cf85d84bf049e077bdd81214bb33006b5f16000c56b92be1bf2ce92065aca4bb

Sharing

Copy URL

Twitter E-mail

General

Target

cf85d84bf049e077bdd81214bb33006b5f16000c56b92be1bf2ce92065aca4bb
Size

2.2MB
MD5

13712f277263133e0c80ba889803c170
SHA1

d2b34a7d3f440e90fe0f0386f3aec7973fe5377c
SHA256

cf85d84bf049e077bdd81214bb33006b5f16000c56b92be1bf2ce92065aca4bb
SHA512

6aba02058fa2e43e3222acfe9301f718e1e9dbe75c387a6ad8c0c56b57cdffd1dc176cdb9c138c470f751257da60b8cdbbe139ec2d85752e737713ac96c1654a
SSDEEP

49152:qm2ikGHHHTJgedU2XlQQ6SOg+tCm/XAWqhHtFatO/2KkXC2hrSD7SiwxC:qm2ikivK+Q1g312O/0RS6iw8

Score

3^/10

Malware Config

Signatures

Unsigned PE 2 IoCs

Checks for missing Authenticode signature.

resource
unpack001/Setup.exe
unpack001/cr.dll

Files

cf85d84bf049e077bdd81214bb33006b5f16000c56b92be1bf2ce92065aca4bb
.zip
Setup.exe
.exe windows:4 windows x86 arch:x86

8917b8be55b0608ad9ed926a57ef25d0

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED

Imports

kernel32

ExitProcess
WriteConsoleW

crypt32

CertDuplicateCRLContext

mmcndmgr

CreateExecutivePlatform
DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer

mshtml

GetWebPlatformObject

msxml6

DllGetActivationFactory

ntdll

RtlGetSaclSecurityDescriptor

ole32

CoRegisterSurrogate
HGLOBAL_UserSize

rasdlg

RasSrvIsConnectionConnected

rpcrt4

CStdStubBuffer_QueryInterface

version

GetFileVersionInfoSizeExW
GetFileVersionInfoW

cr

xnosEapRqjVGOtry

Sections

.text
Size: 601KB - Virtual size: 601KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.eh_fram
Size: 512B - Virtual size: 52B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.idata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 24B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
cr.dll
.dll windows:4 windows x86 arch:x86

9aba9526e9e6625b7e6898e48273ac49

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED
IMAGE_FILE_DLL

Imports

kernel32

ExitProcess
GlobalAlloc
GlobalFlags
WriteConsoleW

crypt32

CertDuplicateCRLContext

mmcndmgr

CreateExecutivePlatform
DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer

mshtml

GetWebPlatformObject

msxml6

DllGetActivationFactory

ntdll

RtlGetSaclSecurityDescriptor

ole32

CoRegisterSurrogate
HGLOBAL_UserSize

rasdlg

RasSrvIsConnectionConnected

rpcrt4

CStdStubBuffer_QueryInterface

version

GetFileVersionInfoSizeExW
GetFileVersionInfoW

Exports

Exports

xnosEapRqjVGOtry

Sections

.text
Size: 604KB - Virtual size: 603KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 566KB - Virtual size: 566KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 512B - Virtual size: 32B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.bss
Size: - Virtual size: 48B

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.edata
Size: 512B - Virtual size: 82B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.idata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 136B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

8917b8be55b0608ad9ed926a57ef25d0

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

crypt32

mmcndmgr

mshtml

msxml6

ntdll

ole32

rasdlg

rpcrt4

version

cr

Sections

.text Size: 601KB - Virtual size: 601KB

.eh_fram Size: 512B - Virtual size: 52B

.idata Size: 1KB - Virtual size: 1KB

.reloc Size: 512B - Virtual size: 24B

9aba9526e9e6625b7e6898e48273ac49

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

crypt32

mmcndmgr

mshtml

msxml6

ntdll

ole32

rasdlg

rpcrt4

version

Exports

Exports

Sections

.text Size: 604KB - Virtual size: 603KB

.data Size: 566KB - Virtual size: 566KB

.rdata Size: 512B - Virtual size: 32B

.bss Size: - Virtual size: 48B

.edata Size: 512B - Virtual size: 82B

.idata Size: 1KB - Virtual size: 1KB

.reloc Size: 512B - Virtual size: 136B

.text
Size: 601KB - Virtual size: 601KB

.eh_fram
Size: 512B - Virtual size: 52B

.idata
Size: 1KB - Virtual size: 1KB

.reloc
Size: 512B - Virtual size: 24B

.text
Size: 604KB - Virtual size: 603KB

.data
Size: 566KB - Virtual size: 566KB

.rdata
Size: 512B - Virtual size: 32B

.bss
Size: - Virtual size: 48B

.edata
Size: 512B - Virtual size: 82B

.idata
Size: 1KB - Virtual size: 1KB

.reloc
Size: 512B - Virtual size: 136B