c02e492a8cf1d51af4347daaec627381

Sharing

Copy URL Twitter E-mail

General

Target

c02e492a8cf1d51af4347daaec627381
Size

179KB
MD5

c02e492a8cf1d51af4347daaec627381
SHA1

f57e1b0edf1e6148433a7af3f566abcd3070a9a9
SHA256

13e69548562e9436f064a71f87c3cfeccf8b0bc4aef61b2f6249f5625d7cd73e
SHA512

9c1d5c9526053b6bd9d8e7f559e7345e3d475b008d8e5b5e8364f9c914f0773709cf3daf4a33cca3a5dd99a36ad20e622f374c85b9f848bd5c2e6038758b828d
SSDEEP

3072:wGdflFl4mExkNsKsXjP+msisiDIeAlSApdms1Cunj0PH+8W54TIRErNFG98/:FLRKqs/Xj3GuIeydOD+8WS+gNa8/

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/cdr_atip_read.exe

Files

c02e492a8cf1d51af4347daaec627381
.zip
cdr_atip_read.exe
.exe windows:4 windows x86 arch:x86

f253096b1fc8a1bfcf18c23e40291425

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetModuleFileNameA
GetStartupInfoA
SetEnvironmentVariableA
GetEnvironmentVariableA
ReleaseMutex
Sleep
WaitForSingleObject
CreateMutexA
OpenMutexA
GetCurrentProcessId
GetCurrentThreadId
CreateThread
CloseHandle
ReadFile
GetFileSize
CreateFileA
FindClose
FindFirstFileA
GetExitCodeProcess
ContinueDebugEvent
ReadProcessMemory
WaitForDebugEvent
SuspendThread
DebugActiveProcess
ResumeThread
UnmapViewOfFile
MapViewOfFile
CreateFileMappingA
GetTickCount
VirtualProtectEx
GetCommandLineA
GetThreadContext
CompareStringA
FlushFileBuffers
LCMapStringW
LCMapStringA
SetStdHandle
GetOEMCP
GetACP
GetCPInfo
GetStringTypeW
GetStringTypeA
MultiByteToWideChar
SetFilePointer
HeapReAlloc
WriteFile
VirtualFree
HeapCreate
CompareStringW
HeapDestroy
GetFileType
GetStdHandle
SetHandleCount
GetEnvironmentStringsW
GetEnvironmentStrings
WideCharToMultiByte
FreeEnvironmentStringsW
FreeEnvironmentStringsA
UnhandledExceptionFilter
GetCurrentProcess
CreateProcessA
GetCurrentThread
SetThreadPriority
GetVersionExA
LoadLibraryA
GetLastError
GetProcAddress
VirtualAlloc
VirtualProtect
WriteProcessMemory
GetModuleHandleA
RtlUnwind
GetTimeZoneInformation
GetSystemTime
GetLocalTime
GetVersion
ExitProcess
HeapFree
HeapAlloc
TerminateProcess

user32

MoveWindow
WaitForInputIdle
PostThreadMessageA
GetMessageA
PeekMessageA
TranslateMessage
DispatchMessageA
BeginPaint
EndPaint
KillTimer
LoadCursorA
RegisterClassA
GetAsyncKeyState
GetSystemMetrics
CreateWindowExA
SetTimer
PostMessageA
IsWindow
MessageBoxA
SetWindowTextA
GetDlgItem
CreateDialogIndirectParamA
ShowWindow
UpdateWindow
FindWindowA
SendMessageA
DestroyWindow
DefWindowProcA

gdi32

SelectObject
BitBlt
DeleteObject
CreatePalette
CreateDCA
SelectPalette
RealizePalette
CreateDIBitmap
DeleteDC
CreateCompatibleDC

Sections

.text
Size: - Virtual size: 41KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.text1
Size: 60KB - Virtual size: 64KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data1
Size: 24KB - Virtual size: 64KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 124KB - Virtual size: 128KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 32KB - Virtual size: 32KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
file_id.diz
file_pad.xml
.xml
license.txt
mcodes.ini
readme.txt

Sharing

General

Malware Config

Signatures

Files

f253096b1fc8a1bfcf18c23e40291425

Headers

File Characteristics

Imports

kernel32

user32

gdi32

Sections

.text Size: - Virtual size: 41KB

.rdata Size: - Virtual size: 7KB

.data Size: - Virtual size: 10KB

.text1 Size: 60KB - Virtual size: 64KB

.data1 Size: 24KB - Virtual size: 64KB

.pdata Size: 124KB - Virtual size: 128KB

.rsrc Size: 32KB - Virtual size: 32KB

.text
Size: - Virtual size: 41KB

.rdata
Size: - Virtual size: 7KB

.data
Size: - Virtual size: 10KB

.text1
Size: 60KB - Virtual size: 64KB

.data1
Size: 24KB - Virtual size: 64KB

.pdata
Size: 124KB - Virtual size: 128KB

.rsrc
Size: 32KB - Virtual size: 32KB