c14cc642d5478e6007e7c925bd962742

Sharing

Copy URL Twitter E-mail

General

Target

c14cc642d5478e6007e7c925bd962742
Size

873KB
MD5

c14cc642d5478e6007e7c925bd962742
SHA1

e83dc0322f4b4e9e2d8ffd331c67ceda24908c7d
SHA256

1a5d07ce2069810d43893e1ea79a55a98c009f41623c6a1cffeb4efad5776198
SHA512

5054d18a8a5154c36cb12fff9d86c7fc93b5a2b84db799bdbc0af748b7baf1d837d01a64265f4a0c97c5d6d29dcbe80d42e50e5ba66a72f1fb303cca981cee35
SSDEEP

24576:1z9FuKL74TkqFryNVzdXgN/0YxBvbJfy:1z9AK/4TkqFryux7q

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
c14cc642d5478e6007e7c925bd962742

Files

c14cc642d5478e6007e7c925bd962742
.exe windows:5 windows x86 arch:x86

de30a64e34d14aa2375781484a4874a8

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

query

?UpdateDiskLowInfo@CDiskFreeStatus@@QAEXXZ
?UnMarshallTree@CDbCmdTreeNode@@SGPAV1@AAVPDeSerStream@@@Z
?Next@CStaticPropertyList@@UAEPBVCPropEntry@@XZ
?Clone@CRestriction@@QBEPAV1@XZ
?RemoveScope@CCatalogAdmin@@QAEXPBG@Z
?Close@CPhysStorage@@QAEXXZ
?SetEndKey@CRangeRestriction@@QAEXABVCKeyBuf@@@Z
?RemoveCatalogFiles@CMachineAdmin@@QAEXPBG@Z
?SkipUShort@CMemDeSerStream@@UAEXXZ
??0CPropertyRestriction@@QAE@XZ
?AddEntry@CPropertyList@@UAEXPAVCPropEntry@@H@Z
??0CLocalGlobalPropertyList@@QAE@K@Z
?Marshall@CDbParameter@@QBEXAAVPSerStream@@@Z
?AcqRst@CRangeKeyRepository@@QAEPAVCRangeRestriction@@XZ
?AddRef@CEnumString@@UAGKXZ
?AddRef@CDbProperties@@UAGKXZ
?ContainsDrive@CDriveInfo@@SGHPBG@Z
?BorrowNewBuffer@CPhysStorage@@QAEPAKK@Z
?Skip@CEnumString@@UAGJK@Z
?EnumerateValues@CRegAccess@@QAEXPAGAAVCRegCallBack@@@Z
?PutWString@@YGXAAVPSerStream@@PBG@Z
??0CDbQueryResults@@QAE@XZ
??1CInternalPropertyRestriction@@QAE@XZ
??1CFilterDaemon@@QAE@XZ
?Release@CImpersonateRemoteAccess@@QAEXXZ
CiSvcMain
?SetSortProp@CCatState@@QAEXPBGW4SORTDIR@@I@Z
??0CFullPropSpec@@QAE@ABV0@@Z
?GetR8@CAllocStorageVariant@@QBENI@Z

msasn1

ASN1BEREncObjectIdentifier2
ASN1BERDotVal2Eoid
ASN1BERDecExplicitTag
ASN1BERDecSXVal
ASN1intxisuint32
ASN1CEREncFlushBlkElement
ASN1BERDecObjectIdentifier
ASN1BEREncOpenType
ASN1BEREncBool
ASN1intx_uoctets
ASN1octetstring_free
ASN1_Decode
ASN1EncSetError
ASN1_Encode
ASN1BEREoid2DotVal
ASN1BERDecBitString
ASN1BERDecNotEndOfContents
ASN1BERDecZeroChar32String
ASN1BERDecEoid
ASN1BEREncOctetString
ASN1BERDecMultibyteString
ASN1BERDecObjectIdentifier2
ASN1CEREncCharString
ASN1BERDecCheck
ASN1BEREncCheck
ASN1DecRealloc
ASN1bitstring_free
ASN1BERDecU8Val
ASN1BERDecGeneralizedTime
ASN1BERDecChar32String
ASN1_FreeDecoded
ASN1BEREoid_free
ASN1BERDecLength
ASN1_CreateDecoder
ASN1BEREncDouble
ASN1bitstring_cmp
ASN1BERDecOpenType
ASN1BERDecPeekTag
ASN1BEREncZeroMultibyteString
ASN1charstring_free
ASN1ztcharstring_cmp
ASN1BERDecFlush

msvcrt40

fwscanf
??_8ifstream@@7B@
_snwprintf
??_Gexception@@UAEPAXI@Z
vfwprintf
_HUGE
??6ostream@@QAEAAV0@PBX@Z
??4streambuf@@QAEAAV0@ABV0@@Z
_chdir
wctomb
_snprintf
??0streambuf@@QAE@ABV0@@Z
?sh_write@filebuf@@2HB
fwprintf
?in_avail@streambuf@@QBEHXZ
?doallocate@strstreambuf@@MAEHXZ
_wcsnicoll
isleadbyte
_fgetchar
wcspbrk
??5istream@@QAEAAV0@AAM@Z
_mbsnccnt
?opfx@ostream@@QAEHXZ
_execve
_ecvt
ctime
_sopen
_lsearch
??_Glogic_error@@UAEPAXI@Z
?getint@istream@@AAEHPAD@Z
?is_open@fstream@@QBEHXZ
_memccpy
_assert
acos
_safe_fdivr
__p__daylight
_ismbclower
iswascii
_winver
_mbscmp
?get@istream@@QAEAAV1@AAD@Z
_mbstrlen
_creat
_vsnprintf

