cb8b7f5c419b7a599c55abff60400ed17317fb4e15f004ee7f4b94be16c146b2

Sharing

Copy URL Twitter E-mail

General

Target

cb8b7f5c419b7a599c55abff60400ed17317fb4e15f004ee7f4b94be16c146b2
Size

13.1MB
MD5

d3a07171971a3e2c5d223e47062fff8e
SHA1

7f1901b33d1fe835e297a017535d08df51e21233
SHA256

cb8b7f5c419b7a599c55abff60400ed17317fb4e15f004ee7f4b94be16c146b2
SHA512

3d447c755d5381fac03191c8378b3bb8f9f8251a27344d4554b9c7c5c8392864f1e3df5a2c337688d64b0c46de909f92848812e1a9ee3b79bbf5caf714771182
SSDEEP

196608:e2shsYS8/MIc+KvjJsxGPJp5bgCuTiQhGds51yvSgLC:e2s7XMIc+KvjRJp5PFHIUtL

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
cb8b7f5c419b7a599c55abff60400ed17317fb4e15f004ee7f4b94be16c146b2

Files

cb8b7f5c419b7a599c55abff60400ed17317fb4e15f004ee7f4b94be16c146b2
.exe windows:6 windows x86 arch:x86

505e2376bb3eb04677e83c93e480383c

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

D:\Project\OACL\OACL_SW\source code\FWUpdate\OACL_FW(HP)\Olive_Release\UpdateFirmwareOlive.pdb

Imports

setupapi

SetupDiEnumDeviceInfo
SetupDiGetDeviceRegistryPropertyA
SetupDiGetClassDevsA

kernel32

Sleep
GetUserDefaultLangID
CreateFileA
DeviceIoControl
CreateEventA
WriteFile
WaitForSingleObject
GetOverlappedResult
ReadFile
FindResourceA
LoadResource
LockResource
SizeofResource
CloseHandle
CreateMutexA
ReleaseMutex
WideCharToMultiByte
LocalAlloc
LocalFree
IsDebuggerPresent
OutputDebugStringW
EnterCriticalSection
LeaveCriticalSection
SetFilePointerEx
GetConsoleMode
DeleteCriticalSection
DecodePointer
HeapSize
GetLastError
InitializeCriticalSectionEx
GetProcessHeap
HeapFree
HeapAlloc
HeapReAlloc
FlushFileBuffers
SetStdHandle
WriteConsoleW
GetTickCount
CreateFileW
EncodePointer
ExitProcess
GetModuleHandleExW
GetProcAddress
MultiByteToWideChar
GetCommandLineA
IsProcessorFeaturePresent
UnhandledExceptionFilter
SetUnhandledExceptionFilter
SetLastError
InitializeCriticalSectionAndSpinCount
GetCurrentProcess
TerminateProcess
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
GetStartupInfoW
GetModuleHandleW
GetStdHandle
GetModuleFileNameW
LoadLibraryExW
IsValidCodePage
GetACP
GetOEMCP
GetCPInfo
GetCurrentThreadId
GetFileType
GetModuleFileNameA
QueryPerformanceCounter
GetCurrentProcessId
GetSystemTimeAsFileTime
GetEnvironmentStringsW
FreeEnvironmentStringsW
RtlUnwind
LCMapStringW
GetStringTypeW
GetConsoleCP

advapi32

OpenSCManagerA
ControlService
ChangeServiceConfigA
QueryServiceConfigA
QueryServiceStatus
StartServiceA
CloseServiceHandle
SetSecurityDescriptorDacl
InitializeSecurityDescriptor
RegCloseKey
RegQueryValueExA
RegOpenKeyExA
OpenServiceA

Sections

.text
Size: 57KB - Virtual size: 57KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 24KB - Virtual size: 24KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 13.0MB - Virtual size: 13.0MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

505e2376bb3eb04677e83c93e480383c

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

setupapi

kernel32

advapi32

Sections

.text Size: 57KB - Virtual size: 57KB

.rdata Size: 24KB - Virtual size: 24KB

.data Size: 4KB - Virtual size: 12KB

.rsrc Size: 13.0MB - Virtual size: 13.0MB

.reloc Size: 4KB - Virtual size: 4KB

.text
Size: 57KB - Virtual size: 57KB

.rdata
Size: 24KB - Virtual size: 24KB

.data
Size: 4KB - Virtual size: 12KB

.rsrc
Size: 13.0MB - Virtual size: 13.0MB

.reloc
Size: 4KB - Virtual size: 4KB