c1c0f6f589258d71a0cb9277e899a489

Sharing

Copy URL Twitter E-mail

General

Target

c1c0f6f589258d71a0cb9277e899a489
Size

101KB
MD5

c1c0f6f589258d71a0cb9277e899a489
SHA1

555fada32b6671d664e121e3eef2773be5218bdf
SHA256

ce3e8ca16fd191ed00922fc57af3b16c7faa7b6dceca08515d43b12d3de4aee7
SHA512

9c9925bbd7ab9b6b35a56ab279abf0be268d05a00611f86151f241fd0d430ead600c9a4423893be3e77d18579d23017d3a81027a9e8b4ee2df5f479587e947c1
SSDEEP

1536:UH5S0gjaYyzKdK4V9tcMgyiFftziI1F56uccCxqzDLEn9zefchAfbpvtpY7OSXh5:UBKvV9Wd/IuccCxqz0n9ibdPSrojLG

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
c1c0f6f589258d71a0cb9277e899a489

Files

c1c0f6f589258d71a0cb9277e899a489
.exe windows:6 windows x64 arch:x64

066aee023b4f62e28bcf1e4947ed046b

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

wmprph.pdb

Imports

advapi32

TraceMessage
RegCreateKeyExW
GetTraceEnableFlags
RegQueryInfoKeyW
GetTraceLoggerHandle
RegDeleteValueW
UnregisterTraceGuids
RegEnumValueW
RegOpenKeyExW
GetTraceEnableLevel
RegEnumKeyExW
RegCloseKey
RegisterTraceGuidsW
RegSetValueExW
RegQueryValueExW

kernel32

EnterCriticalSection
GetCurrentThreadId
DeleteFileW
GetCommandLineW
lstrlenA
VirtualQuery
FindResourceW
FreeLibrary
LoadResource
LoadLibraryExW
WaitForSingleObject
SetEvent
InitializeCriticalSection
LoadLibraryW
GetCurrentProcess
SizeofResource
SetLastError
HeapDestroy
lstrcpynW
GetModuleFileNameW
MultiByteToWideChar
GetProcAddress
VirtualAlloc
CreateEventW
GetSystemInfo
lstrcmpiW
lstrcatW
VirtualProtect
DeleteCriticalSection
CloseHandle
lstrcpyW
CreateThread
GetLastError
RaiseException
FlushInstructionCache
GlobalUnlock
lstrlenW
lstrcmpW
LeaveCriticalSection
GlobalAlloc
GetModuleHandleW
GetVersionExW
GlobalLock
CompareStringW
UnhandledExceptionFilter
TerminateProcess
GetSystemTimeAsFileTime
GetCurrentProcessId
GetTickCount
QueryPerformanceCounter
Sleep
HeapAlloc
HeapFree
VirtualFree
GetProcessHeap
InterlockedPopEntrySList
InterlockedPushEntrySList
GetStartupInfoW
SetUnhandledExceptionFilter
ExpandEnvironmentStringsW

gdi32

DeleteDC
GetDeviceCaps
DeleteObject
SelectObject
CreateCompatibleDC
CreateCompatibleBitmap
GetObjectW
GetStockObject
CreateSolidBrush
BitBlt

user32

PostMessageW
UnregisterClassW
SetCapture
IsChild
FillRect
RegisterWindowMessageW
GetWindowTextLengthW
DestroyWindow
EndPaint
DispatchMessageW
PostThreadMessageW
CharPrevW
CharNextW
GetMessageW
SetParent
GetWindowLongPtrW
GetFocus
CreateAcceleratorTableW
SetFocus
BeginPaint
GetClassInfoExW
wsprintfW
GetDC
RegisterClassExW
SetClassLongPtrW
InvalidateRect
GetWindowLongW
GetWindowTextW
GetClassNameW
ReleaseDC
GetDlgItem
SetWindowLongW
RedrawWindow
GetDesktopWindow
GetSysColor
GetParent
InvalidateRgn
GetClientRect
LoadCursorW
SetWindowPos
ShowWindow
CreateWindowExW
ReleaseCapture
SetWindowLongPtrW
SendMessageW
SetWindowTextW
CallWindowProcW
DefWindowProcW
GetWindow
IsWindow

msvcrt

_cexit
memcmp
memset
_vsnwprintf
wcspbrk
wcsrchr
?terminate@@YAXXZ
__set_app_type
_fmode
_commode
__setusermatherr
_amsg_exit
_initterm
_wcmdln
exit
memcpy
_exit
_XcptFilter
__C_specific_handler
__wgetmainargs
realloc
malloc
free
??2@YAPEAX_K@Z
??3@YAXPEAX@Z
??_V@YAXPEAX@Z
??_U@YAPEAX_K@Z
wcschr

ntdll

RtlLookupFunctionEntry
RtlCaptureContext
RtlVirtualUnwind

ole32

CoCreateInstance
OleLockRunning
CLSIDFromProgID
StringFromCLSID
CLSIDFromString
CoRegisterClassObject
CoRevokeClassObject
CoInitialize
CoTaskMemRealloc
CoUninitialize
CoTaskMemAlloc
CoTaskMemFree
OleUninitialize
OleInitialize
CreateStreamOnHGlobal

oleaut32

RegisterTypeLi
SysAllocString
VarUI4FromStr
LoadTypeLi
LoadRegTypeLi
SysFreeString
OleCreateFontIndirect
SysAllocStringLen
VariantClear
SysStringLen

shell32

SHCreateItemFromIDList
SHParseDisplayName
ord155

Sections

.text
Size: 64KB - Virtual size: 64KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 28KB - Virtual size: 29KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

066aee023b4f62e28bcf1e4947ed046b

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

advapi32

kernel32

gdi32

user32

msvcrt

ntdll

ole32

oleaut32

shell32

Sections

.text Size: 64KB - Virtual size: 64KB

.data Size: 1024B - Virtual size: 2KB

.pdata Size: 2KB - Virtual size: 2KB

.rsrc Size: 4KB - Virtual size: 4KB

.reloc Size: 28KB - Virtual size: 29KB

.text
Size: 64KB - Virtual size: 64KB

.data
Size: 1024B - Virtual size: 2KB

.pdata
Size: 2KB - Virtual size: 2KB

.rsrc
Size: 4KB - Virtual size: 4KB

.reloc
Size: 28KB - Virtual size: 29KB