4cdd7a1a7bea8ae432a01f1b9f528670

Sharing

Copy URL

Twitter E-mail

General

Target

4cdd7a1a7bea8ae432a01f1b9f528670
Size

59KB
MD5

4cdd7a1a7bea8ae432a01f1b9f528670
SHA1

aaf1fb2cad9b393daa1e2c092dd6997ebcef6121
SHA256

7f7b3c8aaa37523351c4bee16fba251d792a6b2d1785c708b4627d7387569471
SHA512

4fb0e60ab34b3736566ab640bfd4674a0fb86f39d1262055c746825742929714dbf5724d5014fbfc306fce5517d78d84b3ea3abc29e1c3b34ee1816f12601183
SSDEEP

1536:cJs7Ik9H8XOu461EWeMC2NUoj2wNpZtPm7:aIfGpi3

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
4cdd7a1a7bea8ae432a01f1b9f528670

Files

4cdd7a1a7bea8ae432a01f1b9f528670
.exe windows:5 windows x86 arch:x86

c03395959f4cd1f1c299befa4fa15db8

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

expsrv

__vbaNextEachCollAd
__vbaInStr
__vbaCopyBytes
__vbaDerefAry1
GetMemNewObj
ProcCallEngine
TipSetOption
__vbaVarIndexLoadRef
GetMem4
rtcLowerCaseBstr
__vbaR4ForNextCheck
__vbaGosub
__vbaVarTextLikeVar
MethCallEngine
__vbaR8ErrVar
__vbaMidStmtVarB
__vbaI2Cy
rtcIsMissing
rtcSplit
PutMemNewObj
PutMem8
rtcStrFromVar
__vbaI4Var
__vbaPowerR8
__vbaFileLock
rtcStrReverse
__vbaForEachCollAd
rtcMacId

crtdll

_wcsicmp
_fcloseall
_ismbcsymbol
wcstod
_winmajor_dll
_ultoa
_osminor_dll
_basemajor_dll
_cexit
asctime
_ungetch
_abnormal_termination
atan2
printf
wcslen
fsetpos
_futime
_CItan
scanf
_commode_dll
_chdrive
strcspn
iswpunct
puts
__argv_dll
_lrotl
_get_osfhandle
fprintf
_spawnvpe

user32

GetDoubleClickTime
CreateIconIndirect
DisplayExitWindowsWarnings
keybd_event
SetParent
GetKeyNameTextW
DdeNameService
GetTitleBarInfo
PeekMessageA
MessageBeep
UnregisterDeviceNotification
IsDlgButtonChecked
SetProcessDefaultLayout
CreateSystemThreads
InsertMenuA
GetLastInputInfo
LoadImageW
GetScrollRange
CharNextA
LoadMenuIndirectA
CharPrevA
BuildReasonArray
SendIMEMessageExW
SendNotifyMessageA
FindWindowExA
GetClipboardViewer
SetWindowLongA
CharPrevW

sqlunirl

_DialogBoxIndirectParam_@20
_PostThreadMessage_@16
_Shell_NotifyIcon_@8
_GetProcAddress_@8
_CreateWaitableTimer_@12
_LoadIcon@8
_GetTimeFormat_@24
_LoadLibraryEx_@12
_QueryServiceLockStatus_@16
_PostMessage@16
_GetTabbedTextExtent_@20
_OpenFile_@12
_OpenEvent_@12
_GetModuleHandle_@4
_GetWindowText@12
_EnumICMProfiles_@12
_CharPrev_@8
_BackupEventLog_@8
_GetTempPath_@8
_FindAtom_@4
_RemoveDirectory_@4
_VkKeyScan_@4
_GetProfileString_@20
_RegisterClassEx_@4
_NDdeShareEnum_@24
_DrawText@20
_IsDialogMessage@8
_StartServiceCtrlDispatcher_@4

