1971f29dbe7038f50552cff2c3a56ab15f941bcd90bea3404961f109eb77360a

General

Target

1971f29dbe7038f50552cff2c3a56ab15f941bcd90bea3404961f109eb77360a
Size

10.9MB
MD5

3b4ec4dce6bbf75afbcae31112bc54a1
SHA1

084e1cdc66b1eed1a8dd37391ff4c5a6239e5267
SHA256

1971f29dbe7038f50552cff2c3a56ab15f941bcd90bea3404961f109eb77360a
SHA512

566d098f0bbad9eea09a06e89d97de6a0e46f101d06ddf3bf6ce5506d0dcbd1388a4e7c3ca6ca54045b83cb1a1c961a58206c2bee68d1ada9c3b71146d1f2452
SSDEEP

3072:9AS2oAKtZZy2m4zRwhIuGi9Pf2AG/7999999999999999999999999999999999T:9A7KtDyv4lwh7S

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
1971f29dbe7038f50552cff2c3a56ab15f941bcd90bea3404961f109eb77360a

Files

1971f29dbe7038f50552cff2c3a56ab15f941bcd90bea3404961f109eb77360a
.exe windows:5 windows x86

cb4b60e344b456b876756611bf85d8b3

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

SetLocalTime
EnterCriticalSection
GetTickCount
HeapReAlloc
OpenFileMappingA
lstrlenW
WaitNamedPipeA
OpenWaitableTimerA
CreateMutexA
TlsGetValue
lstrlenW
GetProcAddress
CreateFileMappingA
GetStartupInfoW
WriteFile
GetModuleHandleA
DeleteFileW
GetStringTypeW
LoadLibraryExW
LoadLibraryW
lstrlenW
GetVersionExW

user32

LoadMenuW
InsertMenuW
GetDlgItemTextW
IsDialogMessageW
GetPropA
DispatchMessageA
IsCharLowerA
PeekMessageA
LoadIconW
GetClassLongA

rsaenh

CPDeriveKey
CPCreateHash
CPEncrypt
CPDecrypt

crypt32

CryptFindOIDInfo
CryptMemAlloc
CertOIDToAlgId
CertFreeCRLContext
CertDuplicateCTLContext
CertSaveStore
CertDeleteCRLFromStore
CertControlStore
CertNameToStrW
CryptHashMessage
CertFindAttribute
CryptMemFree
CertCreateCTLContext
CertCreateContext
CertGetNameStringW
CertDuplicateStore
CryptMemRealloc

cmpbk32

PhoneBookFreeFilter
PhoneBookCopyFilter

modemui

InvokeControlPanel
drvSetDefaultCommConfigA

cfgmgr32

CM_Add_Empty_Log_Conf
CMP_Init_Detection

Sections

.text
Size: 96KB - Virtual size: 95KB

IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.jdata
Size: 11KB - Virtual size: 11KB

IMAGE_SCN_MEM_READ

.ydata
Size: 1024B - Virtual size: 704B

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 10.8MB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

cb4b60e344b456b876756611bf85d8b3

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

rsaenh

crypt32

cmpbk32

modemui

cfgmgr32

Sections

.text Size: 96KB - Virtual size: 95KB

.jdata Size: 11KB - Virtual size: 11KB

.ydata Size: 1024B - Virtual size: 704B

.rsrc Size: 10.8MB - Virtual size: 1KB

.text
Size: 96KB - Virtual size: 95KB

.jdata
Size: 11KB - Virtual size: 11KB

.ydata
Size: 1024B - Virtual size: 704B

.rsrc
Size: 10.8MB - Virtual size: 1KB