4d1c50c392265baa438bd4e3bc8c1ff6

Sharing

Copy URL Twitter E-mail

General

Target

4d1c50c392265baa438bd4e3bc8c1ff6
Size

314KB
MD5

4d1c50c392265baa438bd4e3bc8c1ff6
SHA1

63240c243e0a7f0f5743c3daebedff6efbb89edb
SHA256

1b4ddef9a8f1d07095ccafe3f5613569e18b959b1551c26ca347aa093279c7da
SHA512

e5cdeac12b71ea05b51535779c723bba903b89a98931ca8530e1b548ebfaacffea5c86462f2ef7e32c9fbe92b0ef56d8cfc2b12981868c2292a94fc0e42bc20c
SSDEEP

6144:RBko8ZcPZ2yPKOGNFsQW0ZGM10eRR/MfrzHMuoOGNFs1PW01cbRMa5n:RBhZ2qKr8z0ZCayfrzsrr81+01cb2aF

Score

3^/10

Malware Config

Signatures

Unsigned PE 3 IoCs

Checks for missing Authenticode signature.

resource
unpack001/CrazyMouseKiller.exe
unpack001/for Windows9x/crmse.exe
unpack001/for WindowsXP/crmse.exe

Files

4d1c50c392265baa438bd4e3bc8c1ff6
.zip
CrazyMouseKiller.exe
.exe windows:4 windows x86 arch:x86

6382d4dc17ab407647fb5b6017176e85

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

mfc42

ord2452
ord2096
ord384
ord1641
ord1146
ord860
ord4710
ord3663
ord4673
ord4274
ord6375
ord4486
ord2554
ord2512
ord5731
ord3922
ord1089
ord5199
ord2396
ord3346
ord5300
ord5302
ord2725
ord4079
ord4698
ord5307
ord5289
ord5714
ord4622
ord4424
ord3738
ord561
ord815
ord2621
ord1134
ord1168
ord800
ord4160
ord540
ord2863
ord2379
ord755
ord470
ord5583
ord537
ord535
ord3619
ord816
ord562
ord6055
ord1776
ord3081
ord3402
ord3721
ord809
ord795
ord2122
ord2860
ord2614
ord556
ord567
ord3092
ord1929
ord4275
ord4284
ord3874
ord1088
ord5875
ord5789
ord1815
ord2971
ord5759
ord6192
ord5756
ord6186
ord4330
ord6189
ord6172
ord5873
ord5794
ord5678
ord5736
ord5579
ord5571
ord6061
ord5864
ord640
ord2754
ord5785
ord6021
ord1640
ord323
ord2405
ord2575
ord4396
ord3574
ord609
ord1795
ord2567
ord2859
ord6170
ord858
ord5053
ord1127
ord6453
ord3573
ord5787
ord6877
ord6874
ord6663
ord2985
ord3262
ord3136
ord4465
ord3259
ord3147
ord2982
ord5277
ord2124
ord2446
ord5261
ord1727
ord5065
ord3749
ord6376
ord2055
ord2648
ord4441
ord4837
ord3798
ord686
ord2414
ord3626
ord3571
ord4234
ord2302
ord825
ord324
ord641
ord3597
ord4425
ord4627
ord4080
ord3079
ord3825
ord3831
ord3830
ord3797
ord2976
ord5280
ord4353
ord6374
ord5163
ord2385
ord5241
ord4407
ord1775
ord4078
ord6052
ord2514
ord4998
ord4853
ord4376
ord5290
ord5265
ord1576

msvcrt

__CxxFrameHandler
_access
_mbsicmp
__dllonexit
_onexit
_exit
_XcptFilter
exit
_acmdln
__getmainargs
_initterm
__setusermatherr
_adjust_fdiv
__p__commode
__p__fmode
__set_app_type
_except_handler3
_controlfp
_setmbcp

kernel32

GetModuleHandleA
LoadResource
LockResource
FindResourceA
CreateToolhelp32Snapshot
Process32First
CloseHandle
Process32Next
OpenProcess
TerminateProcess
GetSystemDirectoryA
FindFirstFileA
FindClose
GetStartupInfoA