kernel32

GetThreadPriority
GetPrivateProfileSectionA
VirtualAlloc
WriteProfileStringA
GetVDMCurrentDirectories
GetConsoleAliasExesLengthA
GetComputerNameA
GetConsoleAliasesW
VerSetConditionMask
Heap32First
LeaveCriticalSection
GetDiskFreeSpaceExA
EnumSystemGeoID
SetTapePosition
GetStartupInfoA
GetFileAttributesA
GetFileAttributesExW
WaitForSingleObjectEx
DebugActiveProcessStop
TryEnterCriticalSection
IsValidLocale
GetShortPathNameA
InterlockedPopEntrySList
CompareStringW
GetProcAddress
GetConsoleInputExeNameA
LoadLibraryA
GlobalFindAtomA
CreateProcessInternalW
PulseEvent
FindNextVolumeMountPointA
InitializeCriticalSection
InitializeCriticalSectionAndSpinCount
CreateTapePartition
DeleteFileW
SetSystemTimeAdjustment
GlobalWire
GetCompressedFileSizeW
GetTickCount
DosDateTimeToFileTime

oleaut32

SysStringLen
VarCyFromStr
VariantCopyInd
VarFormatFromTokens
LPSAFEARRAY_Unmarshal
VarI8FromI1
SysStringByteLen
VarUI1FromUI8
VarI1FromDisp
BstrFromVector
VarUI1FromUI4
VarDecSub
SafeArrayAccessData
ClearCustData
VARIANT_UserSize
VarI1FromI8
VarBstrFromI2
VarI1FromUI1
VarUI8FromUI4
VarUI8FromDisp
VarI4FromDisp
VarCyFromR8
SafeArraySetIID
VarI8FromBool
VarUI2FromR8
VarAdd
VARIANT_UserUnmarshal
VarI4FromR8
OleLoadPicturePath
VarEqv
VarRound
VarR4FromI8
VarR8FromI8
VarBstrFromUI1

schannel

FreeCredentialsHandle
VerifySignature
EnumerateSecurityPackagesA
SpUserModeInitialize
SslCrackCertificate
DeleteSecurityContext
QuerySecurityPackageInfoW
SslFreeCertificate
InitializeSecurityContextA
FreeContextBuffer
MakeSignature
AcceptSecurityContext
RevertSecurityContext
SslGenerateRandomBits
InitSecurityInterfaceA
SpLsaModeInitialize
QuerySecurityPackageInfoA
ImpersonateSecurityContext
CompleteAuthToken
QueryContextAttributesA
SslLoadCertificate
SslEmptyCacheA
SslGetMaximumKeySize
SslEmptyCacheW
EnumerateSecurityPackagesW
AcquireCredentialsHandleW

user32

DeregisterShellHookWindow
DestroyAcceleratorTable
CloseClipboard
SendDlgItemMessageW
GetProgmanWindow
SetProgmanWindow
DlgDirSelectExW
CopyImage
PtInRect
ToAsciiEx
GetRawInputData
WindowFromPoint
CreateAcceleratorTableA
EnumPropsExW
LoadCursorW
ValidateRgn
DdePostAdvise
WINNLSEnableIME
WaitForInputIdle
RecordShutdownReason
DialogBoxIndirectParamAorW
UnpackDDElParam
PrintWindow
RegisterShellHookWindow
GetWindowTextLengthA
GetRawInputDeviceList
GetScrollInfo
CreateCaret
SetSysColors
ClipCursor
GetClipboardFormatNameW
UnionRect
EnumPropsW
CharPrevExA
SendMessageTimeoutW
DlgDirSelectComboBoxExA
DialogBoxParamA
HideCaret
IsMenu

Sections

.text
Size: 315KB - Virtual size: 315KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 296KB - Virtual size: 296KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 255KB - Virtual size: 1.7MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 1024B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

de30a64e34d14aa2375781484a4874a8

Headers

DLL Characteristics

File Characteristics

Imports

query

msasn1

msvcrt40

kernel32

oleaut32

schannel

user32

Sections

.text Size: 315KB - Virtual size: 315KB

.rdata Size: 296KB - Virtual size: 296KB

.data Size: 255KB - Virtual size: 1.7MB

.rsrc Size: 4KB - Virtual size: 4KB

.reloc Size: 1024B - Virtual size: 1024B

.text
Size: 315KB - Virtual size: 315KB

.rdata
Size: 296KB - Virtual size: 296KB

.data
Size: 255KB - Virtual size: 1.7MB

.rsrc
Size: 4KB - Virtual size: 4KB

.reloc
Size: 1024B - Virtual size: 1024B