b7d8698b70f2cf6c00f1e1c685912850N[.]exe

Sharing

Copy URL

Twitter E-mail

General

Target

b7d8698b70f2cf6c00f1e1c685912850N.exe
Size

741KB
MD5

b7d8698b70f2cf6c00f1e1c685912850
SHA1

c3d941339ed3d0ce4c926a1ac86099eb6d23ba84
SHA256

48dde335a4c816c497e5fcb12873916b365004023a4861eeb625a6c3133b28b6
SHA512

a0306b3fd6f3d6c9d3e6316764135c3d12d9b82edb105605924a1812ea38e31dad399d28995c6a2ab2b84e954a4732627e958e1c087101bccf0c39f9992ee063
SSDEEP

12288:mmARPWX4GNscdB921r4JWJACmwrhSHVswKb3foE9A9T5piKw+9axA+:mmARPWxNs298r3OCDIjG3gE9ow+8xA+

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
b7d8698b70f2cf6c00f1e1c685912850N.exe

Files

b7d8698b70f2cf6c00f1e1c685912850N.exe
.exe windows:5 windows x64 arch:x64

256da23f290bd566038def44f39e2f34

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

C:\buildslave\sdk-windows-amd64\build\built1.10\bin\egg2maya2017.pdb

Imports

libpandaexpress

?hash_file@HashVal@@QEAA_NAEBVFilename@@@Z
??8HashVal@@QEBA_NAEBV0@@Z
??0HashVal@@QEAA@XZ

libp3dtool

?pvector_type_handle@@3VTypeHandle@@A
?get_binary_name@ExecutionEnvironment@@SA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@XZ
?get_environment_variable@ExecutionEnvironment@@SA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AEBV23@@Z
?append_path@DSearchPath@@QEAAXAEBV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@0@Z
??1DSearchPath@@QEAA@XZ
??0DSearchPath@@QEAA@XZ
??1GlobPattern@@QEAA@XZ
?match_files@GlobPattern@@QEBAHAEAV?$pvector@V?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@@AEBVFilename@@@Z
??0GlobPattern@@QEAA@AEBV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@Z
??1Filename@@QEAA@XZ
?output@Filename@@QEBAXAEAV?$basic_ostream@DU?$char_traits@D@std@@@std@@@Z
??9Filename@@QEBA_NAEBV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@Z
??8Filename@@QEBA_NAEBV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@Z
?resolve_filename@Filename@@QEAA_NAEBVDSearchPath@@AEBV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@Z
?is_directory@Filename@@QEBA_NXZ
?is_regular_file@Filename@@QEBA_NXZ
?exists@Filename@@QEBA_NXZ
?to_os_long_name@Filename@@QEBA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@XZ
?to_os_specific@Filename@@QEBA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@XZ
?make_canonical@Filename@@QEAA_NXZ
?is_fully_qualified@Filename@@QEBA_NXZ
?set_extension@Filename@@QEAAXAEBV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@Z
?set_basename_wo_extension@Filename@@QEAAXAEBV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@Z
?get_basename_wo_extension@Filename@@QEBA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@XZ
??KFilename@@QEBA?AV0@AEBV0@@Z
?empty@Filename@@QEBA_NXZ
??4Filename@@QEAAAEAV0@$$QEAV0@@Z
??4Filename@@QEAAAEAV0@AEBV0@@Z
?expand_from@Filename@@SA?AV1@AEBV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@W4Type@1@@Z
?from_os_specific@Filename@@SA?AV1@AEBV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@W4Type@1@@Z
?dso_filename@Filename@@SA?AV1@AEBV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@Z
??0Filename@@QEAA@AEBV0@0@Z
??0Filename@@QEAA@XZ
??0Filename@@QEAA@$$QEAV0@@Z
??0Filename@@QEAA@$$QEAV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@Z
??0Filename@@QEAA@AEBV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@Z
??0Filename@@QEAA@PEBD@Z
??1?$pvector@V?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@@QEAA@XZ
??0?$pvector@V?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@@QEAA@VTypeHandle@@@Z
??A?$vector@V?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@V?$pallocator_array@V?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@@@std@@QEAAAEAV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@1@_K@Z

