C:\Users\User\Documents\Visual Studio 2017\Projects\ConsoleApplication2\x64\Release\ConsoleApplication2.pdb
Static task
static1
1 signatures
General
-
Target
CVE-2017-0213_x64.exe
-
Size
157KB
-
MD5
25e62ef07aa497ff4b13549bc6639e19
-
SHA1
c8cee35f713031ca109dffae4fbede766d427e08
-
SHA256
aac0c5ad612fb9a0ac3b4bbfd71b8931fc762f8e11fdf3ffb33ef22076f9c4bc
-
SHA512
281a723c3ebfb369ad5bb73e18de0654e9ed1df25af49fcceaafe5afe425975c688eb4df4934b386b5532949f4bea6e688e33b599739e40ac381484e766fce5f
-
SSDEEP
3072:xcvrKSBuRWy3ALuEG8IFtMH673vxuElWazC9qPldFvsE8iw7c:Yfgwy3ALtI/G6rvAEl+9qPmEPMc
Score
3/10
Malware Config
Signatures
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
resource CVE-2017-0213_x64.exe
Files
-
CVE-2017-0213_x64.exe.exe windows:6 windows x64 arch:x64
f944761d67c147fa342ba91f042b4d8c
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
PDB Paths
Imports
kernel32
GetModuleFileNameW
LocalAlloc
CreateFileW
ProcessIdToSessionId
FormatMessageW
DeleteFileW
WriteFile
GetProcAddress
LocalFree
GetFileSize
GetCurrentProcessId
GetModuleHandleW
GetCurrentProcess
QueryDosDeviceW
ReadFile
CloseHandle
CreateDirectoryW
WriteConsoleW
SetFilePointerEx
HeapReAlloc
HeapSize
GetConsoleMode
GetConsoleCP
FlushFileBuffers
GetProcessHeap
SetStdHandle
SetEnvironmentVariableW
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCPInfo
GetOEMCP
IsValidCodePage
FindNextFileW
GetLastError
MultiByteToWideChar
WideCharToMultiByte
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
UnhandledExceptionFilter
SetUnhandledExceptionFilter
TerminateProcess
IsProcessorFeaturePresent
QueryPerformanceCounter
GetCurrentThreadId
GetSystemTimeAsFileTime
InitializeSListHead
IsDebuggerPresent
GetStartupInfoW
RtlUnwindEx
RtlPcToFileHeader
EncodePointer
RaiseException
SetLastError
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
InitializeCriticalSectionAndSpinCount
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
FreeLibrary
LoadLibraryExW
ExitProcess
GetModuleHandleExW
GetStdHandle
GetCommandLineA
GetCommandLineW
GetACP
HeapFree
HeapAlloc
GetFileType
CompareStringW
LCMapStringW
GetStringTypeW
FindClose
FindFirstFileExW
advapi32
OpenProcessToken
CreateProcessAsUserW
DuplicateTokenEx
SetTokenInformation
ole32
CoCreateInstance
CoUninitialize
CoInitialize
CoTaskMemFree
CoMarshalInterface
CoInitializeSecurity
CoGetStdMarshalEx
StringFromIID
oleaut32
VariantClear
LoadTypeLi
SysFreeString
CreateTypeLib2
SysAllocStringByteLen
SysAllocString
SysStringLen
shlwapi
PathRemoveFileSpecW
Sections
.text Size: 95KB - Virtual size: 95KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 49KB - Virtual size: 48KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 3KB - Virtual size: 7KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.pdata Size: 6KB - Virtual size: 5KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.rsrc Size: 512B - Virtual size: 480B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 2KB - Virtual size: 1KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