a047a6bddca81e707f87718fd5bfa216330f3af3d0a0fbb73de714e465e2a7fa

Sharing

Copy URL Twitter E-mail

General

Target

a047a6bddca81e707f87718fd5bfa216330f3af3d0a0fbb73de714e465e2a7fa
Size

172KB
MD5

11b9b19da3efe314b3010a62688d2bf7
SHA1

8174901e238387717b78e2e01632c92bce9f3aba
SHA256

a047a6bddca81e707f87718fd5bfa216330f3af3d0a0fbb73de714e465e2a7fa
SHA512

43f62f5c663cbf3a429bd69e84468eb26aeec8304bb6f1ce0fa77a3cdacbf5727e185d2da611c2c0de846bf13b591271f8d1c4e55fa7fdfa622602eb1c0d3025
SSDEEP

3072:3kM/Pp9oQBnzKY7z5I+hc0C9pSdcT6Q1pYuWbuBimIYVd8:3T9ooKY7zN7C9wG3jYtb0hVy

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
a047a6bddca81e707f87718fd5bfa216330f3af3d0a0fbb73de714e465e2a7fa

Files

a047a6bddca81e707f87718fd5bfa216330f3af3d0a0fbb73de714e465e2a7fa
.dll windows:4 windows x86 arch:x86

8cb188c31dfd73d126683898d12f9d23

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

d:\ClearCase\VSS_UNICOMM_TATA\solution\DeviceOperate\Release\DeviceOperate.pdb

Imports

isaputrace

?instance@CiSAPUTrace@@SAPAV1@ABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@Z
?Traceout@CiSAPUTrace@@QAEXHABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@0H0@Z

kernel32

GetCurrentProcessId
GetCurrentThreadId
QueryPerformanceCounter
MultiByteToWideChar
WideCharToMultiByte
GetModuleFileNameA
GetPrivateProfileStringA
InterlockedExchange
GetACP
GetLocaleInfoA
GetThreadLocale
GetVersionExA
GetOverlappedResult
WaitForSingleObject
GetLastError
ReadFile
PurgeComm
ClearCommError
LocalFree
FormatMessageA
WriteFile
CloseHandle
CreateEventA
SetCommTimeouts
GetCommTimeouts
SetupComm
Sleep
SetCommMask
GetTickCount
SetEvent
CreateFileA
RaiseException
InitializeCriticalSection
DeleteCriticalSection
SizeofResource
LockResource
LoadResource
FindResourceA
FindResourceExA
lstrlenA
CreateMutexA
ReleaseMutex
TerminateThread
CreateThread
ExitProcess
DisableThreadLibraryCalls
GetProcessHeap
HeapSize
HeapReAlloc
HeapFree
HeapAlloc
HeapDestroy
LeaveCriticalSection
EnterCriticalSection
GetSystemTimeAsFileTime

user32

wsprintfA

ole32

CoCreateInstance
CoInitialize
CLSIDFromProgID
CoUninitialize

msvcp71

??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@@Z
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBD@Z
??Y?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@ABV01@@Z
??Y?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@PBD@Z
??4?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@ABV01@@Z
?substr@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBE?AV12@II@Z
?npos@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@2IB
?rfind@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIPBDII@Z
?_Nomemory@std@@YAXXZ
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ
??$?9DU?$char_traits@D@std@@V?$allocator@D@1@@std@@YA_NABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@PBD@Z
??4?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@PBD@Z
??$?8DU?$char_traits@D@std@@V?$allocator@D@1@@std@@YA_NPBDABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@@Z
??$?9DU?$char_traits@D@std@@V?$allocator@D@1@@std@@YA_NPBDABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@@Z

msvcr71

_stricmp
??_V@YAXPAX@Z
__CxxFrameHandler
??0exception@@QAE@ABV0@@Z
_CxxThrowException
fclose
fopen
_purecall
??3@YAXPAX@Z
time
sprintf
??1exception@@UAE@XZ
??0exception@@QAE@XZ
_mbscmp
malloc
free
_except_handler3
fgetc
_mbsrchr
memmove
_callnewh
__security_error_handler
??1type_info@@UAE@XZ
__dllonexit
_onexit
?terminate@@YAXXZ
_initterm
_adjust_fdiv
__CppXcptFilter
_ltoa
wcslen
memset

oleaut32

SysAllocString
VariantClear

Exports

Exports

CreateInstance

Sections

.text
Size: 28KB - Virtual size: 25KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 12KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 668B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 824B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 8KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.text
Size: 112KB - Virtual size: 112KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

8cb188c31dfd73d126683898d12f9d23

Headers

File Characteristics

PDB Paths

Imports

isaputrace

kernel32

user32

ole32

msvcp71

msvcr71

oleaut32

Exports

Exports

Sections

.text Size: 28KB - Virtual size: 25KB

.rdata Size: 12KB - Virtual size: 9KB

.data Size: 4KB - Virtual size: 668B

.rsrc Size: 4KB - Virtual size: 824B

.reloc Size: 8KB - Virtual size: 5KB

.text Size: 112KB - Virtual size: 112KB

.text
Size: 28KB - Virtual size: 25KB

.rdata
Size: 12KB - Virtual size: 9KB

.data
Size: 4KB - Virtual size: 668B

.rsrc
Size: 4KB - Virtual size: 824B

.reloc
Size: 8KB - Virtual size: 5KB

.text
Size: 112KB - Virtual size: 112KB