9cf0c15c08b0e2378925c14c87fb329730574a8cb9a92ffcdafd2d2ecf53037a

Sharing

Copy URL

Twitter E-mail

General

Target

9cf0c15c08b0e2378925c14c87fb329730574a8cb9a92ffcdafd2d2ecf53037a
Size

801KB
MD5

66bc48eaac18f6db86b46f30afaae901
SHA1

7a700299bc0c9b35bfff370475bc0b0059a6acae
SHA256

9cf0c15c08b0e2378925c14c87fb329730574a8cb9a92ffcdafd2d2ecf53037a
SHA512

d2813e49c078e2c1b894e1c5d43c8496b5e62357c0c29a2bb199a0d0f5f164d8ea531c407605be17841b0ec3519283b53a3889799cb7d4aa1e44dd0949a338fe
SSDEEP

24576:yNAU0m4CoA/OGkH+aFtpEGOTOXh511qXjbASHAuea:AXoA/OjthOTahRqXjbAQAu5

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
9cf0c15c08b0e2378925c14c87fb329730574a8cb9a92ffcdafd2d2ecf53037a

Files

9cf0c15c08b0e2378925c14c87fb329730574a8cb9a92ffcdafd2d2ecf53037a
.exe windows:5 windows x86 arch:x86

05b033e4e05c70f5f18d18b1ed66ebc3

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

E:\zhanlue\rcimage\bin\Win32\Release\pdb\2345PicDumper.pdb

Imports

kernel32

GetLastError
GetFileAttributesExW
GetACP
MultiByteToWideChar
WideCharToMultiByte
GetProcAddress
HeapFree
HeapAlloc
GetProcessHeap
CreateMutexW
WaitForSingleObject
ReleaseMutex
CloseHandle
OpenMutexW
ReadFile
WriteFile
SetFilePointer
SetEndOfFile
GetFileSize
CreateDirectoryW
lstrlenW
RemoveDirectoryW
GetFileAttributesW
SetFileAttributesW
DeleteFileW
MoveFileExW
GetTempFileNameW
MoveFileW
FormatMessageW
CreateFileW
LoadLibraryW
FreeLibrary
GetCurrentThreadId
GetVersionExW
OpenProcess
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSection
DeleteCriticalSection
LockResource
LoadResource
FindResourceW
GetModuleHandleW
lstrcmpiW
GetCurrentProcess
GetModuleFileNameW
InterlockedExchange
SetLastError
InterlockedExchangeAdd
GetTickCount
GetCurrentProcessId
LoadLibraryExW
FindClose
LocalFree
FindNextFileW
SwitchToThread
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
GetSystemTimeAsFileTime
EncodePointer
DecodePointer
CompareStringW
LCMapStringW
GetLocaleInfoW
GetStringTypeW
GetCPInfo
UnhandledExceptionFilter
SetUnhandledExceptionFilter
TerminateProcess
IsProcessorFeaturePresent
QueryPerformanceCounter
InitializeSListHead
IsDebuggerPresent
GetStartupInfoW
UnmapViewOfFile
DuplicateHandle
GetFileInformationByHandle
FileTimeToSystemTime
GetLocalTime
SystemTimeToFileTime
GetFileType
GetSystemTime
CreateFileMappingW
MapViewOfFile
FileTimeToDosDateTime
RtlUnwind
RaiseException
GetStdHandle
ExitProcess
GetModuleHandleExW
FlushFileBuffers
GetConsoleCP
GetConsoleMode
IsValidLocale
GetUserDefaultLCID
EnumSystemLocalesW
ReadConsoleW
SetFilePointerEx
GetTimeZoneInformation
HeapReAlloc
OutputDebugStringW
FindFirstFileExW
IsValidCodePage
GetOEMCP
GetCommandLineA
GetCommandLineW
GetEnvironmentStringsW
FreeEnvironmentStringsW
SetEnvironmentVariableA
SetStdHandle
WriteConsoleW
HeapSize
ExpandEnvironmentStringsW
LoadLibraryA
lstrcatW
lstrcpyW
GetFileSizeEx
FindFirstFileW
InitializeCriticalSectionAndSpinCount
SetErrorMode

shell32

SHGetPathFromIDListW
SHGetSpecialFolderLocation

ole32

CoTaskMemFree

imm32

ImmDisableIME

advapi32

GetUserNameW

Exports

Exports

CheckSigner

Sections

.text
Size: 527KB - Virtual size: 526KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 141KB - Virtual size: 140KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 5KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 99KB - Virtual size: 100KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

05b033e4e05c70f5f18d18b1ed66ebc3

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

shell32

ole32

imm32

advapi32

Exports

Exports

Sections

.text Size: 527KB - Virtual size: 526KB

.rdata Size: 141KB - Virtual size: 140KB

.data Size: 5KB - Virtual size: 10KB

.rsrc Size: 8KB - Virtual size: 7KB

.reloc Size: 99KB - Virtual size: 100KB

.text
Size: 527KB - Virtual size: 526KB

.rdata
Size: 141KB - Virtual size: 140KB

.data
Size: 5KB - Virtual size: 10KB

.rsrc
Size: 8KB - Virtual size: 7KB

.reloc
Size: 99KB - Virtual size: 100KB