c2058e635e7bf0091a4340b9585e6862

Sharing

Copy URL Twitter E-mail

General

Target

c2058e635e7bf0091a4340b9585e6862
Size

59KB
MD5

c2058e635e7bf0091a4340b9585e6862
SHA1

1605e382dcf917cbcb66bfc70bfed872766cbf42
SHA256

7685d998dd0cdc18a76ce6ec898553cc1e2e5a112e59510577e000597afa259b
SHA512

74c14a04c43bc2ec853889548666d5224e254c6aa0b994814069c3e2da436f31274bddad0dd57c8dc075c56e77ac7fbaa534a8cbfbd7fdb2853ae664ad0db26d
SSDEEP

1536:j7AWJJFGDz+7aqDNuFeUCBuZxXGNHwkZL9eK:j73JFGDK7a2u1PW1wOz

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
c2058e635e7bf0091a4340b9585e6862

Files

c2058e635e7bf0091a4340b9585e6862
.exe windows:5 windows x86 arch:x86

4c6a11684b54b82fbdbc525565c6e003

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

ScrollConsoleScreenBufferW
GetEnvironmentStringsA
LoadLibraryA
LocalCompact
SetComputerNameExW
GetProfileStringA
SystemTimeToTzSpecificLocalTime
GetTapeStatus
RegisterWowExec
EnumCalendarInfoA
SwitchToFiber
SetConsoleMaximumWindowSize
GetEnvironmentStringsW
lstrcmpW
SetFirmwareEnvironmentVariableW
VirtualAlloc
GetProfileStringW
MapViewOfFile
SearchPathA
EnumDateFormatsExW
FindFirstFileExW
GetStdHandle
GetPrivateProfileStructW
GetConsoleCP
CreateFileA
WriteConsoleOutputAttribute
GetShortPathNameA
LZOpenFileW
GetNumberFormatW
GetCommandLineW
WriteConsoleInputW
EnumCalendarInfoExA
GetSystemDefaultLCID
GetAtomNameW
WriteProfileSectionW
WTSGetActiveConsoleSessionId
IsProcessorFeaturePresent
GetConsoleCommandHistoryA
CreateThread
NlsGetCacheUpdateCount
RtlCaptureContext
VirtualFreeEx
LeaveCriticalSection
VDMConsoleOperation
SetLocalTime
GetDevicePowerState
HeapCreate
GetProcAddress
InvalidateConsoleDIBits
CreateTimerQueueTimer
SetLocalPrimaryComputerNameW
GetMailslotInfo
PeekConsoleInputA
GetTickCount
SetVolumeMountPointA
FileTimeToSystemTime

cmutil

?GPPI@CIniW@@QBEKPBG0K@Z
?Clear@CIniA@@QAEXXZ
CmConvertRelativePathW
CmStrrchrW
MakeBold
?CIniA_GetEntryFromReg@CIniA@@IBEPAEPAUHKEY__@@PBD1KK@Z
?CIniW_GetEntryFromReg@CIniW@@IBEPAEPAUHKEY__@@PBG1KK@Z
SzToWz
?SetEntryFromIdx@CIniA@@QAEXK@Z
??_FCIniA@@QAEXXZ
CmIsDigitW
CmStrrchrA
?SetPrimaryRegPath@CIniA@@QAEXPBD@Z
?SetEntry@CIniA@@QAEXPBD@Z
?Clear@CIniW@@QAEXXZ
??4CIniA@@QAEAAV0@ABV0@@Z
?GPPB@CIniW@@QBEHPBG0H@Z
?SetEntryFromIdx@CIniW@@QAEXK@Z
CmLoadIconA
?GetFile@CIniW@@QBEPBGXZ
??1CIniA@@QAE@XZ
ReleaseBold

rasman

RasSetKey
RasSendCreds
RasPortGetProtocolCompression
IsRasmanProcess
RasPortDisconnect
RasGetEapUserInfo
RasRpcGetCountryInfo
RasPortReserve
RasSetPortUserData
RasReferenceRasman
RasCompressionGetInfo
RasRpcUnloadDll
RasSetDeviceConfigInfo
RasDestroyConnection
RasInitialize
RasLinkGetStatistics
RasSendNotification
RasDeviceEnum
RasDeviceSetInfo
RasGetConnectInfo
RasGetConnectionParams
RasGetInfo
RasSetDevConfig
RasServerPortClose

