45b08bbc238d5be35c28b3b42125b545037db568f13ecb0235c7d7ee1c7fb816

Sharing

Copy URL Twitter E-mail

General

Target

45b08bbc238d5be35c28b3b42125b545037db568f13ecb0235c7d7ee1c7fb816
Size

3.8MB
MD5

11a43639eb6f4619d4ea2465ebef12da
SHA1

527da22d3a6c76fd61a16ecb0506d34e395ba178
SHA256

45b08bbc238d5be35c28b3b42125b545037db568f13ecb0235c7d7ee1c7fb816
SHA512

60756324fbe51b3bae3b2b1d3070ece2594f4c108f373f89df791c93409f13925cf6acc4e7d536c0beeae86a04472d223958a4b3b69960b35d9b87c68bcfa98f
SSDEEP

49152:UKTaL3PW8xDswL5ZZZARtU+UhCee2s+DkLNMPCeQvRXjJemAeL3EIY+A:IZZZ6tVOeSDARvRX9BY+A

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
45b08bbc238d5be35c28b3b42125b545037db568f13ecb0235c7d7ee1c7fb816

Files

45b08bbc238d5be35c28b3b42125b545037db568f13ecb0235c7d7ee1c7fb816
.dll windows:4 windows x64 arch:x64

28596fd21df9bf8cdbe916105dd55e53

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

E:\jenkins_source\workspace\TRR_2015_TRUNK\label\Win64_Vc6\trr_src\trunk\trr_engn\build\win\bin\x64\release\pepoly.pdb

Imports

kernel32

GetCurrentProcess
FreeLibrary
LoadLibraryA
QueryPerformanceCounter
ExpandEnvironmentStringsA
TerminateProcess
OpenProcess
LoadLibraryExA
DisableThreadLibraryCalls
Sleep
RtlCaptureContext
GetModuleHandleA
GetProcAddress
GetCurrentProcessId
ProcessIdToSessionId
CreateProcessA
GetExitCodeProcess
MultiByteToWideChar
GetShortPathNameA
GetTempPathA
CloseHandle
LocalFree
CreateDirectoryA
RemoveDirectoryA
GetLastError
GetSystemDirectoryA
GetPrivateProfileStringA
WritePrivateProfileStringA
GetWindowsDirectoryA
DeleteFileA
MoveFileExA
FindFirstFileA
FindClose
FindNextFileA
GetFileAttributesA
GetVersionExA
SetFileAttributesA
GetCurrentThreadId
GetSystemTimeAsFileTime
RtlLookupFunctionEntry
RtlVirtualUnwind
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetTickCount

user32

GetSystemMetrics
SystemParametersInfoA

advapi32

IsValidSid
ConvertSidToStringSidA
LookupAccountSidA
RegDeleteKeyA
RegDeleteValueA
RegCreateKeyExA
RegEnumValueA
RegQueryValueExA
RegSetValueExA
RegQueryInfoKeyA
RegOpenKeyExA
RegEnumKeyExA
GetUserNameA
RegCloseKey
GetTokenInformation

shell32

SHGetFolderPathA

ole32

CoCreateInstance
CoInitialize
CoUninitialize

userenv

ExpandEnvironmentStringsForUserA

platform

ord15
ord27
ord19
ord18
ord2
ord12
ord13
ord14
ord25
ord23
ord1
ord8
ord5
ord7
ord6
ord24

msvcrt

_strupr
_strlwr
_strnicmp
_unlink
_strdup
_chmod
_stricmp
isalnum
fclose
fopen
memset
strstr
memcpy
printf
strrchr
memchr
strncmp
strncpy
memcmp
__CxxFrameHandler
free
malloc
??3@YAXPEAX@Z
??2@YAPEAX_K@Z
atol
sprintf
strchr
strtok
memmove
isalpha
islower
_stat
_mbslwr
strtol
_vsnprintf
sscanf
_access
fputs
fgets
__dllonexit
_onexit
_initterm

Exports

Exports

GetRealTypeByContents
GetRealTypeByContentsNew
LibDeinit
LibInit
Poly_Clean
Poly_GetDetectionInfo

Sections

.text
Size: 3.3MB - Virtual size: 3.3MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 305KB - Virtual size: 305KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 58KB - Virtual size: 63KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 138KB - Virtual size: 138KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1024B - Virtual size: 576B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 14KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

28596fd21df9bf8cdbe916105dd55e53

Headers

File Characteristics

PDB Paths

Imports

kernel32

user32

advapi32

shell32

ole32

userenv

platform

msvcrt

Exports

Exports

Sections

.text Size: 3.3MB - Virtual size: 3.3MB

.rdata Size: 305KB - Virtual size: 305KB

.data Size: 58KB - Virtual size: 63KB

.pdata Size: 138KB - Virtual size: 138KB

.rsrc Size: 1024B - Virtual size: 576B

.reloc Size: 14KB - Virtual size: 13KB

.text
Size: 3.3MB - Virtual size: 3.3MB

.rdata
Size: 305KB - Virtual size: 305KB

.data
Size: 58KB - Virtual size: 63KB

.pdata
Size: 138KB - Virtual size: 138KB

.rsrc
Size: 1024B - Virtual size: 576B

.reloc
Size: 14KB - Virtual size: 13KB