0601856963b99b86013b3c0c7185815e

Sharing

Copy URL Twitter E-mail

General

Target

0601856963b99b86013b3c0c7185815e
Size

848KB
MD5

0601856963b99b86013b3c0c7185815e
SHA1

33a5bd9887b77c8c1416d4983ca52236196ae1bd
SHA256

33beeb8168ba33ecaa08fc3e616552d0d4ae8dc69d86563a1ecc45ed9a7296a7
SHA512

441ad8472643e92d07570e97874830d1d87bf447d36116741f0fa488434ccaf09682e23aa42e9a894d3ec65c3b3de60d648c3f22f828359592d5adb335b03390
SSDEEP

24576:qVFtmkVBvVJs3+mxuWtUPTucqWHVBqG9lz+nj7sRWgKlK9z:qM+v3O+2tFcDHVB5rEfSNKUN

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
0601856963b99b86013b3c0c7185815e

Files

0601856963b99b86013b3c0c7185815e
.exe windows:5 windows x86 arch:x86

259b2f33bf6988f8c7c64347013a091a

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

VerLanguageNameA
FileTimeToSystemTime
GetTempPathA
GetProcessIoCounters
LoadLibraryA
GetConsoleCharType
GetConsoleAliasExesLengthA
GetFileAttributesExA
GetNativeSystemInfo
SetThreadPriorityBoost
MoveFileExW
AddRefActCtx
FindNextVolumeA
HeapSummary
SwitchToFiber
SetComputerNameExA
GetConsoleOutputCP
WriteFile
ReadDirectoryChangesW
CreateDirectoryA
SetThreadContext
GetModuleHandleW
DeleteVolumeMountPointA
SetCalendarInfoW
VirtualFreeEx
VDMOperationStarted
OpenMutexW
SetProcessPriorityBoost
OutputDebugStringA
DisconnectNamedPipe
VirtualAlloc
DebugBreakProcess
EnumerateLocalComputerNamesW
RegisterConsoleIME
VirtualProtectEx
GetEnvironmentVariableW
SetDefaultCommConfigW
GetCurrentProcess
ReadConsoleOutputCharacterA
GetPrivateProfileSectionW
Module32Next
InitializeCriticalSection
HeapCreate
FindFirstVolumeA

odbccr32

SQLEndTran
SQLParamData
SQLTransact
SQLBulkOperations
SQLFetch
SQLSetConnectAttr
SQLSetConnectOption
SQLGetDescRec
SQLFreeHandle
SQLFreeStmt
SQLPutData
SQLNumParams
SQLGetStmtAttr
SQLMoreResults
SQLSetDescRec
SQLExecute
SQLGetStmtOption
SQLSetScrollOptions
SQLPrepare

mapi32

cmc_list
cmc_logoff
HrSetOmiProvidersFlagsInvalid@4
UNKOBJ_Free@8
FtAdcFt@20
UNKOBJ_FreeRows@8
FGetComponentPath
BMAPISaveMail
WrapProgress@20
HrValidateIPMSubtree@20
SwapPlong@8
BMAPIGetReadMail
OpenTnefStreamEx@32
ScInitMapiUtil@4
cmc_send_documents
OpenTnefStream@28
OpenStreamOnFile@24
ScMAPIXFromSMAPI
ScCreateConversationIndex@16
MAPIResolveName
ChangeIdleRoutine@28
SetAttribIMsgOnIStg@16
FBadRowSet@4
EnableIdleRoutine@8
BMAPIDetails

ntdll

RtlPushFrame
RtlDumpResource
RtlMapGenericMask
RtlSecondsSince1980ToTime
ZwQueryDirectoryFile
RtlSetCurrentDirectory_U
NtCreateFile
NtFreeVirtualMemory
RtlCreateUnicodeStringFromAsciiz
NtIsSystemResumeAutomatic
RtlCheckRegistryKey
NtFsControlFile
RtlGUIDFromString
NtSuspendThread
RtlEnterCriticalSection
ZwOpenThread
_wcslwr
wcsrchr
ZwOpenEvent
RtlGetLongestNtPathLength
RtlNumberGenericTableElements
ZwReplyWaitReplyPort

wintrust

CryptCATCDFClose
CryptCATCDFEnumMembersByCDFTag
TrustDecode
CryptCATAdminCalcHashFromFileHandle
WintrustSetRegPolicyFlags
OpenPersonalTrustDBDialogEx
CryptCATGetAttrInfo
SoftpubInitialize
CryptCATAdminRemoveCatalog
SoftpubDumpStructure
WVTAsn1SpcFinancialCriteriaInfoEncode
MsCatFreeHashTag
CryptCATOpen
CryptCATAdminPauseServiceForBackup
WVTAsn1SpcSigInfoDecode

Sections

.text
Size: 756KB - Virtual size: 756KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 83KB - Virtual size: 82KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 5KB - Virtual size: 1.4MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 1008B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

259b2f33bf6988f8c7c64347013a091a

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

odbccr32

mapi32

ntdll

wintrust

Sections

.text Size: 756KB - Virtual size: 756KB

.rdata Size: 83KB - Virtual size: 82KB

.data Size: 5KB - Virtual size: 1.4MB

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 1024B - Virtual size: 1008B

.text
Size: 756KB - Virtual size: 756KB

.rdata
Size: 83KB - Virtual size: 82KB

.data
Size: 5KB - Virtual size: 1.4MB

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 1024B - Virtual size: 1008B