8d2b5fade8e9fcd3700910470ec66d67

Sharing

Copy URL Twitter E-mail

General

Target

8d2b5fade8e9fcd3700910470ec66d67
Size

883KB
MD5

8d2b5fade8e9fcd3700910470ec66d67
SHA1

664f6e259def8d3763e2cce0d427815edf36bd5c
SHA256

ec9e73a3956c16de4fd203a859e4197cc0021c50f99965a469d89e858ae2dab6
SHA512

10ee000c97d21f4527df53e046c01092f54a80ed0d0ebdd56ed408c6c4e85a6e6a5baeb64f143ec5cd784c9ccb15b740379d11ee97e736520e1c5db5c41fa8ac
SSDEEP

24576:3H11pfvArkg5ULjbjo7KPj2sZheP9bq7PKeUlxTMkb:hAglfjmKPHethTM6

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
8d2b5fade8e9fcd3700910470ec66d67

Files

8d2b5fade8e9fcd3700910470ec66d67
.exe windows:6 windows x86 arch:x86

01756a1749fb2d5a8d1c0eb16292d7fa

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

C:\Users\guysa\source\repos\Cleo\Release\Cleo.pdb

Imports

wininet

InternetCheckConnectionA

advapi32

CryptEncrypt
CryptDestroyKey
RegOpenKeyExA
GetUserNameA
RegGetValueA
CryptDestroyHash
CryptHashData
CryptCreateHash
CryptGenRandom
CryptGetHashParam
CryptReleaseContext
CryptAcquireContextA
CryptImportKey

kernel32

GetOEMCP
GetACP
IsValidCodePage
GetTimeZoneInformation
ReadConsoleW
ReadFile
SetStdHandle
HeapReAlloc
EnumSystemLocalesW
GetUserDefaultLCID
IsValidLocale
HeapAlloc
HeapFree
GetConsoleMode
Process32Next
FlushFileBuffers
GetEnvironmentStringsW
GetCommandLineW
GetCommandLineA
WriteFile
GetStdHandle
ExitProcess
FileTimeToSystemTime
SystemTimeToTzSpecificLocalTime
PeekNamedPipe
GetFileType
GetDriveTypeW
GetModuleHandleExW
ExitThread
RaiseException
RtlUnwind
LoadLibraryW
UnregisterWaitEx
QueryDepthSList
FreeEnvironmentStringsW
SetEnvironmentVariableW
GetProcessHeap
HeapSize
WriteConsoleW
InitializeCriticalSectionEx
SleepEx
GetSystemDirectoryA
LoadLibraryA
GetEnvironmentVariableA
MoveFileExA
WaitForMultipleObjects
FormatMessageW
VerSetConditionMask
VerifyVersionInfoA
GetConsoleWindow
GetFileSizeEx
Sleep
CreateToolhelp32Snapshot
OpenProcess
TerminateProcess
Process32First
GetModuleFileNameA
CloseHandle
CreateFileA
GetConsoleOutputCP
WideCharToMultiByte
GetCurrentDirectoryW
CreateDirectoryW
CreateFileW
DeleteFileW
FindClose
FindFirstFileExW
FindNextFileW
GetFileAttributesExW
GetFileInformationByHandle
GetFullPathNameW
RemoveDirectoryW
SetEndOfFile
SetFilePointerEx
AreFileApisANSI
GetLastError
SetLastError
GetModuleHandleW
GetProcAddress
CopyFileW
MultiByteToWideChar
LocalFree
FormatMessageA
GetCurrentThreadId
WaitForSingleObjectEx
SwitchToThread
GetExitCodeThread
EnterCriticalSection
LeaveCriticalSection
TryEnterCriticalSection
DeleteCriticalSection
EncodePointer
DecodePointer
GetCPInfo
QueryPerformanceCounter
QueryPerformanceFrequency
InitializeCriticalSectionAndSpinCount
CreateEventW
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
GetSystemTimeAsFileTime
GetTickCount
CompareStringW
LCMapStringW
GetLocaleInfoW
GetStringTypeW
SetEvent
ResetEvent
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetCurrentProcess
IsProcessorFeaturePresent
IsDebuggerPresent
GetStartupInfoW
GetCurrentProcessId
InitializeSListHead
CreateTimerQueue
SignalObjectAndWait
CreateThread
SetThreadPriority
GetThreadPriority
GetLogicalProcessorInformation
CreateTimerQueueTimer
ChangeTimerQueueTimer
DeleteTimerQueueTimer
GetNumaHighestNodeNumber
GetProcessAffinityMask
SetThreadAffinityMask
RegisterWaitForSingleObject
UnregisterWait
GetCurrentThread
GetThreadTimes
FreeLibrary
FreeLibraryAndExitThread
GetModuleFileNameW
GetModuleHandleA
LoadLibraryExW
GetVersionExW
VirtualAlloc
VirtualProtect
VirtualFree
DuplicateHandle
ReleaseSemaphore
InterlockedPopEntrySList
InterlockedPushEntrySList
InterlockedFlushSList

user32

ShowWindow

ws2_32

htonl
sendto
recvfrom
WSAEventSelect
WSAEnumNetworkEvents
WSACreateEvent
ioctlsocket
listen
ntohl
WSACleanup
WSAStartup
WSAIoctl
setsockopt
ntohs
htons
getsockopt
getsockname
getpeername
connect
bind
WSASetLastError
select
__WSAFDIsSet
WSAGetLastError
inet_pton
socket
send
recv
closesocket
accept
getaddrinfo
freeaddrinfo
gethostname
WSACloseEvent

wldap32

ord35
ord33
ord32
ord27
ord26
ord22
ord30
ord50
ord45
ord60
ord211
ord46
ord143
ord79
ord200
ord301
ord41

crypt32

CertFreeCertificateChain
CertGetCertificateChain
CertFreeCertificateChainEngine
CertCreateCertificateChainEngine
CryptQueryObject
CertGetNameStringA
CertFindExtension
CertAddCertificateContextToStore
CryptDecodeObjectEx
PFXImportCertStore
CryptStringToBinaryA
CertFreeCertificateContext
CertFindCertificateInStore
CertEnumCertificatesInStore
CertCloseStore
CertOpenStore

Sections

.text
Size: 682KB - Virtual size: 681KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 157KB - Virtual size: 157KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 10KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 488B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 32KB - Virtual size: 31KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

01756a1749fb2d5a8d1c0eb16292d7fa

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

wininet

advapi32

kernel32

user32

ws2_32

wldap32

crypt32

Sections

.text Size: 682KB - Virtual size: 681KB

.rdata Size: 157KB - Virtual size: 157KB

.data Size: 10KB - Virtual size: 15KB

.rsrc Size: 512B - Virtual size: 488B

.reloc Size: 32KB - Virtual size: 31KB

.text
Size: 682KB - Virtual size: 681KB

.rdata
Size: 157KB - Virtual size: 157KB

.data
Size: 10KB - Virtual size: 15KB

.rsrc
Size: 512B - Virtual size: 488B

.reloc
Size: 32KB - Virtual size: 31KB