8f7ba50b52ad36551229861fd9df4580N

Sharing

Copy URL Twitter E-mail

General

Target

8f7ba50b52ad36551229861fd9df4580N
Size

775KB
MD5

8f7ba50b52ad36551229861fd9df4580
SHA1

b9a211b22ea100ff0c4638c7f81726537b38c5e4
SHA256

8c610d80164d44db75633e7b8897cdf84f8343b8c83642cd98822a9a6e4ebc73
SHA512

6514a3a71bc1e9103a04d810ec7fdca5a0859ceef9f085b0a81ef29ce7beaf981fa0fbf00c80f4fea4bcbc0f99f3f4dbcf26e1442c24559ccfc54dae767fc2f2
SSDEEP

12288:2iandn4x90/WrQI3rLLicuPrp9cO+Fi8DXTQXH2W7g:2iandn490OrdrLYO5DXT4H2/

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
8f7ba50b52ad36551229861fd9df4580N

Files

8f7ba50b52ad36551229861fd9df4580N
.dll windows:6 windows x86 arch:x86

1bbb7968fe24ecaa56c191a2fd5ed94a

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

D:\node-exclude\Inovance\ProductLine\Servo\TempOut\ProjectParam\Release\ProjectParam.pdb

Imports

mfc140u

ord6860
ord3852
ord5918
ord12239
ord8217
ord12251
ord12219
ord5249
ord5549
ord5760
ord9350
ord5525
ord5763
ord5252
ord5411
ord5228
ord7722
ord7723
ord7712
ord5409
ord8219
ord10250
ord9209
ord2246
ord1046
ord310
ord9398
ord5112
ord266
ord265
ord1555
ord8000
ord1452
ord1450
ord13964
ord974
ord2389
ord2385
ord6555
ord12784
ord494
ord486
ord1548
ord882
ord4856
ord3236
ord14657
ord12405
ord14604
ord12348
ord6751
ord4090
ord2034
ord11983
ord2383
ord1513
ord11982
ord14667
ord6348
ord14669
ord6350
ord14668
ord6349
ord995
ord6501
ord12531
ord1692
ord12559
ord5110
ord8360
ord12884
ord5921
ord285
ord3009
ord2010
ord261
ord976
ord13257
ord12921
ord8757
ord4664
ord1689
ord4815
ord12763
ord5514
ord12542
ord2405
ord5512
ord2990
ord2996
ord1525
ord1523
ord1045
ord286
ord280
ord296
ord2378
ord8470
ord7653
ord1472
ord8386
ord12247
ord10433
ord12928
ord12865
ord4589
ord7997
ord8324
ord5357
ord2486
ord14589
ord7922
ord14595
ord4152
ord12947
ord12541
ord7941
ord12560
ord14466
ord3849
ord1514
ord325
ord1053
ord2365
ord324
ord1052
ord2408
ord2411
ord2376
ord2410
ord485
ord2268
ord2374
ord2184
ord2300
ord2399
ord1511

kernel32

CreateFileMappingW
InitializeSListHead
GetSystemTimeAsFileTime
GetCurrentThreadId
GetCurrentProcessId
QueryPerformanceCounter
GetStartupInfoW
IsDebuggerPresent
IsProcessorFeaturePresent
TerminateProcess
GetCurrentProcess
SetUnhandledExceptionFilter
UnhandledExceptionFilter
CreateEventW
WaitForSingleObjectEx
ResetEvent
SetEvent
LocalFree
LocalAlloc
LoadLibraryW
GetProcAddress
GetModuleHandleA
SetLastError
OutputDebugStringA
GetModuleHandleW
GetModuleFileNameW
WideCharToMultiByte
MultiByteToWideChar
InitializeCriticalSectionEx
GetProcessHeap
HeapSize
HeapFree
HeapReAlloc
HeapAlloc
HeapDestroy
RaiseException
DecodePointer
InitializeCriticalSectionAndSpinCount
GetLastError
GlobalFree
GlobalAlloc
UnmapViewOfFile
MapViewOfFileEx
OutputDebugStringW
GetSystemInfo
DeleteCriticalSection
LeaveCriticalSection
EnterCriticalSection
InitializeCriticalSection
CloseHandle
SetFilePointer
SetEndOfFile
GetFileSize
CreateFileW

user32

UnregisterClassW

gdi32

DeleteDC

shlwapi

PathFileExistsW

oleaut32

SysFreeString
VariantInit
VariantClear
SystemTimeToVariantTime
VariantTimeToSystemTime

gdiplus

GdiplusShutdown

msvcp140

?_Xlength_error@std@@YAXPBD@Z
?_Xout_of_range@std@@YAXPBD@Z

vcruntime140

__std_exception_copy
__std_exception_destroy
_CxxThrowException
__CxxFrameHandler3
memmove
_purecall
__std_type_info_destroy_list
__std_terminate
memcpy
memset
__current_exception
__current_exception_context
_except_handler4_common

api-ms-win-crt-runtime-l1-1-0

_cexit
_invalid_parameter_noinfo_noreturn
terminate
_seh_filter_dll
_configure_narrow_argv
_initialize_narrow_environment
_initialize_onexit_table
_errno
_execute_onexit_table
_crt_atexit
_crt_at_quick_exit
_register_onexit_function
_invalid_parameter_noinfo
_initterm
_initterm_e

api-ms-win-crt-convert-l1-1-0

_wtof
_wtoi

api-ms-win-crt-time-l1-1-0

_localtime64_s
_time64

api-ms-win-crt-heap-l1-1-0

malloc
realloc
_recalloc
free

api-ms-win-crt-stdio-l1-1-0

fread_s
fseek
fopen_s
fwrite
ftell
fclose

api-ms-win-crt-math-l1-1-0

_except1

Exports

Exports

CreateInterFace
SafeRelease
SetQueryInterfaceCallback
SupportedInterface

Sections

.text
Size: 613KB - Virtual size: 612KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 108KB - Virtual size: 108KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 10KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 40KB - Virtual size: 40KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

1bbb7968fe24ecaa56c191a2fd5ed94a

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

mfc140u

kernel32

user32

gdi32

shlwapi

oleaut32

gdiplus

msvcp140

vcruntime140

api-ms-win-crt-runtime-l1-1-0

api-ms-win-crt-convert-l1-1-0

api-ms-win-crt-time-l1-1-0

api-ms-win-crt-heap-l1-1-0

api-ms-win-crt-stdio-l1-1-0

api-ms-win-crt-math-l1-1-0

Exports

Exports

Sections

.text Size: 613KB - Virtual size: 612KB

.rdata Size: 108KB - Virtual size: 108KB

.data Size: 10KB - Virtual size: 12KB

.rsrc Size: 2KB - Virtual size: 1KB

.reloc Size: 40KB - Virtual size: 40KB

.text
Size: 613KB - Virtual size: 612KB

.rdata
Size: 108KB - Virtual size: 108KB

.data
Size: 10KB - Virtual size: 12KB

.rsrc
Size: 2KB - Virtual size: 1KB

.reloc
Size: 40KB - Virtual size: 40KB