clambc[.]exe | Triage

Sharing

Copy URL Twitter E-mail

General

Target

clambc.exe
Size

265KB
MD5

608124f6fc07988725f5a592c3e41966
SHA1

aa0d0c73edca6dfb1d18a5bb8a41fa42ec2c33a1
SHA256

21e265c98e41aae35e07b2f92a7cedb4ce21a73d558c2e411a91615b541993d3
SHA512

089d44c9d28179291005c509c5c548d1ecabf9e2c43d87a6d3d9c969637a814558a076f88574216bd13f9eb0109ea54a96a0514b5edb5d1befb8d490364752ef
SSDEEP

6144:P2DuKYHBHCUDM5ZRmG4MUDYvx5X/A+mHRI:uDuK4DM1148/LE

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
clambc.exe

Files

clambc.exe
.exe windows:6 windows x64 arch:x64

703e74065ad287901c5489eae3f06768

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

libclamav

cli_bytecode_context_setfuncid
cli_bytecode_context_setparam_int
cli_bytecode_context_setfile
cli_bytecode_context_getresult_int
cli_bytecode_context_destroy
cli_bytecode_init
cli_bytecode_load
cli_bytecode_prepare2
cli_bytecode_run
cli_bytecode_destroy
cli_bytecode_done
cli_bytecode_describe
cli_bytetype_describe
cli_bytevalue_describe
cli_bytefunc_describe
cli_bytecode_debug
cli_bytecode_printversion
cli_bytecode_debug_printsrc
cli_bytecode_context_set_trace
cli_calloc
cli_regcomp
cli_regexec
cli_regfree
cl_retflevel
cl_init
cl_engine_new
cl_engine_compile
cl_engine_free
cli_bytecode_context_alloc
fmap
cl_strerror
cl_debug

bcrypt

BCryptGenRandom

kernel32

RtlVirtualUnwind
IsProcessorFeaturePresent
GetCurrentThreadId
InitializeSListHead
IsDebuggerPresent
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetFileAttributesExW
GetCommandLineA
WriteConsoleW
GetConsoleMode
GetSystemTimeAsFileTime
TlsSetValue
TlsGetValue
FormatMessageW
GetModuleHandleW
FindFirstFileW
FindNextFileW
GetModuleHandleA
CreateMutexA
LoadLibraryA
WaitForSingleObjectEx
AcquireSRWLockShared
HeapReAlloc
HeapFree
GetProcessHeap
HeapAlloc
lstrcmpiA
GetModuleFileNameA
GetLastError
MultiByteToWideChar
WideCharToMultiByte
CloseHandle
AcquireSRWLockExclusive
ReleaseSRWLockExclusive
ReleaseMutex
FindClose
ReleaseSRWLockShared
GetCurrentThread
GetCurrentProcess
RtlCaptureContext
GetProcAddress
RtlLookupFunctionEntry
SetLastError
GetCurrentDirectoryW
GetEnvironmentVariableW
GetCommandLineW
GetStdHandle
GetCurrentProcessId
WaitForSingleObject
TerminateProcess
QueryPerformanceCounter

advapi32

RegCloseKey
RegQueryValueExA
SystemFunction036
RegOpenKeyExA

vcruntime140

wcsstr
memmove
memcmp
memset
_CxxThrowException
__C_specific_handler
__CxxFrameHandler3
strchr
memcpy
strrchr
wcsrchr

api-ms-win-crt-runtime-l1-1-0

_set_app_type
_c_exit
_register_thread_local_exe_atexit_callback
_errno
terminate
_crt_atexit
_register_onexit_function
_initialize_onexit_table
_initterm_e
_exit
_initialize_narrow_environment
exit
_seh_filter_exe
__p___argc
__p___argv
_cexit
_get_initial_narrow_environment
_configure_narrow_argv
_initterm

api-ms-win-crt-stdio-l1-1-0

fgets
_open
_close
__p__commode
_set_fmode
__acrt_iob_func
fclose
_setmode
_fileno
__stdio_common_vfprintf
putc
fseek
fread
fopen
__stdio_common_vsprintf

api-ms-win-crt-heap-l1-1-0

realloc
free
malloc
_set_new_mode
calloc

api-ms-win-crt-convert-l1-1-0

strtoul
atoi

api-ms-win-crt-string-l1-1-0

strncmp
strpbrk
_strnicmp
strncpy
wcsncpy
_strdup
wcsncmp
wcsncat

api-ms-win-crt-environment-l1-1-0

getenv

api-ms-win-crt-math-l1-1-0

__setusermatherr

api-ms-win-crt-locale-l1-1-0

_configthreadlocale

Sections

.text
Size: 129KB - Virtual size: 129KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 103KB - Virtual size: 103KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 18KB - Virtual size: 18KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

703e74065ad287901c5489eae3f06768

Headers

DLL Characteristics

File Characteristics

Imports

libclamav

bcrypt

kernel32

advapi32

vcruntime140

api-ms-win-crt-runtime-l1-1-0

api-ms-win-crt-stdio-l1-1-0

api-ms-win-crt-heap-l1-1-0

api-ms-win-crt-convert-l1-1-0

api-ms-win-crt-string-l1-1-0

api-ms-win-crt-environment-l1-1-0

api-ms-win-crt-math-l1-1-0

api-ms-win-crt-locale-l1-1-0

Sections

.text Size: 129KB - Virtual size: 129KB

.rdata Size: 103KB - Virtual size: 103KB

.data Size: 2KB - Virtual size: 4KB

.pdata Size: 6KB - Virtual size: 6KB

.rsrc Size: 18KB - Virtual size: 18KB

.reloc Size: 4KB - Virtual size: 3KB

.text
Size: 129KB - Virtual size: 129KB

.rdata
Size: 103KB - Virtual size: 103KB

.data
Size: 2KB - Virtual size: 4KB

.pdata
Size: 6KB - Virtual size: 6KB

.rsrc
Size: 18KB - Virtual size: 18KB

.reloc
Size: 4KB - Virtual size: 3KB