fcace6f38a80fe4aeda0237b9e4493e2

Sharing

Copy URL

Twitter E-mail

General

Target

fcace6f38a80fe4aeda0237b9e4493e2
Size

192KB
MD5

fcace6f38a80fe4aeda0237b9e4493e2
SHA1

28c247d1798e107dd60dab1f8aaf671d02f0b4f9
SHA256

38e9e6410d5f045ebdbb970084f0ca02945c651fd9753bd3991697f4945cf651
SHA512

5cf6ae6716de2c693fe7ccc18258855848606606663ec21f15c606a6cfbd1779557c0d27b364e0f277574f547f315e11b7e1596470d960a702373f8db6925234
SSDEEP

3072:qeEgXVMGX7s0SITvuFD4dQqOZysoCkUR5IrCYNsG5d3drafA45Ym5v:q4lVoVkvuFD4dQqOYo5o1tra4jm

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
fcace6f38a80fe4aeda0237b9e4493e2

Files

fcace6f38a80fe4aeda0237b9e4493e2
.exe windows:5 windows x86 arch:x86

6316403b987cde4fbb11cf6732d1ebe7

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

Sleep
CreateDirectoryW
lstrcatW
GetModuleHandleW
GetExitCodeProcess
CreateProcessW
GetStartupInfoW
OpenProcess
LocalFree
SetLastError
GetCurrentProcess
CloseHandle
GetDateFormatW
GetTimeFormatW
lstrcpyW
MoveFileW
GetCurrentProcessId
FindFirstFileW
FindNextFileW
FindClose
DeleteFileW
LeaveCriticalSection
OpenEventW
FileTimeToSystemTime
DeleteCriticalSection
InitializeCriticalSection
GetVolumeInformationW
GetLastError
ResumeThread
SuspendThread
CreateEventW
ResetEvent
WaitForMultipleObjects
WaitForSingleObject
GetLocalTime
SystemTimeToFileTime
SetEvent
GetModuleFileNameW
GetPrivateProfileIntW
lstrlenW
lstrcpynW
LoadLibraryW
GetProcAddress
EnterCriticalSection
ExpandEnvironmentStringsA
LoadLibraryA
DeviceIoControl
GetFileSize
ReadFile
LocalAlloc
GetVersionExW
FreeLibrary
SetProcessWorkingSetSize
WriteFile
GetFileAttributesW
SetFileAttributesW
CreateFileW
PulseEvent
GetPrivateProfileStringW
WritePrivateProfileStringW
LoadLibraryExW
GetSystemTimeAsFileTime
GetCurrentThreadId
GetTickCount
QueryPerformanceCounter
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
TerminateProcess
InterlockedCompareExchange
InterlockedExchange

iphlpapi

NotifyAddrChange

user32

wsprintfW
LoadStringW
RegisterDeviceNotificationW
UnregisterDeviceNotification
GetForegroundWindow

advapi32

RegOpenKeyExA
RegConnectRegistryW
RegOpenKeyExW
RegCloseKey
RegQueryValueExW
InitializeSecurityDescriptor
SetSecurityDescriptorDacl
OpenSCManagerW
OpenServiceW
CloseServiceHandle
QueryServiceStatus
DuplicateTokenEx
GetSecurityInfo
GetSecurityDescriptorDacl
GetUserNameW
BuildExplicitAccessWithNameW
SetEntriesInAclW
SetSecurityInfo
SetTokenInformation
CreateProcessAsUserW
OpenProcessToken
StartServiceCtrlDispatcherW
RegisterServiceCtrlHandlerExW
SetServiceStatus
StartServiceW
RegQueryValueExA

msvcr90

_adjust_fdiv
__p__commode
__p__fmode
__set_app_type
__setusermatherr
_crt_debugger_hook
?terminate@@YAXXZ
?_type_info_dtor_internal_method@type_info@@QAEXXZ
_invoke_watson
_controlfp_s
_configthreadlocale
_initterm_e
_initterm
strtoul
_wsopen
_close
_filelength
__initenv
exit
_XcptFilter
_exit
_cexit
__getmainargs
_amsg_exit
_decode_pointer
_onexit
_lock
_encode_pointer
__dllonexit
_unlock
_except_handler4_common
_swprintf
wcschr
wcscmp
wcsncpy
wcsstr
_vswprintf
fwprintf
fflush
_wfopen
fwrite
fclose
fseek
fread
feof
memcmp
_wcsicmp
_snwprintf
memcpy
malloc
free
memmove_s
_lseek
_read
calloc
_errno
??2@YAPAXI@Z
??0exception@std@@QAE@ABV01@@Z
_CxxThrowException
_invalid_parameter_noinfo
__CxxFrameHandler3
??0exception@std@@QAE@XZ
??3@YAXPAX@Z
??1exception@std@@UAE@XZ
?what@exception@std@@UBEPBDXZ
??0exception@std@@QAE@ABQBD@Z
_beginthreadex
memset
_wcsupr
swscanf
wcsrchr
_waccess
wcslen
realloc
_wassert
fprintf
_wsplitpath
wcscpy_s
wcsncat_s
wcsncpy_s
swscanf_s
wcscat_s
swprintf_s
rand
srand
_time64
_wfopen_s
vswprintf_s
iswspace
iswalnum
wcscpy
wcsncmp
_wsplitpath_s
mbstowcs
_vsnwprintf_s

msvcp90

??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@@Z
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBD@Z

version

GetFileVersionInfoSizeW
GetFileVersionInfoW
VerQueryValueW

shell32

ShellExecuteW

Sections

.text
Size: 80KB - Virtual size: 79KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 17KB - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

�'w
Size: 86KB - Virtual size: 88KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

6316403b987cde4fbb11cf6732d1ebe7

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

iphlpapi

user32

advapi32

msvcr90

msvcp90

version

shell32

Sections

.text Size: 80KB - Virtual size: 79KB

.rdata Size: 17KB - Virtual size: 17KB

.data Size: 3KB - Virtual size: 11KB

.rsrc Size: 3KB - Virtual size: 3KB

�'w Size: 86KB - Virtual size: 88KB

.text
Size: 80KB - Virtual size: 79KB

.rdata
Size: 17KB - Virtual size: 17KB

.data
Size: 3KB - Virtual size: 11KB

.rsrc
Size: 3KB - Virtual size: 3KB

�'w
Size: 86KB - Virtual size: 88KB