Clock[.]exe[.]7z

Target

Clock.exe.7z
Size

229KB
MD5

2e658fb3ae6f9116a837f1920106e008
SHA1

4dd66bb1345c2a6a8c470424167c3c7f5b08e820
SHA256

831eb5d2d2ba73c8d15fdae25ec0ce74118a6760be07a74fad2823fec68bf429
SHA512

8e933fbaea257cdcf19778f64f162c209c3d93f4b19beb9600c5257bf65596ae544d67b4dc0a9a40fec5c36c7f38a4492986bcc5225998fa63a91ea0870e88a7
SSDEEP

3072:jeZZ5Wfwfz2pj3m9MuGoFQiGPeisK7t9cx91uiFGyTY4HO1itCOT7JNKIneJms0r:j8WU2juDFQiu/teZ9vTY4u8EOT7iJG

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/Clock.exe

Files

Clock.exe.7z
.7z

Password: infected
Clock.exe
.exe windows x64

Password: infected

153171e6d515aae9250ef98519d31fdd

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_APPCONTAINER
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

kernel32

FileTimeToSystemTime
SystemTimeToTzSpecificLocalTime
TzSpecificLocalTimeToSystemTime
SystemTimeToFileTime
GetSystemTimeAsFileTime
DisableThreadLibraryCalls
GetCurrentThreadId
GetCurrentProcessId
QueryPerformanceCounter
IsProcessorFeaturePresent
IsDebuggerPresent
EncodePointer
AcquireSRWLockExclusive
ReleaseSRWLockExclusive
DecodePointer

vccorlib110

??0NotImplementedException@Platform@@QE$AAA@XZ
?ReleaseInContextImpl@Details@Platform@@YAJPEAUIUnknown@@0@Z
??0NullReferenceException@Platform@@QE$AAA@XZ
?CreateException@Exception@Platform@@SAPE$AAV12@H@Z
?ReCreateException@Exception@Platform@@SAPE$AAV12@H@Z
??0DisconnectedException@Platform@@QE$AAA@XZ
?CreateValue@Details@Platform@@YAPE$AAVObject@2@PE$AAVType@2@PEBX@Z
?GetIBoxVtable@Details@Platform@@YAPEAXPEAX@Z
?__abi_ObjectToString@__abi_details@@YAPE$AAVString@Platform@@PE$AAVObject@3@_N@Z
?EventSourceUninitialize@Details@Platform@@YAXPEAPEAX@Z
?EventSourceInitialize@Details@Platform@@YAXPEAPEAX@Z
??0OutOfBoundsException@Platform@@QE$AAA@XZ
??0OutOfMemoryException@Platform@@QE$AAA@XZ
??0FailureException@Platform@@QE$AAA@XZ
?EventSourceAdd@Details@Platform@@YA?AVEventRegistrationToken@Foundation@Windows@@PEAPEAXPEAUEventLock@12@PE$AAVDelegate@2@@Z
?EventSourceRemove@Details@Platform@@YAXPEAPEAXPEAUEventLock@12@VEventRegistrationToken@Foundation@Windows@@@Z
?FreeException@Heap@Details@Platform@@SAXPEAX@Z
?EventSourceGetTargetArray@Details@Platform@@YAPEAXPEAXPEAUEventLock@12@@Z
?EventSourceGetTargetArraySize@Details@Platform@@YAIPEAX@Z
?EventSourceGetTargetArrayEvent@Details@Platform@@YAPEAXPEAXI@Z
?GetType@Object@Platform@@QE$AAAPE$AAVType@2@XZ
??0GridLength@Xaml@UI@Windows@@QEAA@NW4GridUnitType@123@@Z
?GetObjectContext@Details@Platform@@YAPEAUIUnknown@@XZ
?GetProxyImpl@Details@Platform@@YAJPEAUIUnknown@@AEBU_GUID@@0PEAPEAU3@@Z
?GetWeakReference@Details@Platform@@YAPEAU__abi_IUnknown@@QE$ADVObject@2@@Z
?ResolveWeakReference@Details@Platform@@YAPE$AAVObject@2@AEBU_GUID@@PEAPEAU__abi_IUnknown@@@Z
?GetActivationFactoryByPCWSTR@@YAJPEAXAEAVGuid@Platform@@PEAPEAX@Z
?InitializeData@Details@Platform@@YAJH@Z
?UninitializeData@Details@Platform@@YAXH@Z
?AllocateException@Heap@Details@Platform@@SAPEAX_K@Z
?__abi_make_type_id@@YAPE$AAVType@Platform@@AEBU__abi_type_descriptor@@@Z
?get@FullName@Type@Platform@@QE$AAAPE$AAVString@3@XZ
??0Delegate@Platform@@QE$AAA@XZ
??0Object@Platform@@QE$AAA@XZ
?GetIBoxArrayVtable@Details@Platform@@YAPEAXPEAX@Z
?__abi_FailFast@@YAXXZ
?ReCreateFromException@Details@Platform@@YAJPE$AAVException@2@@Z
?ToString@uint8@default@@QEAAPE$AAVString@Platform@@XZ
?Free@Heap@Details@Platform@@SAXPEAX@Z
?Allocate@Heap@Details@Platform@@SAPEAX_K@Z
?__abi_cast_Object_to_String@__abi_details@@YAPE$AAVString@Platform@@_NPE$AAVObject@3@@Z
?__abi_cast_String_to_Object@__abi_details@@YAPE$AAVObject@Platform@@PE$AAVString@3@@Z
?__abi_WinRTraiseNotImplementedException@@YAXXZ
?__abi_WinRTraiseInvalidCastException@@YAXXZ
?__abi_WinRTraiseNullReferenceException@@YAXXZ
?__abi_WinRTraiseOperationCanceledException@@YAXXZ
??0ChangedStateException@Platform@@QE$AAA@XZ
?__abi_WinRTraiseFailureException@@YAXXZ
?__abi_WinRTraiseAccessDeniedException@@YAXXZ
?__abi_WinRTraiseOutOfMemoryException@@YAXXZ
?__abi_WinRTraiseInvalidArgumentException@@YAXXZ
?__abi_WinRTraiseOutOfBoundsException@@YAXXZ
?__abi_WinRTraiseChangedStateException@@YAXXZ
?__abi_WinRTraiseClassNotRegisteredException@@YAXXZ
?__abi_WinRTraiseWrongThreadException@@YAXXZ
?__abi_WinRTraiseDisconnectedException@@YAXXZ
?__abi_WinRTraiseObjectDisposedException@@YAXXZ
?__abi_WinRTraiseCOMException@@YAXJ@Z
?GetCmdArguments@Details@Platform@@YAPEAPEA_WPEAH@Z
?GetIidsFn@@YAJHPEAKPEBU__s_GUID@@PEAPEAVGuid@Platform@@@Z
?GetActivationFactory@Details@Platform@@YAJPEAVModuleBase@1WRL@Microsoft@@PEAUHSTRING__@@PEAPEAUIActivationFactory@@@Z
?TerminateModule@Details@Platform@@YA_NPEAVModuleBase@1WRL@Microsoft@@@Z

