8cbd202e50e96cdfaafe16941e18188eb8df21afab0821bd381a4552528f60cb

Sharing

Copy URL Twitter E-mail

General

Target

8cbd202e50e96cdfaafe16941e18188eb8df21afab0821bd381a4552528f60cb
Size

615KB
MD5

0c36b42277cbf8fcd4513e41d6e9eb7d
SHA1

9833256d01b97d101daccb6612e04495e2e74b63
SHA256

8cbd202e50e96cdfaafe16941e18188eb8df21afab0821bd381a4552528f60cb
SHA512

d51501b95b20f571739d1b414c1787689d895e6d0e14cb1a1c54130455ef93866f07cdc832ebdd3ba9c579baa9df50e5a4378d0683bf70c46e948820e269b71c
SSDEEP

12288:3RYvpjdDO3ZqMyJdnD+LydcAIkRNwJTD6asc+G:SDOoM8dD0nAIkRNwJ6aL

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
8cbd202e50e96cdfaafe16941e18188eb8df21afab0821bd381a4552528f60cb

Files

8cbd202e50e96cdfaafe16941e18188eb8df21afab0821bd381a4552528f60cb
.exe windows:5 windows x86 arch:x86

9fe38e500d9e9f4fc47dcd641f6aef42

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

basicsqlite

??0RCSQLiteConnection@RC@@QAE@XZ
??1RCSQLiteConnection@RC@@QAE@XZ

gdiplus

GdiplusStartup
GdiplusShutdown

imm32

ImmDisableIME

kernel32

CreateSemaphoreW
CreateThread
TerminateThread
GetProcessId
ReleaseSemaphore
RtlCaptureContext
lstrcmpW
CreateEventA
GetSystemTimeAsFileTime
QueryPerformanceCounter
GetStartupInfoW
IsDebuggerPresent
IsProcessorFeaturePresent
TerminateProcess
SetUnhandledExceptionFilter
GetCurrentThreadId
CreateFileW
LocalAlloc
GetCurrentProcess
InterlockedIncrement
GetProcessHeap
UnhandledExceptionFilter
InitializeSListHead
InterlockedExchangeAdd
InitializeCriticalSectionAndSpinCount
GetModuleFileNameW
lstrlenW
GetFullPathNameW
CreateDirectoryW
GetFileSize
ReadFile
WaitForSingleObject
FindClose
LoadLibraryA
GetFileAttributesW
GetFileAttributesExW
FindFirstFileW
WideCharToMultiByte
MultiByteToWideChar
DeleteCriticalSection
InitializeCriticalSection
LeaveCriticalSection
EnterCriticalSection
MapViewOfFile
CreateFileMappingW
UnmapViewOfFile
OpenFileMappingW
FreeLibrary
LoadLibraryW
CreateProcessW
WaitForMultipleObjects
lstrcmpiW
FindResourceW
LoadResource
LockResource
HeapAlloc
GetVersionExW
GetEnvironmentVariableW
ResetEvent
SetEvent
Sleep
CreateEventW
GetWindowsDirectoryW
GetModuleHandleExW
SetFilePointer
WriteFile
LocalFree
GetLocalTime
InterlockedDecrement
HeapFree
GetCurrentProcessId
GetLastError
CreateMutexW
OpenMutexW
CloseHandle
GetModuleHandleW
GetProcAddress
ReleaseMutex
VirtualQueryEx
SetNamedPipeHandleState
TransactNamedPipe
WaitNamedPipeW
OpenProcess
SetThreadPriority
GetExitCodeThread
GetTimeZoneInformation
TlsFree
TlsSetValue
TlsAlloc

user32

SetForegroundWindow
IsWindow
ShowWindow
SendMessageW
GetWindowLongW
wsprintfW

advapi32

FreeSid
CreateServiceW
CloseServiceHandle
OpenSCManagerW
DeleteService
ControlService
StartServiceW
EnumServicesStatusExW
QueryServiceConfigW
QueryServiceConfig2W
OpenServiceW
QueryServiceStatusEx
AllocateAndInitializeSid
EqualSid
GetTokenInformation

