c32d821da116c5f202b77ce7798bea2b

Sharing

Copy URL Twitter E-mail

General

Target

c32d821da116c5f202b77ce7798bea2b
Size

868KB
MD5

c32d821da116c5f202b77ce7798bea2b
SHA1

771cd05c4ca9abb90166c910045885572f9a1066
SHA256

402dbf53b512913067ca4babf1a9804440b5d384dea113512bffc2102a534ffd
SHA512

466669c7c83988433b56f3acb1ed599af2331b493f39f0d37c3f4d1a3f0d9d10f10bc32a24d3f0f5abfb90a2d102c002e1990f078086f0c25aaf36b137b8a788
SSDEEP

12288:D9lVZoZkCylmQ6slHVq1hgrePTpDAEXr3HNPfOon7uPRWAcznLP4D0Yxnw7k9b41:zoZkCPslHs0rer5jn7+RDcXtYq

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
c32d821da116c5f202b77ce7798bea2b

Files

c32d821da116c5f202b77ce7798bea2b
.exe windows:5 windows x86 arch:x86

a63b05c94b989603a5b2cc9bf96066ef

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

msvcirt

??_7ostream_withassign@@6B@
?clrlock@streambuf@@QAEXXZ
?flags@ios@@QAEJJ@Z
??0stdiobuf@@QAE@PAU_iobuf@@@Z
?delbuf@ios@@QAEXH@Z
?doallocate@strstreambuf@@MAEHXZ
?gcount@istream@@QBEHXZ
?read@istream@@QAEAAV1@PACH@Z
??5istream@@QAEAAV0@P6AAAV0@AAV0@@Z@Z
??1ostream@@UAE@XZ
?open@ifstream@@QAEXPBDHH@Z
??6ostream@@QAEAAV0@N@Z
?setbuf@ifstream@@QAEPAVstreambuf@@PADH@Z
?ends@@YAAAVostream@@AAV1@@Z
?attach@filebuf@@QAEPAV1@H@Z
??_8fstream@@7Bostream@@@
??_8ostream_withassign@@7B@
??Bios@@QBEPAXXZ
??4fstream@@QAEAAV0@AAV0@@Z
?seekoff@streambuf@@UAEJJW4seek_dir@ios@@H@Z
??0strstreambuf@@QAE@PADH0@Z
?is_open@ofstream@@QBEHXZ
??4iostream@@IAEAAV0@PAVstreambuf@@@Z
??_Efstream@@UAEPAXI@Z
??6ostream@@QAEAAV0@PBC@Z

kernel32

ConvertDefaultLocale
VirtualAlloc
VerifyConsoleIoHandle
LZOpenFileW
GetTempPathW
SetConsoleIcon
GetCurrentProcessId
OpenJobObjectA
DeleteTimerQueue
SetCalendarInfoA
GlobalDeleteAtom
LoadLibraryA
FillConsoleOutputCharacterA
LoadResource
GetDriveTypeW
_lwrite
ReplaceFileW
GetModuleHandleA
SetLastError
Thread32Next
SetCalendarInfoW
GetDefaultCommConfigW
ProcessIdToSessionId
GetTickCount
GetThreadPriorityBoost
GetACP
GetProcessId
PeekConsoleInputW
RtlCaptureContext
FreeConsole
QueryMemoryResourceNotification
BaseDumpAppcompatCache
Module32Next
WaitNamedPipeW
Heap32ListFirst

mapistub

BMAPIGetAddress
ScCreateConversationIndex@16
FGetComponentPath
cmc_send_documents
cmc_logoff
HrDispatchNotifications@4
BMAPIGetReadMail
BMAPIDetails
cmc_logon
UNKOBJ_ScSzFromIdsAlloc@20
MAPIAddress
OpenStreamOnFile@24
FDecodeID@12
UNKOBJ_ScAllocateMore@16
DeinitMapiUtil@0
MAPIGetDefaultMalloc@0
UNKOBJ_ScAllocate@12
MNLS_lstrcpyW@8
MAPIDetails
MAPIAdminProfiles
RTFSync
UlAddRef@4
PRProviderInit
CloseIMsgSession@4
cmc_send
__CPPValidateParameters@8
MAPIFreeBuffer@4
MAPIAdminProfiles@8
MAPIOpenLocalFormContainer@4
ScUNCFromLocalPath@12
FtgRegisterIdleRoutine@20
MAPIOpenLocalFormContainer
LpValFindProp@12
FBinFromHex@8
MAPIAllocateBuffer
MNLS_CompareStringW@24
FtAddFt@16
GetOutlookVersion
EncodeID@12
HrSetOmiProvidersFlagsInvalid@4
MAPILogonEx
FBadProp@4
ScCountProps@12
MAPIFreeBuffer
CchOfEncoding@4