msvcp110

?_Winerror_map@std@@YAPEBDH@Z
??6?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QEAAAEAV01@_K@Z
??0?$basic_ios@_WU?$char_traits@_W@std@@@std@@IEAA@XZ
??0?$basic_iostream@_WU?$char_traits@_W@std@@@std@@QEAA@PEAV?$basic_streambuf@_WU?$char_traits@_W@std@@@1@@Z
??0?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@IEAA@XZ
?_Add_vtordisp2@?$basic_ostream@_WU?$char_traits@_W@std@@@std@@UEAAXXZ
?_Add_vtordisp1@?$basic_istream@_WU?$char_traits@_W@std@@@std@@UEAAXXZ
?imbue@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@MEAAXAEBVlocale@2@@Z
?setbuf@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@MEAAPEAV12@PEA_W_J@Z
?xsputn@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@MEAA_JPEB_W_J@Z
?xsgetn@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@MEAA_JPEA_W_J@Z
?uflow@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@MEAAGXZ
?showmanyc@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@MEAA_JXZ
?pbump@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@IEAAXH@Z
?_BADOFF@std@@3_JB
?gbump@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@IEAAXH@Z
?_Pninc@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@IEAAPEA_WXZ
?_Xbad_alloc@std@@YAXXZ
?_Xlength_error@std@@YAXPEBD@Z
?_Xout_of_range@std@@YAXPEBD@Z
?_Xbad_function_call@std@@YAXXZ
??1?$basic_ios@_WU?$char_traits@_W@std@@@std@@UEAA@XZ
?_Syserror_map@std@@YAPEBDH@Z
?sync@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@MEAAHXZ
?_Unlock@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@UEAAXXZ
?_Lock@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@UEAAXXZ
??1?$basic_iostream@_WU?$char_traits@_W@std@@@std@@UEAA@XZ
??1?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@UEAA@XZ

