c1411cf058f6e78f5e799062562739c9

General

Target

c1411cf058f6e78f5e799062562739c9
Size

544KB
MD5

c1411cf058f6e78f5e799062562739c9
SHA1

63c35e205269d21d5c65d53f6563d5eb40c1c8b9
SHA256

0ca892a65beee945dc60ffd229ee4a49f15ba4001707a925739b445c0fa65e81
SHA512

981cbd5ca7231618bc3227fe776cd2f81d9c6b2bddbc892a25b4eff9d534cd3131dabeb60b0741ca1753fa6b2de77fc0280f4444f256e282b84e39d666b059ca
SSDEEP

12288:VAxwc0fSaLWo7tIKIVT6WN1sByF8waHqv:VAxFit9tIKIVeu1d

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
c1411cf058f6e78f5e799062562739c9

Files

c1411cf058f6e78f5e799062562739c9
.exe windows:5 windows x86 arch:x86

0736ac1baebb24ff56cad451e74acc2f

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED

Imports

mapi32

BMAPIAddress
BMAPIAddress
BMAPIDetails
BMAPIFindNext
BMAPIGetAddress
BMAPIGetReadMail
BMAPIReadMail
BMAPIResolveName
BMAPISaveMail
BMAPISendMail
BuildDisplayTable@40
CbOfEncoded@4
CchOfEncoding@4
ChangeIdleRoutine@28
CloseIMsgSession@4
CreateIProp@24
CreateTable@36
DeinitMapiUtil@0
DeregisterIdleRoutine@4
DllCanUnloadNow
DllGetClassObject
EnableIdleRoutine@8
EncodeID@12
FBadColumnSet@4
FBadEntryList@4
FBadProp@4
FBadPropTag@4

imm32

ImmGetContext
ImmLockClientImc
ImmIsIME
ImmInstallIMEW
ImmLockIMC
ImmLockIMCC
ImmLockImeDpi
ImmNotifyIME
ImmDestroySoftKeyboard
ImmRegisterWordA
ImmRegisterWordW
ImmEnumInputContext
ImmEnumRegisterWordA
ImmEnumRegisterWordW
ImmCreateIMCC
ImmActivateLayout
ImmDisableIME
ImmGenerateMessage
ImmGetAppCompatFlags
ImmGetCandidateListA
ImmGetCandidateListCountA
ImmGetCandidateListCountW
ImmGetCandidateListW
ImmGetCandidateWindow
ImmGetCompositionFontA
ImmGetCompositionFontW
ImmGetCompositionStringA
ImmGetCompositionStringW
ImmGetCompositionWindow
ImmGetContext
ImmGetConversionListA

kernel32

GetLastError
CreateFileA
GetEnvironmentVariableA
GetACP
OutputDebugStringW
AttachConsole
IsBadCodePtr
HeapSetInformation
CreateRemoteThread
QueryDosDeviceA
LZRead

httpapi

HttpAddUrl
HttpAddUrl
HttpAddUrl
HttpAddUrl
HttpAddUrl
HttpAddUrl
HttpAddUrl
HttpAddUrl
HttpAddUrl
HttpAddUrl
HttpAddUrl
HttpAddUrl
HttpAddUrl
HttpAddUrl

Sections

.text
Size: 31KB - Virtual size: 35KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 13KB - Virtual size: 330KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 488KB - Virtual size: 492KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

0736ac1baebb24ff56cad451e74acc2f

Headers

File Characteristics

Imports

mapi32

imm32

kernel32

httpapi

Sections

.text Size: 31KB - Virtual size: 35KB

.data Size: 13KB - Virtual size: 330KB

.rsrc Size: 488KB - Virtual size: 492KB

.text
Size: 31KB - Virtual size: 35KB

.data
Size: 13KB - Virtual size: 330KB

.rsrc
Size: 488KB - Virtual size: 492KB