cc2530329dd5ee1ac431dba228d283b70ad99a990cc38ccd1751cc8c8fce43e3

Sharing

Copy URL Twitter E-mail

General

Target

cc2530329dd5ee1ac431dba228d283b70ad99a990cc38ccd1751cc8c8fce43e3
Size

1.2MB
MD5

1df1bebddb691c1b2a35c7798504d40b
SHA1

134952376183f22936344b8f3b3197c6f93247bd
SHA256

cc2530329dd5ee1ac431dba228d283b70ad99a990cc38ccd1751cc8c8fce43e3
SHA512

0fb6943fa626393809f53a28632978290766e838a506b78b794fa20022d1960f9dd93948b5ec07fe701307a9e6ffec02212d6cc8492f906d1547ba8f37502bae
SSDEEP

12288:FAu7eWMfLPmzyNP3K06Uur6+0b5K0pBW6:FDaxfLPmg

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
cc2530329dd5ee1ac431dba228d283b70ad99a990cc38ccd1751cc8c8fce43e3

Files

cc2530329dd5ee1ac431dba228d283b70ad99a990cc38ccd1751cc8c8fce43e3
.exe windows x86

3e0ec40fce4f8fba18a02b698984cca8

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

ntdll

DbgPrint
RtlAssert
RtlIsDosDeviceName_U
vDbgPrintExWithPrefix

advapi32

RegCloseKey
RegCreateKeyExW
RegDeleteKeyW
RegEnumKeyExW
RegOpenKeyExW
RegQueryInfoKeyW
RegQueryValueExW
RegSetValueExW

kernel32

AddConsoleAliasW
AllocConsole
Beep
CloseHandle
CopyFileExW
CopyFileW
CreateDirectoryW
CreateFileW
CreatePipe
CreateProcessW
DeleteCriticalSection
DeleteFileW
DeviceIoControl
DuplicateHandle
EnterCriticalSection
ExitProcess
FileTimeToLocalFileTime
FileTimeToSystemTime
FillConsoleOutputAttribute
FillConsoleOutputCharacterW
FindClose
FindFirstFileW
FindNextFileW
FindResourceExW
FlushConsoleInputBuffer
FlushFileBuffers
FormatMessageW
FreeConsole
FreeEnvironmentStringsW
FreeLibrary
GetCommandLineW
GetConsoleAliasW
GetConsoleAliasesLengthW
GetConsoleAliasesW
GetConsoleCP
GetConsoleMode
GetConsoleOutputCP
GetConsoleScreenBufferInfo
GetConsoleTitleW
GetCurrentDirectoryW
GetCurrentProcess
GetCurrentProcessId
GetCurrentThreadId
GetDateFormatW
GetDiskFreeSpaceW
GetEnvironmentStringsW
GetEnvironmentVariableA
GetEnvironmentVariableW
GetExitCodeProcess
GetFileAttributesW
GetFileSize
GetFileTime
GetFileType
GetFullPathNameW
GetLastError
GetLocalTime
GetLocaleInfoW
GetModuleFileNameW
GetModuleHandleA
GetModuleHandleW
GetProcAddress
GetProcessHeap
GetStartupInfoW
GetStdHandle
GetSystemTime
GetSystemTimeAsFileTime
GetTickCount
GetVersionExW
GetVolumeInformationW
GetVolumePathNameW
GlobalMemoryStatus
HeapAlloc
HeapFree
InitializeCriticalSection
LeaveCriticalSection
LoadLibraryW
LoadResource
LocalAlloc
LocalFree
LocalReAlloc
LockResource
MoveFileExW
MoveFileW
MultiByteToWideChar
QueryPerformanceCounter
ReadConsoleInputW
ReadFile
RemoveDirectoryW
ResumeThread
RtlUnwind
SearchPathW
SetConsoleCtrlHandler
SetConsoleCursorInfo
SetConsoleCursorPosition
SetConsoleMode
SetConsoleTextAttribute
SetConsoleTitleW
SetCurrentDirectoryW
SetEnvironmentVariableW
SetFileApisToOEM
SetFileAttributesW
SetFilePointer
SetFileTime
SetHandleInformation
SetLastError
SetLocalTime
SetProcessAffinityMask
SetStdHandle
SetUnhandledExceptionFilter
Sleep
SystemTimeToFileTime
TerminateProcess
TlsGetValue
TryEnterCriticalSection
UnhandledExceptionFilter
VirtualAlloc
VirtualFree
VirtualProtect
VirtualQuery
WaitForMultipleObjects
WaitForSingleObject
WideCharToMultiByte
WriteConsoleInputW
WriteConsoleOutputCharacterW
WriteConsoleW
WriteFile
lstrcmpiW
lstrlenW

msvcrt

__dllonexit
__lconv_init
__set_app_type
__setusermatherr
__wgetmainargs
__winitenv
_amsg_exit
_cexit
_fmode
_fpreset
_initterm
_iob
_itow
_lock
_onexit
_pclose
_snwprintf
_unlock
_vsnprintf
_vsnwprintf
_wchdir
_wcmdln
_wcsicmp
_wcslwr
_wcsnicmp
_wcsnset
_wcsupr
_wfopen
_wgetdcwd
_wpopen
_wtoi
_wtol
abort
bsearch
calloc
exit
fclose
fgetws
fprintf
free
fwrite
isalnum
isalpha
iswctype
malloc
memchr
memcmp
memcpy
memmove
memset
qsort
rand
realloc
signal
sprintf
strchr
strcmp
strcpy
strcspn
strncmp
swprintf
towlower
towupper
vfprintf
vswprintf
wcscat
wcschr
wcscmp
wcscpy
wcscspn
wcslen
wcsncat
wcsncmp
wcsncpy
wcspbrk
wcsrchr
wcsspn
wcsstr
wcstok
wcstol
wcstoul

user32

LoadStringW
MessageBeep

Sections

.text
Size: 133KB - Virtual size: 132KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 14KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

/4
Size: 512B - Virtual size: 80B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.bss
Size: - Virtual size: 79KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.CRT
Size: 512B - Virtual size: 52B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 512B - Virtual size: 8B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 913KB - Virtual size: 912KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rossym
Size: 177KB - Virtual size: 177KB

IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

3e0ec40fce4f8fba18a02b698984cca8

Headers

File Characteristics

Imports

ntdll

advapi32

kernel32

msvcrt

user32

Sections

.text Size: 133KB - Virtual size: 132KB

.data Size: 2KB - Virtual size: 1KB

.rdata Size: 14KB - Virtual size: 13KB

/4 Size: 512B - Virtual size: 80B

.bss Size: - Virtual size: 79KB

.idata Size: 6KB - Virtual size: 6KB

.CRT Size: 512B - Virtual size: 52B

.tls Size: 512B - Virtual size: 8B

.rsrc Size: 913KB - Virtual size: 912KB

.rossym Size: 177KB - Virtual size: 177KB

.text
Size: 133KB - Virtual size: 132KB

.data
Size: 2KB - Virtual size: 1KB

.rdata
Size: 14KB - Virtual size: 13KB

/4
Size: 512B - Virtual size: 80B

.bss
Size: - Virtual size: 79KB

.idata
Size: 6KB - Virtual size: 6KB

.CRT
Size: 512B - Virtual size: 52B

.tls
Size: 512B - Virtual size: 8B

.rsrc
Size: 913KB - Virtual size: 912KB

.rossym
Size: 177KB - Virtual size: 177KB