7fcbb38eaa3d6423225c2dd233ff57d6

Sharing

Copy URL

Twitter E-mail

General

Target

7fcbb38eaa3d6423225c2dd233ff57d6
Size

276KB
MD5

7fcbb38eaa3d6423225c2dd233ff57d6
SHA1

4bf0d8e8ebf1d9f62abae03c9ee333c9b5a37ab0
SHA256

ca89c533b80fce15369c6e73a275cd445cbc403b75f3f55dc211a3986203d62b
SHA512

91925e805f3be48a58e8253db6493c668d9013b7f003f630625e304640bfaf387fd31d7d21591ff357c208161eed5e8dfba4fecdf5b956c06367ac4890061113
SSDEEP

3072:SO0PCQ2nZnSdcsRg0Znyjhlm5OQ7B35dAWFoYIKsQYFkLFWClSm/5+qTuoeel1a2:d0KN6FwKlkClSm/5+IfrSEKygpLd/0

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
7fcbb38eaa3d6423225c2dd233ff57d6

Files

7fcbb38eaa3d6423225c2dd233ff57d6
.exe windows:4 windows x86 arch:x86

cbec9f00e7ef2ce477b85b239c4629b0

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

PDB Paths

c:\My\Projects\ACSClient\Release\ACSClient.pdb

Imports

kernel32

lstrlenW
GetModuleFileNameA
GetLastError
MulDiv
GlobalAlloc
lstrcmpA
InterlockedIncrement
InitializeCriticalSection
DeleteCriticalSection
InterlockedDecrement
CloseHandle
CreateFileA
WriteFile
CreateProcessA
GetSystemDirectoryA
lstrcpyA
lstrcatA
WaitForSingleObject
CreateThread
CreateEventA
SetEvent
GetCommandLineA
FlushFileBuffers
SetStdHandle
SetFilePointer
GetLocaleInfoW
GetOEMCP
IsBadCodePtr
IsBadReadPtr
LoadLibraryA
IsValidCodePage
IsValidLocale
GlobalLock
lstrlenA
GetFileType
SetHandleCount
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsA
UnhandledExceptionFilter
GetStdHandle
HeapSize
IsBadWritePtr
VirtualFree
HeapCreate
HeapDestroy
SetUnhandledExceptionFilter
GetCurrentProcessId
GetTickCount
QueryPerformanceCounter
GetStringTypeW
GetStringTypeA
GetCPInfo
LCMapStringW
LCMapStringA
GetStartupInfoA
TerminateProcess
GetModuleHandleA
GetProcAddress
HeapReAlloc
VirtualQuery
GetSystemInfo
VirtualAlloc
VirtualProtect
GlobalUnlock
HeapAlloc
GetProcessHeap
HeapFree
GetCurrentProcess
FlushInstructionCache
LeaveCriticalSection
EnterCriticalSection
WideCharToMultiByte
EnumSystemLocalesA
MultiByteToWideChar
Sleep
GetCurrentThreadId
GetThreadLocale
GetLocaleInfoA
InterlockedExchange
GetACP
GetVersionExA
GetUserDefaultLCID
RaiseException
RtlUnwind
GetSystemTimeAsFileTime
ExitProcess

user32

LoadCursorA
wsprintfA
GetClassInfoExA
SendMessageA
UnregisterClassA
GetClientRect
GetWindowLongA
SetWindowLongA
PostThreadMessageA
ShowWindow
DestroyAcceleratorTable
DefWindowProcA
RegisterClassExA
CallWindowProcA
CreateWindowExA
GetSysColor
ReleaseCapture
SetCapture
FillRect
GetDC
ReleaseDC
InvalidateRect
InvalidateRgn
GetDesktopWindow
EndPaint
GetMessageA
TranslateMessage
DispatchMessageA
CharUpperA
GetWindowRect
RegisterWindowMessageA
GetWindowTextLengthA
GetWindowTextA
SetWindowTextA
CreateAcceleratorTableA
CharNextA
GetParent
GetClassNameA
SetWindowPos
DestroyWindow
RedrawWindow
GetDlgItem
IsWindow
GetFocus
IsChild
GetWindow
SetFocus
BeginPaint

gdi32

GetStockObject
GetObjectA
GetDeviceCaps
BitBlt
CreateCompatibleDC
CreateCompatibleBitmap
DeleteDC
SelectObject
DeleteObject
CreateSolidBrush

advapi32

RegOpenKeyExA
RegQueryInfoKeyA
RegDeleteKeyA
RegQueryValueExA
RegCreateKeyExA
RegCloseKey
RegSetValueExA

ole32

CreateStreamOnHGlobal
StringFromGUID2
CoTaskMemAlloc
GetHGlobalFromStream
CoUninitialize
CoInitialize
CoRegisterClassObject
CoRevokeClassObject
OleUninitialize
OleInitialize
CoCreateInstance
CLSIDFromString
CLSIDFromProgID
CoGetClassObject
OleLockRunning

oleaut32

RegisterTypeLi
UnRegisterTypeLi
OleCreateFontIndirect
SysStringByteLen
LoadTypeLi
LoadRegTypeLi
DispCallFunc
SafeArrayCreateVector
SafeArrayAccessData
SafeArrayUnaccessData
SysFreeString
SysAllocStringLen
SysAllocString
SysStringLen
VariantInit
VariantClear
SafeArrayGetVartype
SafeArrayCopy
SafeArrayDestroy

shlwapi

PathFindExtensionA

wininet

InternetReadFile
HttpQueryInfoA
HttpSendRequestA
HttpOpenRequestA
InternetCrackUrlA
InternetOpenA
InternetConnectA
InternetCloseHandle
InternetQueryDataAvailable

Sections

.text
Size: 220KB - Virtual size: 219KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 40KB - Virtual size: 39KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

cbec9f00e7ef2ce477b85b239c4629b0

Headers

File Characteristics

PDB Paths

Imports

kernel32

user32

gdi32

advapi32

ole32

oleaut32

shlwapi

wininet

Sections

.text Size: 220KB - Virtual size: 219KB

.rdata Size: 40KB - Virtual size: 39KB

.data Size: 8KB - Virtual size: 11KB

.text
Size: 220KB - Virtual size: 219KB

.rdata
Size: 40KB - Virtual size: 39KB

.data
Size: 8KB - Virtual size: 11KB