106a32c4e43b6dd3a927867a7466accb

Sharing

Copy URL Twitter E-mail

General

Target

106a32c4e43b6dd3a927867a7466accb
Size

893KB
MD5

106a32c4e43b6dd3a927867a7466accb
SHA1

26a82361e03672801c045414469902e9f61e01bf
SHA256

025b412defbfbdb36701400ccd41c639f4bb58a46913053f2779a3da04df9c26
SHA512

275894c61e7a0ea848a348029f55fcd4cae08e877b16253c874c543d6d4b2d5fc4765697ef3f54124162c315867f552f7893f5011e6d8808e85c7f3713cc4c5e
SSDEEP

12288:St8a5rfFQq7qRzaevmgKzux7yfcD3C5DdIEG9eU9MV6CtTNxqFhO/hp+03Uwf9u5:St95rfjgaQkTAy5DdUeP68J/731gi

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
106a32c4e43b6dd3a927867a7466accb

Files

106a32c4e43b6dd3a927867a7466accb
.exe windows:5 windows x86 arch:x86

fbf3554161b8ad7dd4edeb83de1e77ed

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

cmutil

?SetFile@CIniW@@QAEXPBG@Z
CmAtolW
?CIniA_GetEntryFromReg@CIniA@@IBEPAEPAUHKEY__@@PBD1KK@Z
?WPPI@CIniW@@QAEXPBG0K@Z
?CIniA_WriteEntryToReg@CIniA@@IBEHPAUHKEY__@@PBD1PBEKK@Z
?LoadEntry@CIniW@@IBEPAGPBG@Z
?Clear@CIniW@@QAEXXZ
?GetSection@CIniW@@QBEPBGXZ
CmStrCatAllocA
CmStripFileNameW
?SetICSDataPath@CIniW@@QAEXPBG@Z
?GetRegPath@CIniW@@QBEPBGXZ
??4CRandom@@QAEAAV0@ABV0@@Z
?GetFile@CIniA@@QBEPBDXZ
?SetWriteICSData@CIniA@@QAEXH@Z
CmStrrchrA
SzToWzWithAlloc
SzToWz
?SetEntry@CIniA@@QAEXPBD@Z
CmFmtMsgW
?Banner@CmLogFile@@QAEXXZ
CmFree
?Init@CmLogFile@@QAEJPAUHINSTANCE__@@HPBG@Z
?SetICSDataPath@CIniA@@QAEXPBD@Z
??0CIniA@@QAE@PAUHINSTANCE__@@PBD111@Z
?GPPI@CIniW@@QBEKPBG0K@Z
??0CRandom@@QAE@XZ
CmStrTrimW
?OpenFile@CmLogFile@@AAEJXZ

oleaut32

VarI2FromCy
SysAllocStringByteLen
VarI1FromDate
VarI2FromR4
VarUI4FromDisp
SafeArrayAllocData
OleTranslateColor
VarBstrFromDate
VarMod
VarUI4FromUI8
VarR4FromDate
SafeArrayGetLBound
VarI2FromI4
SafeArrayPtrOfIndex
GetAltMonthNames
VarUdateFromDate
VarUI2FromBool
SafeArraySetRecordInfo
VarI4FromI2
VarCyMul
VariantChangeType
VarDecFromI4
VarBstrCat
VarUI2FromDec
VarI4FromCy
VarI8FromUI4
VarAnd
VarBstrFromBool
SafeArraySetIID
SysFreeString
VarDateFromR8
VarPow
VarUI1FromI1
LPSAFEARRAY_Unmarshal
LoadTypeLib
SysStringByteLen
SafeArrayCopyData

