fc5cf2ccd6a6959b361aa4d92a102c88

Sharing

Copy URL Twitter E-mail

General

Target

fc5cf2ccd6a6959b361aa4d92a102c88
Size

240KB
MD5

fc5cf2ccd6a6959b361aa4d92a102c88
SHA1

74834a642a5416cedf8c8029fdfd1b7c7338eed2
SHA256

b6e2fe6df62b7a0c55a0909eb2e72ae234221512d189366518727e994eadabf0
SHA512

8ccbf812f00acbb5bd4d93f0881797937b3d3716dd2cf0548fde81117549131f1c122b57bc2639e6b6414d111861a1d14bc682e942e4f8c408d7ef5a05b921de
SSDEEP

6144:WWqiAvhbenkkMqVBUkXf82LCbgl4IElxpc:WWhHMMUGEqLl4IWxp

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
fc5cf2ccd6a6959b361aa4d92a102c88

Files

fc5cf2ccd6a6959b361aa4d92a102c88
.exe windows:4 windows x86 arch:x86

c4fa4c868ccafe4a19900e3b69d8d828

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Imports

msvcrt

_amsg_exit
_exit
?terminate@@YAXXZ
_adjust_fdiv
_XcptFilter
_ismbblead
memmove
strtok
_mbsstr
__p__commode
_getcwd
_mbsicmp
_acmdln
_mbscmp
_access
_mbsupr
_mbschr
_mbsinc
exit
__set_app_type
__getmainargs
_controlfp
malloc
memset
__p__fmode
strchr
__setusermatherr
memcpy
_cexit
_initterm
strstr

ntdll

RtlUnwind

kernel32

GetFileType
FindFirstFileA
GetVersion
GetOEMCP
GetSystemDirectoryA
lstrlenA
CreateProcessA
GetSystemTimeAsFileTime
InterlockedCompareExchange
GetCurrentProcess
GetWindowsDirectoryA
FreeLibrary
VirtualProtect
TerminateProcess
FindClose
lstrcatA
UnmapViewOfFile
DeleteFileA
GetProcAddress
CreateFileA
WaitForSingleObject
GetLastError
GetCurrentThreadId
GetStartupInfoA
GetModuleHandleA
GetVersionExA
InterlockedExchange
GlobalFree
GetExitCodeProcess
RemoveDirectoryA
GetCommandLineW
GetTickCount
SetEndOfFile
GetShortPathNameA
GetCurrentProcessId
GlobalAlloc
CloseHandle
CreateFileMappingA
QueryPerformanceCounter
SetFilePointer
LoadLibraryA
FindNextFileA
GetACP
Sleep
MapViewOfFile
CreateDirectoryA
SetUnhandledExceptionFilter
SetFileAttributesA
GetPrivateProfileStringA
GetCommandLineA
GetFileSize
lstrcpyA
lstrcpynA
UnhandledExceptionFilter
MoveFileExA

advapi32

RegQueryValueExA
RegDeleteKeyA
DeleteService
LookupPrivilegeValueA
EqualSid
CloseServiceHandle
AllocateAndInitializeSid
OpenSCManagerA
RegSetValueExA
AdjustTokenPrivileges
RegEnumKeyExA
RegOpenKeyExA
GetTokenInformation
OpenServiceA
OpenProcessToken
FreeSid
RegDeleteValueA
ControlService
RegCloseKey

setupapi

SetupDiCallClassInstaller
SetupDiGetClassDevsA
SetupDiEnumDeviceInfo
SetupDiDeleteDeviceInfo
SetupDiOpenDevRegKey
SetupDiGetDeviceRegistryPropertyA

user32

wsprintfA
ExitWindowsEx
MessageBoxA
LoadIconA
LoadStringA
SendMessageA
FindWindowA

Sections

.text
Size: 68KB - Virtual size: 68KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 3KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 164KB - Virtual size: 407KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

c4fa4c868ccafe4a19900e3b69d8d828

Headers

File Characteristics

Imports

msvcrt

ntdll

kernel32

advapi32

setupapi

user32

Sections

.text Size: 68KB - Virtual size: 68KB

.rdata Size: 3KB - Virtual size: 8KB

.data Size: 164KB - Virtual size: 407KB

.rsrc Size: 3KB - Virtual size: 3KB

.text
Size: 68KB - Virtual size: 68KB

.rdata
Size: 3KB - Virtual size: 8KB

.data
Size: 164KB - Virtual size: 407KB

.rsrc
Size: 3KB - Virtual size: 3KB