4ce8192464a6cedf8be54c4e718e8b02

Sharing

Copy URL Twitter E-mail

General

Target

4ce8192464a6cedf8be54c4e718e8b02
Size

4.3MB
MD5

4ce8192464a6cedf8be54c4e718e8b02
SHA1

9c1b8406f493034632e1f9e3926abb5c89e5b247
SHA256

40461a7c2ab31d157ed4bfb054d9509f74f822107c34a029ddcbb979cd920f19
SHA512

3a1cfb6f9d525be20f2cf47dd182c7b4eb4d80adc02877daad5f992b341758071957ba267e138d5052cadf93d589860bd7a83bc68b4afc031c073705f887923e
SSDEEP

98304:ScPp9LIU3A0zmMm5H4DjzpUnDqjCh0bRGtVXQdCQzibD:S48KAQPBtEDwhVGtdQdCQgD

Score

3^/10

Malware Config

Signatures

Unsigned PE 3 IoCs

Checks for missing Authenticode signature.

resource
unpack001/License.dll
unpack001/Locker.dll
unpack001/Moobots Backpage Poster.exe

Files

4ce8192464a6cedf8be54c4e718e8b02
.zip
License.dll
.exe windows:4 windows x86 arch:x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

mscoree

_CorExeMain

Sections

.text
Size: 214KB - Virtual size: 213KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Locker.dll
.dll windows:5 windows x86 arch:x86

83d48cb249ca201c414b8a8835d3f288

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

SetFilePointer
WaitForSingleObject
VirtualFree
FormatMessageW
CreateProcessA
ReadFile
GetLastError
GetProcAddress
VirtualAlloc
LoadLibraryA
GetModuleFileNameA
GetModuleHandleA
VirtualProtect
CloseHandle
DeleteFileW
GetCurrentProcessId
LocalFree
GetVolumeInformationW
CreateFileA
WriteConsoleW
SetStdHandle
LoadLibraryW
GetConsoleMode
GetConsoleCP
HeapReAlloc
IsValidLocale
EnumSystemLocalesA
GetLocaleInfoA
GetUserDefaultLCID
GetLocaleInfoW
GetStringTypeW
GetSystemTimeAsFileTime
GetTickCount
QueryPerformanceCounter
GetEnvironmentStringsW
FreeEnvironmentStringsW
CreateFileW
ExitProcess
WideCharToMultiByte
InterlockedIncrement
InterlockedDecrement
InterlockedExchange
MultiByteToWideChar
EncodePointer
DecodePointer
Sleep
InitializeCriticalSection
DeleteCriticalSection
EnterCriticalSection
LeaveCriticalSection
HeapFree
HeapAlloc
GetCurrentThreadId
GetCommandLineA
GetCPInfo
RaiseException
RtlUnwind
LCMapStringW
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
IsProcessorFeaturePresent
HeapCreate
HeapDestroy
GetModuleHandleW
WriteFile
GetStdHandle
GetModuleFileNameW
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
SetLastError
GetACP
GetOEMCP
IsValidCodePage
HeapSize
SetHandleCount
InitializeCriticalSectionAndSpinCount
GetFileType
GetStartupInfoW
FlushFileBuffers

user32

MessageBoxW

iphlpapi

GetAdaptersInfo

Exports

Exports

??0CUbotLocker@@QAE@XZ
??4CUbotLocker@@QAEAAV0@ABV0@@Z
MessageBoxSTD
nUbotLocker

Sections

.text
Size: 116KB - Virtual size: 115KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 23KB - Virtual size: 22KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 7KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 436B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Moobots Backpage Poster.exe
.exe windows:4 windows x86 arch:x86

9997c36b68f2df37a28f29f5f43c36e9

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

mscoree

_CorExeMain

locker

MessageBoxSTD

Sections

.text
Size: 2.9MB - Virtual size: 2.9MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 49KB - Virtual size: 48KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 512B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

File Characteristics

Imports

mscoree

Sections

.text Size: 214KB - Virtual size: 213KB

.rsrc Size: 2KB - Virtual size: 1KB

.reloc Size: 512B - Virtual size: 12B

83d48cb249ca201c414b8a8835d3f288

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

iphlpapi

Exports

Exports

Sections

.text Size: 116KB - Virtual size: 115KB

.rdata Size: 23KB - Virtual size: 22KB

.data Size: 7KB - Virtual size: 14KB

.rsrc Size: 512B - Virtual size: 436B

.reloc Size: 8KB - Virtual size: 8KB

9997c36b68f2df37a28f29f5f43c36e9

Headers

DLL Characteristics

File Characteristics

Imports

mscoree

locker

Sections

.text Size: 2.9MB - Virtual size: 2.9MB

.rsrc Size: 49KB - Virtual size: 48KB

.reloc Size: 512B - Virtual size: 512B

.text
Size: 214KB - Virtual size: 213KB

.rsrc
Size: 2KB - Virtual size: 1KB

.reloc
Size: 512B - Virtual size: 12B

.text
Size: 116KB - Virtual size: 115KB

.rdata
Size: 23KB - Virtual size: 22KB

.data
Size: 7KB - Virtual size: 14KB

.rsrc
Size: 512B - Virtual size: 436B

.reloc
Size: 8KB - Virtual size: 8KB

.text
Size: 2.9MB - Virtual size: 2.9MB

.rsrc
Size: 49KB - Virtual size: 48KB

.reloc
Size: 512B - Virtual size: 512B