a3c8e2bfc922907cbfb61d8fe0d4c5e6d542d19653fd14c515961f14c75530d6

Sharing

Copy URL

Twitter E-mail

General

Target

a3c8e2bfc922907cbfb61d8fe0d4c5e6d542d19653fd14c515961f14c75530d6
Size

558KB
MD5

2746e996ab4f8152a4ae34f0c0722990
SHA1

d8c5590995e751efd794669c1bc686e81231ebfe
SHA256

a3c8e2bfc922907cbfb61d8fe0d4c5e6d542d19653fd14c515961f14c75530d6
SHA512

15c56fce764727c7b4091de8975b3ce5195d17f3bd7b158413725c0b10c0339091d059f336812b3adccce89045c92085c43c67e6265eb96b00f77a921595b85d
SSDEEP

12288:rGFyxd02AQxgQyhJ6jcBINhJFWqC1VLFKRpeVjI:KsHBkEjFWqC1V4RpOU

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
a3c8e2bfc922907cbfb61d8fe0d4c5e6d542d19653fd14c515961f14c75530d6

Files

a3c8e2bfc922907cbfb61d8fe0d4c5e6d542d19653fd14c515961f14c75530d6
.exe windows:6 windows x86 arch:x86

3b47b99090c07d8b8589e946e86457d9

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

D:\Jenkins\.jenkins\workspace\lib_common\feedback\feedback\Release\feedback.pdb

Imports

kernel32

GetPrivateProfileStringW
WideCharToMultiByte
GetCommandLineW
FindResourceW
lstrcmpiW
SizeofResource
LoadResource
LoadLibraryExW
GetProcAddress
GetModuleHandleW
GetModuleFileNameW
FreeLibrary
GetCurrentThreadId
CreateMutexW
LoadLibraryW
ReadConsoleW
SetEndOfFile
SetStdHandle
DeleteCriticalSection
SetEnvironmentVariableA
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineA
GetOEMCP
IsValidCodePage
FindFirstFileExW
WriteConsoleW
MultiByteToWideChar
InitializeCriticalSectionEx
LeaveCriticalSection
EnterCriticalSection
InitializeCriticalSection
GetProcessHeap
HeapSize
HeapFree
HeapReAlloc
HeapAlloc
EnumSystemLocalesW
GetUserDefaultLCID
IsValidLocale
GetTimeZoneInformation
GetConsoleMode
GetConsoleCP
SetFilePointerEx
GetFileType
GetACP
GetStdHandle
HeapDestroy
SetErrorMode
GetModuleHandleExW
ExitProcess
RtlUnwind
LocalFree
WaitForSingleObject
ReleaseMutex
SetLastError
GetLastError
RaiseException
CloseHandle
DecodePointer
FlushFileBuffers
GetCurrentProcessId
QueryPerformanceCounter
GetStartupInfoW
IsDebuggerPresent
OutputDebugStringW
EncodePointer
InitializeSListHead
InterlockedPopEntrySList
InterlockedPushEntrySList
GetCurrentProcess
FlushInstructionCache
IsProcessorFeaturePresent
VirtualAlloc
VirtualFree
LoadLibraryExA
GetStringTypeW
FormatMessageW
InitializeCriticalSectionAndSpinCount
CreateEventW
SwitchToThread
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
GetSystemTimeAsFileTime
CompareStringW
LCMapStringW
GetLocaleInfoW
GetCPInfo
DeleteFileW
FindResourceExW
LockResource
CopyFileW
CreateFileW
FindClose
FindNextFileW
GetFileSizeEx
ReadFile
WriteFile
CreateFileMappingW
OpenFileMappingW
MapViewOfFile
UnmapViewOfFile
UnhandledExceptionFilter
SetUnhandledExceptionFilter
TerminateProcess

user32

GetMessageW
TranslateMessage
DispatchMessageW
PeekMessageW
SendMessageTimeoutW
DefWindowProcW
GetWindowLongW
CallWindowProcW
PostQuitMessage
SystemParametersInfoW
GetWindowRect
IsWindowVisible
ShowWindow
IsWindow
PostMessageW
MonitorFromWindow
ReleaseDC
GetDC
LoadCursorW
FindWindowW
SetWindowLongW
CharNextW
wsprintfW
DestroyWindow
CreateWindowExW
GetClassInfoExW
RegisterClassExW
UnregisterClassW

gdi32

GetDeviceCaps

advapi32

RegCreateKeyExW
RegSetValueExW
RegQueryInfoKeyW
RegOpenKeyExW
RegEnumKeyExW
RegDeleteValueW
RegDeleteKeyW
RegCloseKey
RegQueryValueExW

ole32

CoInitialize
CoTaskMemFree
CoTaskMemRealloc
CoUninitialize
CoCreateInstance
CoTaskMemAlloc

oleaut32

VarUI4FromStr

shlwapi

PathIsDirectoryW
StrStrIW
PathRemoveFileSpecW
PathFileExistsW
PathAppendW

comctl32

InitCommonControlsEx

gdiplus

GdiplusShutdown
GdiplusStartup

crypt32

CertGetNameStringW

wintrust

WTHelperProvDataFromStateData
WinVerifyTrust

urlmon

URLDownloadToCacheFileW

Sections

.text
Size: 343KB - Virtual size: 343KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 101KB - Virtual size: 100KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 11KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 89KB - Virtual size: 92KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

3b47b99090c07d8b8589e946e86457d9

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

user32

gdi32

advapi32

ole32

oleaut32

shlwapi

comctl32

gdiplus

crypt32

wintrust

urlmon

Sections

.text Size: 343KB - Virtual size: 343KB

.rdata Size: 101KB - Virtual size: 100KB

.data Size: 11KB - Virtual size: 15KB

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 89KB - Virtual size: 92KB

.text
Size: 343KB - Virtual size: 343KB

.rdata
Size: 101KB - Virtual size: 100KB

.data
Size: 11KB - Virtual size: 15KB

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 89KB - Virtual size: 92KB