cc599b65cd81f4d06c197742930013390abb78ca547600d8c4f4117ea2550a2b

Sharing

Copy URL Twitter E-mail

General

Target

cc599b65cd81f4d06c197742930013390abb78ca547600d8c4f4117ea2550a2b
Size

598KB
MD5

ddac0e7df8d5d7b5928bd6e9702b4308
SHA1

0f45215c488bc7e7c7fa36e2873bc42cf7bc2756
SHA256

cc599b65cd81f4d06c197742930013390abb78ca547600d8c4f4117ea2550a2b
SHA512

7ca2b161f2dc02817fd11d9809e32176148814b163e8c8b358d74178b9e4bef2915d29fe4e7055abffbffe96981ec79ac2803fe6330f69632ef8dd279660728c
SSDEEP

12288:ek/GlxhL0neTGObdWwtO9qMy2W8HdcUVtnEDC+XJ5/pepe5UL8H:ROclvcUTEDC+XJ5xbaL8H

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
cc599b65cd81f4d06c197742930013390abb78ca547600d8c4f4117ea2550a2b

Files

cc599b65cd81f4d06c197742930013390abb78ca547600d8c4f4117ea2550a2b
.exe windows:5 windows x86 arch:x86

5e983c28ba039e4d74a854a35659bd3b

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

OpenProcess
GetCurrentProcessId
TerminateProcess
GetExitCodeProcess
WaitForSingleObject
WideCharToMultiByte
WritePrivateProfileStringW
GetTempPathW
GetWindowsDirectoryW
RemoveDirectoryW
MultiByteToWideChar
GetFileAttributesW
CopyFileW
MoveFileW
MoveFileExW
CreateMutexW
CloseHandle
Sleep
LeaveCriticalSection
EnterCriticalSection
GetLongPathNameW
FindResourceExW
OpenFileMappingW
CreateFileMappingW
UnmapViewOfFile
MapViewOfFile
FindResourceW
GetModuleHandleW
GetModuleFileNameW
LoadLibraryW
lstrlenW
lstrcpynW
SizeofResource
LoadResource
GetCurrentProcess
GetProcAddress
FreeLibrary
LockResource
DeleteCriticalSection
InitializeCriticalSectionAndSpinCount
GetLastError
RaiseException
GetProcessHeap
HeapSize
InitializeCriticalSection
DeleteFileW
HeapFree
HeapReAlloc
HeapAlloc
HeapDestroy
SetFileAttributesW
IsDebuggerPresent
OutputDebugStringW
GetStringTypeW
FormatMessageW
EncodePointer
SetLastError
CreateEventW
SwitchToThread
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
GetSystemTimeAsFileTime
GetTickCount
CompareStringW
LCMapStringW
GetLocaleInfoW
GetCPInfo
LocalFree
GetCurrentThreadId
ReleaseMutex
InterlockedIncrement
InterlockedDecrement
IsProcessorFeaturePresent
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetStartupInfoW
QueryPerformanceCounter
InitializeSListHead
DeviceIoControl
lstrcmpA
lstrcmpiA
GetSystemDirectoryW
CreateFileA
InterlockedCompareExchange
FreeResource
LoadLibraryExW
GetSystemWindowsDirectoryW
GetVersionExW
CreateFileW
GetFileSizeEx
WriteFile
ReadFile
FindClose
FindNextFileW
RtlUnwind
GetFileType
SetFilePointerEx
GetConsoleCP
GetConsoleMode
GetTimeZoneInformation
CreateThread
ExitThread
FreeLibraryAndExitThread
GetModuleHandleExW
ExitProcess
GetStdHandle
GetACP
IsValidLocale
GetUserDefaultLCID
EnumSystemLocalesW
FlushFileBuffers
ReadConsoleW
SetStdHandle
SetEndOfFile
WriteConsoleW
FindFirstFileExW
IsValidCodePage
GetOEMCP
GetCommandLineA
GetCommandLineW
GetEnvironmentStringsW
FreeEnvironmentStringsW
SetEnvironmentVariableA
DecodePointer

user32

wsprintfW

advapi32

RegSetValueExW
RegOpenKeyExW
RegQueryValueExW
OpenProcessToken
AdjustTokenPrivileges
RegEnumKeyExA
RegOpenKeyExA
RegQueryValueExA
GetTokenInformation
RegCreateKeyExW
RegEnumKeyExW
RegGetValueW
LookupPrivilegeValueW
RegCloseKey

shell32

ord165
SHGetSpecialFolderPathW
ShellExecuteExW
SHFileOperationW

ole32

CoCreateGuid

shlwapi

PathFileExistsW
PathRemoveFileSpecW
PathAppendW
PathCombineW
PathIsDirectoryW
StrCmpIW
StrStrIA
StrTrimA
StrCmpNIW
SHSetValueA
StrStrIW
SHGetValueA

version

VerQueryValueW
GetFileVersionInfoSizeW
GetFileVersionInfoW

psapi

GetModuleFileNameExW
EnumProcesses

wininet

InternetGetConnectedState

iphlpapi

GetAdaptersInfo

crypt32

CertGetNameStringW

urlmon

URLDownloadToFileW
URLDownloadToCacheFileW

wintrust

WTHelperProvDataFromStateData
WinVerifyTrust

Sections

.text
Size: 388KB - Virtual size: 387KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 103KB - Virtual size: 103KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 10KB - Virtual size: 27KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 86KB - Virtual size: 88KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

5e983c28ba039e4d74a854a35659bd3b

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

advapi32

shell32

ole32

shlwapi

version

psapi

wininet

iphlpapi

crypt32

urlmon

wintrust

Sections

.text Size: 388KB - Virtual size: 387KB

.rdata Size: 103KB - Virtual size: 103KB

.data Size: 10KB - Virtual size: 27KB

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 86KB - Virtual size: 88KB

.text
Size: 388KB - Virtual size: 387KB

.rdata
Size: 103KB - Virtual size: 103KB

.data
Size: 10KB - Virtual size: 27KB

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 86KB - Virtual size: 88KB