1cc7939b1a7d7462f1cf54ba88d2ab2b62a70e225d31b4883e9c42ecbd230ff3[.]exe

Sharing

Copy URL

Twitter E-mail

General

Target

1cc7939b1a7d7462f1cf54ba88d2ab2b62a70e225d31b4883e9c42ecbd230ff3.exe
Size

17.0MB
MD5

5133177ac4950cf772d2f729bb0622ec
SHA1

042839871fa456d7d82b34a1eb85de5afe54ccd1
SHA256

1cc7939b1a7d7462f1cf54ba88d2ab2b62a70e225d31b4883e9c42ecbd230ff3
SHA512

5fb5feee50fb84a39f691fa308667a6f7cbd46ffab8c972053ae66a03cdf176325e32d91bd2b2dbedb248413af48ca9cb9d16e49dd23ea28b2117ee808aed53e
SSDEEP

98304:rjl24g2UfnsRKJabaV70ghp0PlQCn/pNW1syTMwKr:vl24gdfn3MOXidZGgxr

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
1cc7939b1a7d7462f1cf54ba88d2ab2b62a70e225d31b4883e9c42ecbd230ff3.exe

Files

1cc7939b1a7d7462f1cf54ba88d2ab2b62a70e225d31b4883e9c42ecbd230ff3.exe
.exe windows x86

2cbc5b636b75aecad35c6984b287682c

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE

Imports

ole32

CoCreateInstance
CoSetProxyBlanket
CoInitializeEx
CoTaskMemFree
CoUninitialize
CoInitializeSecurity

ntdll

NtQuerySystemInformation
RtlCaptureContext
RtlUnwind

bcrypt

BCryptOpenAlgorithmProvider
BCryptGenRandom
BCryptCloseAlgorithmProvider

advapi32

LookupAccountSidW
GetTokenInformation
OpenProcessToken
GetNamedSecurityInfoW
SystemFunction036
AccessCheck
MapGenericMask
RevertToSelf
OpenThreadToken
ImpersonateSelf
GetSidIdentifierAuthority
IsValidSid

iphlpapi

GetIfEntry2
FreeMibTable
GetIfTable2

kernel32

GetFileType
GetStringTypeW
CompareStringW
LCMapStringW
HeapSize
GetConsoleOutputCP
CloseHandle
GetSystemTimeAsFileTime
QueryPerformanceCounter
WaitForSingleObject
GetExitCodeProcess
GetProcessHeap
HeapFree
GetLastError
HeapAlloc
OpenProcess
GetProcessTimes
GetSystemTimes
GetProcessIoCounters
GetCurrentProcessId
GetTickCount64
GlobalMemoryStatusEx
GetLogicalDrives
GetDiskFreeSpaceExW
ReleaseSRWLockExclusive
AcquireSRWLockExclusive
CreateFileW
GetDriveTypeW
GetVolumeInformationW
DeviceIoControl
GetSystemInfo
SleepConditionVariableSRW
TlsGetValue
TlsSetValue
TryAcquireSRWLockExclusive
LocalFree
GetCurrentThread
lstrlenW
FreeEnvironmentStringsW
ReleaseMutex
FindClose
ReleaseSRWLockShared
CompareStringOrdinal
AddVectoredExceptionHandler
SetThreadStackGuarantee
SwitchToThread
GetCurrentProcess
GetProcAddress
SetLastError
GetCurrentDirectoryW
GetEnvironmentStringsW
GetEnvironmentVariableW
SetEnvironmentVariableW
GetCommandLineW
FlushFileBuffers
DuplicateHandle
SetFilePointerEx
CreateDirectoryW
GetStdHandle
WriteFileEx
SleepEx
ReadFileEx
TerminateProcess
WaitForMultipleObjects
GetOverlappedResult
WakeAllConditionVariable
WakeConditionVariable
TlsAlloc
HeapReAlloc
AcquireSRWLockShared
WaitForSingleObjectEx
LoadLibraryA
CreateMutexA
GetModuleHandleA
FindNextFileW
GetFileInformationByHandle
GetFileInformationByHandleEx
FindFirstFileW
DeleteFileW
DecodePointer
GetFinalPathNameByHandleW
CreateEventW
ReadFile
CancelIo
GetModuleHandleW
FormatMessageW
GetModuleFileNameW
ExitProcess
GetFullPathNameW
CreateNamedPipeW
GetSystemDirectoryW
GetWindowsDirectoryW
CreateProcessW
GetFileAttributesW
CreateThread
GetTempPathW
GetConsoleMode
WriteConsoleW
SetStdHandle
WideCharToMultiByte
MultiByteToWideChar
GetCPInfo
GetOEMCP
GetACP
IsValidCodePage
FindFirstFileExW
GetCommandLineA
GetModuleHandleExW
WriteFile
LoadLibraryExW
FreeLibrary
TlsFree
InitializeCriticalSectionAndSpinCount
DeleteCriticalSection
LeaveCriticalSection
EnterCriticalSection
EncodePointer
RaiseException
GetStartupInfoW
IsDebuggerPresent
InitializeSListHead
GetCurrentThreadId
IsProcessorFeaturePresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter

netapi32

NetApiBufferFree
NetUserEnum
NetUserGetLocalGroups

oleaut32

SysFreeString
VariantClear
SysAllocString

pdh

PdhCollectQueryData
PdhCloseQuery
PdhRemoveCounter
PdhOpenQueryA
PdhGetFormattedCounterValue
PdhAddEnglishCounterW

powrprof

CallNtPowerInformation

psapi

GetPerformanceInfo
GetModuleFileNameExW

secur32

LsaGetLogonSessionData
LsaFreeReturnBuffer
LsaEnumerateLogonSessions

shell32

SHGetKnownFolderPath
ShellExecuteExW

Sections

.text
Size: 507KB - Virtual size: 506KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4.0MB - Virtual size: 4.0MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 5KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 18KB - Virtual size: 18KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

2cbc5b636b75aecad35c6984b287682c

Headers

DLL Characteristics

File Characteristics

Imports

ole32

ntdll

bcrypt

advapi32

iphlpapi

kernel32

netapi32

oleaut32

pdh

powrprof

psapi

secur32

shell32

Sections

.text Size: 507KB - Virtual size: 506KB

.rdata Size: 4.0MB - Virtual size: 4.0MB

.data Size: 5KB - Virtual size: 8KB

.reloc Size: 18KB - Virtual size: 18KB

.text
Size: 507KB - Virtual size: 506KB

.rdata
Size: 4.0MB - Virtual size: 4.0MB

.data
Size: 5KB - Virtual size: 8KB

.reloc
Size: 18KB - Virtual size: 18KB