aa2865178dc691edfdfc676c77a638cd165cbe9385a0ae4b8bfa16e9b9af753b[.]exe

Sharing

Copy URL

Twitter E-mail

General

Target

aa2865178dc691edfdfc676c77a638cd165cbe9385a0ae4b8bfa16e9b9af753b.exe
Size

1.9MB
MD5

18a531099ef85a846a63b7aee12b45e7
SHA1

ccee12b82ebc5585febac7929312ee3024821db9
SHA256

aa2865178dc691edfdfc676c77a638cd165cbe9385a0ae4b8bfa16e9b9af753b
SHA512

81b9b18a24882d5b2f2704f20df57719290da063dac8147e866e076d7a1591e379309dfd780a546a739688d30c5ee51f9e5599d6576a7ddd09286f10324e5ab9
SSDEEP

49152:69U35JCirYhIntmZrbQhrHqxZrbQhrHq26R5vIk:6O3vTtmZrbQhrHqxZrbQhrHq357

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
aa2865178dc691edfdfc676c77a638cd165cbe9385a0ae4b8bfa16e9b9af753b.exe

Files

aa2865178dc691edfdfc676c77a638cd165cbe9385a0ae4b8bfa16e9b9af753b.exe
.exe windows:6 windows x86 arch:x86

2faddcf21ecbc6ccdd4042d2ada77dd0

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

d:\jenkins-slave\workspace\unifab_win_x86_vs2019_build_release_newClient\dtshdprocess_bin\x86\DtshdProcess.pdb

Imports

kernel32

SwitchToThread
DuplicateHandle
CreateSemaphoreA
MapViewOfFileEx
GetFileSizeEx
SetEndOfFile
SetFilePointerEx
WriteFile
OutputDebugStringA
GetStdHandle
AllocConsole
VirtualQuery
VirtualFree
VirtualAlloc
SetLastError
CreateFileMappingA
UnmapViewOfFile
MapViewOfFile
CopyFileW
GetFileAttributesW
CreateFileW
CreateDirectoryW
lstrlenA
IsDBCSLeadByte
GlobalLock
GlobalUnlock
LoadLibraryW
GetNativeSystemInfo
GetVersionExA
CreateProcessA
GetExitCodeProcess
GetDiskFreeSpaceExA
VirtualLock
WaitForMultipleObjects
CreateMutexA
ReleaseMutex
MoveFileExW
MoveFileExA
MoveFileW
MoveFileA
CopyFileA
QueryDosDeviceA
GetShortPathNameA
GetModuleFileNameA
GetWindowsDirectoryA
GetTickCount
DeviceIoControl
FreeConsole
GetTempPathA
GetTempPathW
SetFilePointer
SetFileAttributesW
SetFileAttributesA
RemoveDirectoryW
RemoveDirectoryA
GetVolumeInformationW
GetFileSize
GetFileAttributesA
GetDriveTypeA
GetDiskFreeSpaceA
FindNextFileW
FindNextFileA
FindFirstFileW
FindFirstFileA
FindClose
DeleteFileW
DeleteFileA
CreateFileA
GetSystemInfo
WaitForSingleObject
OpenProcess
GetLastError
ResetEvent
GetCurrentProcessId
CreateProcessW
TerminateProcess
Sleep
HeapFree
QueryPerformanceFrequency
HeapAlloc
GetProcessHeap
QueryPerformanceCounter
OutputDebugStringW
GetSystemDirectoryA
lstrcpyA
LoadLibraryA
GetProcAddress
FreeLibrary
LocalAlloc
LocalFree
GetModuleHandleA
GetModuleFileNameW
FormatMessageA
ReleaseSemaphore
WaitForSingleObjectEx
WaitForMultipleObjectsEx
OpenEventA
SetWaitableTimer
GetCurrentThreadId
ResumeThread
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
CreateWaitableTimerA
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSectionAndSpinCount
DeleteCriticalSection
CreateEventW
GetModuleHandleW
IsDebuggerPresent
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsProcessorFeaturePresent
GetCurrentProcess
GetSystemTimeAsFileTime
InitializeSListHead
MultiByteToWideChar
WideCharToMultiByte
IsValidCodePage
IsDBCSLeadByteEx
SetConsoleTitleA
CreateEventA
SetEvent
CreateDirectoryA
GetProcessTimes
GetVolumeInformationA
CloseHandle

crypt32

CertGetNameStringA
CertFreeCertificateContext
CryptMsgClose
CryptQueryObject
CryptMsgGetParam
CertFindCertificateInStore
CertCloseStore

user32

GetForegroundWindow
CharNextA
SystemParametersInfoA
ExitWindowsEx
CloseDesktop
EnumDesktopWindows
OpenDesktopA
GetSystemMetrics
IsClipboardFormatAvailable
GetClipboardData
CloseClipboard
OpenClipboard
wvsprintfW
IsWindowVisible
SetWindowPos
GetDesktopWindow
PostMessageA

advapi32

ReadEventLogA
RegEnumKeyA
SetSecurityDescriptorDacl
CloseEventLog
OpenEventLogA
InitializeSecurityDescriptor
RegEnumKeyExA
OpenProcessToken
AdjustTokenPrivileges
LookupPrivilegeValueA
RegCloseKey
RegOpenKeyA
RegQueryValueExA
RegCreateKeyA
RegCreateKeyExA
RegDeleteKeyA
RegDeleteValueA
RegEnumValueA
RegOpenKeyExA
RegSetValueExA
RegSetValueA
RegQueryValueA
RegQueryInfoKeyA

iphlpapi

GetAdaptersInfo

oleaut32

VariantClear
SysFreeString
SysAllocString

version

VerQueryValueA
GetFileVersionInfoSizeA
GetFileVersionInfoA

ole32

CoCreateInstance
CoSetProxyBlanket
CoInitializeSecurity
CoInitializeEx
CoUninitialize

shell32

SHGetSpecialFolderLocation
SHGetFolderPathW
ShellExecuteA
ShellExecuteExA
SHGetPathFromIDListA

Exports

Exports

?get_lock@singleton_module@serialization@boost@@CAAA_NXZ
?is_locked@singleton_module@serialization@boost@@SA_NXZ
?lock@?1??get_lock@singleton_module@serialization@boost@@CAAA_NXZ@4_NA
?lock@singleton_module@serialization@boost@@SAXXZ
?unlock@singleton_module@serialization@boost@@SAXXZ

Sections

.text
Size: 279KB - Virtual size: 279KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 64KB - Virtual size: 63KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1.6MB - Virtual size: 1.6MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

2faddcf21ecbc6ccdd4042d2ada77dd0

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

crypt32

user32

advapi32

iphlpapi

oleaut32

version

ole32

shell32

Exports

Exports

Sections

.text Size: 279KB - Virtual size: 279KB

.rdata Size: 64KB - Virtual size: 63KB

.data Size: 8KB - Virtual size: 12KB

.rsrc Size: 1.6MB - Virtual size: 1.6MB

.text
Size: 279KB - Virtual size: 279KB

.rdata
Size: 64KB - Virtual size: 63KB

.data
Size: 8KB - Virtual size: 12KB

.rsrc
Size: 1.6MB - Virtual size: 1.6MB