msasn1

ASN1_CreateEncoder
ASN1BEREncU32
ASN1octetstring_cmp
ASN1BEREncBitString
ASN1BEREncSX
ASN1BERDecZeroChar16String
ASN1BERDecZeroChar32String
ASN1BEREncCharString
ASN1octetstring_free
ASN1BERDecOpenType2
ASN1BERDecS16Val
ASN1BEREncUTCTime
ASN1BERDecObjectIdentifier
ASN1BERDecExplicitTag
ASN1BERDecObjectIdentifier2
ASN1intxisuint32
ASN1utf8string_free
ASN1BEREncOpenType
ASN1_FreeEncoded
ASN1BEREncOctetString
ASN1BEREoid_free
ASN1DecSetError

certcli

CACertTypeAccessCheckEx
CACertTypeQuery
CASetCertTypeExtension
CACreateCertType
CASetCertTypeExpiration
CAOIDGetProperty
CACertTypeGetSecurity
CACloneCertType
CAGetCertTypeExtensions
CAFindByName
DllUnregisterServer
CAGetCAFlags
DllCanUnloadNow
CACloseCertType
CARemoveCACertificateType
CASetCertTypeProperty
CAEnumNextCertType
CACertTypeRegisterQuery
CADeleteLocalAutoEnrollmentObject
CACountCertTypes
CAOIDAdd
CAOIDFreeProperty
CAGetCAProperty

winmm

mmGetCurrentTask
mmioRenameW
mixerGetDevCapsW
waveOutClose
tid32Message
midiOutShortMsg
mmioClose
mmioSetInfo
mmTaskCreate
waveOutMessage
mixerGetLineInfoA
midiInMessage
wod32Message
mmioCreateChunk
joyGetDevCapsA
midiInClose
waveInGetDevCapsW
midiOutGetErrorTextA
midiInGetErrorTextA
mmioInstallIOProcA
joyGetPos
auxSetVolume
midiStreamOut
mmsystemGetVersion
mmioRenameA
midiInReset
auxGetNumDevs
waveOutGetPosition
mixerOpen

cmpbk32

PhoneBookGetCountryId
PhoneBookGetPhoneCanonicalA
PhoneBookGetPhoneDUNA
PhoneBookEnumCountries
PhoneBookFreeFilter
PhoneBookGetPhoneNonCanonicalA
PhoneBookGetPhoneDispA
PhoneBookMergeChanges
PhoneBookGetPhoneDescA
PhoneBookGetRegionNameA
PhoneBookEnumNumbersWithRegionsZero
PhoneBookGetCountryNameA
PhoneBookHasPhoneType
PhoneBookGetCurrentCountryId
PhoneBookGetCountryNameW
PhoneBookLoad
PhoneBookEnumRegions
PhoneBookCopyFilter
PhoneBookGetPhoneType
PhoneBookParseInfoA
PhoneBookMatchFilter
PhoneBookEnumNumbers
PhoneBookUnload

Sections

.text
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 16KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 17KB - Virtual size: 63KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 19KB - Virtual size: 18KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 228B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

4c6a11684b54b82fbdbc525565c6e003

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

cmutil

rasman

msasn1

certcli

winmm

cmpbk32

Sections

.text Size: 5KB - Virtual size: 4KB

.rdata Size: 16KB - Virtual size: 16KB

.data Size: 17KB - Virtual size: 63KB

.rsrc Size: 19KB - Virtual size: 18KB

.reloc Size: 512B - Virtual size: 228B

.text
Size: 5KB - Virtual size: 4KB

.rdata
Size: 16KB - Virtual size: 16KB

.data
Size: 17KB - Virtual size: 63KB

.rsrc
Size: 19KB - Virtual size: 18KB

.reloc
Size: 512B - Virtual size: 228B