77e6b1afeb91d35dd2a44439bb8a6180N[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

77e6b1afeb91d35dd2a44439bb8a6180N.exe
Size

130KB
MD5

77e6b1afeb91d35dd2a44439bb8a6180
SHA1

99cedbd9f9fe56cab02583b80d236036de67b3ca
SHA256

f0201c87f324cdd5814dcd5de59085fa5a33ab970b3927b7594f43766b95c36d
SHA512

bf0edadb9fd55bf4d59e4aadad0f3b4a7d944a2cd1aaabc881031f6bff9133c1157be97e377887fde6230b0423834e10ac656400a5fbea299e4d99d1a6fb55ab
SSDEEP

3072:RECAhOBPnFInhiqesFJ0JCOtYo5KeF40tP8vJqY7vGxS:8OBPyn0qecMNYpem0tPEb7CS

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
77e6b1afeb91d35dd2a44439bb8a6180N.exe

Files

77e6b1afeb91d35dd2a44439bb8a6180N.exe
.dll windows:5 windows x86 arch:x86

3d62295b8ffe0554c6c4afe9c4032968

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

D:\Builds\30\Ford Diagnostics\86 IDS VS Projs - PROD\Binaries\Win32\Release\Connection.pdb

Imports

basecomms

??0CBaseComms@@QAE@_N0@Z

testutil

??1CESBException@@UAE@XZ
??1CESBHandlerExit@@UAE@XZ

runtimecomms

?ExecuteSubCommand@CRuntimeComms@@QAEXAAVCSubStream@@H@Z
??0CRuntimeComms@@QAE@_NPAVCEvent@@P8CObject@@AE_NXZPAV2@0@Z
?SetTCPNoDelay@CRuntimeComms@@QAEX_N@Z

codelib

IFC_Get32

environment

?MonPrintf@@YAHPBDZZ

mfc100

ord11646
ord4869
ord4868
ord408
ord417
ord6010
ord266
ord1296
ord2050
ord1948
ord901
ord320
ord2611
ord1294
ord2076
ord5824

msvcr100

_onexit
_lock
__dllonexit
_unlock
__clean_type_info_names_internal
_crt_debugger_hook
?_type_info_dtor_internal_method@type_info@@QAEXXZ
_purecall
__CxxFrameHandler3
?terminate@@YAXXZ
_malloc_crt
free
_encoded_null
_initterm
_initterm_e
_amsg_exit
__CppXcptFilter
_except_handler4_common

kernel32

GetTickCount
QueryPerformanceCounter
IsDebuggerPresent
GetCurrentThreadId
GetCurrentProcessId
GetSystemTimeAsFileTime
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
InterlockedCompareExchange
Sleep
InterlockedExchange
DecodePointer
EncodePointer

oleaut32

SysFreeString

Exports

Exports

??0CBaseCommsException@@QAE@H@Z
??0CConnection@@QAE@XZ
??0CESBException@@QAE@ABV0@@Z
??0CESBHandlerExit@@QAE@ABV0@@Z
??0CVCLConnection@@QAE@H_N@Z
??0CVCLConnection@@QAE@XZ
??0CVISConnection@@QAE@XZ
??0IBaseCommsEventListener@@QAE@ABV0@@Z
??0IBaseCommsEventListener@@QAE@XZ
??1CBaseCommsException@@UAE@XZ
??1CConnection@@UAE@XZ
??1CVCLConnection@@UAE@XZ
??1CVISConnection@@UAE@XZ
??4CESBException@@QAEAAV0@ABV0@@Z
??4CESBHandlerExit@@QAEAAV0@ABV0@@Z
??4CTCPIPUtils@@QAEAAV0@ABV0@@Z
??4IBaseCommsEventListener@@QAEAAV0@ABV0@@Z
??_7CBaseCommsException@@6B@
??_7CConnection@@6B@
??_7CESBException@@6B@
??_7CESBHandlerExit@@6B@
??_7CVCLConnection@@6B@
??_7CVISConnection@@6B@
??_7IBaseCommsEventListener@@6B@
??_FCBaseComms@@QAEXXZ
??_FCRuntimeComms@@QAEXXZ
?CloseSocket@CConnection@@QAEXXZ
?ExecuteSubCommand@CConnection@@QAE?BHAAVCSubStream@@H@Z
?ExecuteSubCommand@CVCLConnection@@QAE?BHAAVCSubStream@@HPAH@Z
?ExecuteSubCommand@CVISConnection@@QAE?BHAAVCSubStream@@HPAH@Z
?GetCommsSubType@CBaseComms@@QAE?AW4CommsSubType@@XZ
?GetDataCS@CBaseComms@@IAEPAVCCriticalSection@@XZ
?GetEnginePtr@CSyscall@@IAEPAXXZ
?GetSocket@CTCPIPUtils@@QAEHXZ
?GetSocketCS@CBaseComms@@IAEPAVCCriticalSection@@XZ
?GetUsageType@CBaseComms@@UAEHXZ
?IsSocketValid@CBaseComms@@QAE_NXZ
?IsWaitingForReply@CBaseComms@@QAE_NXZ
?PingCard@CConnection@@QAE_NXZ
?SetCardName@CVCLConnection@@MAEXXZ
?SetCardName@CVISConnection@@MAEXXZ
?SetTCPNoDelay@CConnection@@QAEX_N@Z
?SetUsageType@CBaseComms@@UAEXH@Z
_InitConnectionDLL@0

Sections

.text
Size: 7KB - Virtual size: 6KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 960B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.text
Size: 112KB - Virtual size: 112KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

3d62295b8ffe0554c6c4afe9c4032968

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

basecomms

testutil

runtimecomms

codelib

environment

mfc100

msvcr100

kernel32

oleaut32

Exports

Exports

Sections

.text Size: 7KB - Virtual size: 6KB

.rdata Size: 6KB - Virtual size: 6KB

.data Size: 512B - Virtual size: 1KB

.rsrc Size: 2KB - Virtual size: 1KB

.reloc Size: 1024B - Virtual size: 960B

.text Size: 112KB - Virtual size: 112KB

.text
Size: 7KB - Virtual size: 6KB

.rdata
Size: 6KB - Virtual size: 6KB

.data
Size: 512B - Virtual size: 1KB

.rsrc
Size: 2KB - Virtual size: 1KB

.reloc
Size: 1024B - Virtual size: 960B

.text
Size: 112KB - Virtual size: 112KB