f587b07402eeffdface43b9298302e339f5e58c5c548bd43bb8523356229a5a6

Sharing

Copy URL

Twitter E-mail

General

Target

f587b07402eeffdface43b9298302e339f5e58c5c548bd43bb8523356229a5a6
Size

2.4MB
MD5

215c6060f9adfba0cb6b5d624dfe7bab
SHA1

ad306b20750d8a4a710f99425da947685d3b1cdf
SHA256

f587b07402eeffdface43b9298302e339f5e58c5c548bd43bb8523356229a5a6
SHA512

a90e9fe28d45d37a3a05e6e2f4d2d8b7c478528f39d74efcf8ab2325f70cff2409e557d56dc3578d5d139efbd0235a26602097358a6af10fe64e13b393e47e21
SSDEEP

49152:y/irYhITtmZrbQhrHqxZrbQhrHqFqUYwRxP/llAizXMLJ89z:yatmZrbQhrHqxZrbQhrHqFqU/nNlNzXP

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
f587b07402eeffdface43b9298302e339f5e58c5c548bd43bb8523356229a5a6

Files

f587b07402eeffdface43b9298302e339f5e58c5c548bd43bb8523356229a5a6
.exe windows:6 windows x86 arch:x86

2faddcf21ecbc6ccdd4042d2ada77dd0

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

d:\jenkins-slave\workspace\unifab_win_x86_vs2019_build_release_newClient\dtshdprocess_bin\x86\DtshdProcess.pdb

Imports

kernel32

SwitchToThread
DuplicateHandle
CreateSemaphoreA
MapViewOfFileEx
GetFileSizeEx
SetEndOfFile
SetFilePointerEx
WriteFile
OutputDebugStringA
GetStdHandle
AllocConsole
VirtualQuery
VirtualFree
VirtualAlloc
SetLastError
CreateFileMappingA
UnmapViewOfFile
MapViewOfFile
CopyFileW
GetFileAttributesW
CreateFileW
CreateDirectoryW
lstrlenA
IsDBCSLeadByte
GlobalLock
GlobalUnlock
LoadLibraryW
GetNativeSystemInfo
GetVersionExA
CreateProcessA
GetExitCodeProcess
GetDiskFreeSpaceExA
VirtualLock
WaitForMultipleObjects
CreateMutexA
ReleaseMutex
MoveFileExW
MoveFileExA
MoveFileW
MoveFileA
CopyFileA
QueryDosDeviceA
GetShortPathNameA
GetModuleFileNameA
GetWindowsDirectoryA
GetTickCount
DeviceIoControl
FreeConsole
GetTempPathA
GetTempPathW
SetFilePointer
SetFileAttributesW
SetFileAttributesA
RemoveDirectoryW
RemoveDirectoryA
GetVolumeInformationW
GetFileSize
GetFileAttributesA
GetDriveTypeA
GetDiskFreeSpaceA
FindNextFileW
FindNextFileA
FindFirstFileW
FindFirstFileA
FindClose
DeleteFileW
DeleteFileA
CreateFileA
GetSystemInfo
WaitForSingleObject
OpenProcess
GetLastError
ResetEvent
GetCurrentProcessId
CreateProcessW
TerminateProcess
Sleep
HeapFree
QueryPerformanceFrequency
HeapAlloc
GetProcessHeap
QueryPerformanceCounter
OutputDebugStringW
GetSystemDirectoryA
lstrcpyA
LoadLibraryA
GetProcAddress
FreeLibrary
LocalAlloc
LocalFree
GetModuleHandleA
GetModuleFileNameW
FormatMessageA
ReleaseSemaphore
WaitForSingleObjectEx
WaitForMultipleObjectsEx
OpenEventA
SetWaitableTimer
GetCurrentThreadId
ResumeThread
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
CreateWaitableTimerA
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSectionAndSpinCount
DeleteCriticalSection
CreateEventW
GetModuleHandleW
IsDebuggerPresent
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsProcessorFeaturePresent
GetCurrentProcess
GetSystemTimeAsFileTime
InitializeSListHead
MultiByteToWideChar
WideCharToMultiByte
IsValidCodePage
IsDBCSLeadByteEx
SetConsoleTitleA
CreateEventA
SetEvent
CreateDirectoryA
GetProcessTimes
GetVolumeInformationA
CloseHandle

crypt32

CertGetNameStringA
CertFreeCertificateContext
CryptMsgClose
CryptQueryObject
CryptMsgGetParam
CertFindCertificateInStore
CertCloseStore

user32

GetForegroundWindow
CharNextA
SystemParametersInfoA
ExitWindowsEx
CloseDesktop
EnumDesktopWindows
OpenDesktopA
GetSystemMetrics
IsClipboardFormatAvailable
GetClipboardData
CloseClipboard
OpenClipboard
wvsprintfW
IsWindowVisible
SetWindowPos
GetDesktopWindow
PostMessageA

advapi32

ReadEventLogA
RegEnumKeyA
SetSecurityDescriptorDacl
CloseEventLog
OpenEventLogA
InitializeSecurityDescriptor
RegEnumKeyExA
OpenProcessToken
AdjustTokenPrivileges
LookupPrivilegeValueA
RegCloseKey
RegOpenKeyA
RegQueryValueExA
RegCreateKeyA
RegCreateKeyExA
RegDeleteKeyA
RegDeleteValueA
RegEnumValueA
RegOpenKeyExA
RegSetValueExA
RegSetValueA
RegQueryValueA
RegQueryInfoKeyA

iphlpapi

GetAdaptersInfo

oleaut32

VariantClear
SysFreeString
SysAllocString

version

VerQueryValueA
GetFileVersionInfoSizeA
GetFileVersionInfoA

ole32

CoCreateInstance
CoSetProxyBlanket
CoInitializeSecurity
CoInitializeEx
CoUninitialize

shell32

SHGetSpecialFolderLocation
SHGetFolderPathW
ShellExecuteA
ShellExecuteExA
SHGetPathFromIDListA

Exports

Exports

?get_lock@singleton_module@serialization@boost@@CAAA_NXZ
?is_locked@singleton_module@serialization@boost@@SA_NXZ
?lock@?1??get_lock@singleton_module@serialization@boost@@CAAA_NXZ@4_NA
?lock@singleton_module@serialization@boost@@SAXXZ
?unlock@singleton_module@serialization@boost@@SAXXZ

Sections

.text
Size: 279KB - Virtual size: 279KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 64KB - Virtual size: 63KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2.1MB - Virtual size: 2.1MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

2faddcf21ecbc6ccdd4042d2ada77dd0

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

crypt32

user32

advapi32

iphlpapi

oleaut32

version

ole32

shell32

Exports

Exports

Sections

.text Size: 279KB - Virtual size: 279KB

.rdata Size: 64KB - Virtual size: 63KB

.data Size: 8KB - Virtual size: 12KB

.rsrc Size: 2.1MB - Virtual size: 2.1MB

.text
Size: 279KB - Virtual size: 279KB

.rdata
Size: 64KB - Virtual size: 63KB

.data
Size: 8KB - Virtual size: 12KB

.rsrc
Size: 2.1MB - Virtual size: 2.1MB