setupapi

pSetupStringTableDestroy
IsUserAdmin
pSetupRealloc
CM_Get_Device_ID_ExA
SetupDuplicateDiskSpaceListW
CM_Connect_MachineW
SetupCopyOEMInfW
CM_Get_Next_Res_Des_Ex
SetupGetNonInteractiveMode
SetupVerifyInfFileA
CM_Remove_SubTree
SetupSetDirectoryIdExA
SetupDiSetDriverInstallParamsA
SetupRemoveSectionFromDiskSpaceListA
SetupDiGetHwProfileListExA
CM_Free_Resource_Conflict_Handle
SetupSetFileQueueFlags
SetupDiGetClassInstallParamsA
SetupRemoveInstallSectionFromDiskSpaceListW
CM_Free_Log_Conf_Ex
SetupDiCreateDevRegKeyA

msvcp60

wctrans
?size@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QBEIXZ
?find_first_not_of@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIPBDII@Z
??_D?$basic_ostringstream@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEXXZ
?insert@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@IID@Z
?_Cosh@?$_Ctr@N@std@@SANNN@Z
??5?$basic_istream@GU?$char_traits@G@std@@@std@@QAEAAV01@AAO@Z
??0?$_Mpunct@D@std@@QAE@I_N@Z
?abs@std@@YAMABV?$complex@M@1@@Z
??1__non_rtti_object@std@@UAE@XZ
??5?$basic_istream@GU?$char_traits@G@std@@@std@@QAEAAV01@AAG@Z
??0underflow_error@std@@QAE@ABV01@@Z
_FCosh
??4?$numeric_limits@J@std@@QAEAAV01@ABV01@@Z
??0?$basic_istringstream@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@H@Z
?min@?$numeric_limits@F@std@@SAFXZ
??X?$_Complex_base@O@std@@QAEAAV01@ABO@Z
?unget@?$basic_istream@DU?$char_traits@D@std@@@std@@QAEAAV12@XZ
??_Fmessages_base@std@@QAEXXZ
?min@?$numeric_limits@_N@std@@SA_NXZ
??0?$money_get@GV?$istreambuf_iterator@GU?$char_traits@G@std@@@std@@@std@@QAE@I@Z
?sungetc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAEHXZ
??0?$basic_streambuf@GU?$char_traits@G@std@@@std@@IAE@W4_Uninitialized@1@@Z
_LDtest
?setprecision@std@@YA?AU?$_Smanip@H@1@H@Z

kernel32

EnumUILanguagesA
BuildCommDCBW
CompareStringW
EnumLanguageGroupLocalesA
LoadLibraryA
DuplicateHandle
lstrlenW
GlobalGetAtomNameA
GetConsoleOutputCP
DeactivateActCtx
GetDefaultCommConfigA
QueryInformationJobObject
CreateDirectoryExA
SetEnvironmentVariableW
GetTapeParameters
VirtualAlloc
CreateNamedPipeA
GetDiskFreeSpaceA
CreateDirectoryA
CreateFileW
LocalShrink
TerminateThread
HeapCreate

Sections

.text
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 17KB - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 16KB - Virtual size: 99KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 19KB - Virtual size: 18KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 276B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

c03395959f4cd1f1c299befa4fa15db8

Headers

DLL Characteristics

File Characteristics

Imports

expsrv

crtdll

user32

sqlunirl

setupapi

msvcp60

kernel32

Sections

.text Size: 5KB - Virtual size: 4KB

.rdata Size: 17KB - Virtual size: 17KB

.data Size: 16KB - Virtual size: 99KB

.rsrc Size: 19KB - Virtual size: 18KB

.reloc Size: 512B - Virtual size: 276B

.text
Size: 5KB - Virtual size: 4KB

.rdata
Size: 17KB - Virtual size: 17KB

.data
Size: 16KB - Virtual size: 99KB

.rsrc
Size: 19KB - Virtual size: 18KB

.reloc
Size: 512B - Virtual size: 276B