4cc5eaf074fb75864d17c53c25378a32c68342f9d42866c98c4da7a5f0e49151

Sharing

Copy URL Twitter E-mail

General

Target

4cc5eaf074fb75864d17c53c25378a32c68342f9d42866c98c4da7a5f0e49151
Size

3.3MB
MD5

ca69b7790684fc5811f9d27442e9994c
SHA1

5e51a65502d3d3410a669026ac48e3f1d2791dab
SHA256

4cc5eaf074fb75864d17c53c25378a32c68342f9d42866c98c4da7a5f0e49151
SHA512

92d0031e1d17d74d3b6631b12b6d84fa5aa6b124099c0d12573f7c0bfbd9a414131227c32b1b2049e7290983f86e9f3369565893c58b6c614c2dcdf6926ee4c2
SSDEEP

98304:rd6N9XHdMY55xJNrsPd6TL9eTKer5CGAc7fUm5e:rEN93dL5Nr+d6FeTKWIGAc7fUm5

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
4cc5eaf074fb75864d17c53c25378a32c68342f9d42866c98c4da7a5f0e49151

Files

4cc5eaf074fb75864d17c53c25378a32c68342f9d42866c98c4da7a5f0e49151
.dll windows x86

bdfa875378e2f8739f9b5b25dd1fbd62

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

LoadLibraryA
lstrcpyA
lstrcatA
GetSystemDirectoryA
TerminateProcess
CreateProcessA
GetCurrentProcessId
lstrlenA
SetFilePointer
GetFileSize
GetLocalTime
ExpandEnvironmentStringsA
TerminateThread
ResumeThread
SetThreadPriority
GetCurrentThread
SetPriorityClass
GetEnvironmentVariableA
GetShortPathNameA
GetModuleFileNameA
DeleteFileA
GetVersionExA
OutputDebugStringA
LocalAlloc
ReadFile
HeapAlloc
GetProcessHeap
GetProcAddress
HeapFree
GetSystemInfo
lstrcmpiA
LoadLibraryW
GetDiskFreeSpaceExA
GetDriveTypeA
GlobalMemoryStatusEx
WinExec
FindClose
RemoveDirectoryA
GetFileAttributesA
DuplicateHandle
OpenProcess
CreateDirectoryA
ReleaseMutex
CreateMutexA
MoveFileExA
MoveFileA
SetFileAttributesA
DefineDosDeviceA
ExitProcess
CopyFileA
GetCurrentThreadId
Process32Next
Process32First
FreeLibrary
CreateThread
ExitThread
GetTickCount
CancelIo
InterlockedExchange
SetEvent
ResetEvent
WaitForSingleObject
CreateEventA
GlobalAlloc
GetLastError
LocalFree
SetLastError
CreateFileA
DeviceIoControl
WriteFile
CloseHandle
Sleep
GetVersion
VirtualFree
GetCurrentProcess
FindFirstFileA
FindNextFileA
GlobalLock
GlobalUnlock
VirtualAlloc
VirtualProtect
GetCurrentProcess
FreeLibrary
TerminateProcess
GetSystemInfo
CreateToolhelp32Snapshot
Thread32First
GetCurrentThreadId
OpenThread
Thread32Next
CloseHandle
SuspendThread
ResumeThread
WriteProcessMemory
VirtualAlloc
VirtualProtect
VirtualFree
GetProcessAffinityMask
SetProcessAffinityMask
GetCurrentThread
SetThreadAffinityMask
Sleep
GetTickCount
GetLocalTime
GlobalFree
GetProcAddress
LocalAlloc
LoadLibraryA
ExitProcess
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSection
DeleteCriticalSection
GetModuleHandleW
LoadResource
MultiByteToWideChar
FindResourceExW
FindResourceExA
WideCharToMultiByte
GetThreadLocale
GetUserDefaultLCID
GetSystemDefaultLCID
EnumResourceNamesA
EnumResourceNamesW
EnumResourceLanguagesA
EnumResourceLanguagesW
EnumResourceTypesA
EnumResourceTypesW
CreateFileW
LoadLibraryW
FlushFileBuffers
GetCurrentProcessId
GetLastError
GetModuleFileNameW
CreateEventA
GetModuleHandleA
GetSystemTimeAsFileTime
VirtualQuery
LocalFree
CreateFileA
ReadFile
GetCommandLineA
RaiseException
RtlUnwind
HeapFree
GetCPInfo
InterlockedIncrement
InterlockedDecrement
GetACP
GetOEMCP
IsValidCodePage
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
SetLastError
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
HeapAlloc
LCMapStringA
LCMapStringW
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
GetModuleFileNameA
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
HeapCreate
HeapDestroy
QueryPerformanceCounter
HeapReAlloc
GetStringTypeA
GetStringTypeW
GetLocaleInfoA
HeapSize
WriteFile
SetFilePointer
GetConsoleCP
GetConsoleMode
InitializeCriticalSectionAndSpinCount
SetStdHandle
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
LocalAlloc
GetCurrentProcess
GetCurrentThread
LocalFree
GetModuleFileNameW
GetProcessAffinityMask
SetProcessAffinityMask
SetThreadAffinityMask
Sleep
ExitProcess
GetLastError
FreeLibrary
LoadLibraryA
GetModuleHandleA
GetProcAddress

