c1fff724fe4e8e9d67aa13771e15535447b986e5ff47234178fdc57d459e232b

Sharing

Copy URL

Twitter E-mail

General

Target

c1fff724fe4e8e9d67aa13771e15535447b986e5ff47234178fdc57d459e232b
Size

615KB
MD5

5adb89526377c3d4f8396fe8099d4ca0
SHA1

a586c9e25fdf19947fbe59a0a4cedd390f3596f6
SHA256

c1fff724fe4e8e9d67aa13771e15535447b986e5ff47234178fdc57d459e232b
SHA512

dc49dcd365532f888bd2f5350cbb0b398b078774966498f5f5c40d26d23b8129a9919dc8c4db72bfb5d4c73e8fe4f93e74a86290c42f6e43226ce09018b745cc
SSDEEP

12288:kXQDaF1yq9EYXgOt542BbYdcqmAoTsNwJT76rRR:YyqJXNt2CdqmAasNwh6rRR

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
c1fff724fe4e8e9d67aa13771e15535447b986e5ff47234178fdc57d459e232b

Files

c1fff724fe4e8e9d67aa13771e15535447b986e5ff47234178fdc57d459e232b
.exe windows:5 windows x86

66a642d4c2f73c3104125ef3bead61c5

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

basicsqlite

??0RCSQLiteConnection@RC@@QAE@XZ
??1RCSQLiteConnection@RC@@QAE@XZ

gdiplus

GdiplusStartup
GdiplusShutdown

imm32

ImmDisableIME

kernel32

CreateSemaphoreW
CreateThread
TerminateThread
GetProcessId
ReleaseSemaphore
RtlCaptureContext
lstrcmpW
CreateEventA
GetSystemTimeAsFileTime
QueryPerformanceCounter
GetStartupInfoW
IsDebuggerPresent
IsProcessorFeaturePresent
TerminateProcess
SetUnhandledExceptionFilter
GetCurrentThreadId
CreateFileW
LocalAlloc
GetCurrentProcess
InterlockedIncrement
GetProcessHeap
UnhandledExceptionFilter
InitializeSListHead
InterlockedExchangeAdd
InitializeCriticalSectionAndSpinCount
GetModuleFileNameW
lstrlenW
GetFullPathNameW
CreateDirectoryW
GetFileSize
ReadFile
WaitForSingleObject
FindClose
LoadLibraryA
GetFileAttributesW
GetFileAttributesExW
FindFirstFileW
WideCharToMultiByte
MultiByteToWideChar
DeleteCriticalSection
InitializeCriticalSection
LeaveCriticalSection
EnterCriticalSection
MapViewOfFile
CreateFileMappingW
UnmapViewOfFile
OpenFileMappingW
FreeLibrary
LoadLibraryW
CreateProcessW
WaitForMultipleObjects
lstrcmpiW
FindResourceW
LoadResource
LockResource
HeapAlloc
GetVersionExW
GetEnvironmentVariableW
ResetEvent
SetEvent
Sleep
CreateEventW
GetWindowsDirectoryW
GetModuleHandleExW
SetFilePointer
WriteFile
LocalFree
GetLocalTime
InterlockedDecrement
HeapFree
GetCurrentProcessId
GetLastError
CreateMutexW
OpenMutexW
CloseHandle
GetModuleHandleW
GetProcAddress
ReleaseMutex
VirtualQueryEx
SetNamedPipeHandleState
TransactNamedPipe
WaitNamedPipeW
OpenProcess
SetThreadPriority
GetExitCodeThread
GetTimeZoneInformation
TlsFree
TlsSetValue
TlsAlloc

user32

SetForegroundWindow
IsWindow
ShowWindow
SendMessageW
GetWindowLongW
wsprintfW

advapi32

FreeSid
CreateServiceW
CloseServiceHandle
OpenSCManagerW
DeleteService
ControlService
StartServiceW
EnumServicesStatusExW
QueryServiceConfigW
QueryServiceConfig2W
OpenServiceW
QueryServiceStatusEx
AllocateAndInitializeSid
EqualSid
GetTokenInformation

