9cb796c96492360317e65bc5647d29faf84b3c0465c549d9f39a66bdab1bc331

Sharing

Copy URL Twitter E-mail

General

Target

9cb796c96492360317e65bc5647d29faf84b3c0465c549d9f39a66bdab1bc331
Size

664KB
MD5

d709719c17e38f3e4ad79850b0c86487
SHA1

01fa97bf34368b46928964ce355bf4231626d55d
SHA256

9cb796c96492360317e65bc5647d29faf84b3c0465c549d9f39a66bdab1bc331
SHA512

ce78c0bc14015b18ecfa99b181f09aeb0c5816baa16c72761f22f1969c42bfcf3c6ffb109f699bc1e355caa55077cecf0c39868975710ef9be69520273f41b82
SSDEEP

6144:1EDOvlp8iAKYw0V1XIYz8eauXKtRv0OLrhrgw:1ED6bYrxYTuXoDrhrgw

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
9cb796c96492360317e65bc5647d29faf84b3c0465c549d9f39a66bdab1bc331

Files

9cb796c96492360317e65bc5647d29faf84b3c0465c549d9f39a66bdab1bc331
.exe windows:5 windows x86 arch:x86

dd046e40bba771877a568e4850f2db8b

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

mfc100d

ord1444
ord1434
ord4863
ord9163
ord1461
ord1728
ord13334
ord1397
ord3106
ord12818
ord959
ord15044
ord1731
ord6847
ord269
ord6808
ord7623
ord2453
ord2449
ord3184
ord8165
ord7801
ord1029
ord369
ord417
ord10105
ord13037
ord1024
ord1059
ord14465
ord2035
ord9637
ord15330
ord8503
ord15438
ord5767
ord1432
ord3199
ord311
ord6501
ord15536
ord1402
ord964
ord14380
ord9686
ord8790
ord9551
ord5773
ord5575
ord6935
ord15102
ord14600
ord8509
ord1644
ord9979
ord5057
ord14733
ord270
ord8320
ord11194
ord986
ord7497
ord2693
ord4660
ord10078
ord11073
ord15846
ord13910
ord13082
ord13131
ord11247
ord8994
ord4983
ord13121
ord13113
ord6497
ord4044
ord16019
ord16022
ord16020
ord16023
ord16018
ord16021
ord8709
ord13440
ord15706
ord12826
ord16627
ord2072
ord8656
ord13929
ord4279
ord4337
ord10266
ord15833
ord8635
ord15835
ord13448
ord13447
ord2559
ord5822
ord16308
ord13844
ord9200
ord9292
ord1421
ord2244
ord8321
ord7242
ord2696
ord4663
ord13083
ord9999
ord2964
ord14880
ord6841
ord3359
ord4423
ord9602
ord3187
ord4073
ord15812
ord2956
ord1143
ord12031
ord457
ord3070
ord7668
ord9243
ord532
ord4093
ord1427
ord267
ord5206
ord3091
ord1089
ord1090
ord13797
ord2199
ord9613
ord4046
ord8783
ord14753
ord12516
ord5713
ord8822
ord316
ord14987
ord1460
ord5223
ord1727
ord2359
ord15334
ord12935
ord4856
ord6450
ord4710
ord5425
ord2545
ord306
ord8993
ord862
ord7506
ord14101
ord5600
ord4409
ord1335
ord11882
ord12481
ord15748
ord7675
ord9289
ord8941
ord2553
ord1669
ord14664
ord15240
ord3780
ord14609
ord5896
ord9634
ord6033
ord14564
ord498
ord3352
ord14687
ord3548
ord6184
ord8776
ord1119
ord4006
ord3887
ord322
ord509
ord508
ord463
ord954
ord884
ord444
ord2267
ord9235
ord1463
ord999
ord1128
ord1127
ord1095
ord1394
ord1351
ord1079
ord4261
ord1057
ord1442
ord12993
ord9903
ord11859
ord12229
ord11273
ord4281
ord3581
ord3580
ord3334
ord3333
ord6839
ord14876
ord3472
ord3469
ord8986
ord2963
ord16611
ord16613
ord16612
ord16610
ord16614
ord16596
ord16523
ord16524
ord10007
ord12950
ord4028
ord12781
ord15828
ord9834
ord13036
ord4876
ord2742
ord7669
ord11845
ord10126
ord3432
ord15019
ord13138
ord4282
ord6962
ord455
ord15613
ord7726
ord13136
ord1753
ord1760
ord1766
ord1764
ord1771
ord5324
ord5361
ord5332
ord5344
ord5340
ord5336
ord5366
ord5357
ord5328
ord5370
ord5349
ord5315
ord5319
ord5352
ord4887
ord16531
ord4874
ord3235
ord15836
ord8636
ord15834
ord7518
ord12557
ord14811
ord6522
ord2871
ord12986
ord4133
ord3544
ord3543
ord3431
ord13032
ord5664
ord6047
ord6306
ord10219
ord6019
ord6334
ord5667
ord5884
ord5647
ord8412
ord8413
ord8403
ord5882
ord8998
ord11078
ord10079
ord4545
ord2597
ord14148
ord413
ord7188
ord10061
ord8163
ord6309
ord1435
ord2478
ord2196
ord2294