user32

IsIconic
GetSystemMetrics
GetClientRect
DrawIcon
InvalidateRect
AppendMenuA
LoadImageA
LoadIconA
EnableWindow
LoadBitmapA
SendMessageA
GetSysColor
SystemParametersInfoA
MapWindowPoints
DrawStateA
InflateRect
DrawFocusRect
GrayStringA
DrawTextA
TabbedTextOutA
IsRectEmpty
CopyRect
GetWindowRect
GetCursorPos
PtInRect
ScreenToClient
KillTimer
DestroyIcon
LoadCursorA
UpdateWindow
SetTimer
PostMessageA
GetSystemMenu
SetCursor

gdi32

Escape
PatBlt
CreatePatternBrush
CreateBitmap
ExtTextOutA
GetTextColor
GetPixel
StretchDIBits
TextOutA
RectVisible
PtVisible
BitBlt
SelectObject
CreateCompatibleDC
GetMapMode
CreateCompatibleBitmap
GetTextExtentPoint32A
GetStockObject
CreateFontIndirectA
GetBkColor
GetObjectA
EnumFontFamiliesExA

advapi32

RegDeleteValueA
RegCloseKey
RegOpenKeyExA

shell32

ShellExecuteA

comctl32

ImageList_GetIcon
ImageList_AddMasked

Sections

.text
Size: 20KB - Virtual size: 19KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 12KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 600B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 8KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Readme.txt
for Windows9x/crmse.exe
.exe windows:4 windows x86 arch:x86

4f8f0f8d4d56b0666c83af61a2b9a521

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

mfc42

ord561
ord825
ord800
ord2514
ord924
ord858
ord537
ord2621
ord1134
ord1168
ord2859
ord2864
ord6055
ord1776
ord5290
ord3402
ord3719
ord5265
ord4998
ord6052
ord4078
ord1775
ord4407
ord5241
ord2385
ord5163
ord6374
ord4353
ord3798
ord4837
ord4441
ord2648
ord2055
ord6376
ord3749
ord5065
ord1727
ord5261
ord2446
ord2124
ord5277
ord4627
ord4425
ord3597
ord793
ord641
ord556
ord567
ord324
ord2294
ord2362
ord2301
ord2302
ord4234
ord1200
ord3571
ord3626
ord2414
ord686
ord6334
ord2452
ord2096
ord384
ord1641
ord1146
ord860
ord540
ord6199
ord4710
ord2379
ord755
ord470
ord6215
ord3097
ord4376
ord5280
ord809
ord2642
ord3092
ord3663
ord3619
ord4396
ord609
ord1795
ord4275
ord5875
ord2567
ord2754
ord535
ord3874
ord6170
ord3797
ord2860
ord5053
ord4284
ord1127
ord6453
ord3573
ord5787
ord6877
ord6874
ord6663
ord816
ord5785
ord640
ord1640
ord323
ord562
ord3721
ord795
ord2614
ord1929
ord1088
ord5789
ord1815
ord2971
ord5759
ord6192
ord5756
ord6186
ord4330
ord6189
ord6172
ord5873
ord5794
ord5678
ord5736
ord5579
ord5571
ord6061
ord5864
ord6021
ord2405
ord815
ord3738
ord4424
ord4622
ord4080
ord3079
ord3825
ord3831
ord3830
ord2976
ord3081
ord2985
ord3262
ord3136
ord4465
ord3259
ord3147
ord2982
ord5714
ord5289
ord5307
ord4698
ord4079
ord2725
ord5302
ord5300
ord3346
ord2396
ord5199
ord1089
ord3922
ord5731
ord2512
ord2554
ord4486
ord6375
ord4274
ord2122
ord4673
ord1576

msvcrt

_setmbcp
__CxxFrameHandler
atoi
__p___argv
__p___argc
_strdup
free
_sleep
srand
time
rand
_mbsicmp
__dllonexit
_onexit
_exit
_XcptFilter
exit
_acmdln
__getmainargs
_initterm
__setusermatherr
_adjust_fdiv
__p__commode
__p__fmode
__set_app_type
_except_handler3
_controlfp
_itoa

kernel32

CopyFileA
FindFirstFileA
GetModuleFileNameA
CreateEventA
OpenEventA
FindResourceA
LockResource
LoadResource
GetCurrentThreadId
GetModuleHandleA
GetStartupInfoA

