4c4822f27c1ddff2bc2a6f73dcbf7b812e77daaae93693d38b0ac49cafc0a2e0

Sharing

Copy URL Twitter E-mail

General

Target

4c4822f27c1ddff2bc2a6f73dcbf7b812e77daaae93693d38b0ac49cafc0a2e0
Size

701KB
MD5

6c27b8eb746b2be9cf21f86ec4a1ac1f
SHA1

39cdfe6c2e5f9daadb9a30f5b9f0e104f28ea028
SHA256

4c4822f27c1ddff2bc2a6f73dcbf7b812e77daaae93693d38b0ac49cafc0a2e0
SHA512

4e202d9b4ef520aff3c94cced9d88c7c09b0bd186e1f233ad31920972cf383d56ad7019eb40f56d299c07fc6dcdc6209b53ef0de7d2fb929703a8eb3c2f3e2a3
SSDEEP

12288:U37Q1y7bhu6Cu0uUkVXtgOEFTbK7jol4uHovH3J5z1bXgdmCF:Uk1y7jChu1XtzUTbKv+UH55z1bTCF

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
4c4822f27c1ddff2bc2a6f73dcbf7b812e77daaae93693d38b0ac49cafc0a2e0

Files

4c4822f27c1ddff2bc2a6f73dcbf7b812e77daaae93693d38b0ac49cafc0a2e0
.exe windows x86

8d7d1ebce4fa0e40fa7f401817c40424

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

version

VerQueryValueW
GetFileVersionInfoSizeW
GetFileVersionInfoW

kernel32

ReleaseMutex
CreateMutexW
GetProcessHeap
HeapAlloc
CreateFileW
UnmapViewOfFile
CloseHandle
GetFileSize
CreateFileMappingW
MapViewOfFile
GetUserDefaultLangID
WriteFile
GetModuleFileNameW
GetEnvironmentVariableW
VirtualQuery
GetModuleHandleW
CreateProcessW
LocalFree
GetLastError
WaitForSingleObject
GetCurrentProcessId
GetProcAddress
ReadFile
SetFilePointer
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSection
SetEndOfFile
DeleteCriticalSection
FindFirstFileW
CreateDirectoryW
GetFullPathNameW
lstrlenW
FindNextFileW
FindClose
SetFileAttributesW
DeleteFileW
InterlockedExchange
SetLastError
InterlockedExchangeAdd
GetTickCount
GetFileAttributesExW
GetFileSizeEx
InitializeCriticalSectionAndSpinCount
FormatMessageW
UnhandledExceptionFilter
ExpandEnvironmentStringsW
SetUnhandledExceptionFilter
TerminateProcess
IsProcessorFeaturePresent
QueryPerformanceCounter
GetSystemTimeAsFileTime
InitializeSListHead
IsDebuggerPresent
WideCharToMultiByte
GetStartupInfoW
LoadLibraryW
FreeLibrary
OutputDebugStringW
GetCurrentProcess
OpenProcess
GetFileAttributesW
GetCurrentThreadId
HeapFree
MultiByteToWideChar
GetACP
lstrcmpiW
FindResourceW
LoadResource
GetVersionExW
LockResource
Sleep

