c2c0170e2fc28f5627dbb3d5714395dd

Sharing

Copy URL

Twitter E-mail

General

Target

c2c0170e2fc28f5627dbb3d5714395dd
Size

30KB
MD5

c2c0170e2fc28f5627dbb3d5714395dd
SHA1

fdd1c3a5664536caacaa63f7364ea896d63f6151
SHA256

4a99505fe8f7cbb6a1442142ac9b432e73558e92927c76fde53a2496926bfea1
SHA512

ccfa6f586e29fe7b2a06714ba8125323a68cf2959b1b9c2276ea41cecc3aece25f3c67638d7ae0f3da568ad06a45f0dd2e064e3e8ec45e5ee4c9fff8239b90bf
SSDEEP

768:JbN69mLJ2m/u45l6S4G5DOKjXNef1kyi9grTEi:JbLIm/u45l6S5JO+XNef11iUT

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
c2c0170e2fc28f5627dbb3d5714395dd

Files

c2c0170e2fc28f5627dbb3d5714395dd
.exe windows:5 windows x86 arch:x86

b7de0b66ab7fae8261dfcaad84eab7a4

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

adsldpc

ADsFreeColumn

msvcrt

isxdigit
_adjust_fdiv
strncpy
bsearch
_initterm
_wcsnicmp
strncmp
_ltow
memmove
wcschr
atol
_ltoa
__dllonexit
wcslen
wcscpy
isdigit
wcscat
_snprintf
malloc
_ultoa
memcpy
_wcsicmp
free
_onexit
isupper
wcscmp
qsort
_except_handler3
_snwprintf
sprintf
strtoul
_itow

kernel32

CompareStringA
lstrlenA
GetTempPathA
SystemTimeToFileTime
EnterCriticalSection
TerminateProcess
ReleaseMutex
SetUnhandledExceptionFilter
GetTimeFormatA
UnmapViewOfFile
FreeLibrary
CreateFileA
GetFileAttributesA
OpenMutexW
GetComputerNameA
GetSystemDefaultLangID
lstrlenW
GetFileAttributesW
CompareFileTime
GetVersionExA
TlsGetValue
MultiByteToWideChar
GetLocalTime
CreateMutexA
TlsAlloc
PulseEvent
ExitThread
FindNextFileA
InterlockedIncrement
GetDateFormatW
WaitForSingleObjectEx
SetEvent
ExpandEnvironmentStringsA
LocalReAlloc
WaitForSingleObject
ReadFile
lstrcmpA
CompareStringW
OpenFileMappingW
lstrcpyA
FindFirstFileW
ExpandEnvironmentStringsW
TlsFree
GetTimeFormatW
CreateThread
GetCurrentThreadId
GetCurrentThread
CreateDirectoryA
DuplicateHandle
DeleteFileA
SetEndOfFile
GetTickCount
InterlockedCompareExchange
GetComputerNameW
GetTempFileNameA
GetLastError
OutputDebugStringA
SetFilePointer
MapViewOfFile
DeleteCriticalSection
TlsSetValue
GetSystemTime
FindFirstChangeNotificationW
FormatMessageA
SetFileAttributesA
VirtualAlloc
FindFirstChangeNotificationA
FindCloseChangeNotification
GetFileAttributesExW
LocalAlloc
FreeLibraryAndExitThread
LoadLibraryA
DeleteFileW
GetFileSize
LeaveCriticalSection
FileTimeToSystemTime
GetEnvironmentVariableA
Sleep
LocalFree
CreateEventA
GetSystemTimeAsFileTime
LoadLibraryExW
SetLastError
GetProcAddress
GetDateFormatA
QueryPerformanceCounter
OpenEventA
CreateMutexW
SetFileAttributesW
UnhandledExceptionFilter
CreateFileMappingA
WaitForMultipleObjectsEx
DelayLoadFailureHook
LocalSize
InitializeCriticalSection
InterlockedExchange
CloseHandle
FindClose
WideCharToMultiByte
CreateFileW
GetUserDefaultLCID
GetCurrentProcess
FindNextChangeNotification
OpenMutexA
InterlockedDecrement
CreateDirectoryW
GetModuleFileNameW
FileTimeToLocalFileTime
GetCurrentProcessId
WriteFile
LoadLibraryExA
CreateFileMappingW
lstrcatA
FormatMessageW
GetACP
GetModuleFileNameA
GetModuleHandleA
FindNextFileW

user32

MessageBoxA
GetProcessDefaultLayout
LoadStringA
wsprintfA
GetSystemMetrics
wsprintfW
MessageBoxW
LoadStringW

