04cc4bb52d7c9fcec9881d9098bf6d2cdcc3d0f5860d57194b8967d11c2f6ed5

Sharing

Copy URL Twitter E-mail

General

Target

04cc4bb52d7c9fcec9881d9098bf6d2cdcc3d0f5860d57194b8967d11c2f6ed5
Size

69KB
MD5

423a85f8b3b33eb7e66e5cac50166b40
SHA1

8cd2fe5632bf3190f3bf335f4909a1eace4e6fe9
SHA256

04cc4bb52d7c9fcec9881d9098bf6d2cdcc3d0f5860d57194b8967d11c2f6ed5
SHA512

5f35acfdfbd47f98d63750b22702586fb8b7f3f6d1252a15497cb1811180c0f030f7a7e6be17db7ae358b7b2f6d7135ded122cec36f5286b6f0f6ad8e4ec7ab1
SSDEEP

1536:93DVqsWv8DZ3vJvBfKokQnpowxRkIBPWLQSUc:FVZwY3vHxpo6R/PWUSH

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
04cc4bb52d7c9fcec9881d9098bf6d2cdcc3d0f5860d57194b8967d11c2f6ed5

Files

04cc4bb52d7c9fcec9881d9098bf6d2cdcc3d0f5860d57194b8967d11c2f6ed5
.exe windows:5 windows x86

59b7cf7d0c8eca4946cf0bbbbb67dad9

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

dbghelp

SymGetOptions
SymFunctionTableAccess64
StackWalk64
MiniDumpWriteDump
SymCleanup
SymInitialize
SymFromAddr
SymGetModuleBase64
SymGetModuleInfo64
SymSetOptions

psapi

GetModuleFileNameExW
GetModuleInformation
GetModuleFileNameExA

advapi32

RegOpenKeyExW
RegCloseKey
GetUserNameA
RegOpenKeyExA
RegQueryValueExA
RegOpenKeyW
RegQueryValueExW

shell32

CommandLineToArgvW
SHGetFolderPathW
SHCreateDirectoryExW

shlwapi

PathIsDirectoryW
PathRemoveExtensionW
PathAddExtensionW

msvcrt

_wcmdln
__CxxFrameHandler
calloc
free
_lock
_unlock
__dllonexit
_onexit
signal
strlen
__lconv_init
_initterm
_fpreset
_cexit
exit
__set_app_type
__wgetmainargs
_amsg_exit
malloc
strcpy
isprint
_iob
_getch
vfprintf
fclose
_wfopen
_vscwprintf
_vsnwprintf
vswprintf
_wcstoui64
wcstoul
wcscmp
_purecall
_CxxThrowException
_assert
?what@exception@@UBEPBDXZ
??1exception@@UAE@XZ
??0exception@@QAE@ABQBD@Z
wcslen
memmove
memset
memcpy
??3@YAXPAX@Z
??2@YAPAXI@Z
__winitenv
??1type_info@@UAE@XZ
strncpy
__setusermatherr
??0exception@@QAE@XZ

user32

MessageBoxW
MessageBoxA

kernel32

GetModuleHandleW
GetSystemInfo
GetProcAddress
TlsGetValue
LeaveCriticalSection
EnterCriticalSection
LoadLibraryW
GetModuleHandleA
QueryPerformanceCounter
GetTickCount
GetSystemTimeAsFileTime
GetCurrentThreadId
GetComputerNameA
ReadProcessMemory
CreateToolhelp32Snapshot
Process32NextW
Process32FirstW
WaitForDebugEvent
TerminateProcess
SizeofResource
LockResource
LoadResource
InitializeCriticalSection
HeapSize
HeapReAlloc
HeapFree
HeapAlloc
GetProcessHeap
GetModuleHandleExW
GetLocalTime
GetLastError
GetCommandLineW
FindResourceW
DeleteCriticalSection
DebugSetProcessKillOnExit
DebugActiveProcess
CreateFileW
ContinueDebugEvent
SetEvent
GetThreadContext
CloseHandle
GetStartupInfoW
SetUnhandledExceptionFilter
Sleep
GetCurrentProcessId

ntdll

vDbgPrintEx

Sections

.text
Size: 49KB - Virtual size: 49KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 11KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 552B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

59b7cf7d0c8eca4946cf0bbbbb67dad9

Headers

DLL Characteristics

File Characteristics

Imports

dbghelp

psapi

advapi32

shell32

shlwapi

msvcrt

user32

kernel32

ntdll

Sections

.text Size: 49KB - Virtual size: 49KB

.rdata Size: 11KB - Virtual size: 10KB

.data Size: 512B - Virtual size: 552B

.rsrc Size: 5KB - Virtual size: 5KB

.reloc Size: 2KB - Virtual size: 1KB

.text
Size: 49KB - Virtual size: 49KB

.rdata
Size: 11KB - Virtual size: 10KB

.data
Size: 512B - Virtual size: 552B

.rsrc
Size: 5KB - Virtual size: 5KB

.reloc
Size: 2KB - Virtual size: 1KB