CARLOS COLOMBIA By VozLoquendo[.]com [.]rar

Sharing

Copy URL Twitter E-mail

General

Target

CARLOS COLOMBIA By VozLoquendo.com .rar
Size

40.3MB
MD5

9dff54f3283f9a92df7e8d1066e872fa
SHA1

fa096531f983a6d58f761cca05ddf39f3d676071
SHA256

df1e174ad476fdfb40487ae4ca50143b6958cadb9093a081e1e4567c487d4707
SHA512

3213e7d3f8e4a1b437aea450969bdb2b0adfd1978913fa125bdd54e86197af6a29ea5d77a4c31f0ad87a7e6c95f9eedbf71ef3c2c600adc393a6aded2c442c2c
SSDEEP

786432:DYS1YT9eusZK0K5C42U6eT380xwP8DQANAiCPnpQkZ6SjObZTTzcy8bGr72:DYURZKzU4BxwkDQKePxZ6IDB

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/CARLOS COLOMBIA LTTS7.exe

Files

CARLOS COLOMBIA By VozLoquendo.com .rar
.rar
CARLOS COLOMBIA LTTS7.exe
.exe windows x86

f91519d4253225839077b954f9f8ede6

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

SetCurrentDirectoryA
GlobalUnlock
GlobalFree
GetCurrentProcess
FreeLibrary
lstrcmpA
ExpandEnvironmentStringsA
GetTempPathA
CloseHandle
GetFileSize
Sleep
DeleteFileA
GetWindowsDirectoryA
GetSystemDirectoryA
GetVersionExA
_llseek
ExitProcess
CreateFileA
GetModuleFileNameA
GetModuleHandleA
GetCommandLineA
SetErrorMode
GetTempFileNameA
GlobalAlloc
WaitForSingleObject
CreateDirectoryA
GetFileTime
GetUserDefaultLangID
FreeResource
GlobalLock
LoadResource
SizeofResource
FindResourceA
MulDiv
lstrcmpiA
lstrcpyA
lstrlenA
GetPrivateProfileIntA
GetPrivateProfileStringA
_lcreat
SetFileTime
LoadLibraryA
GetProcAddress
lstrcatA
_lwrite
_lclose
DosDateTimeToFileTime
LocalFileTimeToFileTime
GetExitCodeProcess
_lread
_lopen
LockResource

user32

SetWindowTextA
ReleaseDC
LoadStringA
CharNextA
DestroyWindow
GetDlgItemTextA
EndDialog
SendMessageA
CreateDialogParamA
EnumChildWindows
MessageBoxA
SetTimer
GetDlgItem
EnableWindow
ExitWindowsEx
wsprintfA
PeekMessageA
TranslateMessage
DispatchMessageA
GetDC
DialogBoxParamA
ShowWindow

gdi32

GetDeviceCaps
DeleteObject
CreateFontA

advapi32

OpenProcessToken
RegCloseKey
RegQueryValueExA
RegOpenKeyExA
RegQueryValueA
AdjustTokenPrivileges
LookupPrivilegeValueA
CloseServiceHandle
OpenSCManagerA
RegSetValueExA
RegEnumValueA
RegDeleteValueA
RegCreateKeyExA

shell32

ShellExecuteExA

wsock32

htons
closesocket
setsockopt
recv
shutdown
WSAAsyncSelect
WSAStartup
WSACleanup
socket
WSAGetLastError
connect
send
ioctlsocket
gethostbyname

Exports

Exports

_LanguageDlg@16
_PasswordDlg@16
_ProgressDlg@16
_UpdateCRC@8
_t1@40
_t2@12

Sections

.text
Size: 19KB - Virtual size: 19KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 67KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.WISE
Size: 41.6MB - Virtual size: 41.6MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 11KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

f91519d4253225839077b954f9f8ede6

Headers

File Characteristics

Imports

kernel32

user32

gdi32

advapi32

shell32

wsock32

Exports

Exports

Sections

.text Size: 19KB - Virtual size: 19KB

.rdata Size: 3KB - Virtual size: 2KB

.data Size: 4KB - Virtual size: 67KB

.WISE Size: 41.6MB - Virtual size: 41.6MB

.rsrc Size: 11KB - Virtual size: 11KB

.text
Size: 19KB - Virtual size: 19KB

.rdata
Size: 3KB - Virtual size: 2KB

.data
Size: 4KB - Virtual size: 67KB

.WISE
Size: 41.6MB - Virtual size: 41.6MB

.rsrc
Size: 11KB - Virtual size: 11KB