cd77b109e45ef08f0b25ae4e211b4134bd7c349cbdf2ecde6425ec267a6a3a0d

Sharing

Copy URL

Twitter E-mail

General

Target

cd77b109e45ef08f0b25ae4e211b4134bd7c349cbdf2ecde6425ec267a6a3a0d
Size

5.3MB
MD5

ca4711c30efb40ef4efed068e84b608e
SHA1

8838972d8b66f51e3e39081aaff22eac79432bea
SHA256

cd77b109e45ef08f0b25ae4e211b4134bd7c349cbdf2ecde6425ec267a6a3a0d
SHA512

a9e4e63abf3d9c9512e97c9084d3dff4d664c2819e49f42bd7eaa5f84f2795e0d28822c60ebd4fd97211709239ac124bc408581a206b1cb40e382c315defde14
SSDEEP

98304:8gmy+Qm/XZd3fOUlgmI5XtG2e0jTfxy9VcaoKBFULPz4dEyRwqBVPqDUpdfvhrzR:xL+Q4p5plgmz2e0jTxwETz4dfRwQVSDY

Score

3^/10

Malware Config

Signatures

Unsigned PE 5 IoCs

Checks for missing Authenticode signature.

Processes:

resource
unpack001/18e7407574a68f77e1fae3d3c818d864b7a61b044e16805f684968335197cc7d.exe
unpack001/1c8b4ce8d40a1abab07532a4d3a3832fc7e7e1c00c32002d264220afa0529b78.exe
unpack001/456480580b48923a2771689cf8ee2240d1a98f5c1633671260bdc203ce5a8edd.exe
unpack001/700e76e7520021aeb60b4cd42c3ab8bbd2a20fc36228ad4dfce94c927b6e7f58.exe
unpack001/82cb6a221ee2b2c0c0f43139765407c713ff6980d966544f71f351c66928a4da.exe

Files

cd77b109e45ef08f0b25ae4e211b4134bd7c349cbdf2ecde6425ec267a6a3a0d
.zip

Password: infected
18e7407574a68f77e1fae3d3c818d864b7a61b044e16805f684968335197cc7d.exe
.exe windows:4 windows x86 arch:x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

mscoree

_CorExeMain

Sections

.text
Size: 820KB - Virtual size: 819KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
1c8b4ce8d40a1abab07532a4d3a3832fc7e7e1c00c32002d264220afa0529b78.exe
.exe windows:6 windows x86 arch:x86

856dd5b2ec9b754f25add2551682289c

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

imm32

ImmSetCompositionStringA
ImmSetCompositionFontW
ImmUnlockIMCC
ImmSetCompositionStringW
ImmSetOpenStatus
ImmGetCompositionStringW
ImmGetHotKey
ImmLockIMC
ImmRequestMessageA

kernel32

GetProcAddress
LoadLibraryW
SetEndOfFile
CreateFileW
OutputDebugStringW
ReadConsoleW
WriteConsoleW
SetStdHandle
LoadLibraryExW
HeapReAlloc
GetOEMCP
GetACP
IsValidCodePage
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetSystemTimeAsFileTime
GetCurrentProcessId
QueryPerformanceCounter
GetModuleFileNameW
GetCurrentThreadId
SetFilePointerEx
ReadFile
GetFileType
GetStdHandle
GetConsoleMode
GetConsoleCP
WriteFile
FlushFileBuffers
CloseHandle
GetProcessHeap
IsDebuggerPresent
HeapSize
AreFileApisANSI
GetModuleHandleExW
ExitProcess
EnumSystemLocalesW
GetUserDefaultLCID
IsValidLocale
GetLocaleInfoW
LCMapStringW
IsProcessorFeaturePresent
WideCharToMultiByte
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
EncodePointer
DecodePointer
MultiByteToWideChar
GetStringTypeW
GetLastError
HeapFree
RaiseException
RtlUnwind
GetCommandLineW
GetCPInfo
HeapAlloc
UnhandledExceptionFilter
SetUnhandledExceptionFilter
SetLastError
InitializeCriticalSectionAndSpinCount
Sleep
GetCurrentProcess
TerminateProcess
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
GetStartupInfoW
GetModuleHandleW

ole32

HGLOBAL_UserUnmarshal
SetConvertStg
DoDragDrop
OleSetMenuDescriptor
HBRUSH_UserSize
OleInitializeWOW
OleRegGetUserType

