cdb.exe
First submission 2024-10-16 20:06:03
File details
| File type: | PE32+ executable (console) x86-64, for MS Windows |
| Mime type: | application/x-dosexec |
| File size: | 485.27 KB (496912 bytes) |
| Compile time: | 2010-02-01 21:15:32 |
| MD5: | 3fd5aae11b1b05480a5d76119dc6ab2b |
| SHA1: | 465f35c8a865b5904474bef9be163e680549f360 |
| SHA256: | cffca467b6ff4dee8391c68650a53f4f3828a0b5a31a9aa501d2272b683205f9 |
| Import Hash : | 0f4f0c3e62a9e9cfa3fe2208af74764a |
| Sections 5 | .text��� .data��� .pdata�� .rsrc��� .reloc�� |
| Directories 5 | import resource debug relocation security |
File features detected
URLs, FQDN and IP indicators 1
| URL | Host (FQDN/IP) | Date Added |
|---|---|---|
hXXp://146.56.118.137/cdb.exe  |
146.56.118.137 |
2024-10-16 20:06:03 |
PE Sections 0 suspicious
| Name | VAddress | VSize | Size | SHA1 | MD5 | Suspicious |
|---|---|---|---|---|---|---|
| .text��� | 0x1000 | 0x69a16 | 433152 | ba15a6ceff0867d2ef6a8d0b4716012d3162990b | f083e779fbd46069cd67e06058f3ec21 | |
| .data��� | 0x6b000 | 0x89c8 | 11264 | 224876fe9fa125fa6c38e68c87e528636dafbf0c | 5652cd6c8a957c650b1d73737d676ca8 | |
| .pdata�� | 0x74000 | 0x25a4 | 9728 | da2376960322a1d33d4f465839349763266010f3 | e1494f20089313218acdcd21ce5489f5 | |
| .rsrc��� | 0x77000 | 0x780 | 2048 | 4f47d05ae68efc90d5d2f9e80b9ec00767b0cde7 | ac19073aced8c9d674aa2dcc5b62b423 | |
| .reloc�� | 0x78000 | 0x7fc8 | 32768 | cf562f65d1ca941b5dc6a6ab2793cdc46625e116 | a14b7d04ed0fbed62583ff0f9e6339d9 |
PE Resources 3
| Name | Language | Sublanguage | Offset | Size | Data |
|---|---|---|---|---|---|
| RT_ICON | LANG_ENGLISH | SUBLANG_ENGLISH_US | 0x770f0 | 744 | |
| RT_GROUP_ICON | LANG_ENGLISH | SUBLANG_ENGLISH_US | 0x773d8 | 20 | |
| RT_VERSION | LANG_ENGLISH | SUBLANG_ENGLISH_US | 0x773f0 | 908 |
Meta infos 9
| LegalCopyright: | \xa9 Microsoft Corporation. All rights reserved. |
| InternalName: | CDB.Exe |
| FileVersion: | 6.12.0002.633 (debuggers(dbg).100201-1211) |
| CompanyName: | Microsoft Corporation |
| ProductVersion: | 6.12.0002.633 |
| FileDescription: | Symbolic Debugger for Windows |
| Translation: | 0x0409 0x04b0 |
| OriginalFilename: | CDB.Exe |
| ProductName: | Debugging Tools for Windows(R) |
Packers detected 1
| Microsoft Visual C++ 8.0 (DLL) |
Anti debug functions 5
| GetLastError |
| OutputDebugStringA |
| RaiseException |
| TerminateProcess |
| UnhandledExceptionFilter |
File signature
| MD5 | SHA1 | Block size | Virtual Address |
|---|---|---|---|
