ae698fc48659900feb7ecc0431244b60N

Sharing

Copy URL Twitter E-mail

General

Target

ae698fc48659900feb7ecc0431244b60N
Size

97KB
MD5

ae698fc48659900feb7ecc0431244b60
SHA1

e8692125583c2138b2130a4dbf20fedba289b388
SHA256

e9e504b50c089b81e6d708ab436e6b8b5008f9f082f5f9cca635aa7ebc28498c
SHA512

d0f857ea1bcfa0419e90eebb9fac253818907d6ad87eeb3040f66786cde35128c7b1803c31860b5d9f6372a70259fe986c96a8556c3db48e14d1d02a86e1fd20
SSDEEP

1536:4zhH5CVWke4glc3DGwgsXX66IzwBtKoUJTS2/ggNgHtTTVTs8dz7cddkajKlIkoH:4zh5CVWqdvg0f4wB8J46dPj1koafpO

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
ae698fc48659900feb7ecc0431244b60N

Files

ae698fc48659900feb7ecc0431244b60N
.dll windows:6 windows x86 arch:x86

c7fca1f8c3f9ad62097b50130ade8893

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

D:\node-exclude\Inovance\ProductLine\Servo\TempOut\EnumModuleRessource\Release\EnumModuleRessource.pdb

Imports

mfc140u

ord1045
ord1523
ord5921
ord2990
ord2996
ord12884
ord12921
ord8360
ord4815
ord13257
ord2010
ord1525
ord1663
ord287
ord291
ord486
ord974
ord8470
ord7653
ord1472
ord8386
ord12247
ord10433
ord12928
ord12865
ord4589
ord7997
ord8324
ord5357
ord2486
ord14589
ord7922
ord14595
ord4152
ord12947
ord6350
ord14466
ord12531
ord8000
ord6860
ord3852
ord5918
ord12239
ord8217
ord12251
ord12219
ord5249
ord293
ord5760
ord9350
ord5525
ord5763
ord5252
ord5411
ord5228
ord7722
ord7723
ord7712
ord5409
ord8219
ord10250
ord9209
ord4856
ord3236
ord14657
ord12405
ord14604
ord12348
ord6751
ord2383
ord1513
ord14668
ord6349
ord995
ord2378
ord4724
ord12642
ord4616
ord4797
ord2413
ord2342
ord2389
ord2009
ord2008
ord12679
ord2285
ord2385
ord266
ord265
ord1451
ord12612
ord2012
ord290
ord286
ord975
ord1413
ord929
ord280
ord285
ord296
ord3009
ord1653
ord12542
ord12541
ord9398
ord4090
ord2034
ord11983
ord11982
ord14667
ord6348
ord6805
ord5549
ord14669
ord7941
ord1450
ord3849
ord1514
ord325
ord1053
ord2365
ord2246
ord324
ord1052
ord2408
ord2411
ord2376
ord2410
ord485
ord2268
ord2374
ord2184
ord2300
ord2399
ord1511

kernel32

FindFirstFileW
InitializeSListHead
GetSystemTimeAsFileTime
GetCurrentThreadId
GetCurrentProcessId
QueryPerformanceCounter
GetStartupInfoW
IsDebuggerPresent
IsProcessorFeaturePresent
TerminateProcess
GetCurrentProcess
SetUnhandledExceptionFilter
UnhandledExceptionFilter
CreateEventW
WaitForSingleObjectEx
ResetEvent
SetEvent
LeaveCriticalSection
EnterCriticalSection
CloseHandle
LoadLibraryW
GetProcAddress
GetModuleHandleW
GetModuleHandleA
GetModuleFileNameW
InitializeCriticalSectionAndSpinCount
SetLastError
OutputDebugStringA
DeleteCriticalSection
InitializeCriticalSectionEx
GetProcessHeap
HeapSize
HeapFree
HeapReAlloc
HeapAlloc
HeapDestroy
RaiseException
DecodePointer
LoadLibraryExW
FreeLibrary
GetLastError
GetSystemDefaultLangID
SizeofResource
GlobalFree
GlobalAlloc
LocalFree
LocalUnlock
LocalLock
LocalAlloc
EnumResourceNamesW
LockResource
LoadResource
FindResourceExW
FindNextFileW
OutputDebugStringW
FindClose

user32

UnregisterClassW

oleaut32

SysFreeString

msvcp140

?_Xout_of_range@std@@YAXPBD@Z
?_Xlength_error@std@@YAXPBD@Z

vcruntime140

__current_exception
__current_exception_context
_except_handler4_common
__std_type_info_destroy_list
__std_terminate
memmove
__CxxFrameHandler3
_CxxThrowException
__std_exception_destroy
__std_exception_copy
_purecall
memset

api-ms-win-crt-runtime-l1-1-0

_invalid_parameter_noinfo
terminate
_initterm_e
_initterm
_cexit
_crt_at_quick_exit
_errno
_execute_onexit_table
_register_onexit_function
_initialize_onexit_table
_initialize_narrow_environment
_configure_narrow_argv
_seh_filter_dll
_crt_atexit
_invalid_parameter_noinfo_noreturn

api-ms-win-crt-multibyte-l1-1-0

_mbstrlen

api-ms-win-crt-convert-l1-1-0

mbstowcs

api-ms-win-crt-heap-l1-1-0

_recalloc
malloc
free

Exports

Exports

CreateInterFace
SafeRelease
SetQueryInterfaceCallback
SupportedInterface

Sections

.text
Size: 59KB - Virtual size: 59KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 26KB - Virtual size: 26KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 648B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 7KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

c7fca1f8c3f9ad62097b50130ade8893

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

mfc140u

kernel32

user32

oleaut32

msvcp140

vcruntime140

api-ms-win-crt-runtime-l1-1-0

api-ms-win-crt-multibyte-l1-1-0

api-ms-win-crt-convert-l1-1-0

api-ms-win-crt-heap-l1-1-0

Exports

Exports

Sections

.text Size: 59KB - Virtual size: 59KB

.rdata Size: 26KB - Virtual size: 26KB

.data Size: 2KB - Virtual size: 3KB

.rsrc Size: 1024B - Virtual size: 648B

.reloc Size: 7KB - Virtual size: 6KB

.text
Size: 59KB - Virtual size: 59KB

.rdata
Size: 26KB - Virtual size: 26KB

.data
Size: 2KB - Virtual size: 3KB

.rsrc
Size: 1024B - Virtual size: 648B

.reloc
Size: 7KB - Virtual size: 6KB