10fa0d957fc28ab5d71b6461f442ea70N[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

10fa0d957fc28ab5d71b6461f442ea70N.exe
Size

801KB
MD5

10fa0d957fc28ab5d71b6461f442ea70
SHA1

ab74795a16d35749b6486eeb6e53639e1266ec18
SHA256

1d9303a3e879ce413aa376cad0c4788cb4a0382313de8c55d17aac8cc2ab8bfa
SHA512

78f32e98f6a176b78a72fd1da16b160f91c03dc67ad577ecba7dd70a58aa9df53ae2a5111de43cbd551ff94981d40ec7686f54a75c5a0feab5988aa5cd85b2a8
SSDEEP

24576:1/ptK8/m25blsemp5YSOQ5327Ghfms7TyeXPxOtiucr6Iywi6DBDJOwoQfONv6rU:1PVJRb

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
10fa0d957fc28ab5d71b6461f442ea70N.exe

Files

10fa0d957fc28ab5d71b6461f442ea70N.exe
.exe windows:6 windows x86 arch:x86

c55982f912950cb44c769a88c842b38f

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

D:\用户数据\Documents\Visual Studio 2015\Projects\Dism++\Release\Dism++x86.pdb

Imports

kernel32

HeapReAlloc
HeapFree
InitOnceExecuteOnce
SetEvent
ResetEvent
WaitForSingleObject
CreateEventW
Sleep
TerminateProcess
GetSystemInfo
GetSystemTimeAsFileTime
GetSystemDirectoryW
GetNativeSystemInfo
IsWow64Process
FreeLibrary
GetModuleHandleW
GetProcAddress
LoadLibraryExW
GetCurrentThreadId
HeapDestroy
HeapSize
GetProcessHeap
EnterCriticalSection
LeaveCriticalSection
VerifyVersionInfoW
VerSetConditionMask
SizeofResource
LockResource
LoadResource
FindResourceW
FindResourceExW
WritePrivateProfileSectionW
GetFileAttributesW
DeviceIoControl
GetVolumePathNameW
GetVolumeInformationByHandleW
GetModuleFileNameW
GetEnvironmentVariableW
UnmapViewOfFile
MoveFileExW
DeleteFileW
GlobalMemoryStatusEx
GetUserDefaultLCID
LCIDToLocaleName
GetThreadLocale
GetLocaleInfoEx
CreateProcessW
GetWindowsDirectoryW
FindClose
FindFirstFileW
FindNextFileW
IsValidLocaleName
MoveFileW
CreateDirectoryW
GetVolumeInformationW
SetVolumeLabelW
RemoveDirectoryW
DeleteCriticalSection
GetTickCount
CreateFileMappingW
MapViewOfFile
LocalFree
GetCurrentProcess
ReadFile
WriteFile
SetFilePointer
GetTempPathA
GetTempFileNameA
DeleteFileA
GetFileInformationByHandle
FileTimeToLocalFileTime
FileTimeToDosDateTime
lstrcpyA
lstrcpynA
ReleaseMutex
ReleaseSRWLockShared
ReleaseSRWLockExclusive
InitializeCriticalSectionEx
InitializeSRWLock
AcquireSRWLockExclusive
AcquireSRWLockShared
VirtualFreeEx
VirtualAllocEx
HeapAlloc
WaitForMultipleObjects
ExpandEnvironmentStringsW
SetFilePointerEx
GetFileSizeEx
SetEnvironmentVariableW
GetVolumeNameForVolumeMountPointW
CreateMutexW
GetFullPathNameW
lstrcmpiA
CopyFileW
GetFileSize
GetLocaleInfoW
GetExitCodeProcess
lstrcmpA
SystemTimeToFileTime
GetExitCodeThread
EnumUILanguagesW
CopyFileExW
FreeResource
SetThreadUILanguage
SetThreadLocale
LocaleNameToLCID
OpenProcess
DecodePointer
VirtualProtect
GetDiskFreeSpaceExW
GetCurrentProcessId
VirtualQuery
GetProcessId
GetSystemTime
LoadLibraryW
FormatMessageW
GetLongPathNameW
GetTempPathW
MultiByteToWideChar
WideCharToMultiByte
GetDriveTypeW
SetFileAttributesW
ProcessIdToSessionId
GetShortPathNameW
GetLocalTime
GetStartupInfoW
WritePrivateProfileStringW
GetModuleHandleExW
GetDiskFreeSpaceW
GetPrivateProfileSectionW
GetVersionExW
GetPrivateProfileStringW
LocalFileTimeToFileTime
GetCurrentDirectoryW
DosDateTimeToFileTime
MulDiv
GetTickCount64
TerminateThread
GetQueuedCompletionStatus
PostQueuedCompletionStatus
GlobalAlloc
GlobalLock
GlobalUnlock
CreateIoCompletionPort
EncodePointer
InitializeSListHead
InterlockedPopEntrySList
InterlockedPushEntrySList
FlushInstructionCache
IsProcessorFeaturePresent
VirtualAlloc
VirtualFree
LoadLibraryExA
IsDebuggerPresent
OutputDebugStringW
WakeAllConditionVariable
SleepConditionVariableSRW
UnhandledExceptionFilter
SetUnhandledExceptionFilter
QueryPerformanceCounter
SetErrorMode
SetLastError
GetLastError
RaiseException
CloseHandle
DuplicateHandle
CreateFileW
AreFileApisANSI