user32

EnumWindows
IsWindowVisible
GetLastInputInfo
MessageBoxA
FindWindowA
GetClassNameA
GetWindow
GetKeyState
GetAsyncKeyState
GetForegroundWindow
GetWindowTextA
wsprintfA
EmptyClipboard
GetMessageA
PostThreadMessageA
GetInputState
SendMessageA
OpenClipboard
CloseClipboard
GetClipboardData
ExitWindowsEx
SetClipboardData
CharUpperBuffW
MessageBoxW

advapi32

OpenServiceA
CloseEventLog
OpenProcessToken
LookupPrivilegeValueA
AdjustTokenPrivileges
OpenEventLogA
DeleteService
OpenSCManagerA
RegCloseKey
RegSetValueExA
RegOpenKeyExA
RegQueryValueExA
RegOpenKeyA
RegQueryValueA
CreateProcessAsUserA
SetTokenInformation
DuplicateTokenEx
SetServiceStatus
RegisterServiceCtrlHandlerA
StartServiceCtrlDispatcherA
CloseServiceHandle
StartServiceA
UnlockServiceDatabase
ChangeServiceConfig2A
LockServiceDatabase
CreateServiceA
ClearEventLogA
RegQueryValueExA
RegCloseKey
RegOpenKeyExA
CloseServiceHandle
QueryServiceConfigW
OpenServiceW
EnumServicesStatusExW
OpenSCManagerW
OpenSCManagerW
EnumServicesStatusExW
OpenServiceW
QueryServiceConfigW
CloseServiceHandle

shell32

ShellExecuteExA
SHGetSpecialFolderPathA
ShellExecuteA
SHChangeNotify

ole32

CoUninitialize
CoCreateGuid
CoInitialize

ws2_32

closesocket
WSAGetLastError
gethostname
WSAStartup
WSACleanup
WSAIoctl
setsockopt
connect
htons
gethostbyname
socket
recv
select
getsockname
send
inet_addr
sendto
htonl
WSASocketA
inet_ntoa

msvcrt

_strupr
strlen
_strcmpi
_onexit
__dllonexit
_adjust_fdiv
_initterm
??1type_info@@UAE@XZ
fopen
fprintf
fclose
_beginthreadex
_except_handler3
strncmp
_snprintf
_access
_mbscmp
_mbsicmp
strrchr
free
realloc
strcmp
malloc
time
srand
strchr
sprintf
strstr
strcspn
strncpy
atoi
rand
_CxxThrowException
memcmp
??2@YAPAXI@Z
memset
exit
strcpy
strcat
_stricmp
__CxxFrameHandler
_ftol
memcpy
??3@YAXPAX@Z

mfc42

ord540
ord941
ord940
ord800
ord860

setupapi

SetupDiEnumDeviceInfo
SetupDiCallClassInstaller
SetupDiSetClassInstallParamsA
SetupDiGetClassDevsA
SetupDiDestroyDeviceInfoList
SetupDiGetDeviceRegistryPropertyA

