e895203cb7f6f3ba5d872e10fc1e4fb7f8d3f06dfd6cf4c1c28107696ade3fab

Sharing

Copy URL

Twitter E-mail

General

Target

e895203cb7f6f3ba5d872e10fc1e4fb7f8d3f06dfd6cf4c1c28107696ade3fab
Size

1.4MB
MD5

7fd06c2e7ac2c724e3aa25b36f975be0
SHA1

bf3cc13007fbb5c357f4f9f971d38a8abc2c4742
SHA256

e895203cb7f6f3ba5d872e10fc1e4fb7f8d3f06dfd6cf4c1c28107696ade3fab
SHA512

623cfe1112e3a59dcb24a5269ac59e20889dff8b861662aff8e45dcdafadc23ef1fd6b8ae7b5f53b489f6e50b949116d2b85a18a1c864a4406021380e58dfdb4
SSDEEP

24576:gHjoOV+GZmcA6Kr3XYl2ei9X/DuyBZvKfC9NqbUejLrmr8yaADADJsd:oMO9Gr3Xeidfdsq0b3vmrraADADJK

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
e895203cb7f6f3ba5d872e10fc1e4fb7f8d3f06dfd6cf4c1c28107696ade3fab

Files

e895203cb7f6f3ba5d872e10fc1e4fb7f8d3f06dfd6cf4c1c28107696ade3fab
.exe windows:5 windows x86 arch:x86

adedf5db59d694f1d8e3811034ed87ce

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

D:\Jenkins\.jenkins\workspace\lib_common\SoftMgrInst\soft_mgr_inst\Release\SoftMgrInst.pdb

Imports

kernel32

ReleaseMutex
Sleep
WaitForSingleObjectEx
CreateMutexW
GetModuleFileNameW
GetCommandLineW
CreateToolhelp32Snapshot
Process32FirstW
Process32NextW
MultiByteToWideChar
GetFileSizeEx
GetLocalTime
CreateFileW
RaiseException
GetCurrentThreadId
SetLastError
InitializeCriticalSectionAndSpinCount
InterlockedExchange
InterlockedCompareExchange
SetEvent
WaitForMultipleObjects
GetTickCount
CreateEventW
WideCharToMultiByte
SetFilePointer
MapViewOfFile
UnmapViewOfFile
CreateFileMappingW
GetFileAttributesExW
GetPrivateProfileStringW
WritePrivateProfileStringW
FreeLibrary
LoadLibraryW
GetVersionExW
GetFileSize
WriteFile
ReadFile
FlushFileBuffers
FindClose
CreateDirectoryW
RemoveDirectoryW
SetFileAttributesW
FindFirstFileW
FindNextFileW
CopyFileW
MoveFileW
DecodePointer
InterlockedIncrement
InterlockedDecrement
lstrcmpiW
LoadLibraryExW
GetModuleHandleW
OutputDebugStringA
OutputDebugStringW
SuspendThread
DeviceIoControl
lstrlenW
GetLogicalDriveStringsW
GetDriveTypeW
GetSystemDirectoryW
GetDiskFreeSpaceExW
GetVersion
DeleteCriticalSection
GetStartupInfoW
RtlCaptureStackBackTrace
LeaveCriticalSection
EnterCriticalSection
InitializeCriticalSection
GetLastError
GetCurrentProcessId
OpenProcess
GetLongPathNameW
FindResourceExW
FindResourceW
SizeofResource
LoadResource
LocalFree
LockResource
SetEndOfFile
WriteConsoleW
SetEnvironmentVariableW
SetEnvironmentVariableA
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineA
GetOEMCP
IsValidCodePage
FindFirstFileExW
FindFirstFileExA
GetTimeZoneInformation
SetConsoleCtrlHandler
SetFilePointerEx
ReadConsoleW
SetStdHandle
GetFullPathNameA
GetFullPathNameW
DeleteFileW
CloseHandle
WaitForSingleObject
TerminateThread
GetProcessHeap
HeapSize
HeapFree
HeapReAlloc
HeapAlloc
HeapDestroy
GetCurrentDirectoryW
SetCurrentDirectoryW
GetConsoleMode
GetConsoleCP
EnumSystemLocalesW
GetUserDefaultLCID
IsValidLocale
GetTimeFormatW
GetDateFormatW
GetACP
GetStdHandle
GetModuleFileNameA
ExitProcess
FileTimeToSystemTime
SystemTimeToTzSpecificLocalTime
PeekNamedPipe
GetFileType
ResetEvent
GetModuleHandleExW
ResumeThread
ExitThread
RtlUnwind
WaitForMultipleObjectsEx
UnregisterWaitEx
QueryDepthSList
InterlockedFlushSList
ReleaseSemaphore
SetProcessAffinityMask
VirtualProtect
GetModuleHandleA
FreeLibraryAndExitThread
GetThreadTimes
UnregisterWait
RegisterWaitForSingleObject
SetThreadAffinityMask
GetProcessAffinityMask
GetNumaHighestNodeNumber
DeleteTimerQueueTimer
ChangeTimerQueueTimer
CreateTimerQueueTimer
GetLogicalProcessorInformation
GetThreadPriority
SetThreadPriority
CreateProcessW
GetProcAddress
CreateThread
SignalObjectAndWait
CreateTimerQueue
IsDebuggerPresent
EncodePointer
InitializeSListHead
InterlockedPopEntrySList
InterlockedPushEntrySList
GetCurrentProcess
FlushInstructionCache
IsProcessorFeaturePresent
VirtualAlloc
VirtualFree
LoadLibraryExA
OpenFileMappingW
FormatMessageW
DuplicateHandle
SwitchToThread
GetCurrentThread
GetExitCodeThread
GetNativeSystemInfo
TryEnterCriticalSection
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
GetSystemTimeAsFileTime
QueryPerformanceCounter
QueryPerformanceFrequency
CompareStringW
LCMapStringW
GetLocaleInfoW
GetStringTypeW
GetCPInfo
UnhandledExceptionFilter
SetUnhandledExceptionFilter
TerminateProcess
FindFirstFileA
FindNextFileA
GetTempPathW

