c1ecd26e6fe9d9ff15c03b853ab11079

Sharing

Copy URL

Twitter E-mail

General

Target

c1ecd26e6fe9d9ff15c03b853ab11079
Size

340KB
MD5

c1ecd26e6fe9d9ff15c03b853ab11079
SHA1

0bff6baf3df81c6ea3a34d4e4e0ea589aebcd9ee
SHA256

19fef7bd7677510a57d35065082677eef45f8142289e11b7a51b04aa04834e98
SHA512

cb243e746f95667d7d97aa7a6474644c1983cd3c364a2fd0482cee86f85655d865f87acfe83fed4241435f05d48b4ae4e62249a27ad6ea3b2cadb2349802e05d
SSDEEP

6144:xOvcsURxJS6j5qH3IOYV98yMGAuDdkKO0YXP:UexI6j5qHcbTYXP

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
c1ecd26e6fe9d9ff15c03b853ab11079

Files

c1ecd26e6fe9d9ff15c03b853ab11079
.exe windows:4 windows x86 arch:x86

6c48d76f9098f920927b5bb04f57901a

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

c:\vspele\loxsocepd\ngim\pjgj\tooya.pdb

Imports

user32

ShowWindow
CreateWindowExA
SendMessageA
GetMenuItemCount
MapWindowPoints
MessageBeep
ReleaseCapture
DefWindowProcA
GetForegroundWindow
GetClipboardData
PostThreadMessageA
TranslateMessage
UnregisterClassA
PostMessageA
GetActiveWindow
ValidateRect
DestroyIcon
DestroyMenu
FrameRect
SetCursor
SetCapture
LoadAcceleratorsA
SystemParametersInfoA
LoadIconA
LoadStringA
InvalidateRect
MessageBoxA
SetTimer
GetSysColor
RegisterClassA
GetClientRect
SetActiveWindow
LoadBitmapA
IsMenu
GetClassInfoExA
DestroyWindow
CopyIcon
CreateDialogIndirectParamA
WindowFromPoint
GetParent
IsDlgButtonChecked
ScreenToClient
GetDlgItem
GetKeyState
RegisterClassExA
ClientToScreen
GetMessageA

comctl32

DestroyPropertySheetPage
ImageList_DragEnter
PropertySheetA
ImageList_GetImageCount
ImageList_Remove
ImageList_EndDrag
ImageList_DragShowNolock
ImageList_DragLeave
ImageList_DragMove

shlwapi

StrCatW
PathRemoveExtensionW
PathRemoveFileSpecW
PathAddBackslashW
PathFileExistsW
PathIsRelativeW
PathCanonicalizeW
PathMatchSpecW
PathIsRootW
PathFindFileNameW
PathMakePrettyW
PathRemoveBlanksW
PathRemoveBackslashW
PathCombineW
PathFindExtensionW
PathStripToRootW
PathIsDirectoryW
PathRenameExtensionW

kernel32

WriteConsoleA
FindClose
SetHandleCount
TlsFree
CreateMutexA
ReadFile
GetFileAttributesA
DeleteCriticalSection
HeapSize
SetEnvironmentVariableA
WriteConsoleW
GetCurrentProcess
LCMapStringW
SetLastError
GetStringTypeA
Sleep
LoadLibraryA
GetVersionExA
GetTickCount
GetCurrentProcessId
SetStdHandle
TlsGetValue
GetEnvironmentStringsW
GetModuleHandleA
InitializeCriticalSection
LockResource
lstrcmpW
GetLastError
CreateSemaphoreA
SetEvent
GetLocaleInfoA
GetOEMCP
GetFileType
GetEnvironmentStrings
GetModuleFileNameA
GlobalUnlock
VirtualFree
lstrlenW
ResumeThread
SystemTimeToFileTime
HeapReAlloc
EnumResourceLanguagesA
QueryPerformanceCounter
CloseHandle
GlobalLock
HeapDestroy
CreatePipe
GetVolumeInformationA
GetTimeZoneInformation
GetConsoleOutputCP
WideCharToMultiByte
CreateEventA
GetACP
CompareStringW
GetDateFormatA
GetTimeFormatA
GetProcessHeap
ConvertDefaultLocale
VirtualQuery
LocalFree
EnterCriticalSection
HeapFree
InterlockedExchange
FindResourceA
GetStdHandle
InterlockedIncrement
LocalReAlloc
FlushFileBuffers
WriteFile
RaiseException
ExitProcess
SetFileTime
FileTimeToSystemTime
FreeEnvironmentStringsW
GetCurrentThreadId
CreateThread
LeaveCriticalSection
HeapCreate
TlsSetValue
IsValidCodePage
GetThreadLocale
SetUnhandledExceptionFilter
GetSystemInfo
GetProfileIntA
WinExec
LCMapStringA
CreateDirectoryA
TlsAlloc
GetConsoleMode
GlobalHandle
CompareStringA
GetProcAddress
GetStringTypeW
FreeEnvironmentStringsA
InterlockedDecrement
lstrlenA
CreateFileA
RtlUnwind
HeapAlloc
GetConsoleCP
IsDebuggerPresent
VirtualAlloc
MultiByteToWideChar
EnumSystemLocalesA
GetStartupInfoA
TerminateProcess
GetSystemTimeAsFileTime
GetEnvironmentVariableA
GetCommandLineA
UnhandledExceptionFilter
SetFilePointer
GetCPInfo

