c11d1b9adadb7d03c9ca701c26831d69

Sharing

Copy URL

Twitter E-mail

General

Target

c11d1b9adadb7d03c9ca701c26831d69
Size

477KB
MD5

c11d1b9adadb7d03c9ca701c26831d69
SHA1

c4dd5fd678adae9b6f688272dd30e217ac050f71
SHA256

35a4b12b0a0cb3062f1369fecdf5c741a1f8d06278dd431bf06cb09a3f2529a5
SHA512

56be6ba5926df97f85e8e69e35816396f42c05d9bc65b48c2d4330f3e0bb926f48ed6cdbaa7f20d06d599152ccc2a0feebd9583c23fce185e68a947688e7450f
SSDEEP

12288:LCrkxNS2gZ4jzah0lHabe9qMCRUARoij8sKNl:LukxNS2MaS0l6KUMCRRVj8h

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
c11d1b9adadb7d03c9ca701c26831d69

Files

c11d1b9adadb7d03c9ca701c26831d69
.exe windows:4 windows x86 arch:x86

4dedb8053fe8f335dcd9fc658e519f08

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

PDB Paths

c:\eaqkhkeho\axnfioshze\yreeoe\dbaeolu.PDB

Imports

advapi32

CryptSignHashW
RegCreateKeyA
CryptSetKeyParam
LookupPrivilegeValueA
CryptSetProviderA
CryptDeriveKey
GetUserNameW
CryptSignHashA

comctl32

InitCommonControlsEx

user32

SetWindowLongW
WinHelpW
CallWindowProcW
CreateWindowExW
RegisterClassA
SystemParametersInfoW
DdeUnaccessData
EmptyClipboard
VkKeyScanW
GetKeyNameTextA
DdeSetUserHandle
CreateCursor
SetCursorPos
InvalidateRgn
TranslateAcceleratorA
CreateDialogParamW
DragDetect
RegisterClassExA
DlgDirListComboBoxW
GetClipboardData

kernel32

GetVersionExA
GetStartupInfoA
LoadLibraryA
FlushFileBuffers
FreeEnvironmentStringsW
GetUserDefaultLCID
WideCharToMultiByte
GetLastError
TlsSetValue
GetFileType
ExitProcess
GetStringTypeA
QueryPerformanceCounter
InterlockedExchange
LeaveCriticalSection
WriteFile
HeapAlloc
CreateMutexA
FlushConsoleInputBuffer
InitializeCriticalSection
GetCurrentProcess
ReadFile
SetLastError
TerminateProcess
HeapDestroy
LCMapStringW
GetSystemInfo
FreeEnvironmentStringsA
MultiByteToWideChar
GetProcAddress
GetStdHandle
UnhandledExceptionFilter
GetCurrentProcessId
GetDateFormatA
LocalSize
GetLocaleInfoA
VirtualQuery
SetEnvironmentVariableA
VirtualProtect
HeapReAlloc
CloseHandle
GetTimeFormatA
EnterCriticalSection
VirtualAlloc
GetLocaleInfoW
OpenSemaphoreA
LCMapStringA
RtlUnwind
GetModuleFileNameA
CompareStringW
IsValidCodePage
GetCurrentThread
CompareStringA
TlsFree
GetCPInfo
GetCurrentThreadId
SetFilePointer
HeapFree
GetEnvironmentStringsW
GetStringTypeW
IsBadWritePtr
HeapSize
GetCommandLineA
SetHandleCount
GetModuleHandleA
DeleteCriticalSection
HeapCreate
OpenMutexA
SetStdHandle
IsValidLocale
EnumSystemLocalesA
GetTickCount
TlsAlloc
GetSystemTimeAsFileTime
GetOEMCP
TlsGetValue
GetTimeZoneInformation
GetEnvironmentStrings
GetACP
VirtualFree

Sections

.text
Size: 296KB - Virtual size: 295KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 64KB - Virtual size: 76KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 104KB - Virtual size: 104KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 11KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

4dedb8053fe8f335dcd9fc658e519f08

Headers

File Characteristics

PDB Paths

Imports

advapi32

comctl32

user32

kernel32

Sections

.text Size: 296KB - Virtual size: 295KB

.rdata Size: 64KB - Virtual size: 76KB

.data Size: 104KB - Virtual size: 104KB

.rsrc Size: 11KB - Virtual size: 11KB

.text
Size: 296KB - Virtual size: 295KB

.rdata
Size: 64KB - Virtual size: 76KB

.data
Size: 104KB - Virtual size: 104KB

.rsrc
Size: 11KB - Virtual size: 11KB