20a620aac4fa6b2102e0e1831c2a73ece858187087ed80ede3e1da50e60e3c31

Sharing

Copy URL

Twitter E-mail

General

Target

20a620aac4fa6b2102e0e1831c2a73ece858187087ed80ede3e1da50e60e3c31
Size

922KB
MD5

e44de64095bd4fef9f8a0f5c31a044ad
SHA1

1f534c91e334b67c0b7e9382619048d84a13318b
SHA256

20a620aac4fa6b2102e0e1831c2a73ece858187087ed80ede3e1da50e60e3c31
SHA512

51e180b2ff01986cfd6d200e1bfeddee77bf594ccf8730aeeb8579b687eb5acf0286f3986f95a1cd94a17985a485bf4575644b2e3bafaaa8c3f864f08a356d66
SSDEEP

24576:/J+xweX1UEKkP7wKtAlZlb0fMMMMMMMMMMMMM1MMMCMMMMiIApMcMMi/MMTrLBio:0vP7eZlb0fMMMMMMMMMMMMM1MMMCMMMU

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
20a620aac4fa6b2102e0e1831c2a73ece858187087ed80ede3e1da50e60e3c31

Files

20a620aac4fa6b2102e0e1831c2a73ece858187087ed80ede3e1da50e60e3c31
.exe windows:5 windows x86 arch:x86

32c5e5fa984a2dc903c4a9750b183707

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

D:\Jenkins\.jenkins\workspace\master_lu\power_calculator\power_calculator\Release\PowerCalculator.pdb

Imports

kernel32

ReadFile
FlushFileBuffers
CreateFileW
WriteFile
GetFileSize
GetCurrentProcess
IsBadReadPtr
LoadLibraryExW
lstrcmpiW
WaitForSingleObject
SetLastError
SetUnhandledExceptionFilter
SetEnvironmentVariableA
VirtualProtect
GetEnvironmentStringsW
GetCommandLineA
GetOEMCP
IsValidCodePage
FindFirstFileExW
WriteConsoleW
ReadConsoleW
SetEndOfFile
FreeLibrary
InterlockedDecrement
InterlockedIncrement
WideCharToMultiByte
GetPrivateProfileStringA
GetModuleHandleW
GetModuleFileNameA
GetCurrentThreadId
GetCurrentProcessId
FindResourceExW
FindResourceW
SizeofResource
LoadResource
LockResource
GetModuleFileNameW
LoadLibraryW
GetProcAddress
GetTickCount
MultiByteToWideChar
GetCommandLineW
CreateMutexW
CloseHandle
DeleteCriticalSection
InitializeCriticalSectionAndSpinCount
LeaveCriticalSection
EnterCriticalSection
InitializeCriticalSection
SetStdHandle
EnumSystemLocalesW
GetUserDefaultLCID
IsValidLocale
FreeLibraryAndExitThread
ExitThread
CreateThread
GetACP
GetStdHandle
GetModuleHandleExW
ExitProcess
GetTimeZoneInformation
GetConsoleMode
GetConsoleCP
SetFilePointerEx
GetFileType
GetFileAttributesExW
RtlUnwind
GetSystemWindowsDirectoryW
FreeResource
Sleep
GetLastError
RaiseException
GetProcessHeap
HeapSize
DecodePointer
HeapFree
HeapReAlloc
HeapAlloc
InterlockedCompareExchange
CreateFileA
GetSystemDirectoryW
lstrcmpiA
lstrcmpA
HeapDestroy
FreeEnvironmentStringsW
IsDebuggerPresent
OutputDebugStringW
EncodePointer
InitializeSListHead
InterlockedPopEntrySList
InterlockedPushEntrySList
FlushInstructionCache
IsProcessorFeaturePresent
VirtualAlloc
VirtualFree
LoadLibraryExA
GetStringTypeW
FormatMessageW
CreateEventW
SwitchToThread
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
GetSystemTimeAsFileTime
CompareStringW
LCMapStringW
GetLocaleInfoW
GetCPInfo
GetVersionExW
MapViewOfFile
UnmapViewOfFile
CreateFileMappingW
OpenFileMappingW
DeleteFileW
GetFileSizeEx
LocalFree
ReleaseMutex
UnhandledExceptionFilter
TerminateProcess
GetStartupInfoW
QueryPerformanceCounter
FindClose
FindNextFileW
DeviceIoControl

user32

LoadCursorW
CreateWindowExW
GetClassInfoExW
RegisterClassExW
PeekMessageW
DispatchMessageW
TranslateMessage
GetMessageW
wsprintfW
SetWindowLongW
GetWindowLongW
SetWindowTextW
IsWindowVisible
SetWindowPos
ShowWindow
DestroyWindow
CallWindowProcW
PostQuitMessage
DefWindowProcW
IsWindow
PostMessageW
FindWindowW
UnregisterClassW
SendMessageTimeoutW
CharNextW

gdi32

SetBkColor
ExtTextOutW

advapi32

RegQueryValueExA
RegOpenKeyExA
GetTokenInformation
OpenProcessToken
RegSetValueExW
RegQueryInfoKeyW
RegOpenKeyExW
RegEnumKeyExW
RegDeleteValueW
RegDeleteKeyW
RegCreateKeyExW
RegCloseKey
SetSecurityDescriptorDacl
InitializeSecurityDescriptor
RegEnumKeyExA
RegGetValueW
RegQueryValueExW

shell32

ShellExecuteExW
SHGetSpecialFolderPathW

ole32

CoCreateInstance
CoTaskMemAlloc
CoTaskMemRealloc
CoUninitialize
CoInitialize
CoCreateGuid
CoTaskMemFree

oleaut32

GetErrorInfo
VarUI4FromStr

shlwapi

PathRemoveFileSpecW
PathAppendW
PathFileExistsA
PathCombineW
PathIsDirectoryW
PathFileExistsW
StrStrIA
SHGetValueA
SHSetValueA
PathAppendA
PathRemoveFileSpecA
StrCmpNIW
StrTrimA
StrStrIW
StrCmpIW

urlmon

URLDownloadToFileW
URLDownloadToCacheFileW

version

GetFileVersionInfoW
VerQueryValueW
GetFileVersionInfoSizeW

comctl32

InitCommonControlsEx

crypt32

CertGetNameStringW

wintrust

WinVerifyTrust
WTHelperProvDataFromStateData

wininet

InternetGetConnectedState

iphlpapi

GetAdaptersInfo

Sections

.text
Size: 438KB - Virtual size: 438KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 114KB - Virtual size: 114KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 12KB - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 252KB - Virtual size: 251KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 97KB - Virtual size: 100KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

32c5e5fa984a2dc903c4a9750b183707

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

user32

gdi32

advapi32

shell32

ole32

oleaut32

shlwapi

urlmon

version

comctl32

crypt32

wintrust

wininet

iphlpapi

Sections

.text Size: 438KB - Virtual size: 438KB

.rdata Size: 114KB - Virtual size: 114KB

.data Size: 12KB - Virtual size: 20KB

.rsrc Size: 252KB - Virtual size: 251KB

.reloc Size: 97KB - Virtual size: 100KB

.text
Size: 438KB - Virtual size: 438KB

.rdata
Size: 114KB - Virtual size: 114KB

.data
Size: 12KB - Virtual size: 20KB

.rsrc
Size: 252KB - Virtual size: 251KB

.reloc
Size: 97KB - Virtual size: 100KB