CVE-2017-0213_x86[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

CVE-2017-0213_x86.exe
Size

131KB
MD5

e20baed2f54af658d546027c5f839656
SHA1

b3423b5d096cf915019cd8d7c994cf9919523901
SHA256

0a4a0f0df5eea57f16a76bff6489dd95a7089afba8e9e5c8bcadc46870af33fb
SHA512

4d3885ffd66111487fe68aa22b49324657d4440e1231adcfc497a6d539dd8c9cf2ef4fd6fc09a2b1ba54d851444d1b66199ad6b0d105b48c20039df240b6769c
SSDEEP

3072:tRKLeqLvv9kkrUWd924GBqCbnfoZw5IFXAeW8+StGwav:tpqLdfrUW+HnfoZD9X+xwm

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
CVE-2017-0213_x86.exe

Files

CVE-2017-0213_x86.exe
.exe windows:6 windows x86 arch:x86

02565c466993a4f88ad5e71df5c644fb

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

C:\Users\User\Documents\Visual Studio 2017\Projects\ConsoleApplication2\Release\ConsoleApplication2.pdb

Imports

kernel32

GetModuleFileNameW
LocalAlloc
CreateFileW
ProcessIdToSessionId
FormatMessageW
DeleteFileW
WriteFile
GetProcAddress
LocalFree
GetFileSize
GetCurrentProcessId
GetModuleHandleW
GetCurrentProcess
QueryDosDeviceW
ReadFile
CloseHandle
CreateDirectoryW
WriteConsoleW
DecodePointer
SetFilePointerEx
HeapReAlloc
HeapSize
GetConsoleMode
GetConsoleCP
FlushFileBuffers
GetProcessHeap
SetStdHandle
SetEnvironmentVariableW
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCPInfo
GetOEMCP
IsValidCodePage
FindNextFileW
GetLastError
MultiByteToWideChar
WideCharToMultiByte
UnhandledExceptionFilter
SetUnhandledExceptionFilter
TerminateProcess
IsProcessorFeaturePresent
QueryPerformanceCounter
GetCurrentThreadId
GetSystemTimeAsFileTime
InitializeSListHead
IsDebuggerPresent
GetStartupInfoW
RtlUnwind
EncodePointer
RaiseException
SetLastError
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
InitializeCriticalSectionAndSpinCount
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
FreeLibrary
LoadLibraryExW
ExitProcess
GetModuleHandleExW
GetStdHandle
GetCommandLineA
GetCommandLineW
GetACP
HeapFree
HeapAlloc
GetFileType
CompareStringW
LCMapStringW
GetStringTypeW
FindClose
FindFirstFileExW

advapi32

OpenProcessToken
CreateProcessAsUserW
DuplicateTokenEx
SetTokenInformation

ole32

CoCreateInstance
CoUninitialize
CoInitialize
CoTaskMemFree
CoMarshalInterface
CoInitializeSecurity
CoGetStdMarshalEx
StringFromIID

oleaut32

VariantClear
LoadTypeLi
SysFreeString
CreateTypeLib2
SysAllocStringByteLen
SysAllocString
SysStringLen

shlwapi

PathRemoveFileSpecW

Sections

.text
Size: 90KB - Virtual size: 90KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 31KB - Virtual size: 31KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 480B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

02565c466993a4f88ad5e71df5c644fb

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

advapi32

ole32

oleaut32

shlwapi

Sections

.text Size: 90KB - Virtual size: 90KB

.rdata Size: 31KB - Virtual size: 31KB

.data Size: 2KB - Virtual size: 5KB

.rsrc Size: 512B - Virtual size: 480B

.reloc Size: 5KB - Virtual size: 5KB

.text
Size: 90KB - Virtual size: 90KB

.rdata
Size: 31KB - Virtual size: 31KB

.data
Size: 2KB - Virtual size: 5KB

.rsrc
Size: 512B - Virtual size: 480B

.reloc
Size: 5KB - Virtual size: 5KB