c2220bcac8564f231a3bf846946a57a7

Sharing

Copy URL Twitter E-mail

General

Target

c2220bcac8564f231a3bf846946a57a7
Size

861KB
MD5

c2220bcac8564f231a3bf846946a57a7
SHA1

2cbe8d58b199a501f29040831240690e64cfc016
SHA256

062710b09c73f2f75012c22d54a7c2cab03bff23364c7fe2fbe9fdf79b7c6670
SHA512

01f603bd5929f7299daa81a5f9456f72c60a64a103b1b5579925d3592d6df4971c5bfdd1524d4b5ff9aa29c6eefb7cdc835d6df71b15ad5f05235328d2ea1036
SSDEEP

12288:9D/ZMqRwZaN9uGExJxbXhRb9D4xA34Cmdj490fm7+OfUuPAXb3rlbYzw9r7I:9D/hQJTzx1rEqCs90fLuPE72mr

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
c2220bcac8564f231a3bf846946a57a7

Files

c2220bcac8564f231a3bf846946a57a7
.exe windows:5 windows x86 arch:x86

7dd3f9b9d8b8d24c63eb8f466676d5e4

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

hhsetup

?SetTitle@CLocation@@QAEXPBG@Z
?SetId@CLocation@@QAEXPBG@Z
?CheckTitleRef@CCollection@@AAEKPBDG@Z
?ParseFile@CCollection@@AAEKPBD@Z
??1CTitle@@QAE@XZ
?FindTitle@CCollection@@QAEPAVCTitle@@PBDG@Z
?AddLocation@CCollection@@QAEPAVCLocation@@PBG000PAK@Z
?GetVolumeW@CLocation@@QAEPBGXZ
?SetVersion@CCollection@@QAEXK@Z
?GetFindMergedCHMS@CCollection@@QAEHXZ
?RemoveAll@CFIFOString@@QAEXXZ
?Next@CPointerList@@QAEPAUListItem@@PAU2@@Z
?SetId@CLocation@@QAEXPBD@Z
?GetParent@CFolder@@QAEPAV1@XZ
?AddLocation@CCollection@@QAEPAVCLocation@@PBD000PAK@Z
?GetVersion@CCollection@@QAEKXZ
?HandleTitle@CCollection@@AAEKPAVCParseXML@@PAD@Z
?AddChildFolder@CFolder@@QAEPAV1@PBDKPAKG@Z
?GetNextLocation@CLocation@@QAEPAV1@XZ
?SetTitle@CFolder@@QAEXPBD@Z
?GetLocation@CTitle@@QAEPAULocationHistory@@K@Z
?SetNextLocation@CLocation@@QAEXPAV1@@Z
?Dirty@CCollection@@QAEXXZ
?SetFirstChildFolder@CFolder@@QAEXPAV1@@Z
?AllocCopyValue@CCollection@@AAEKPAVCParseXML@@PADPAPAD@Z
?GetMasterCHM@CCollection@@QAEHPAPAGPAG@Z
?GetOrder@CFolder@@QAEKXZ
?NewLocationHistory@CTitle@@QAEPAULocationHistory@@XZ
??0CTitle@@QAE@XZ
?Open@CCollection@@QAEKPBD@Z
?Save@CCollection@@QAEKXZ
?HandleCollection@CCollection@@AAEKPAVCParseXML@@PAD@Z
?FindTitle@CCollection@@QAEPAVCTitle@@PBGG@Z
?GetId@CTitle@@QAEPADXZ
?GetSampleLocation@CCollection@@QAEPADXZ
?DeleteFolders@CCollection@@AAEXPAPAVCFolder@@@Z
?GetPathW@CLocation@@QAEPBGXZ
?SetFindMergedCHMS@CCollection@@QAEXH@Z
?GetCollectionFileName@CCollection@@QAEPBDXZ
?AddChildFolder@CFolder@@QAEPAV1@PBGKPAKG@Z

cfgmgr32

CM_Enumerate_Classes_Ex
CM_Unregister_Device_InterfaceA
CM_Set_HW_Prof_FlagsA
CM_Get_DevNode_Status_Ex
CM_Query_Remove_SubTree
CM_Set_DevNode_Registry_PropertyW
CM_Locate_DevNode_ExW
CM_Unregister_Device_InterfaceW
CM_Detect_Resource_Conflict_Ex
CM_Get_Next_Log_Conf
CM_Add_IDA
CM_Disable_DevNode_Ex
CM_Get_Version
CM_Get_Res_Des_Data_Size_Ex
CM_Get_Class_Key_Name_ExA
CM_Get_Log_Conf_Priority
CM_Query_And_Remove_SubTreeW
CM_Get_Hardware_Profile_InfoW
CM_Add_Range
CM_Query_And_Remove_SubTreeA
CM_Get_Device_Interface_AliasA
CM_Locate_DevNodeW
CM_Get_Global_State
CM_Free_Log_Conf_Ex
CM_Get_Child
CM_Reenumerate_DevNode_Ex
CM_Get_Device_ID_List_SizeW
CM_Enable_DevNode_Ex
CM_Get_HW_Prof_Flags_ExA
CM_Free_Log_Conf
CM_Merge_Range_List
CM_Add_Res_Des_Ex
CM_Get_Next_Res_Des
CM_Get_HW_Prof_FlagsW
CM_Register_Device_InterfaceW
CM_Find_Range
CM_Get_Depth
CM_Get_Device_Interface_AliasW
CM_Create_Range_List
CM_Open_DevNode_Key_Ex