user32

MsgWaitForMultipleObjects
SendMessageTimeoutW
DispatchMessageW
TranslateMessage
PeekMessageW
PostQuitMessage
IsWindow
ShowWindow
IsWindowVisible
IsIconic
SetForegroundWindow
FindWindowExW
GetWindowThreadProcessId
CharNextW
GetMessageW
KillTimer
SetTimer
DestroyWindow
wsprintfW
LoadCursorW
SetWindowLongW
GetWindowLongW
CreateWindowExW
GetClassInfoExW
RegisterClassExW
UnregisterClassW
CallWindowProcW
DefWindowProcW
PostMessageW
SendMessageW

advapi32

CryptReleaseContext
CryptDecrypt
RegQueryValueExW
RegSetValueExW
RegQueryInfoKeyW
RegOpenKeyExW
RegEnumKeyExW
RegDeleteValueW
RegDeleteKeyW
RegCreateKeyExW
RegCloseKey
CryptAcquireContextW
CryptEncrypt
CryptDestroyKey
CryptSetKeyParam
CryptGenRandom
CryptImportKey
CryptContextAddRef

shell32

SHCreateDirectoryExW
ShellExecuteExW
SHGetSpecialFolderPathW
ord165
SHFileOperationW
SHGetFolderPathW
CommandLineToArgvW
ShellExecuteW
SHGetDiskFreeSpaceExW

ole32

CoUninitialize
CoTaskMemFree
CoCreateInstance
CLSIDFromProgID
CoTaskMemAlloc
CoTaskMemRealloc
CoInitialize

oleaut32

VarUI4FromStr
SysFreeString
SysAllocString

shlwapi

SHGetValueW
PathCombineW
StrStrIW
StrStrIA
PathRemoveFileSpecW
PathAppendW
PathFindFileNameW
PathFileExistsW
PathFindExtensionW
PathIsDirectoryW
PathStripToRootW
PathIsRootW
StrCmpNIW
PathAppendA
PathIsRelativeW

psapi

GetModuleFileNameExW

version

GetFileVersionInfoW
VerQueryValueW
GetFileVersionInfoSizeW

urlmon

URLDownloadToCacheFileW

crypt32

CertGetNameStringW
CryptStringToBinaryA
CryptStringToBinaryW
CryptBinaryToStringA
CryptBinaryToStringW

wintrust

WinVerifyTrust
WTHelperProvDataFromStateData

Sections

.text
Size: 1.1MB - Virtual size: 1.1MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 205KB - Virtual size: 204KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 22KB - Virtual size: 29KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 124KB - Virtual size: 128KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

adedf5db59d694f1d8e3811034ed87ce

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

user32

advapi32

shell32

ole32

oleaut32

shlwapi

psapi

version

urlmon

crypt32

wintrust

Sections

.text Size: 1.1MB - Virtual size: 1.1MB

.rdata Size: 205KB - Virtual size: 204KB

.data Size: 22KB - Virtual size: 29KB

.rsrc Size: 2KB - Virtual size: 1KB

.reloc Size: 124KB - Virtual size: 128KB

.text
Size: 1.1MB - Virtual size: 1.1MB

.rdata
Size: 205KB - Virtual size: 204KB

.data
Size: 22KB - Virtual size: 29KB

.rsrc
Size: 2KB - Virtual size: 1KB

.reloc
Size: 124KB - Virtual size: 128KB