user32

DrawTextA
GrayStringA
GetCursor
CopyRect
GetWindowThreadProcessId
WindowFromPoint
InflateRect
DrawFocusRect
GetWindowRect
PtInRect
InvalidateRect
GetSysColor
EnableWindow
IsWindowVisible
KillTimer
TabbedTextOutA
ScreenToClient
SetTimer
IsIconic
GetSystemMetrics
GetClientRect
DrawIcon
SendMessageA
LoadBitmapA
SetCursorPos
SystemParametersInfoA
GetCursorPos
GetDesktopWindow
GetDC
ReleaseDC
IsRectEmpty
UpdateWindow
SetCursor
DestroyIcon
PostMessageA
LoadCursorA
GetCursorInfo
LoadImageA
MapWindowPoints
CopyIcon
DrawStateA
SetSystemCursor
AttachThreadInput
DestroyCursor

gdi32

Escape
ExtTextOutA
TextOutA
RectVisible
PtVisible
SelectObject
GetMapMode
GetDeviceCaps
GetTextExtentPoint32A
PatBlt
CreatePatternBrush
CreateBitmap
BitBlt
GetBkColor
GetTextColor
GetPixel
StretchDIBits
CreateCompatibleDC
CreateCompatibleBitmap
GetObjectA
EnumFontFamiliesExA
CreateFontIndirectA
GetStockObject

shell32

SHGetPathFromIDListA
ShellExecuteA
SHGetSpecialFolderLocation
SHGetMalloc

comctl32

ImageList_AddMasked
ImageList_GetIcon

shlwapi

SHDeleteValueA
SHSetValueA

winmm

PlaySoundA

Sections

.text
Size: 24KB - Virtual size: 21KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 12KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 684B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 192KB - Virtual size: 188KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
for WindowsXP/crmse.exe
.exe windows:4 windows x86 arch:x86

4f8f0f8d4d56b0666c83af61a2b9a521

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

mfc42

ord561
ord825
ord800
ord2514
ord924
ord858
ord537
ord2621
ord1134
ord1168
ord2859
ord2864
ord6055
ord1776
ord5290
ord3402
ord3719
ord5265
ord4998
ord6052
ord4078
ord1775
ord4407
ord5241
ord2385
ord5163
ord6374
ord4353
ord3798
ord4837
ord4441
ord2648
ord2055
ord6376
ord3749
ord5065
ord1727
ord5261
ord2446
ord2124
ord5277
ord4627
ord4425
ord3597
ord793
ord641
ord556
ord567
ord324
ord2294
ord2362
ord2301
ord2302
ord4234
ord1200
ord3571
ord3626
ord2414
ord686
ord6334
ord2452
ord2096
ord384
ord1641
ord1146
ord860
ord540
ord6199
ord4710
ord2379
ord755
ord470
ord6215
ord3097
ord4376
ord5280
ord809
ord2642
ord3092
ord3663
ord3619
ord4396
ord609
ord1795
ord4275
ord5875
ord2567
ord2754
ord535
ord3874
ord6170
ord3797
ord2860
ord5053
ord4284
ord1127
ord6453
ord3573
ord5787
ord6877
ord6874
ord6663
ord816
ord5785
ord640
ord1640
ord323
ord562
ord3721
ord795
ord2614
ord1929
ord1088
ord5789
ord1815
ord2971
ord5759
ord6192
ord5756
ord6186
ord4330
ord6189
ord6172
ord5873
ord5794
ord5678
ord5736
ord5579
ord5571
ord6061
ord5864
ord6021
ord2405
ord815
ord3738
ord4424
ord4622
ord4080
ord3079
ord3825
ord3831
ord3830
ord2976
ord3081
ord2985
ord3262
ord3136
ord4465
ord3259
ord3147
ord2982
ord5714
ord5289
ord5307
ord4698
ord4079
ord2725
ord5302
ord5300
ord3346
ord2396
ord5199
ord1089
ord3922
ord5731
ord2512
ord2554
ord4486
ord6375
ord4274
ord2122
ord4673
ord1576