ntdll

NtCallbackReturn
ZwLoadKey2
ZwGetPlugPlayEvent
RtlAddRefActivationContext
memcpy
NtRemoveProcessDebug
RtlEnumerateGenericTableWithoutSplaying
ZwQueryInformationToken
RtlDefaultNpAcl
ZwCreateThread
RtlAreAllAccessesGranted
ZwContinue
_wcsicmp
DbgUiIssueRemoteBreakin
NtReadVirtualMemory
RtlQueryRegistryValues
ZwCallbackReturn
RtlNumberOfSetBits
RtlEnableEarlyCriticalSectionEventCreation
RtlGetCurrentPeb
NtPrivilegedServiceAuditAlarm
mbstowcs
RtlGetAce
RtlNewInstanceSecurityObject
RtlCopyLuidAndAttributesArray
RtlGetNtProductType
RtlAddVectoredExceptionHandler
wcscat
RtlCompareMemory
ZwNotifyChangeDirectoryFile
RtlCopySecurityDescriptor
RtlTraceDatabaseFind
NtSetSystemInformation
RtlUpperString
RtlReleasePebLock
ZwRegisterThreadTerminatePort
NtCreateEventPair
RtlDllShutdownInProgress
RtlGetFrame
RtlInitializeRXact
NtCompressKey
RtlImageNtHeader
__isascii
RtlEraseUnicodeString
NtQuerySection
NtPrivilegeCheck
RtlAppendAsciizToString
RtlUnhandledExceptionFilter2
ZwAccessCheckByTypeResultListAndAuditAlarm
RtlGetGroupSecurityDescriptor
ZwDeleteValueKey
RtlTimeToTimeFields
RtlDeleteResource
RtlCaptureContext
RtlLargeIntegerToChar
RtlSecondsSince1980ToTime
NtPulseEvent
DbgUiWaitStateChange
ZwDebugContinue
RtlDestroyQueryDebugBuffer
NtReplaceKey
RtlOemToUnicodeN
NtSetInformationToken
ZwQueryVirtualMemory
RtlFreeOemString
RtlDecompressFragment
LdrQueryImageFileExecutionOptions
RtlValidSecurityDescriptor
RtlDestroyAtomTable
ZwPowerInformation
ZwMakeTemporaryObject
ZwIsSystemResumeAutomatic
_CIpow
ZwTerminateThread
RtlInitString
RtlDnsHostNameToComputerName
NtRemoveIoCompletion
ZwDuplicateToken
ZwNotifyChangeMultipleKeys
ZwCreateSymbolicLinkObject
NtCreatePort
RtlValidateUnicodeString
RtlSetCurrentDirectory_U
memset
NtAssignProcessToJobObject
ZwReadVirtualMemory
NtEnumerateBootEntries
RtlSetSecurityDescriptorRMControl

kernel32

EnumResourceLanguagesA
GetConsoleTitleA
TlsGetValue
GlobalAddAtomA
GlobalUnlock
GetNumaProcessorNode
CreateTapePartition
FreeLibrary
HeapAlloc
QueryPerformanceCounter
SignalObjectAndWait
GetExitCodeProcess
BindIoCompletionCallback
GetCurrentProcess
GetVolumePathNameA
lstrcpy
SetNamedPipeHandleState
VirtualAlloc
GetNamedPipeInfo
GetCurrentThread
FillConsoleOutputAttribute
SystemTimeToFileTime
LoadLibraryA
GetStartupInfoA
InitAtomTable
WriteFileEx
CallNamedPipeW
CreateMutexW
GetCPInfoExW
DeleteTimerQueue
GetEnvironmentStringsW
GetConsoleMode
ConvertThreadToFiber
ReadConsoleInputExA
IsBadStringPtrW
SetClientTimeZoneInformation
SetLastError
LocalAlloc
CreatePipe
ClearCommError

Sections

.text
Size: 315KB - Virtual size: 315KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 303KB - Virtual size: 303KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 1.7MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 240KB - Virtual size: 240KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 1024B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

7dd3f9b9d8b8d24c63eb8f466676d5e4

Headers

DLL Characteristics

File Characteristics

Imports

hhsetup

cfgmgr32

ntdll

kernel32

Sections

.text Size: 315KB - Virtual size: 315KB

.rdata Size: 303KB - Virtual size: 303KB

.data Size: 1024B - Virtual size: 1.7MB

.rsrc Size: 240KB - Virtual size: 240KB

.reloc Size: 1024B - Virtual size: 1024B

.text
Size: 315KB - Virtual size: 315KB

.rdata
Size: 303KB - Virtual size: 303KB

.data
Size: 1024B - Virtual size: 1.7MB

.rsrc
Size: 240KB - Virtual size: 240KB

.reloc
Size: 1024B - Virtual size: 1024B