msvcrt

_ftol2_sse
_ftol2
swprintf_s
_vscprintf
vsprintf_s
sscanf
swscanf
_vscwprintf
vswprintf_s
_except_handler3
_msize
?terminate@@YAXXZ
_XcptFilter
abort
_wcmdln
__set_app_type
__dllonexit
memset
??3@YAXPAX@Z
_purecall
??2@YAPAXI@Z
wcsnlen
memcpy
_errno
wcstoul
wcsncpy_s
wcslen
memmove
memcmp
_wcsnicmp
wcschr
towupper
??_V@YAXPAX@Z
??_U@YAPAXI@Z
wcsftime
_localtime64_s
_time64
_wcstoui64
_wcsicmp
_beginthreadex
_wcslwr_s
bsearch
free
malloc
strlen
strnlen
_mktime64
wcscpy
wcstol
_strtoui64
realloc
strcmp
strtoul
strtol
_wtoi
isdigit
??0exception@@QAE@ABV0@@Z
?what@exception@@UBEPBDXZ
??1exception@@UAE@XZ
_wcsupr_s
wcsrchr
wcsstr
_mbschr
_mbslwr_s
iswspace
wcscmp
wcscpy_s
_mbscmp
calloc
abs
toupper
wcsncpy
_itow
wcstod
wcscat
_strcmpi
qsort_s
_lrotl
??0exception@@QAE@XZ
??0exception@@QAE@ABQBD@Z
_CxxThrowException
_cexit
__CxxFrameHandler3
_amsg_exit
_except_handler4_common
__wgetmainargs
atexit
__setusermatherr
_initterm
_initterm_e
exit
_exit
_set_fmode
_c_exit
__p__commode
_controlfp_s
_strlwr
__DestructExceptionObject
_invalid_parameter
_lock
_unlock

comctl32

ord17
PropertySheetW
DestroyPropertySheetPage
CreatePropertySheetPageW
ord345
InitCommonControlsEx
_TrackMouseEvent

ntdll

ZwClose
NtCreateFile
NtQueryVolumeInformationFile
RtlGetLastNtStatus
RtlImageNtHeader
NtReadFile
ZwOpenSymbolicLinkObject
RtlInitUnicodeString
NtWriteFile
ZwQuerySymbolicLinkObject
RtlImageRvaToVa
NtDeleteKey
NtQueryInformationProcess
LdrVerifyImageMatchesChecksum
NtShutdownSystem
ZwAddBootEntry
RtlComputeCrc32
NtSetInformationFile
RtlFreeUnicodeString
RtlDosPathNameToNtPathName_U
NtClose
ZwQueryDirectoryFile
NtOpenFile
NtReadVirtualMemory
NtWriteVirtualMemory
NtQuerySystemInformation
ZwSetBootEntryOrder
NtTranslateFilePath
ZwEnumerateBootEntries
ZwQueryBootEntryOrder
RtlNtStatusToDosError
RtlAdjustPrivilege
NtQueryInformationFile

Exports

Exports

BcdGetCurrentEntryIdentifier
BcdGetFirmwareBootDevice
BcdGetFirmwareType
BcdGetSystemPartition
BcdIsWinPEBoot
BcdOpenStore
DismAddDriver
DismAddPackage
DismAppAssociationsDefaultExport
DismAppAssociationsDefaultImport
DismAppAssociationsDefaultRemove
DismAppAssociationsExport
DismAppAssociationsImport
DismAppAssociationsRemove
DismApplyDPI
DismApplyImage
DismAppxsCleanup
DismCaptureImage
DismCommitImage
DismCompactOs
DismComponentCleanup
DismCreateInterface
DismDeleteImage
DismDriverCleanup
DismExpandEnvironmentStrings
DismExportImage
DismFormatMessage
DismFreeMemory
DismGetAllUsersAppx
DismGetCapabilities
DismGetDrivers
DismGetFeatures
DismGetFileFilter
DismGetImageFileInfo
DismGetMountedImages
DismGetPackages
DismGetProvisionedAppxs
DismGetScratchDir
DismGetServices
DismGetSystemInfoByPath
DismGetSystemInfoBySession
DismHardLinkMerge
DismIsNoviceMode
DismMountImage
DismMultiLanguage
DismRegOpenKey
DismRegOpenKeyEx
DismRemoveAppx
DismRemoveCapability
DismRemoveDriver
DismRemovePackage
DismRemoveProvisionedAppx
DismRemoveService
DismRestoreHealth
DismScanHealth
DismSetBootImage
DismSetImageFileInfo
DismSetServiceStart
DismUnmountImage
DismWriteLog
IbsSetFirstBootCommandLine
WinREConfig2

Sections

.text
Size: 527KB - Virtual size: 527KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 147KB - Virtual size: 147KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 45KB - Virtual size: 45KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

c55982f912950cb44c769a88c842b38f

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

msvcrt

comctl32

ntdll

Exports

Exports

Sections

.text Size: 527KB - Virtual size: 527KB

.rdata Size: 147KB - Virtual size: 147KB

.data Size: 3KB - Virtual size: 5KB

.rsrc Size: 45KB - Virtual size: 45KB

.text
Size: 527KB - Virtual size: 527KB

.rdata
Size: 147KB - Virtual size: 147KB

.data
Size: 3KB - Virtual size: 5KB

.rsrc
Size: 45KB - Virtual size: 45KB