af438b1c9cb4b5ad92207550fd7874d8e776f131b5babf341fec6e58d104f663N

Sharing

Copy URL Twitter E-mail

General

Target

af438b1c9cb4b5ad92207550fd7874d8e776f131b5babf341fec6e58d104f663N
Size

1.3MB
MD5

71bcd8a687abed88b8b0f5070a5c6560
SHA1

d59a0e09706be883e2e8f62044a8e871a47e6fef
SHA256

af438b1c9cb4b5ad92207550fd7874d8e776f131b5babf341fec6e58d104f663
SHA512

d11b4a66865c150d2da782946dd10281575269118a5deb96751774ebf3428b5506a54bec099de83b423b4e6cc9ec0a56e5533ca91d347db01a005a46249da7be
SSDEEP

12288:MpaVta50FiYcBkRMTmkJR4Do07Y86gw5CtCjX+NLuFhNpBeZT3X:YaOYc5SkQ/7Gb8NLEbeZ

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
af438b1c9cb4b5ad92207550fd7874d8e776f131b5babf341fec6e58d104f663N

Files

af438b1c9cb4b5ad92207550fd7874d8e776f131b5babf341fec6e58d104f663N
.exe windows:6 windows x86 arch:x86

1cb94d2486e782442d12aaf1bc4cf76a

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

D:\B\T\BuildResults\bin\Release\WCChromeNativeMessagingHost.pdb

Imports

kernel32

ReadFile
WriteFile
CloseHandle
GetLastError
SetNamedPipeHandleState
OpenMutexW
Sleep
GetTickCount
lstrlenW
OutputDebugStringA
RaiseException
SetLastError
HeapDestroy
HeapAlloc
HeapReAlloc
HeapFree
HeapSize
GetProcessHeap
InitializeCriticalSectionEx
DeleteCriticalSection
FindResourceExW
GetModuleFileNameW
GetModuleHandleW
GetProcAddress
LoadResource
LockResource
SizeofResource
FindResourceW
LoadLibraryW
MultiByteToWideChar
GetCurrentProcessId
GetVolumeInformationW
LoadLibraryA
WideCharToMultiByte
CreateToolhelp32Snapshot
Process32FirstW
Process32NextW
DeleteFileW
FindClose
FindFirstFileW
GetTempFileNameW
GetTempPathW
CreateProcessW
MoveFileW
VerSetConditionMask
HeapSetInformation
GetCurrentProcess
ExitProcess
CreateThread
TerminateThread
SetDllDirectoryW
VerifyVersionInfoW
CreateFileW
QueryPerformanceCounter
IsDebuggerPresent
IsProcessorFeaturePresent
TerminateProcess
SetUnhandledExceptionFilter
UnhandledExceptionFilter
CreateEventW
WaitForSingleObjectEx
ResetEvent
SetEvent
InitializeCriticalSectionAndSpinCount
LeaveCriticalSection
EnterCriticalSection
GetCurrentThreadId
GetSystemTimeAsFileTime
InitializeSListHead
FreeLibrary
OutputDebugStringW

user32

DdeDisconnect
DdeConnect
DdeUninitialize
DdeCreateStringHandleW
DdeFreeStringHandle
DdeClientTransaction
DdeGetLastError
SetTimer
GetMessageW
MessageBoxW
DdeInitializeW
TranslateMessage
DestroyWindow
CreateWindowExW
RegisterClassExW
DefWindowProcW
PostMessageW
RegisterWindowMessageW
DispatchMessageW
KillTimer