| 234f78b92d8b9f17b9ba5bfb4e5074a4 | 34c506265ab91188ae99e4b65c42a1a48fa4128d | 6928 | 489984 |
Strings analysis - File found
| Object |
| hhctrl.ocx |
| Library |
| ntlanman.dll |
| d3d9.dll |
| drtprov.dll |
| inseng.dll |
| ADVAPI32.dll |
| pautoenr.dll |
| hid.dll |
| eappcfg.dll |
| sdiagschd.dll |
| SSPICLI.DLL |
| ACTIVEDS.dll |
| secur32.dll |
| webio.dll |
| keymgr.dll |
| pidgenx.dll |
| cryptbase.dll |
| WINHTTP.dll |
| oledlg.dll |
| NSI.dll |
| API-MS-Win-Security-SDDL-L1-1-0.dll |
| wdi.dll |
| cryptnet.dll |
| Crypt32.dll |
| fms.dll |
| rtutils.dll |
| AUTHZ.dll |
| dbghelp.dll |
| SCARDDLG.dll |
| ieshims.dll |
| shfolder.dll |
| cryptui.dll |
| synceng.dll |
| WLDAP32.dll |
| mtxclu.dll |
| srvcli.dll |
| dfscli.dll |
| netlogon.dll |
| ieframe.dll |
| colbact.dll |
| ubpm.dll |
| ODBC32.dll |
| query.dll |
| pcwum.dll |
| samsrv.dll |
| netcfgx.dll |
| cscapi.dll |
| vaultcli.dll |
| ESENT.dll |
| RstrtMgr.dll |
| sfc.dll |
| occache.dll |
| UIAutomationCore.dll |
| cscdll.dll |
| rpcshim.dll |
| rasman.dll |
| SHLWAPI.dll |
| wmpmde.dll |
| mshtml.dll |
| certpoleng.dll |
| Virtdisk.dll |
| nci.dll |
| mprmsg.dll |
| WININET.dll |
| catsrvut.dll |
| propsys.dll |
| wkscli.dll |
| wlanapi.dll |
| davhlpr.dll |
| USER32.dll |
| netplwiz.dll |
| msiltcfg.dll |
| EFSUTIL.dll |
| wintrust.dll |
| avrt.dll |
| certenroll.dll |
| aclui.dll |
| UxTheme.dll |
| drttransport.dll |
| WSDApi.dll |
| wmvcore.dll |
| imgutil.dll |
| dwmapi.dll |
| hlink.dll |
| DDRAW.dll |
| ntdsetup.dll |
| pstorec.dll |
| credui.dll |
| sti.dll |
| mlang.dll |
| certcli.dll |
| ntdll.dll |
| dbgeng.dll |
| mssign32.dll |
| ntdskcc.dll |
| OLEAUT32.dll |
| slc.dll |
| msdrm.dll |
| MSVCRT.dll |
| msrating.dll |
| rpchttp.dll |
| dsrole.dll |
| API-MS-WIN-Service-Core-L1-1-0.dll |
| SensApi.dll |
| ntdsa.dll |
| regapi.dll |
| mf.dll |
| CFGMGR32.dll |
| pidgen.dll |
| NETAPI32.dll |
| httpapi.dll |
| Loadperf.dll |
| d3d8.dll |
| mfreadwrite.dll |
| COMCTL32.dll |
| catsrv.dll |
| spfileq.dll |
| wmi.dll |
| NTDSAPI.dll |
| cryptsp.dll |
| ole32.dll |
| API-MS-WIN-Service-winsvc-L1-1-0.dll |
| cryptxml.dll |
| msi.dll |
| Powrprof.dll |
| IMM32.dll |
| WinSCard.dll |
| sqmapi.dll |
| p2p.dll |
| MSACM32.dll |
| ieui.dll |
| ntdsbsrv.dll |
| dhcpcsvc.dll |
| devobj.dll |
| FXSAPI.DLL |
| OLEACC.dll |
| ktmw32.dll |
| drvstore.dll |
| ntmarta.dll |
| wlanhlp.dll |
| kdcsvc.dll |
| usp10.dll |
| clusapi.dll |
| sppc.dll |
| shdocvw.dll |
| msgina.dll |
| dui70.dll |
| msoobeui.dll |