msvcp140

??5?$basic_istream@DU?$char_traits@D@std@@@std@@QAEAAV01@AAN@Z
??1?$basic_istream@DU?$char_traits@D@std@@@std@@UAE@XZ
??0?$basic_istream@DU?$char_traits@D@std@@@std@@QAE@PAV?$basic_streambuf@DU?$char_traits@D@std@@@1@_N@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@H@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@P6AAAVios_base@1@AAV21@@Z@Z
?setw@std@@YA?AU?$_Smanip@_J@1@_J@Z
?_Xbad_alloc@std@@YAXXZ
??1?$basic_ostream@DU?$char_traits@D@std@@@std@@UAE@XZ
?imbue@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAEXABVlocale@2@@Z
?sync@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAEHXZ
?setbuf@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAEPAV12@PAD_J@Z
?xsputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAE_JPBD_J@Z
?xsgetn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAE_JPAD_J@Z
?uflow@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAEHXZ
?showmanyc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAE_JXZ
?_Unlock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@UAEXXZ
?_Lock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@UAEXXZ
??1?$basic_streambuf@DU?$char_traits@D@std@@@std@@UAE@XZ
??1?$basic_ios@DU?$char_traits@D@std@@@std@@UAE@XZ
??0?$basic_ostream@DU?$char_traits@D@std@@@std@@QAE@PAV?$basic_streambuf@DU?$char_traits@D@std@@@1@_N@Z
?_Pninc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAEPADXZ
??0?$basic_ios@DU?$char_traits@D@std@@@std@@IAE@XZ
?setstate@?$basic_ios@DU?$char_traits@D@std@@@std@@QAEXH_N@Z
??0?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAE@XZ
?sputc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAEHD@Z
?flush@?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV12@XZ
?sputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAE_JPBD_J@Z
?_Osfx@?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEXXZ
?uncaught_exception@std@@YA_NXZ
?_Xout_of_range@std@@YAXPBD@Z
?_Xlength_error@std@@YAXPBD@Z

vcruntime140

memmove
strstr
memcpy
_purecall
__std_exception_copy
__std_exception_destroy
__CxxFrameHandler3
wcsrchr
wcschr
_except_handler4_common
_CxxThrowException
memset
wcsstr
memchr

api-ms-win-crt-runtime-l1-1-0

_invalid_parameter_noinfo_noreturn
_errno
_initterm_e
terminate
_seh_filter_exe
_set_app_type
_configure_wide_argv
_initialize_wide_environment
_controlfp_s
_crt_atexit
_register_onexit_function
_initialize_onexit_table
_get_wide_winmain_command_line
_register_thread_local_exe_atexit_callback
_c_exit
_cexit
_initterm
_exit
exit

api-ms-win-crt-heap-l1-1-0

_set_new_mode
malloc
_callnewh
free
calloc

api-ms-win-crt-stdio-l1-1-0

__stdio_common_vsprintf_s
__p__commode
_set_fmode
__stdio_common_vswprintf
__stdio_common_vsprintf

api-ms-win-crt-time-l1-1-0

_localtime64
_time64

api-ms-win-crt-string-l1-1-0

wcsncpy
towupper
towlower
_wcsicmp
_stricmp
isalnum

api-ms-win-crt-convert-l1-1-0

_wtoi
atoi

api-ms-win-crt-utility-l1-1-0

rand
srand

api-ms-win-crt-filesystem-l1-1-0

_splitpath_s

api-ms-win-crt-math-l1-1-0

modf
_dtest
_except1
__setusermatherr

api-ms-win-crt-locale-l1-1-0

_configthreadlocale

Sections

.text
Size: 347KB - Virtual size: 346KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 67KB - Virtual size: 66KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 255KB - Virtual size: 254KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 15KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

8d7d1ebce4fa0e40fa7f401817c40424

Headers

DLL Characteristics

File Characteristics

Imports

version

kernel32

msvcp140

vcruntime140

api-ms-win-crt-runtime-l1-1-0

api-ms-win-crt-heap-l1-1-0

api-ms-win-crt-stdio-l1-1-0

api-ms-win-crt-time-l1-1-0

api-ms-win-crt-string-l1-1-0

api-ms-win-crt-convert-l1-1-0

api-ms-win-crt-utility-l1-1-0

api-ms-win-crt-filesystem-l1-1-0

api-ms-win-crt-math-l1-1-0

api-ms-win-crt-locale-l1-1-0

Sections

.text Size: 347KB - Virtual size: 346KB

.rdata Size: 67KB - Virtual size: 66KB

.data Size: 2KB - Virtual size: 3KB

.rsrc Size: 255KB - Virtual size: 254KB

.reloc Size: 15KB - Virtual size: 14KB

.text
Size: 347KB - Virtual size: 346KB

.rdata
Size: 67KB - Virtual size: 66KB

.data
Size: 2KB - Virtual size: 3KB

.rsrc
Size: 255KB - Virtual size: 254KB

.reloc
Size: 15KB - Virtual size: 14KB