msvcr110

??0invalid_operation@Concurrency@@QEAA@PEBD@Z
_CxxThrowException
__crtSetUnhandledExceptionFilter
__clean_type_info_names_internal
?_type_info_dtor_internal_method@type_info@@QEAAXXZ
__crtCapturePreviousContext
__crtTerminateProcess
__crtUnhandledException
__crt_debugger_hook
_commode
_fmode
_acmdln
__setusermatherr
_configthreadlocale
_ismbblead
_cexit
_exit
exit
__set_app_type
__getmainargs
__crtGetShowWindowMode
_XcptFilter
_initterm_e
_initterm
_malloc_crt
_amsg_exit
__CppXcptFilter
_onexit
__dllonexit
_calloc_crt
_unlock
_lock
__C_specific_handler
?terminate@@YAXXZ
memset
__CxxFrameHandler3
wcslen
free
wcsrchr
vswprintf_s
_localtime64_s
??3@YAXPEAX@Z
??2@YAPEAX_K@Z
memmove
wcsncmp
swprintf_s
_wassert
?what@exception@std@@UEBAPEBDXZ
??1exception@std@@UEAA@XZ
??0exception@std@@QEAA@AEBQEBD@Z
??0exception@std@@QEAA@AEBV01@@Z
_time64
_difftime64
_purecall
??1scoped_lock@critical_section@Concurrency@@QEAA@XZ
??0scoped_lock@critical_section@Concurrency@@QEAA@AEAV12@@Z
?Free@Concurrency@@YAXPEAX@Z
?set@event@Concurrency@@QEAAXXZ
?_Schedule@_TaskCollection@details@Concurrency@@QEAAXPEAV_UnrealizedChore@23@@Z
?_RunAndWait@_TaskCollection@details@Concurrency@@QEAA?AW4_TaskCollectionStatus@23@PEAV_UnrealizedChore@23@@Z
?_GetCurrentInlineDepth@_StackGuard@details@Concurrency@@CAAEA_KXZ
?_NewCollection@_AsyncTaskCollection@details@Concurrency@@SAPEAV123@PEAV_CancellationTokenState@23@@Z
?__ExceptionPtrDestroy@@YAXPEAX@Z
?__ExceptionPtrCopy@@YAXPEAXPEBX@Z
?__ExceptionPtrCurrentException@@YAXPEAX@Z
?__ExceptionPtrCreate@@YAXPEAX@Z
?_ReportUnobservedException@details@Concurrency@@YAXXZ
?_ScheduleTask@_CurrentScheduler@details@Concurrency@@SAXP6AXPEAX@Z0@Z
?_RegisterCallback@_CancellationTokenState@details@Concurrency@@QEAAPEAV_CancellationTokenRegistration@23@P6AXPEAX@Z0H@Z
?_Cancel@_TaskCollection@details@Concurrency@@QEAAXXZ
??1critical_section@Concurrency@@QEAA@XZ
??1event@Concurrency@@QEAA@XZ
??0critical_section@Concurrency@@QEAA@XZ
??0event@Concurrency@@QEAA@XZ
?_DeregisterCallback@_CancellationTokenState@details@Concurrency@@QEAAXPEAV_CancellationTokenRegistration@23@@Z
memcpy
?Alloc@Concurrency@@YAPEAX_K@Z

api-ms-win-core-winrt-string-l1-1-0

WindowsIsStringEmpty
WindowsCreateStringReference
WindowsDeleteString
WindowsConcatString
WindowsCreateString
WindowsGetStringRawBuffer
WindowsCompareStringOrdinal
WindowsGetStringLen
WindowsDuplicateString

ole32

CoGetObjectContext
CoGetApartmentType
CoGetInterfaceAndReleaseStream
CoMarshalInterThreadInterfaceInStream
CoCreateFreeThreadedMarshaler
CoTaskMemAlloc
CoGetContextToken
CoTaskMemFree

Exports

Exports

DllCanUnloadNow
DllGetActivationFactory
VSDesignerDllMain

Sections

.text
Size: 725KB - Virtual size: 724KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 338KB - Virtual size: 338KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 75KB - Virtual size: 76KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 57KB - Virtual size: 56KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

minATL
Size: 512B - Virtual size: 128B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 29KB - Virtual size: 29KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Resubmissions

Sharing

General

Malware Config

Signatures

Files

Password: infected

Password: infected

153171e6d515aae9250ef98519d31fdd

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

vccorlib110

msvcp110

msvcr110

api-ms-win-core-winrt-string-l1-1-0

ole32

Exports

Exports

Sections

.text Size: 725KB - Virtual size: 724KB

.rdata Size: 338KB - Virtual size: 338KB

.data Size: 75KB - Virtual size: 76KB

.pdata Size: 57KB - Virtual size: 56KB

minATL Size: 512B - Virtual size: 128B

.reloc Size: 29KB - Virtual size: 29KB

.text
Size: 725KB - Virtual size: 724KB

.rdata
Size: 338KB - Virtual size: 338KB

.data
Size: 75KB - Virtual size: 76KB

.pdata
Size: 57KB - Virtual size: 56KB

minATL
Size: 512B - Virtual size: 128B

.reloc
Size: 29KB - Virtual size: 29KB