iphlpapi

GetIfTable

urlmon

URLDownloadToFileA

wtsapi32

WTSSendMessageW

Exports

Exports

-��xrQ*Þ��5K�Uxx/�-_�0'�#�M��.q%�:��ߗ'��K�!?`��<�m�H�Ћj��U�r<b��Ӭ��k�h��F�� ;t�)I��z�a�)ݸHR��p��!��X�F�Snәd��*I��7�M%�z}��g;"��>��+�M��V��$�vT�Ɉ,��<6��"��0a�Q��b��q�Y��;�<�T��I�̰�|��O��D�n��Ӧ��rQz�8�\tL�A`( ��I�2�T?��m ��n��C�� ! 1��B��P,��=D�!�ya��g�"��*��<ϠU��uB��u�jr��U)q�H}��#C��2޻R>Zʯ��'}GF��OW%��~��-L��Dh��I�%�x�uS ��Y)�p�Lw�ś%1r'Vg�vİ�6,��` �>2��%j(|��If"˻W��U��k@.�*N�=�7ua�<��:�i��S��N[r�R��1j��L��ʖR鎫z ��ijT-"dY�Q�$�{G��M�ogn�Ġ�9�P�n��|��_Yņ�A��*��z|��,Ɛĥ#��3�Ú��`�d2��E��V^�YNt=!(�j�BB+�N <��3=�9t��˨�� |��R��Hcck��/{p��@��F_��g��R��e�߆�?c�j��b��g��;��ZW��jw]��S&�_|�K��yu �і�G��Y��!^�Q�h{�S{��U��ȟ�"ɢ9.� U�Ъ1�n��w�9��S��F��d�jT�E��A\fRS�H��C��#(�� s��ש��~pI��0ʞ��O&\М��O��D� �ȆϢ-�#/��(��<��$��f;��;��j�h�j �`s�{��MX�'RU�kʶ��:�0}�� t��/d�Qde�`ϸH�%]G>4 ��"��_P=�k�'�aܥ�E\v��E��Dw4��(I��]��݅~��#\��td�î��`p"B��gK�ssg�!�h��tT�,6�Y:��]+��l|�& !�VJU)�a ��=_ei��R!�5�R�A��O;6IgI��H]I4)��RIr�m�{z�G�"��?��a�4K��=��l�I/s�Y=��ft��旆��V=�(�T�ҧ�#�Is�2- �f��\Ei�jס�S��@@�\{%dL��6�X�3O+n��<��Y�Yt��:7��V��\��߯��|��1��5��)�2�ʘ��;��^��,�r��e�f��0��p��\ؓޟzϱp&�~��b��0ضt�.�|��g�8/4�x�Ё@W��S�x�� %~�.�� _� �4�A�g C�M�0]?4 �⥁��2 ǽ�k��\��o��\�!��|��K�t�D�Tه��r�`��X<n��v��d�U��眯��7e,k0�)��ӏ�Z�4�:<VT�郚>��d� ?�^zp��)�K�K�K׀�})�Kb�%a��/2)�� Ջ>�Jά��щ��Zͣ�²8g��X��t��=� ��<��oLf��ącgn{�!ra@g�<Q��V�p�� J�X�\�Uz44�2UV�'��1_R˥��EV�� 0I��Em �Qv��f��)1w'�$��$�6��Q��1P�Z��xy?�g�"��X�'㬷�'�@?�`�L��(� Ε�W��RRVr� �U /�4��: h��Q��0w3��z��wfO'(u%��_Z��2#5�W��yQP�R��'2ڶ�=3�̓Ki��51,o�f��i3�7�r�2I�.O��9�!#��F?��IW�0�w�[��5��d��Q-v�?��Cu��0��MSn�I�=c��µ��D��EC�+׈%�>-�7�'��lN��v��oҢ��C��6d��Y y��B3��g��5��ן�';�w�I�r�1l��Ȏ��)"~��:o�)��´m�]�lm��B�D%�'F��w��fhU��P�"��A�Z�<��_�{9��=5.��rv�s+;叨8��~�V��9�BB��x�FDQ��Q��%��qJz�P0)�e�ۇŲ��}G��g!�Y�L!�2ipް�� Z��Cw�s1B�d]�RAǳ@ʳ�$�E�v��\x2�,��]��ɴ�%[=Q]�N%�O"�0܊<�Ȧ��&�G�� TiC"R;4k��c7�Ҫ��h�p�4��<�oW,V8�dd��2�~�C��#W��%l+b�y�q�{: ��S��W�J��g��R�܃�qGf�NŞ5��Y��76P��#�o��e8�qU?>�4�H��V�d��E�҈�uҭ5�t*� �Θ�˃��3)��ZSZ�bv(�ʛ�qs�#7��ɎML,�I�0�8Ω��4�%!8��r�B��&��ֿY�s&�S?^3E��gs&Q�]��v)��#�\��(r��[+&D(��)놖q�v��L�c��c��d��u�Gd`V��ǉ- \@��zwD/�G�R��S-v�؃d�z�t��*�h9�5B�i��CE��a��h�"��Y��Z��@��z��)�p3��c�i�b5Ҟ�\Ee�h��)d�>��2��;��k�b�=��$��z ��M�O�+;�3��*)V�'��v��uİ�?�o>��쥺�� т<u�1��R��䑽O�|#��.#��N�4?�uϮ��"�N<�3Ϛ�c��O��D�J��ŭL�ȝKW�6�q[�1Jk�OK�� h��s�0�k� 3�o��Z�n.��q��5�ppc#�

Sections

.text
Size: - Virtual size: 40KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: - Virtual size: 23KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.zaas
Size: - Virtual size: 9.6MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.hd0
Size: - Virtual size: 3.2MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.hd1
Size: 3.3MB - Virtual size: 3.3MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 260B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

bdfa875378e2f8739f9b5b25dd1fbd62

Headers

File Characteristics

Imports

kernel32

user32

advapi32

shell32

ole32

ws2_32

msvcrt

mfc42

setupapi

iphlpapi

urlmon

wtsapi32

Exports

Exports

Sections

.text Size: - Virtual size: 40KB

.rdata Size: - Virtual size: 23KB

.data Size: - Virtual size: 13KB

.reloc Size: - Virtual size: 4KB

.zaas Size: - Virtual size: 9.6MB

.hd0 Size: - Virtual size: 3.2MB

.hd1 Size: 3.3MB - Virtual size: 3.3MB

.reloc Size: 4KB - Virtual size: 260B

.text
Size: - Virtual size: 40KB

.rdata
Size: - Virtual size: 23KB

.data
Size: - Virtual size: 13KB

.reloc
Size: - Virtual size: 4KB

.zaas
Size: - Virtual size: 9.6MB

.hd0
Size: - Virtual size: 3.2MB

.hd1
Size: 3.3MB - Virtual size: 3.3MB

.reloc
Size: 4KB - Virtual size: 260B