advapi32

CryptCreateHash
RegSetValueExW
QueryServiceStatus
CryptGetHashParam
CryptSetKeyParam
InitializeSecurityDescriptor
CryptGetDefaultProviderW
RegDeleteValueA
StartServiceA
OpenServiceW
StartServiceW
RegDeleteKeyW
OpenSCManagerW
RegQueryInfoKeyW
MD5Final
FreeSid
SystemFunction040
CryptGetKeyParam
CryptSetProviderA
MD5Init
RegCreateKeyExA
SetSecurityDescriptorGroup
EqualSid
CryptDestroyHash
InitializeAcl
RegEnumValueA
RegSetValueExA
GetLengthSid
A_SHAFinal
MD5Update
CryptSignHashA
RegQueryInfoKeyA
RegEnumKeyA
GetSidIdentifierAuthority
CryptReleaseContext
IsValidSid
A_SHAInit
RegEnumValueW
ControlService
RegConnectRegistryA
CryptAcquireContextA
OpenThreadToken
CryptSetProvParam
GetSidSubAuthorityCount
RegConnectRegistryW
RegEnumKeyExW
RegDeleteKeyA
RegCreateKeyExW
CopySid
RegDeleteValueW
GetUserNameW
SetSecurityDescriptorOwner
LsaNtStatusToWinError
CryptGetUserKey
CryptImportKey
LookupAccountSidW
GetSecurityDescriptorOwner
GetSidSubAuthority
GetTokenInformation
RegCloseKey
A_SHAUpdate
AllocateAndInitializeSid
RegNotifyChangeKeyValue
CryptHashData
RegOpenKeyExW
CryptGetProvParam
AddAccessAllowedAce
CloseServiceHandle
ChangeServiceConfigA
UnlockServiceDatabase
AdjustTokenPrivileges
CryptDestroyKey
RegQueryValueExA
CryptSetHashParam
RegQueryValueExW
LockServiceDatabase
QueryServiceConfigA
SetSecurityDescriptorDacl
RegEnumKeyExA
CryptExportKey
CryptGenKey
CryptDeriveKey
LookupPrivilegeValueA
CryptEncrypt
OpenProcessToken
CryptVerifySignatureA
RegSetKeySecurity
CryptDecrypt
RegOpenKeyExA
CryptGenRandom
GetAce
SystemFunction041
RegGetKeySecurity
GetSecurityDescriptorDacl
GetUserNameA

msasn1

ASN1BERDecEndOfContents
ASN1_CloseEncoder
ASN1BERDecCharString
ASN1BERDecPeekTag
ASN1BERDecBool
ASN1_CreateModule
ASN1objectidentifier2_cmp
ASN1CEREncUTCTime
ASN1BERDecU32Val
ASN1BEREncEndOfContents
ASN1_SetEncoderOption
ASN1BERDecUTF8String
ASN1BEREncU32
ASN1BERDecOpenType
ASN1intx_free
ASN1CEREncNewBlkElement
ASN1BEREoid2DotVal
ASN1CEREncBeginBlk
ASN1BERDecObjectIdentifier2
ASN1DecSetError
ASN1CEREncGeneralizedTime
ASN1bitstring_free
ASN1DecRealloc
ASN1BERDecChar16String
ASN1open_free
ASN1BERDecOpenType2
ASN1BEREncBool
ASN1BEREncOctetString
ASN1BERDecOctetString
ASN1BEREncChar32String
ASN1_CreateDecoder
ASN1char16string_free
ASN1utf8string_free
ASN1_Encode
ASN1_FreeEncoded
ASN1BEREncOpenType
ASN1BEREncChar16String
ASN1Free
ASN1BEREncObjectIdentifier2
ASN1BERDecMultibyteString
ASN1CEREncEndBlk
ASN1BEREncCharString
ASN1BERDecEoid
ASN1BERDecBitString
ASN1BEREncMultibyteString
ASN1BERDecSXVal
ASN1char32string_free
ASN1BERDecBitString2
ASN1BERDecNotEndOfContents
ASN1_CreateEncoder
ASN1BERDotVal2Eoid
ASN1BERDecS32Val
ASN1BEREoid_free
ASN1BERDecChar32String
ASN1_CloseModule
ASN1BEREncEoid
ASN1_CloseDecoder
ASN1BERDecUTCTime
ASN1_Decode
ASN1BEREncUTF8String
ASN1BEREncExplicitTag
ASN1_FreeDecoded
ASN1BERDecZeroCharString
ASN1EncSetError
ASN1BERDecOctetString2
ASN1octetstring_free
ASN1ztcharstring_free
ASN1CEREncFlushBlkElement
ASN1BEREncS32
ASN1BEREncBitString
ASN1BEREncSX
ASN1BERDecGeneralizedTime
ASN1BERDecExplicitTag
ASN1charstring_free

rpcrt4

RpcEpResolveBinding
RpcStringFreeW
RpcStringBindingComposeW
RpcStringBindingComposeA
RpcStringFreeA
RpcBindingFromStringBindingW
UuidToStringA
RpcImpersonateClient
RpcRevertToSelf
NdrClientCall2
RpcBindingFromStringBindingA
UuidCreate
RpcBindingSetAuthInfoExW
RpcBindingFree

Sections

.textbss
Size: - Virtual size: 80KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.text
Size: 512B - Virtual size: 416B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 512B - Virtual size: 32B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 196B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.idata
Size: 28KB - Virtual size: 27KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

b7de0b66ab7fae8261dfcaad84eab7a4

Headers

DLL Characteristics

File Characteristics

Imports

adsldpc

msvcrt

kernel32

user32

advapi32

msasn1

rpcrt4

Sections

.textbss Size: - Virtual size: 80KB

.text Size: 512B - Virtual size: 416B

.rdata Size: 512B - Virtual size: 32B

.reloc Size: 512B - Virtual size: 196B

.idata Size: 28KB - Virtual size: 27KB

.textbss
Size: - Virtual size: 80KB

.text
Size: 512B - Virtual size: 416B

.rdata
Size: 512B - Virtual size: 32B

.reloc
Size: 512B - Virtual size: 196B

.idata
Size: 28KB - Virtual size: 27KB