advapi32

RegCloseKey
RegQueryValueExA
RegOpenKeyExA

msvcp140

?cerr@std@@3V?$basic_ostream@DU?$char_traits@D@std@@@1@A
?flush@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@XZ
?put@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@D@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@K@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@P6AAEAV01@AEAV01@@Z@Z
?_Osfx@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAXXZ
?widen@?$basic_ios@DU?$char_traits@D@std@@@std@@QEBADD@Z
?setstate@?$basic_ios@DU?$char_traits@D@std@@@std@@QEAAXH_N@Z
?sputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAA_JPEBD_J@Z
?sputc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAAHD@Z
?_Xout_of_range@std@@YAXPEBD@Z
?_Xlength_error@std@@YAXPEBD@Z
?_Xbad_alloc@std@@YAXXZ

kernel32

GetModuleHandleW
IsProcessorFeaturePresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
IsDebuggerPresent
RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext
InitializeSListHead
GetSystemTimeAsFileTime
GetCurrentThreadId
GetCurrentProcessId
QueryPerformanceCounter
GetCommandLineA
GetStartupInfoA
CloseHandle
WaitForSingleObject
GetLastError
GetExitCodeProcess
CreateProcessA

vcruntime140

memcpy
memset
_CxxThrowException
__std_exception_destroy
__C_specific_handler
memmove
__std_exception_copy

api-ms-win-crt-runtime-l1-1-0

_initterm
_set_app_type
_exit
_get_initial_narrow_environment
_initialize_narrow_environment
__p___argv
_cexit
_seh_filter_exe
_c_exit
_register_thread_local_exe_atexit_callback
_configure_narrow_argv
_initterm_e
exit
_initialize_onexit_table
_register_onexit_function
_crt_atexit
terminate
__p___argc
_invalid_parameter_noinfo_noreturn

api-ms-win-crt-environment-l1-1-0

getenv
_putenv

api-ms-win-crt-stdio-l1-1-0

__stdio_common_vsprintf
_set_fmode
__p__commode

api-ms-win-crt-heap-l1-1-0

_callnewh
malloc
free
_set_new_mode

api-ms-win-crt-math-l1-1-0

__setusermatherr

api-ms-win-crt-locale-l1-1-0

_configthreadlocale

api-ms-win-crt-string-l1-1-0

_strdup

Sections

.text
Size: 13KB - Virtual size: 13KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 11KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 704B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 1024B - Virtual size: 684B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.gfids
Size: 512B - Virtual size: 56B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 144KB - Virtual size: 144KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 568KB - Virtual size: 572KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

256da23f290bd566038def44f39e2f34

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

libpandaexpress

libp3dtool

advapi32

msvcp140

kernel32

vcruntime140

api-ms-win-crt-runtime-l1-1-0

api-ms-win-crt-environment-l1-1-0

api-ms-win-crt-stdio-l1-1-0

api-ms-win-crt-heap-l1-1-0

api-ms-win-crt-math-l1-1-0

api-ms-win-crt-locale-l1-1-0

api-ms-win-crt-string-l1-1-0

Sections

.text Size: 13KB - Virtual size: 13KB

.rdata Size: 11KB - Virtual size: 11KB

.data Size: 1024B - Virtual size: 704B

.pdata Size: 1024B - Virtual size: 684B

.gfids Size: 512B - Virtual size: 56B

.rsrc Size: 144KB - Virtual size: 144KB

.reloc Size: 568KB - Virtual size: 572KB

.text
Size: 13KB - Virtual size: 13KB

.rdata
Size: 11KB - Virtual size: 11KB

.data
Size: 1024B - Virtual size: 704B

.pdata
Size: 1024B - Virtual size: 684B

.gfids
Size: 512B - Virtual size: 56B

.rsrc
Size: 144KB - Virtual size: 144KB

.reloc
Size: 568KB - Virtual size: 572KB