40bc88a7e25c8551fe74a73cea6e8c35661eb31de2660bdc57ffed08db518aec

Sharing

Copy URL

Twitter E-mail

General

Target

40bc88a7e25c8551fe74a73cea6e8c35661eb31de2660bdc57ffed08db518aec
Size

507KB
MD5

d977aa3e1a365ac5d4eb43be47605689
SHA1

eb20141c2ee344da400394cf6285130734e186a3
SHA256

40bc88a7e25c8551fe74a73cea6e8c35661eb31de2660bdc57ffed08db518aec
SHA512

70a5af24d975b231e77d600a1b0b9fd9b2b6ec38267418d100d781dcafde34586df2d8c63b088d0ab74360354f90ec0c50c561744a8489a7fc4b827583eb78de
SSDEEP

12288:KDUfVvl8H6666HH3o66663P6666VWH6666H6666IUjolRy6:/fVviH6666HH3o66663P6666AH6666Hq

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
40bc88a7e25c8551fe74a73cea6e8c35661eb31de2660bdc57ffed08db518aec

Files

40bc88a7e25c8551fe74a73cea6e8c35661eb31de2660bdc57ffed08db518aec
.exe windows:4 windows x86 arch:x86

187a672ba8f345f2953a107f96fffdb5

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

g:\jekins_work\workspace\lenovo_zip_se\product\win32\dbginfo\uapp.pdb

Imports

kernel32

FindResourceW
SizeofResource
GetLastError
LoadResource
FindResourceExW
GetModuleFileNameW
LockResource
RaiseException
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSection
DeleteCriticalSection
GetVersionExA
HeapDestroy
HeapAlloc
HeapFree
HeapReAlloc
HeapSize
GetProcessHeap
GetSystemTimeAsFileTime
GetStartupInfoW
RtlUnwind
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
GetCPInfo
InterlockedIncrement
InterlockedDecrement
GetACP
GetOEMCP
IsValidCodePage
GetModuleHandleA
GetProcAddress
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
SetLastError
GetCurrentThreadId
MultiByteToWideChar
LCMapStringA
WideCharToMultiByte
LCMapStringW
ExitProcess
WriteFile
GetStdHandle
GetModuleFileNameA
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineA
GetCommandLineW
SetHandleCount
GetFileType
GetStartupInfoA
HeapCreate
VirtualFree
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
VirtualAlloc
Sleep
SetFilePointer
GetConsoleCP
GetConsoleMode
GetStringTypeA
GetStringTypeW
GetLocaleInfoA
LoadLibraryA
SetStdHandle
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
CreateFileA
CloseHandle
FlushFileBuffers

shell32

ShellExecuteW

user32

UnregisterClassA

Sections

.text
Size: 40KB - Virtual size: 38KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 12KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 4KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 436KB - Virtual size: 436KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

187a672ba8f345f2953a107f96fffdb5

Headers

File Characteristics

PDB Paths

Imports

kernel32

shell32

user32

Sections

.text Size: 40KB - Virtual size: 38KB

.rdata Size: 12KB - Virtual size: 10KB

.data Size: 4KB - Virtual size: 11KB

.rsrc Size: 436KB - Virtual size: 436KB

.text
Size: 40KB - Virtual size: 38KB

.rdata
Size: 12KB - Virtual size: 10KB

.data
Size: 4KB - Virtual size: 11KB

.rsrc
Size: 436KB - Virtual size: 436KB