c442336db68408a349bbdebb55e9da09

Sharing

Copy URL

Twitter E-mail

General

Target

c442336db68408a349bbdebb55e9da09
Size

84KB
MD5

c442336db68408a349bbdebb55e9da09
SHA1

1c3cf4ec4b5e456f54f47b28c1728049db319dd7
SHA256

7e70cf766ea4558b53a30e8f83545062004ffb5601096b0dae6249e66081dbbd
SHA512

16a1f2e80d44cad266ad12137a56ad126be537ec0a9c11fbddc7afe34e15b74a21ca07120599fa296ec29f847a35914b97d5d424bbd4caad92eba3d265a2a22e
SSDEEP

1536:iG8fzpAZ3vuPvaJ+5KZTMpPToXRyYcHiJR3jsGzmULHaJpK/6:iGEzeZ3tJYKOpbgki3pPWD

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
c442336db68408a349bbdebb55e9da09

Files

c442336db68408a349bbdebb55e9da09
.exe windows:5 windows x86 arch:x86

62eac972e82664823feab64206fad659

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

ntdll

NtOpenSemaphore
RtlInitializeHandleTable
NtSetSystemTime
RtlCompactHeap
RtlNumberGenericTableElements
ZwUnmapViewOfSection
RtlCloneMemoryStream
ZwQuerySystemTime
RtlAddAttributeActionToRXact
ZwSetVolumeInformationFile
NtQuerySecurityObject
ZwReleaseMutant
ZwSetBootEntryOrder
ZwCreateThread
NtSetInformationToken
wcscmp
LdrQueryImageFileExecutionOptions

mpr

WNetGetPropertyTextW
WNetGetResourceParentA
WNetCancelConnection2A
WNetCancelConnectionW
WNetGetConnection3W
WNetFormatNetworkNameW
WNetGetProviderTypeW
WNetGetLastErrorA
WNetClearConnections
WNetPropertyDialogA
WNetCloseEnum
WNetGetConnection2A
MultinetGetErrorTextW
WNetGetConnection3A
I_MprSaveConn
WNetUseConnectionW
WNetGetResourceInformationA

mscat32

CryptCATCDFEnumAttributes
CryptCATStoreFromHandle
CryptCATAdminCalcHashFromFileHandle
CryptCATAdminAddCatalog
DllRegisterServer
CryptCATEnumerateCatAttr
CryptCATGetMemberInfo
MsCatFreeHashTag
CryptCATEnumerateMember
CryptCATHandleFromStore
CryptCATCDFEnumMembers
CryptCATAdminReleaseCatalogContext
CryptCATCDFEnumAttributesWithCDFTag
CryptCATPutAttrInfo
IsCatalogFile
CryptCATAdminEnumCatalogFromHash

kernel32

lstrlenA
CreateThread
GetProcessVersion
Heap32ListFirst
LoadLibraryA
IsBadStringPtrA
GetCommConfig
GetConsoleCP
RegisterWaitForSingleObject
SetProcessPriorityBoost
VirtualAlloc
GetFileTime
AssignProcessToJobObject
CancelDeviceWakeupRequest
GetSystemWindowsDirectoryW
CreateDirectoryW
LocalAlloc
SetWaitableTimer
GlobalSize

msvcirt

??4istream_withassign@@QAEAAVistream@@PAVstreambuf@@@Z
??_Gifstream@@UAEPAXI@Z
?setf@ios@@QAEJJJ@Z
??0istream@@IAE@XZ
?pbackfail@stdiobuf@@UAEHH@Z
_mtlock
??4iostream@@IAEAAV0@PAVstreambuf@@@Z
??4ios@@IAEAAV0@ABV0@@Z
??4exception@@QAEAAV0@ABV0@@Z
??0istream@@IAE@ABV0@@Z
??0strstream@@QAE@PADHH@Z
?overflow@strstreambuf@@UAEHH@Z
?in_avail@streambuf@@QBEHXZ
?put@ostream@@QAEAAV1@E@Z
?seekp@ostream@@QAEAAV1@J@Z

Sections

.text
Size: 36KB - Virtual size: 35KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 24KB - Virtual size: 31KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 19KB - Virtual size: 18KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 264B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

62eac972e82664823feab64206fad659

Headers

DLL Characteristics

File Characteristics

Imports

ntdll

mpr

mscat32

kernel32

msvcirt

Sections

.text Size: 36KB - Virtual size: 35KB

.rdata Size: 3KB - Virtual size: 2KB

.data Size: 24KB - Virtual size: 31KB

.rsrc Size: 19KB - Virtual size: 18KB

.reloc Size: 512B - Virtual size: 264B

.text
Size: 36KB - Virtual size: 35KB

.rdata
Size: 3KB - Virtual size: 2KB

.data
Size: 24KB - Virtual size: 31KB

.rsrc
Size: 19KB - Virtual size: 18KB

.reloc
Size: 512B - Virtual size: 264B