kernel32

SetNamedPipeHandleState
FreeEnvironmentStringsA
LocalLock
FindNextChangeNotification
CreateTimerQueueTimer
CreatePipe
GetPrivateProfileIntA
GetModuleHandleA
CreateActCtxW
LZStart
VirtualAlloc
OpenMutexW
WriteConsoleOutputW
QueryInformationJobObject
LoadLibraryA
GetMailslotInfo
ConvertFiberToThread
GlobalFindAtomA
MoveFileExW
CompareStringW
ShowConsoleCursor
GetCompressedFileSizeW
CreateFileW
BeginUpdateResourceW
GetThreadTimes
EnumUILanguagesW
WriteConsoleInputW
GetSystemDirectoryW
LocalFileTimeToFileTime
GetProfileStringA
QueryPerformanceCounter
EraseTape
SetTimerQueueTimer
GetCPInfoExA
GetConsoleAliasW
CancelWaitableTimer
Heap32ListNext
FreeEnvironmentStringsW
IsDebuggerPresent
UnregisterWait
Module32NextW
CreateProcessInternalW
CreateToolhelp32Snapshot
GetModuleHandleExW
GetStringTypeExA
FatalAppExitA
SetConsoleTextAttribute
FindClose
HeapCreate
SearchPathW
GetCPInfoExW
PulseEvent
Module32FirstW
WritePrivateProfileSectionW
FlushFileBuffers
SetErrorMode
GetProfileSectionW
SetFileShortNameA
OutputDebugStringA
SearchPathA
HeapQueryInformation
CreateHardLinkA
GetTempPathA
GetProcessAffinityMask
BaseDumpAppcompatCache
LZCopy
InterlockedFlushSList
SetCommBreak
SetVolumeLabelA
EnumDateFormatsW
InvalidateConsoleDIBits
lstrcpyW
GetComputerNameA
SetPriorityClass
GetGeoInfoW
GetGeoInfoA
SetLocaleInfoW

comctl32

ImageList_SetFilter
ImageList_Add
ImageList_GetBkColor
DrawStatusTextW
InitializeFlatSB
ImageList_SetOverlayImage
ImageList_SetIconSize
ImageList_SetFlags
ImageList_Merge
CreatePropertySheetPage
ImageList_DragEnter
ImageList_Duplicate
DrawStatusText
DrawStatusTextA
FlatSB_GetScrollRange
ImageList_GetImageInfo
ImageList_AddIcon
GetMUILanguage
CreateMappedBitmap
FlatSB_SetScrollInfo
ImageList_DrawEx
ImageList_LoadImage
ImageList_Read
PropertySheetA
ImageList_LoadImageW
FlatSB_SetScrollProp
ImageList_DragMove
FlatSB_GetScrollInfo
ImageList_EndDrag
MakeDragList

msi

MsiRecordSetStreamW
MsiInstallProductA
MsiSetPropertyA
MsiLocateComponentW
MsiGetShortcutTargetA
MsiSourceListForceResolutionA
MsiDatabaseApplyTransformW
MsiGetFeatureCostW
MsiQueryFeatureStateFromDescriptorA
MsiGetFeatureStateW
MsiSequenceW
MsiOpenPackageExA
MsiGetFileHashA
MsiOpenPackageA
MsiGetTargetPathA
MsiDeleteUserDataA
MsiSummaryInfoSetPropertyA
MsiGetProductPropertyW
MsiSetPropertyW
MsiSetExternalUIW
MsiGetPropertyW
MsiDatabaseImportA
MsiGetComponentPathW
MsiCollectUserInfoA
MsiGetProductInfoA
MsiDatabaseOpenViewA
MsiApplyPatchA
MsiProvideQualifiedComponentExW
MsiCreateAndVerifyInstallerDirectory
MsiSetComponentStateW

Sections

.text
Size: 195KB - Virtual size: 195KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 585KB - Virtual size: 585KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 82KB - Virtual size: 1.5MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 28KB - Virtual size: 29KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

fbf3554161b8ad7dd4edeb83de1e77ed

Headers

File Characteristics

Imports

cmutil

oleaut32

kernel32

comctl32

msi

Sections

.text Size: 195KB - Virtual size: 195KB

.rdata Size: 585KB - Virtual size: 585KB

.data Size: 82KB - Virtual size: 1.5MB

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 28KB - Virtual size: 29KB

.text
Size: 195KB - Virtual size: 195KB

.rdata
Size: 585KB - Virtual size: 585KB

.data
Size: 82KB - Virtual size: 1.5MB

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 28KB - Virtual size: 29KB