strncpy_s
memmove_s
memcpy_s
??3@YAXPAX@Z
_initterm
__initenv
exit
_XcptFilter
_exit
_cexit
__getmainargs
_amsg_exit
_decode_pointer
_onexit
_lock
_encode_pointer
__dllonexit
_unlock
_purecall
_beginthreadex
_endthreadex
free
??2@YAPAXI@Z
??_V@YAXPAX@Z
memset
memcpy
__CxxFrameHandler3
_CxxThrowException

ws2_32

gethostbyname
WSAStartup
WSAGetLastError
inet_ntoa

rpcrt4

NdrServerCall2
RpcBindingFromStringBindingW
RpcStringBindingComposeW
RpcServerRegisterIf
RpcMgmtWaitServerListen
RpcServerListen
NdrClientCall2
RpcServerUseProtseqEpW
UuidToStringW
RpcServerUnregisterIf
RpcStringFreeW
RpcBindingFree
RpcMgmtStopServerListening

dbghelp

StackWalk
SymGetModuleBase
SymFunctionTableAccess
SymCleanup
SymGetLineFromAddr
SymInitialize
SymFromAddr

Sections

.text
Size: 269KB - Virtual size: 269KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 16KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 73KB - Virtual size: 73KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 688B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 9KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

36b03f9f76e7c4f5ce682bf7c2b7c044

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

user32

msvcp90

iphlpapi

msvcr90

ws2_32

rpcrt4

dbghelp

Sections

.text Size: 269KB - Virtual size: 269KB

.rdata Size: 16KB - Virtual size: 15KB

.data Size: 73KB - Virtual size: 73KB

.rsrc Size: 1024B - Virtual size: 688B

.reloc Size: 9KB - Virtual size: 8KB

.text
Size: 269KB - Virtual size: 269KB

.rdata
Size: 16KB - Virtual size: 15KB

.data
Size: 73KB - Virtual size: 73KB

.rsrc
Size: 1024B - Virtual size: 688B

.reloc
Size: 9KB - Virtual size: 8KB