msvcr100d

ftell
fread
fclose
fprintf
_purecall
_wassert
fseek
ferror
fputc
sscanf_s
atoi
atof
_vsnprintf_s
fopen_s
_time64
_mktime64
_gmtime64_s
_snprintf_s
__CxxFrameHandler3
_errno
_CxxThrowException
_CrtDbgReport
strcpy
wcscpy
_vsnwprintf_s
_snwprintf_s
wcscpy_s
wcsncpy_s
strcpy_s
calloc
_recalloc
memcmp
_wcsicmp
memmove_s
wcslen
_setmbcp
strcmp
memcpy
_localtime64_s
strftime
strlen
strtol
malloc
memset
free
memmove
_invoke_watson
_controlfp_s
_except_handler4_common
_crt_debugger_hook
?_type_info_dtor_internal_method@type_info@@QAEXXZ
_initterm_e
_initterm
_CrtDbgReportW
_CrtSetCheckCount
_acmdln
_ismbblead
exit
_cexit
_XcptFilter
_exit
__getmainargs
_amsg_exit
__set_app_type
_fmode
_commode
__setusermatherr
_configthreadlocale
?terminate@@YAXXZ
_onexit
_lock
__dllonexit
_unlock
_CRT_RTC_INITW
tolower
strchr
strncmp
isspace
isalnum
isalpha

kernel32

VirtualAlloc
GetLastError
OutputDebugStringW
OutputDebugStringA
OpenEventA
SetEvent
CloseHandle
LocalFileTimeToFileTime
FileTimeToLocalFileTime
FileTimeToSystemTime
MulDiv
EncodePointer
DecodePointer
InterlockedExchange
InterlockedCompareExchange
HeapSetInformation
UnmapViewOfFile
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
HeapFree
HeapAlloc
GetProcessHeap
GetModuleFileNameW
VirtualQuery
FreeLibrary
IsProcessorFeaturePresent
GetTickCount
GetCurrentThreadId
GetCurrentProcessId
GetSystemTimeAsFileTime
GetSystemInfo
MapViewOfFile
CreateFileMappingA
GetCurrentThread
OpenFileMappingA
InterlockedIncrement
InterlockedDecrement
LoadLibraryW
InitializeCriticalSection
GetProcAddress
lstrlenA
RaiseException
MultiByteToWideChar
IsDebuggerPresent
WideCharToMultiByte
Sleep
DeleteCriticalSection
GetStartupInfoW
QueryPerformanceCounter

user32

GetWindowRect
GetSystemMetrics
PostQuitMessage
GetDesktopWindow
CopyRect
IsRectEmpty
PtInRect
SetRect
SetRectEmpty
EqualRect
InflateRect
OffsetRect
IntersectRect
SubtractRect
UnionRect

oleaut32

SysFreeString

controlcan

VCI_ReadErrInfo
VCI_Receive
VCI_GetReceiveNum
VCI_StartCAN
VCI_OpenDevice
VCI_CloseDevice
VCI_Transmit
VCI_InitCAN
VCI_SetReference

pcanbasic

ord7
ord5
ord9
ord8
ord1
ord2
ord6

winmm

timeEndPeriod
timeBeginPeriod
timeSetEvent
timeKillEvent

checksum

Cal_Crc16Init
Cal_ComputeCrc16
Cal_Crc8Init
Cal_ComputeCrc8
Cal_Crc8Finalize

chery_security

Chery_ComputeKey

advapi32

RevertToSelf
SetThreadToken
OpenThreadToken

Sections

.textbss
Size: - Virtual size: 143KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.text
Size: 315KB - Virtual size: 314KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 46KB - Virtual size: 46KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 4.1MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 9KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 251KB - Virtual size: 251KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 38KB - Virtual size: 37KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

dd046e40bba771877a568e4850f2db8b

Headers

DLL Characteristics

File Characteristics

Imports

mfc100d

msvcr100d

kernel32

user32

oleaut32

controlcan

pcanbasic

winmm

checksum

chery_security

advapi32

Sections

.textbss Size: - Virtual size: 143KB

.text Size: 315KB - Virtual size: 314KB

.rdata Size: 46KB - Virtual size: 46KB

.data Size: 2KB - Virtual size: 4.1MB

.idata Size: 9KB - Virtual size: 9KB

.rsrc Size: 251KB - Virtual size: 251KB

.reloc Size: 38KB - Virtual size: 37KB

.textbss
Size: - Virtual size: 143KB

.text
Size: 315KB - Virtual size: 314KB

.rdata
Size: 46KB - Virtual size: 46KB

.data
Size: 2KB - Virtual size: 4.1MB

.idata
Size: 9KB - Virtual size: 9KB

.rsrc
Size: 251KB - Virtual size: 251KB

.reloc
Size: 38KB - Virtual size: 37KB