msvcrt

_setmbcp
__CxxFrameHandler
atoi
__p___argv
__p___argc
_strdup
free
_sleep
srand
time
rand
_mbsicmp
__dllonexit
_onexit
_exit
_XcptFilter
exit
_acmdln
__getmainargs
_initterm
__setusermatherr
_adjust_fdiv
__p__commode
__p__fmode
__set_app_type
_except_handler3
_controlfp
_itoa

kernel32

CopyFileA
FindFirstFileA
GetModuleFileNameA
CreateEventA
OpenEventA
FindResourceA
LockResource
LoadResource
GetCurrentThreadId
GetModuleHandleA
GetStartupInfoA

user32

DrawTextA
GrayStringA
GetCursor
CopyRect
GetWindowThreadProcessId
WindowFromPoint
InflateRect
DrawFocusRect
GetWindowRect
PtInRect
InvalidateRect
GetSysColor
EnableWindow
IsWindowVisible
KillTimer
TabbedTextOutA
ScreenToClient
SetTimer
IsIconic
GetSystemMetrics
GetClientRect
DrawIcon
SendMessageA
LoadBitmapA
SetCursorPos
SystemParametersInfoA
GetCursorPos
GetDesktopWindow
GetDC
ReleaseDC
IsRectEmpty
UpdateWindow
SetCursor
DestroyIcon
PostMessageA
LoadCursorA
GetCursorInfo
LoadImageA
MapWindowPoints
CopyIcon
DrawStateA
SetSystemCursor
AttachThreadInput
DestroyCursor

gdi32

Escape
ExtTextOutA
TextOutA
RectVisible
PtVisible
SelectObject
GetMapMode
GetDeviceCaps
GetTextExtentPoint32A
PatBlt
CreatePatternBrush
CreateBitmap
BitBlt
GetBkColor
GetTextColor
GetPixel
StretchDIBits
CreateCompatibleDC
CreateCompatibleBitmap
GetObjectA
EnumFontFamiliesExA
CreateFontIndirectA
GetStockObject

shell32

SHGetPathFromIDListA
ShellExecuteA
SHGetSpecialFolderLocation
SHGetMalloc

comctl32

ImageList_AddMasked
ImageList_GetIcon

shlwapi

SHDeleteValueA
SHSetValueA

winmm

PlaySoundA

Sections

.text
Size: 24KB - Virtual size: 21KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 12KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 684B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 192KB - Virtual size: 188KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

6382d4dc17ab407647fb5b6017176e85

Headers

File Characteristics

Imports

mfc42

msvcrt

kernel32

user32

gdi32

advapi32

shell32

comctl32

Sections

.text Size: 20KB - Virtual size: 19KB

.rdata Size: 12KB - Virtual size: 8KB

.data Size: 4KB - Virtual size: 600B

.rsrc Size: 8KB - Virtual size: 5KB

4f8f0f8d4d56b0666c83af61a2b9a521

Headers

File Characteristics

Imports

mfc42

msvcrt

kernel32

user32

gdi32

shell32

comctl32

shlwapi

winmm

Sections

.text Size: 24KB - Virtual size: 21KB

.rdata Size: 12KB - Virtual size: 8KB

.data Size: 4KB - Virtual size: 684B

.rsrc Size: 192KB - Virtual size: 188KB

4f8f0f8d4d56b0666c83af61a2b9a521

Headers

File Characteristics

Imports

mfc42

msvcrt

kernel32

user32

gdi32

shell32

comctl32

shlwapi

winmm

Sections

.text Size: 24KB - Virtual size: 21KB

.rdata Size: 12KB - Virtual size: 8KB

.data Size: 4KB - Virtual size: 684B

.rsrc Size: 192KB - Virtual size: 188KB

.text
Size: 20KB - Virtual size: 19KB

.rdata
Size: 12KB - Virtual size: 8KB

.data
Size: 4KB - Virtual size: 600B

.rsrc
Size: 8KB - Virtual size: 5KB

.text
Size: 24KB - Virtual size: 21KB

.rdata
Size: 12KB - Virtual size: 8KB

.data
Size: 4KB - Virtual size: 684B

.rsrc
Size: 192KB - Virtual size: 188KB

.text
Size: 24KB - Virtual size: 21KB

.rdata
Size: 12KB - Virtual size: 8KB

.data
Size: 4KB - Virtual size: 684B

.rsrc
Size: 192KB - Virtual size: 188KB