msvcp140

?imbue@?$basic_ios@DU?$char_traits@D@std@@@std@@QAE?AVlocale@2@ABV32@@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@_N@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@H@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@P6AAAVios_base@1@AAV21@@Z@Z
?setw@std@@YA?AU?$_Smanip@_J@1@_J@Z
_Mtx_destroy_in_situ
?classic@locale@std@@SAABV12@XZ
?_Xlength_error@std@@YAXPBD@Z
?_Xout_of_range@std@@YAXPBD@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@F@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@G@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@I@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@J@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@K@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@_J@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@_K@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@M@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@N@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@O@Z
?write@?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV12@PBD_J@Z
?uncaught_exception@std@@YA_NXZ
?_Osfx@?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEXXZ
?sputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAE_JPBD_J@Z
?put@?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV12@D@Z
?flush@?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV12@XZ
?widen@?$basic_ios@DU?$char_traits@D@std@@@std@@QBEDD@Z
?sputc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAEHD@Z
??0?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAE@XZ
?setstate@?$basic_ios@DU?$char_traits@D@std@@@std@@QAEXH_N@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@P6AAAV01@AAV01@@Z@Z
??1?$basic_ostream@DU?$char_traits@D@std@@@std@@UAE@XZ
?imbue@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAEXABVlocale@2@@Z
?sync@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAEHXZ
?setbuf@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAEPAV12@PAD_J@Z
?xsputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAE_JPBD_J@Z
?xsgetn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAE_JPAD_J@Z
?uflow@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAEHXZ
?showmanyc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAE_JXZ
?_Unlock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@UAEXXZ
?_Lock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@UAEXXZ
??1?$basic_streambuf@DU?$char_traits@D@std@@@std@@UAE@XZ
??1?$basic_ios@DU?$char_traits@D@std@@@std@@UAE@XZ
??0?$basic_ostream@DU?$char_traits@D@std@@@std@@QAE@PAV?$basic_streambuf@DU?$char_traits@D@std@@@1@_N@Z
?_Pninc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAEPADXZ
??0?$basic_ios@DU?$char_traits@D@std@@@std@@IAE@XZ

shlwapi

PathFileExistsW

vcruntime140

__std_exception_destroy
__RTDynamicCast
_set_purecall_handler
__RTtypeid
memchr
memmove
memcpy
__std_type_info_compare
memset
_CxxThrowException
_except_handler4_common
wcschr
__std_terminate
__std_type_info_name
__CxxFrameHandler3
strchr
_purecall
strstr
__std_exception_copy

api-ms-win-crt-runtime-l1-1-0

_invalid_parameter_noinfo
_invalid_parameter_noinfo_noreturn
_register_thread_local_exe_atexit_callback
_c_exit
_errno
_exit
exit
_initterm_e
strerror_s
_get_wide_winmain_command_line
_initialize_wide_environment
_configure_wide_argv
terminate
_set_app_type
_seh_filter_exe
_cexit
_crt_atexit
_register_onexit_function
_initialize_onexit_table
_set_invalid_parameter_handler
_initterm
_controlfp_s

api-ms-win-crt-convert-l1-1-0

atoi
_itow_s

api-ms-win-crt-string-l1-1-0

isspace
wcscpy_s
towupper
towlower
_stricmp

api-ms-win-crt-stdio-l1-1-0

__stdio_common_vswprintf
__stdio_common_vswprintf_s
__stdio_common_vsprintf
_set_fmode
__acrt_iob_func
__stdio_common_vsnwprintf_s
__stdio_common_vfprintf
__stdio_common_vsprintf_s
__p__commode

api-ms-win-crt-time-l1-1-0

_localtime64
_mktime64

api-ms-win-crt-heap-l1-1-0

realloc
_set_new_mode
_callnewh
free
malloc

api-ms-win-crt-filesystem-l1-1-0

_splitpath_s

api-ms-win-crt-math-l1-1-0

_except1
__setusermatherr
floor
_dtest
_finite
_isnan
ceil

api-ms-win-crt-locale-l1-1-0

_configthreadlocale

Exports

Exports

?__autoclassinit2@RCDllWString@@QAEXI@Z
?__autoclassinit2@RCSQLiteConnection@RC@@QAEXI@Z
?__autoclassinit2@RCSQLiteRecordSet@RC@@QAEXI@Z

Sections

.text
Size: 314KB - Virtual size: 313KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 165KB - Virtual size: 165KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 16KB - Virtual size: 18KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 76KB - Virtual size: 76KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 21KB - Virtual size: 21KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

9fe38e500d9e9f4fc47dcd641f6aef42

Headers

DLL Characteristics

File Characteristics

Imports

basicsqlite

gdiplus

imm32

kernel32

user32

advapi32

msvcp140

shlwapi

vcruntime140

api-ms-win-crt-runtime-l1-1-0

api-ms-win-crt-convert-l1-1-0

api-ms-win-crt-string-l1-1-0

api-ms-win-crt-stdio-l1-1-0

api-ms-win-crt-time-l1-1-0

api-ms-win-crt-heap-l1-1-0

api-ms-win-crt-filesystem-l1-1-0

api-ms-win-crt-math-l1-1-0

api-ms-win-crt-locale-l1-1-0

Exports

Exports

Sections

.text Size: 314KB - Virtual size: 313KB

.rdata Size: 165KB - Virtual size: 165KB

.data Size: 16KB - Virtual size: 18KB

.rsrc Size: 76KB - Virtual size: 76KB

.reloc Size: 21KB - Virtual size: 21KB

.text
Size: 314KB - Virtual size: 313KB

.rdata
Size: 165KB - Virtual size: 165KB

.data
Size: 16KB - Virtual size: 18KB

.rsrc
Size: 76KB - Virtual size: 76KB

.reloc
Size: 21KB - Virtual size: 21KB