advapi32

RegOpenKeyExA
RegOpenKeyExW
RegQueryValueExA
RegQueryValueExW
RegCloseKey

shell32

ShellExecuteExW
ShellExecuteW

ole32

CoInitializeEx
CoUninitialize

msvcp140

?id@?$codecvt@DDU_Mbstatet@@@std@@2V0locale@2@A
?showmanyc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAE_JXZ
?_Fiopen@std@@YAPAU_iobuf@@PBGHH@Z
??1?$basic_ostream@DU?$char_traits@D@std@@@std@@UAE@XZ
??0?$basic_ostream@DU?$char_traits@D@std@@@std@@QAE@PAV?$basic_streambuf@DU?$char_traits@D@std@@@1@_N@Z
?_Xlength_error@std@@YAXPBD@Z
?uncaught_exception@std@@YA_NXZ
?_Xout_of_range@std@@YAXPBD@Z
?sputc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAEHD@Z
?sputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAE_JPBD_J@Z
?sputc@?$basic_streambuf@GU?$char_traits@G@std@@@std@@QAEGG@Z
?sputn@?$basic_streambuf@GU?$char_traits@G@std@@@std@@QAE_JPBG_J@Z
?setstate@?$basic_ios@DU?$char_traits@D@std@@@std@@QAEXH_N@Z
?setstate@?$basic_ios@GU?$char_traits@G@std@@@std@@QAEXH_N@Z
?_Osfx@?$basic_ostream@GU?$char_traits@G@std@@@std@@QAEXXZ
??6?$basic_ostream@GU?$char_traits@G@std@@@std@@QAEAAV01@P6AAAV01@AAV01@@Z@Z
?flush@?$basic_ostream@GU?$char_traits@G@std@@@std@@QAEAAV12@XZ
?_Osfx@?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEXXZ
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@P6AAAV01@AAV01@@Z@Z
?write@?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV12@PBD_J@Z
?flush@?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV12@XZ
?read@?$basic_istream@DU?$char_traits@D@std@@@std@@QAEAAV12@PAD_J@Z
?cin@std@@3V?$basic_istream@DU?$char_traits@D@std@@@1@A
?cout@std@@3V?$basic_ostream@DU?$char_traits@D@std@@@1@A
?wcout@std@@3V?$basic_ostream@GU?$char_traits@G@std@@@1@A
??0_Lockit@std@@QAE@H@Z
??1_Lockit@std@@QAE@XZ
??Bid@locale@std@@QAEIXZ
?_Getgloballocale@locale@std@@CAPAV_Locimp@12@XZ
?always_noconv@codecvt_base@std@@QBE_NXZ
?in@?$codecvt@DDU_Mbstatet@@@std@@QBEHAAU_Mbstatet@@PBD1AAPBDPAD3AAPAD@Z
?out@?$codecvt@DDU_Mbstatet@@@std@@QBEHAAU_Mbstatet@@PBD1AAPBDPAD3AAPAD@Z
?unshift@?$codecvt@DDU_Mbstatet@@@std@@QBEHAAU_Mbstatet@@PAD1AAPAD@Z
?_Getcat@?$codecvt@DDU_Mbstatet@@@std@@SAIPAPBVfacet@locale@2@PBV42@@Z
??0?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAE@XZ
??1?$basic_streambuf@DU?$char_traits@D@std@@@std@@UAE@XZ
?getloc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QBE?AVlocale@2@XZ
?_Pninc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAEPADXZ
?_Init@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAEXXZ
?xsgetn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAE_JPAD_J@Z
?xsputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAE_JPBD_J@Z
??1?$basic_ios@DU?$char_traits@D@std@@@std@@UAE@XZ
??0?$basic_ios@DU?$char_traits@D@std@@@std@@IAE@XZ

shlwapi

PathFileExistsW

vcruntime140

__current_exception_context
memset
__std_terminate
__current_exception
_except_handler4_common
memmove
memchr
memcpy
__CxxFrameHandler3
_CxxThrowException
__std_exception_destroy
__std_exception_copy

api-ms-win-crt-runtime-l1-1-0

_initialize_wide_environment
_invalid_parameter_noinfo_noreturn
_errno
_controlfp_s
_register_thread_local_exe_atexit_callback
_c_exit
__p___wargv
__p___argc
_exit
_initialize_onexit_table
_register_onexit_function
_crt_atexit
_cexit
terminate
_seh_filter_exe
_set_app_type
exit
_configure_wide_argv
_invalid_parameter_noinfo
_get_initial_wide_environment
_initterm
_initterm_e

api-ms-win-crt-string-l1-1-0

isspace
isxdigit
isdigit
strlen
wcscpy_s
wcscat_s
_wcslwr
_wcsicmp
wcsncpy
wcsnlen
wcsncpy_s
wcsncat_s
wmemcpy_s

api-ms-win-crt-heap-l1-1-0

_get_heap_handle
_set_new_mode
free
malloc
_callnewh

api-ms-win-crt-stdio-l1-1-0

fread
_set_fmode
fsetpos
_fseeki64
fwrite
setvbuf
fgetc
fflush
__p__commode
_get_stream_buffer_pointers
ungetc
getchar
fputc
fclose
_wfopen_s
__acrt_iob_func
_setmode
_fileno
fgetpos

api-ms-win-crt-filesystem-l1-1-0

_lock_file
_wsplitpath_s
_waccess_s
_waccess
_unlock_file

api-ms-win-crt-convert-l1-1-0

_itow_s
_itoa_s

api-ms-win-crt-math-l1-1-0

pow
__setusermatherr

api-ms-win-crt-locale-l1-1-0

_configthreadlocale

Sections

.text
Size: 83KB - Virtual size: 82KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 24KB - Virtual size: 24KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 43KB - Virtual size: 42KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1.1MB - Virtual size: 1.2MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

1cb94d2486e782442d12aaf1bc4cf76a

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

user32

advapi32

shell32

ole32

msvcp140

shlwapi

vcruntime140

api-ms-win-crt-runtime-l1-1-0

api-ms-win-crt-string-l1-1-0

api-ms-win-crt-heap-l1-1-0

api-ms-win-crt-stdio-l1-1-0

api-ms-win-crt-filesystem-l1-1-0

api-ms-win-crt-convert-l1-1-0

api-ms-win-crt-math-l1-1-0

api-ms-win-crt-locale-l1-1-0

Sections

.text Size: 83KB - Virtual size: 82KB

.rdata Size: 24KB - Virtual size: 24KB

.data Size: 1024B - Virtual size: 2KB

.rsrc Size: 43KB - Virtual size: 42KB

.reloc Size: 1.1MB - Virtual size: 1.2MB

.text
Size: 83KB - Virtual size: 82KB

.rdata
Size: 24KB - Virtual size: 24KB

.data
Size: 1024B - Virtual size: 2KB

.rsrc
Size: 43KB - Virtual size: 42KB

.reloc
Size: 1.1MB - Virtual size: 1.2MB