1208ef93a090253732586bc61d9dfe12

Sharing

Copy URL

Twitter E-mail

General

Target

1208ef93a090253732586bc61d9dfe12
Size

328KB
MD5

1208ef93a090253732586bc61d9dfe12
SHA1

bf8babaebc94018534dbffb975ef38f0db411daf
SHA256

51bb3694ee5afa87edc178ab478e6b88262a7e745fdbe2b6a66c74b04cad595a
SHA512

e60a0e0ac95d4d72680d0b32b1def44ebc9b5564e2cc0c35968edac0e90d745a7a8ae4521477b877eb0852f1d2e22a8c4fea73f24e00c447329b1cbc446eb9b0
SSDEEP

6144:lZIbXIcntsVEyT+bjPAymfS8OtmhgNrAM3VB3wUeYf9vGdbWQ:la3n2S2+bjPApfSjtc4ypYf5GVWQ

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
1208ef93a090253732586bc61d9dfe12

Files

1208ef93a090253732586bc61d9dfe12
.exe windows:4 windows x86 arch:x86

ec2b89cb2d46eb3456885db2b62203b0

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

VerifyVersionInfoW
DeleteTimerQueueTimer
SetFileAttributesA
LocalUnlock
GlobalUnlock
GetCurrentProcessId
GlobalFindAtomA
GetLogicalDriveStringsW
UnlockFile
CreateTimerQueueTimer
GetProcessTimes
SetHandleCount
HeapFree
EnumResourceLanguagesA
WritePrivateProfileStringA
InterlockedIncrement
InterlockedDecrement
GetStringTypeW
GetStringTypeA
LCMapStringW
LCMapStringA
MultiByteToWideChar
DeviceIoControl
TlsGetValue
LocalFileTimeToFileTime
QueryPerformanceFrequency
WaitForSingleObject
OpenMutexW
FreeResource
ExpandEnvironmentStringsW
HeapCreate
GetStringTypeExA
GetQueuedCompletionStatus
GetCommandLineA
VirtualAlloc
GetTempFileNameW
GetPrivateProfileSectionA
MulDiv
WriteConsoleW
InterlockedCompareExchange
GetPrivateProfileIntA
GetProfileStringA
GlobalSize
FindClose
GetTempPathW
OpenProcess
FormatMessageA
GetSystemTime
GetCurrentProcess
IsBadReadPtr
RemoveDirectoryA
WritePrivateProfileStringW
IsProcessorFeaturePresent
FindNextFileW
FindFirstFileA
SetErrorMode
lstrcmpW
GetSystemDefaultLCID
TlsSetValue
GetVersionExA
LocalReAlloc
IsDBCSLeadByte
ResumeThread
TerminateThread
CreateDirectoryA
GetModuleHandleA
GetStartupInfoA
GetVersion
ExitProcess
TerminateProcess
UnhandledExceptionFilter
GetModuleFileNameA
FreeEnvironmentStringsA
FreeEnvironmentStringsW
WideCharToMultiByte
GetEnvironmentStrings
GetEnvironmentStringsW
GetStdHandle
GetFileType
GetCurrentThreadId
TlsAlloc
SetLastError
GetLastError
GetEnvironmentVariableA
HeapDestroy
VirtualFree
RtlUnwind
WriteFile
InitializeCriticalSection
EnterCriticalSection
LeaveCriticalSection
GetCPInfo
GetACP
GetOEMCP
HeapAlloc
HeapReAlloc
GetProcAddress
LoadLibraryA

user32

TrackPopupMenu
GetWindowRect
GetMenu
UnionRect
GetDesktopWindow

ole32

CreateClassMoniker
CoGetInterfaceAndReleaseStream
CreateDataAdviseHolder
OleRegEnumVerbs
OleIsCurrentClipboard
OleCreateLinkToFile
WriteClassStg
CoGetMalloc
OleUninitialize
OleCreateFromData

gdi32

GetFontData
RoundRect
CreatePen
GetDCOrgEx
GetWindowOrgEx
SetWindowExtEx
CreateHalftonePalette
CreateBrushIndirect
GetBkColor
CreatePenIndirect
CopyEnhMetaFileA
CopyMetaFileW
CloseMetaFile
GetSystemPaletteEntries
CreateBitmap
DPtoLP
GetViewportExtEx
ExtCreatePen
OffsetViewportOrgEx
ExtTextOutW
EndDoc
SetROP2

advapi32

OpenSCManagerW
AllocateAndInitializeSid
GetAclInformation
CreateServiceW
ReportEventA
RegQueryInfoKeyA
SetSecurityDescriptorControl
RegEnumKeyW
CryptCreateHash
GetSecurityDescriptorDacl
CryptDestroyHash
GetAce
ImpersonateLoggedOnUser
InitializeSecurityDescriptor
CryptReleaseContext
LookupAccountSidA
CryptAcquireContextA
LookupAccountSidW
RegCreateKeyExA
ReportEventW

Sections

.text
Size: 248KB - Virtual size: 245KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

cemwec
Size: 20KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

guesca
Size: 20KB - Virtual size: 18KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

mueusk
Size: 36KB - Virtual size: 35KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

ec2b89cb2d46eb3456885db2b62203b0

Headers

File Characteristics

Imports

kernel32

user32

ole32

gdi32

advapi32

Sections

.text Size: 248KB - Virtual size: 245KB

cemwec Size: 20KB - Virtual size: 16KB

guesca Size: 20KB - Virtual size: 18KB

mueusk Size: 36KB - Virtual size: 35KB

.text
Size: 248KB - Virtual size: 245KB

cemwec
Size: 20KB - Virtual size: 16KB

guesca
Size: 20KB - Virtual size: 18KB

mueusk
Size: 36KB - Virtual size: 35KB