pdh

PdhCloseQuery
PdhParseInstanceNameW
PdhValidatePathA
PdhGetDefaultPerfCounterW
PdhCalculateCounterFromRawValue
PdhGetLogFileSize
PdhGetRawCounterArrayW

loadperf

LoadPerfCounterTextStringsA
UnloadPerfCounterTextStringsW
LoadPerfCounterTextStringsW

shell32

ShellExecuteExA
SHAppBarMessage
CommandLineToArgvW
SHFreeNameMappings

setupapi

SetupQuerySourceListA
SetupGetTargetPathA
SetupQueueDefaultCopyA
SetupScanFileQueueW
SetupDiCreateDeviceInfoListExA

oleaut32

SafeArrayGetRecordInfo
VarDecFromUI1
DispGetParam
SafeArrayPtrOfIndex
VarDecFromDisp
VarUI1FromStr
VarR8FromCy

wsnmp32

ord300
ord302
ord205
ord905
ord901
ord504

Sections

.text
Size: 121KB - Virtual size: 120KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 37KB - Virtual size: 36KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 21KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
456480580b48923a2771689cf8ee2240d1a98f5c1633671260bdc203ce5a8edd.exe
.exe windows:4 windows x86 arch:x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

mscoree

_CorExeMain

Sections

.text
Size: 3.2MB - Virtual size: 3.2MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 55KB - Virtual size: 55KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
700e76e7520021aeb60b4cd42c3ab8bbd2a20fc36228ad4dfce94c927b6e7f58.exe
.exe windows:4 windows x86 arch:x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

mscoree

_CorExeMain

Sections

.text
Size: 755KB - Virtual size: 755KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
82cb6a221ee2b2c0c0f43139765407c713ff6980d966544f71f351c66928a4da.exe
.exe windows:4 windows x86 arch:x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

mscoree

_CorExeMain

Sections

.text
Size: 827KB - Virtual size: 827KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
ba01c08c3a6ea99f565ed6c06067bf4c9d257168ffb76da644cce01d94313db4.elf
.elf linux arm

Sharing

General

Malware Config

Signatures

Files

Password: infected

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

File Characteristics

Imports

mscoree

Sections

.text Size: 820KB - Virtual size: 819KB

.rsrc Size: 2KB - Virtual size: 1KB

.reloc Size: 512B - Virtual size: 12B

856dd5b2ec9b754f25add2551682289c

Headers

DLL Characteristics

File Characteristics

Imports

imm32

kernel32

ole32

pdh

loadperf

shell32

setupapi

oleaut32

wsnmp32

Sections

.text Size: 121KB - Virtual size: 120KB

.rdata Size: 37KB - Virtual size: 36KB

.data Size: 12KB - Virtual size: 21KB

.rsrc Size: 2KB - Virtual size: 1KB

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

File Characteristics

Imports

mscoree

Sections

.text Size: 3.2MB - Virtual size: 3.2MB

.rsrc Size: 55KB - Virtual size: 55KB

.reloc Size: 512B - Virtual size: 12B

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

File Characteristics

Imports

mscoree

Sections

.text Size: 755KB - Virtual size: 755KB

.rsrc Size: 2KB - Virtual size: 1KB

.reloc Size: 512B - Virtual size: 12B

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

File Characteristics

Imports

mscoree

Sections

.text Size: 827KB - Virtual size: 827KB

.rsrc Size: 2KB - Virtual size: 1KB

.reloc Size: 512B - Virtual size: 12B

.text
Size: 820KB - Virtual size: 819KB

.rsrc
Size: 2KB - Virtual size: 1KB

.reloc
Size: 512B - Virtual size: 12B

.text
Size: 121KB - Virtual size: 120KB

.rdata
Size: 37KB - Virtual size: 36KB

.data
Size: 12KB - Virtual size: 21KB

.rsrc
Size: 2KB - Virtual size: 1KB

.text
Size: 3.2MB - Virtual size: 3.2MB

.rsrc
Size: 55KB - Virtual size: 55KB

.reloc
Size: 512B - Virtual size: 12B

.text
Size: 755KB - Virtual size: 755KB

.rsrc
Size: 2KB - Virtual size: 1KB

.reloc
Size: 512B - Virtual size: 12B

.text
Size: 827KB - Virtual size: 827KB

.rsrc
Size: 2KB - Virtual size: 1KB

.reloc
Size: 512B - Virtual size: 12B