d0079e6f3d71bcec5ea83379b9cd71d862f4fe20ab867a41fbf8f32df316fd6d

Sharing

Copy URL

Twitter E-mail

General

Target

d0079e6f3d71bcec5ea83379b9cd71d862f4fe20ab867a41fbf8f32df316fd6d
Size

689KB
MD5

2aea96c228d49d8c0923a23a2867134a
SHA1

155677d8ae102b5841078116a6b94f2b9e7d7e61
SHA256

d0079e6f3d71bcec5ea83379b9cd71d862f4fe20ab867a41fbf8f32df316fd6d
SHA512

38899a044633f55860c3a887ee81361e96ec4b95b0f9da5eb92f8a80e31d17ecbb782eb2f49cdbdc4d816d7bc87cc100b55cec74b8f9d2e1d7512043dee54a90
SSDEEP

12288:W/J1uusPY5g+f7JkQR6JjUEqWByuqp4fIJiE2JGkq9/fTJ1Irqc7:qJ4P+24ELBZqwIYE28vfc+c7

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
d0079e6f3d71bcec5ea83379b9cd71d862f4fe20ab867a41fbf8f32df316fd6d

Files

d0079e6f3d71bcec5ea83379b9cd71d862f4fe20ab867a41fbf8f32df316fd6d
.exe windows:5 windows x86 arch:x86

4082ec3e7377898ddee3f5c0a0d1b001

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

D:\Jenkins\.jenkins\workspace\master_lu\ScreenTest\screen_test\screen_test\Release\ScreenTest.pdb

Imports

kernel32

CreateMutexW
LoadLibraryExW
IsBadReadPtr
lstrcmpiW
CloseHandle
WaitForSingleObject
SetLastError
SetUnhandledExceptionFilter
GetCurrentProcessId
VirtualProtect
InterlockedDecrement
InterlockedIncrement
WideCharToMultiByte
GetPrivateProfileStringA
GetCommandLineW
GetModuleHandleW
SetEnvironmentVariableA
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineA
GetOEMCP
IsValidCodePage
GetModuleFileNameW
WriteConsoleW
ReadConsoleW
SetEndOfFile
SetStdHandle
EnumSystemLocalesW
GetUserDefaultLCID
IsValidLocale
GetModuleFileNameA
LeaveCriticalSection
EnterCriticalSection
GetCurrentThreadId
MultiByteToWideChar
FindResourceExW
FindResourceW
LoadLibraryW
SizeofResource
LoadResource
DeleteCriticalSection
InitializeCriticalSectionAndSpinCount
GetLastError
RaiseException
GetProcessHeap
GetACP
GetStdHandle
GetModuleHandleExW
ExitProcess
GetTimeZoneInformation
GetConsoleMode
GetConsoleCP
SetFilePointerEx
GetFileType
GetFileAttributesExW
RtlUnwind
lstrcmpA
DeviceIoControl
GetSystemWindowsDirectoryW
FreeResource
Sleep
InterlockedCompareExchange
QueryPerformanceCounter
HeapSize
HeapFree
GetStartupInfoW
HeapReAlloc
HeapAlloc
HeapDestroy
GetProcAddress
FreeLibrary
LockResource
TerminateProcess
UnhandledExceptionFilter
DecodePointer
FindFirstFileExW
IsDebuggerPresent
OutputDebugStringW
EncodePointer
InitializeSListHead
InterlockedPopEntrySList
InterlockedPushEntrySList
GetCurrentProcess
FlushInstructionCache
IsProcessorFeaturePresent
VirtualAlloc
VirtualFree
LoadLibraryExA
GetStringTypeW
FormatMessageW
CreateEventW
SwitchToThread
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
GetSystemTimeAsFileTime
CompareStringW
LCMapStringW
GetLocaleInfoW
GetCPInfo
InitializeCriticalSection
GetVersionExW
MapViewOfFile
UnmapViewOfFile
CreateFileMappingW
OpenFileMappingW
DeleteFileW
GetFileSizeEx
ReadFile
CreateFileW
WriteFile
FlushFileBuffers
LocalFree
ReleaseMutex
CopyFileW
FindClose
FindNextFileW

user32

ReleaseDC
GetDC
UnregisterClassW
CopyRect
LoadCursorW
CharNextW
CreateWindowExW
GetClassInfoExW
RegisterClassExW
PeekMessageW
DispatchMessageW
TranslateMessage
GetMessageW
CallNextHookEx
UnhookWindowsHookEx
SetWindowsHookExW
SetWindowLongW
GetWindowLongW
SetWindowTextW
GetSystemMetrics
SetWindowPos
ShowWindow
DestroyWindow
wsprintfW
IsWindow
CallWindowProcW
PostQuitMessage
DefWindowProcW
PostMessageW
EnumDisplayMonitors
GetMonitorInfoW
MonitorFromWindow

gdi32

GetDeviceCaps
SetBkColor
ExtTextOutW

advapi32

InitializeSecurityDescriptor
OpenProcessToken
RegSetValueExW
RegQueryInfoKeyW
RegOpenKeyExW
RegEnumKeyExW
RegDeleteValueW
RegDeleteKeyW
RegCreateKeyExW
RegCloseKey
SetSecurityDescriptorDacl
GetTokenInformation
RegQueryValueExW

shell32

ShellExecuteExW

ole32

CoCreateGuid
CoInitialize
CoUninitialize
CoTaskMemFree
CoTaskMemRealloc
CoTaskMemAlloc
CoCreateInstance

oleaut32

VarUI4FromStr

shlwapi

StrStrIA
PathRemoveFileSpecW
StrStrIW
PathFileExistsW
PathFileExistsA
PathAppendW
PathAppendA
PathIsDirectoryW
PathCombineW
StrCmpNIW
StrTrimA
PathRemoveFileSpecA
StrCmpIW

urlmon

URLDownloadToCacheFileW

comctl32

InitCommonControlsEx

version

GetFileVersionInfoW
VerQueryValueW
GetFileVersionInfoSizeW

crypt32

CertGetNameStringW

wintrust

WinVerifyTrust
WTHelperProvDataFromStateData

iphlpapi

GetAdaptersInfo

Sections

.text
Size: 385KB - Virtual size: 384KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 105KB - Virtual size: 104KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 11KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 93KB - Virtual size: 93KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 87KB - Virtual size: 88KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

4082ec3e7377898ddee3f5c0a0d1b001

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

user32

gdi32

advapi32

shell32

ole32

oleaut32

shlwapi

urlmon

comctl32

version

crypt32

wintrust

iphlpapi

Sections

.text Size: 385KB - Virtual size: 384KB

.rdata Size: 105KB - Virtual size: 104KB

.data Size: 11KB - Virtual size: 16KB

.rsrc Size: 93KB - Virtual size: 93KB

.reloc Size: 87KB - Virtual size: 88KB

.text
Size: 385KB - Virtual size: 384KB

.rdata
Size: 105KB - Virtual size: 104KB

.data
Size: 11KB - Virtual size: 16KB

.rsrc
Size: 93KB - Virtual size: 93KB

.reloc
Size: 87KB - Virtual size: 88KB