advapi32

CreateServiceA
OpenServiceA
DeregisterEventSource
OpenThreadToken
GetLengthSid
SetSecurityDescriptorGroup
ControlService
ReportEventA
SetSecurityDescriptorOwner
RegOpenKeyA
RegQueryInfoKeyA
IsValidSid
InitializeSecurityDescriptor
RegQueryValueExA
OpenSCManagerA
RegCreateKeyExA
RegCloseKey
RegisterServiceCtrlHandlerA
StartServiceCtrlDispatcherA
CopySid
OpenProcessToken
RegDeleteKeyA
SetServiceStatus
RegOpenKeyExA
RegDeleteValueA
DeleteService
RegSetValueExA
RegisterEventSourceA
CloseServiceHandle
RegEnumKeyExA
GetTokenInformation

shell32

ord155
ExtractIconA
SHAppBarMessage
ShellExecuteA
SHGetPathFromIDListA
DragFinish
SHBrowseForFolderA
DragAcceptFiles
DragQueryFileA

ole32

StringFromGUID2
StgOpenStorageOnILockBytes
CoRegisterMessageFilter
CoRegisterClassObject
CoRevokeClassObject
OleLockRunning
OleLoad
WriteClassStm
CoGetMalloc
OleIsCurrentClipboard

gdi32

EndPage
GetDeviceCaps
Arc
GetTextExtentPoint32A
PolyBezierTo
SelectObject
GetPolyFillMode
SetRectRgn
MoveToEx
InvertRgn
ResetDCA
ExtFloodFill
SelectPalette
SetWindowOrgEx
DeleteObject
GetObjectA
PtInRegion
SetBrushOrgEx
ExtSelectClipRgn
Pie
GetViewportOrgEx
SetBkColor
PolyPolyline
PlayMetaFile
CreateICA
StartPage
SetMapMode
StrokeAndFillPath
GetClipBox
OffsetViewportOrgEx
SetTextJustification
GetPixel
CreatePatternBrush
EndDoc
GetWindowExtEx
DeleteDC
GetBitmapBits
GetFontData
SetStretchBltMode
CombineRgn
SetBkMode
ExtTextOutA
GetRgnBox
IntersectClipRect
GetClipRgn
GetStockObject
CreateEllipticRgnIndirect
CreateRoundRectRgn
CreateDCA
GetStretchBltMode
MaskBlt
RectVisible
GetCharWidthA

version

GetFileVersionInfoSizeA
VerQueryValueA
VerLanguageNameA
GetFileVersionInfoA

Sections

.text
Size: 100KB - Virtual size: 99KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 108KB - Virtual size: 107KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 64KB - Virtual size: 91KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 64KB - Virtual size: 60KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

6c48d76f9098f920927b5bb04f57901a

Headers

File Characteristics

PDB Paths

Imports

user32

comctl32

shlwapi

kernel32

advapi32

shell32

ole32

gdi32

version

Sections

.text Size: 100KB - Virtual size: 99KB

.rdata Size: 108KB - Virtual size: 107KB

.data Size: 64KB - Virtual size: 91KB

.rsrc Size: 64KB - Virtual size: 60KB

.text
Size: 100KB - Virtual size: 99KB

.rdata
Size: 108KB - Virtual size: 107KB

.data
Size: 64KB - Virtual size: 91KB

.rsrc
Size: 64KB - Virtual size: 60KB