msvcp140

?imbue@?$basic_ios@DU?$char_traits@D@std@@@std@@QAE?AVlocale@2@ABV32@@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@_N@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@H@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@P6AAAVios_base@1@AAV21@@Z@Z
?setw@std@@YA?AU?$_Smanip@_J@1@_J@Z
_Mtx_destroy_in_situ
?classic@locale@std@@SAABV12@XZ
?_Xlength_error@std@@YAXPBD@Z
?_Xout_of_range@std@@YAXPBD@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@F@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@G@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@I@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@J@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@K@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@_J@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@_K@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@M@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@N@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@O@Z
?write@?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV12@PBD_J@Z
?uncaught_exception@std@@YA_NXZ
?_Osfx@?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEXXZ
?sputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAE_JPBD_J@Z
?put@?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV12@D@Z
?flush@?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV12@XZ
?widen@?$basic_ios@DU?$char_traits@D@std@@@std@@QBEDD@Z
?sputc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAEHD@Z
??0?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAE@XZ
?setstate@?$basic_ios@DU?$char_traits@D@std@@@std@@QAEXH_N@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@P6AAAV01@AAV01@@Z@Z
??1?$basic_ostream@DU?$char_traits@D@std@@@std@@UAE@XZ
?imbue@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAEXABVlocale@2@@Z
?sync@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAEHXZ
?setbuf@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAEPAV12@PAD_J@Z
?xsputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAE_JPBD_J@Z
?xsgetn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAE_JPAD_J@Z
?uflow@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAEHXZ
?showmanyc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAE_JXZ
?_Unlock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@UAEXXZ
?_Lock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@UAEXXZ
??1?$basic_streambuf@DU?$char_traits@D@std@@@std@@UAE@XZ
??1?$basic_ios@DU?$char_traits@D@std@@@std@@UAE@XZ
??0?$basic_ostream@DU?$char_traits@D@std@@@std@@QAE@PAV?$basic_streambuf@DU?$char_traits@D@std@@@1@_N@Z
?_Pninc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAEPADXZ
??0?$basic_ios@DU?$char_traits@D@std@@@std@@IAE@XZ

shlwapi

PathFileExistsW

vcruntime140

__std_exception_destroy
__RTDynamicCast
_set_purecall_handler
__RTtypeid
memchr
memmove
memcpy
__std_type_info_compare
memset
_CxxThrowException
_except_handler4_common
wcschr
__std_terminate
__std_type_info_name
__CxxFrameHandler3
strchr
_purecall
strstr
__std_exception_copy

api-ms-win-crt-runtime-l1-1-0

_invalid_parameter_noinfo_noreturn
_register_thread_local_exe_atexit_callback
_c_exit
_exit
exit
_initterm_e
_initterm
_get_wide_winmain_command_line
_initialize_wide_environment
_configure_wide_argv
_invalid_parameter_noinfo
_set_app_type
_seh_filter_exe
_cexit
_crt_atexit
_register_onexit_function
_initialize_onexit_table
_errno
strerror_s
_controlfp_s
terminate
_set_invalid_parameter_handler

api-ms-win-crt-convert-l1-1-0

_itow_s
atoi

api-ms-win-crt-string-l1-1-0

isspace
wcscpy_s
towupper
towlower
_stricmp

api-ms-win-crt-stdio-l1-1-0

__acrt_iob_func
__stdio_common_vswprintf
__stdio_common_vsnwprintf_s
__p__commode
__stdio_common_vswprintf_s
__stdio_common_vsprintf
__stdio_common_vfprintf
__stdio_common_vsprintf_s
_set_fmode

api-ms-win-crt-time-l1-1-0

_mktime64
_localtime64

api-ms-win-crt-heap-l1-1-0

realloc
malloc
_callnewh
_set_new_mode
free

api-ms-win-crt-filesystem-l1-1-0

_splitpath_s

api-ms-win-crt-math-l1-1-0

floor
_except1
_isnan
ceil
_dtest
__setusermatherr
_finite

api-ms-win-crt-locale-l1-1-0

_configthreadlocale

Exports

Exports

?__autoclassinit2@RCSQLiteConnection@RC@@QAEXI@Z
?__autoclassinit2@RCSQLiteRecordSet@RC@@QAEXI@Z

Sections

.text
Size: 314KB - Virtual size: 313KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 165KB - Virtual size: 165KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 16KB - Virtual size: 18KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 76KB - Virtual size: 76KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 21KB - Virtual size: 21KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

66a642d4c2f73c3104125ef3bead61c5

Headers

DLL Characteristics

File Characteristics

Imports

basicsqlite

gdiplus

imm32

kernel32

user32

advapi32

msvcp140

shlwapi

vcruntime140

api-ms-win-crt-runtime-l1-1-0

api-ms-win-crt-convert-l1-1-0

api-ms-win-crt-string-l1-1-0

api-ms-win-crt-stdio-l1-1-0

api-ms-win-crt-time-l1-1-0

api-ms-win-crt-heap-l1-1-0

api-ms-win-crt-filesystem-l1-1-0

api-ms-win-crt-math-l1-1-0

api-ms-win-crt-locale-l1-1-0

Exports

Exports

Sections

.text Size: 314KB - Virtual size: 313KB

.rdata Size: 165KB - Virtual size: 165KB

.data Size: 16KB - Virtual size: 18KB

.rsrc Size: 76KB - Virtual size: 76KB

.reloc Size: 21KB - Virtual size: 21KB

.text
Size: 314KB - Virtual size: 313KB

.rdata
Size: 165KB - Virtual size: 165KB

.data
Size: 16KB - Virtual size: 18KB

.rsrc
Size: 76KB - Virtual size: 76KB

.reloc
Size: 21KB - Virtual size: 21KB