| normaliz.dll |
| SETUPAPI.dll |
| ignores version mismatches in DBGHELP.DLL |
| fveapi.dll |
| advpack.dll |
| NDFAPI.DLL |
| netjoin.dll |
| ieakeng.dll |
| syssetup.dll |
| ntshrui.dll |
| PSAPI.DLL |
| hnetcfg.dll |
| samlib.dll |
| lsasrv.dll |
| duser.dll |
| efsadu.dll |
| netmsg.dll |
| samcli.dll |
| dnsapi.dll |
| cryptdll.dll |
| Fwpuclnt.dll |
| API-MS-Win-Security-LSALookup-L1-1-0.dll |
| slcext.dll |
| wmdrmsdk.dll |
| api-ms-win-service-management-l1-1-0.dll |
| xolehlp.dll |
| ActionQueue.dll |
| explorerframe.dll |
| OPENGL32.dll |
| netshell.dll |
| dxgi.dll |
| GDI32.dll |
| gdiplus.dll |
| XmlLite.dll |
| sfmapi.dll |
| vssapi.dll |
| urlmon.dll |
| browcli.dll |
| Msctf.dll |
| msjava.dll |
| ehtrace.dll |
| msfeeds.dll |
| UXInit.dll |
| KERNEL32.dll |
| w32topl.dll |
| XpsRasterService.dll |
| profapi.dll |
| comsvcs.dll |
| linkinfo.dll |
| wer.dll |
| Srclient.dll |
| gpapi.dll |
| qwave.dll |
| devrtl.dll |
| WINNSI.DLL |
| utildll.dll |
| onexui.dll |
| WINSTA.dll |
| cabinet.dll |
| rpcrt4.dll |
| WINMM.dll |
| apphelp.dll |
| iashlpr.dll |
| sndvolsso.dll |
| WTSAPI32.dll |
| COMDLG32.dll |
| USERENV.dll |
| evr.dll |
| clbcatq.dll |
| elscore.dll |
| IPHLPAPI.DLL |
| bcrypt.dll |
| netbios.dll |
| WindowsCodecs.dll |
| mqrt.dll |
| dhcpcsvc6.dll |
| MPRAPI.dll |
| cryptdlg.dll |
| onex.dll |
| drt.dll |
| appmgmts.dll |
| mscat32.dll |
| MSWSOCK.DLL |
| netutils.dll |
| tdh.dll |
| werui.dll |
| scecli.dll |
| RASAPI32.dll |
| winbrand.dll |
| ncrypt.dll |
| gpsvc.dll |
| MMDevAPI.dll |
| mdedrmstublib.dll |
| netman.dll |
| P2PGraph.dll |
| API-MS-WIN-Service-Management-L2-1-0.dll |
| printui.dll |
| devmgr.dll |
| wlanutil.dll |
| FirewallAPI.dll |
| WS2_32.dll |
| logoncli.dll |
| mfplat.dll |
| SHELL32.dll |
| imagehlp.dll |
| inetcomm.dll |
| rasdlg.dll |
| TAPI32.dll |
| d2d1.dll |
| SPInf.dll |
| MSIMG32.dll |
| DSOUND.dll |
| vpnikeapi.dll |
| VERSION.dll |
| MPR.dll |
| webservices.dll |
Strings analysis - Possible URLs found 8
| http://www.microsoft.com/pki/certs/MicrosoftRootCert.crt0v |
| http://crl.microsoft.com/pki/crl/products/MicrosoftTimeStampPCA.crl0X |
| http://www.microsoft.com/pki/certs/CodeSigPCA.crt0 |
| http://crl.microsoft.com/pki/crl/products/microsoftrootcert.crl0T |
| http://www.microsoft.com/pki/certs/MicrosoftTimeStampPCA.crt0 |
| http://crl.microsoft.com/pki/crl/products/CodeSigPCA.crl0M |
| http://www.microsoft.com/pki/certs/MicrosoftRootCert.crt0 |
| http://www.microsoft.com0 |