clamsubmit[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

clamsubmit.exe
Size

133KB
MD5

3d80ec95dc8fd9839f5dbfe01573589b
SHA1

f1a154dbb546a3aa6289e45187e6d7c96de6211b
SHA256

b5a6acd210b7e42c797bee1a84439aea47bd69a93d3ad83e6f8445497df91f30
SHA512

229c3b07e6d21aae8af1834d90d8187c4f70aced331af71ab5826e12740f132f3d1ee3ff1591fbad9cf210f5c581f48c3d91e5ca11dab509a7acaaf1364bdf80
SSDEEP

3072:5X149RxjCd07dZJsHcCO4WV11pb/BnodZCRDv/6co:p8jM0ZwO4WXbT

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
clamsubmit.exe

Files

clamsubmit.exe
.exe windows:6 windows x64 arch:x64

42b2b6fe1d930da912b37fd637cdebdb

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

json-c

json_object_object_get_ex
json_object_get_string
json_tokener_parse
json_object_put

libcurl

curl_global_cleanup
curl_easy_getinfo
curl_easy_cleanup
curl_easy_perform
curl_easy_setopt
curl_easy_init
curl_easy_strerror
curl_slist_free_all
curl_formadd
curl_slist_append
curl_global_init
curl_formfree

libclamav

cli_regfree
cli_ctime
cl_cvdhead
cli_gentemp
cli_regexec
cli_regcomp
cl_cvdfree
cl_retdbdir

pthreadvc3

pthread_mutex_lock
pthread_mutex_unlock

libssl-1_1-x64

SSL_CTX_get_cert_store

libcrypto-1_1-x64

ERR_error_string
X509_cmp
X509_get_subject_name
X509_free
d2i_X509
X509_STORE_add_cert
BIO_free
BIO_new
X509_dup
BIO_s_mem
BIO_ctrl
ERR_get_error
X509_NAME_print_ex

crypt32

CertEnumCertificatesInStore
CertOpenSystemStoreA
CertGetNameStringA
CertFreeCertificateContext
CertCloseStore

kernel32

GetCurrentProcess
SetUnhandledExceptionFilter
UnhandledExceptionFilter
RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext
IsProcessorFeaturePresent
QueryPerformanceCounter
GetCurrentProcessId
GetCurrentThreadId
GetModuleHandleW
FindFirstFileW
FindClose
GetSystemTimeAsFileTime
CloseHandle
GetFileAttributesExW
CreateFileA
GetCurrentDirectoryW
GetCommandLineW
GetCommandLineA
lstrcmpiA
GetModuleFileNameA
WideCharToMultiByte
MultiByteToWideChar
MoveFileA
GetLastError
TerminateProcess
InitializeSListHead
IsDebuggerPresent
FindNextFileW

advapi32

RegQueryValueExA
RegOpenKeyExA
RegCloseKey

vcruntime140

strchr
strstr
memset
__C_specific_handler
wcsstr
wcsrchr
memmove
strrchr
memcpy

api-ms-win-crt-string-l1-1-0

wcsncpy
wcsncat
wcsncmp
strpbrk
strncpy
strcmp
strncmp
_strnicmp
_strdup

api-ms-win-crt-stdio-l1-1-0

fread
__stdio_common_vfprintf
__stdio_common_vsprintf
fopen
_fileno
feof
fclose
_setmode
__acrt_iob_func
fgets
fflush
__p__commode
fwrite
_set_fmode

api-ms-win-crt-filesystem-l1-1-0

_umask
remove

api-ms-win-crt-heap-l1-1-0

_set_new_mode
calloc
realloc
free
malloc

api-ms-win-crt-runtime-l1-1-0

_c_exit
_seh_filter_exe
_register_thread_local_exe_atexit_callback
_register_onexit_function
_initialize_narrow_environment
terminate
_initialize_onexit_table
_exit
_get_initial_narrow_environment
_errno
__p___argc
_configure_narrow_argv
_initterm_e
_set_errno
_initterm
exit
__p___argv
_crt_atexit
_cexit
_set_app_type

api-ms-win-crt-time-l1-1-0

_localtime64_s
strftime
_time64
_ctime64

api-ms-win-crt-environment-l1-1-0

getenv

api-ms-win-crt-convert-l1-1-0

atoi
strtoul

api-ms-win-crt-math-l1-1-0

__setusermatherr

api-ms-win-crt-locale-l1-1-0

_configthreadlocale

Sections

.text
Size: 28KB - Virtual size: 28KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 79KB - Virtual size: 78KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 18KB - Virtual size: 18KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

42b2b6fe1d930da912b37fd637cdebdb

Headers

DLL Characteristics

File Characteristics

Imports

json-c

libcurl

libclamav

pthreadvc3

libssl-1_1-x64

libcrypto-1_1-x64

crypt32

kernel32

advapi32

vcruntime140

api-ms-win-crt-string-l1-1-0

api-ms-win-crt-stdio-l1-1-0

api-ms-win-crt-filesystem-l1-1-0

api-ms-win-crt-heap-l1-1-0

api-ms-win-crt-runtime-l1-1-0

api-ms-win-crt-time-l1-1-0

api-ms-win-crt-environment-l1-1-0

api-ms-win-crt-convert-l1-1-0

api-ms-win-crt-math-l1-1-0

api-ms-win-crt-locale-l1-1-0

Sections

.text Size: 28KB - Virtual size: 28KB

.rdata Size: 79KB - Virtual size: 78KB

.data Size: 1KB - Virtual size: 4KB

.pdata Size: 1KB - Virtual size: 1KB

.rsrc Size: 18KB - Virtual size: 18KB

.reloc Size: 3KB - Virtual size: 2KB

.text
Size: 28KB - Virtual size: 28KB

.rdata
Size: 79KB - Virtual size: 78KB

.data
Size: 1KB - Virtual size: 4KB

.pdata
Size: 1KB - Virtual size: 1KB

.rsrc
Size: 18KB - Virtual size: 18KB

.reloc
Size: 3KB - Virtual size: 2KB