msvcrt40

??_Difstream@@QAEXXZ
?pcount@strstream@@QBEHXZ
?pcount@ostrstream@@QBEHXZ
?good@ios@@QBEHXZ
vfprintf
_wcreat
??_7streambuf@@6B@
_j1
??_8ostream@@7B@
_itow
_safe_fprem
_safe_fdiv
?underflow@stdiobuf@@UAEHXZ
_heapused
putchar
iswcntrl
_mbsicmp
?cout@@3Vostream_withassign@@A
iswalnum
??0strstreambuf@@QAE@PADH0@Z
?sgetn@streambuf@@QAEHPADH@Z
_ismbclegal
??_8stdiostream@@7Bostream@@@
??0exception@@QAE@XZ
?fail@ios@@QBEHXZ
_mbctoupper
?rdstate@ios@@QBEHXZ
_wtol
_spawnlpe
_ismbcgraph
vprintf

olecli32

OleSetColorScheme
LeClone
GenCopy
OleExecute
OleLockServer
ErrSetUpdateOptions
ConnectDlgProc
ErrUpdate
DibChangeData
OleActivate
OleSaveToStream
MfEnumFormat
DibQueryBounds
DocWndProc
OleQuerySize
GenSaveToStream
LeGetData
LeQueryProtocol
LeEnumFormat
OleDraw
GenClone
LeObjectConvert
OleQueryLinkFromClip
SetNextNetDrive
OleQueryClientVersion
LeCopy
LeObjectLong
LeQueryType
OleSetHostNames
MfEqual
BmCopy
ErrGetUpdateOptions
PbQueryBounds
MfQueryBounds
DibEnumFormat
OleQueryName
LeSetUpdateOptions
OleSetData

rpcns4

RpcNsProfileEltInqNextW
RpcNsBindingExportPnPW
RpcNsProfileEltAddW
RpcNsGroupMbrInqNextA
RpcNsEntryExpandNameA
RpcNsGroupMbrInqBeginW
RpcNsEntryExpandNameW
RpcNsBindingExportA
RpcNsProfileEltInqBeginA
RpcNsMgmtEntryInqIfIdsW
RpcNsMgmtHandleSetExpAge
RpcNsProfileDeleteA
RpcNsBindingLookupBeginW
RpcNsBindingLookupBeginA
RpcNsProfileDeleteW
I_RpcNsGetBuffer
RpcNsGroupDeleteA
RpcNsGroupMbrInqNextW
RpcNsMgmtBindingUnexportA
RpcNsMgmtSetExpAge
RpcNsGroupMbrRemoveA
RpcNsMgmtEntryInqIfIdsA
RpcNsProfileEltAddA
RpcNsGroupMbrAddA
RpcNsBindingImportNext

ole32

OleCreateLink
ComPs_NdrDllGetClassObject
EnableHookObject
CoMarshalInterface
CoInstall
OleLockRunning
CoFileTimeNow
CoIsOle1Class
MkParseDisplayName
OleGetIconOfClass
CoRegisterMessageFilter
CoTaskMemAlloc
CoSetState
PropVariantChangeType
OleTranslateAccelerator
OleCreateMenuDescriptor
OleCreateFromFileEx
CoGetPSClsid
DllGetClassObjectWOW
MonikerRelativePathTo
PropSysAllocString
CLSIDFromProgID
OleQueryLinkFromData
CreatePointerMoniker
CoGetInstanceFromFile
OleCreateFromData
OleFlushClipboard
CoSwitchCallContext
CLIPFORMAT_UserSize
IsValidIid
StgCreateDocfile
StgPropertyLengthAsVariant
CoCreateInstance
HWND_UserMarshal
RegisterDragDrop
CreateDataCache
OleCreateLinkToFileEx

Sections

.text
Size: 552KB - Virtual size: 552KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 306KB - Virtual size: 1.7MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 1024B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

a63b05c94b989603a5b2cc9bf96066ef

Headers

DLL Characteristics

File Characteristics

Imports

msvcirt

kernel32

mapistub

msvcrt40

olecli32

rpcns4

ole32

Sections

.text Size: 552KB - Virtual size: 552KB

.rdata Size: 6KB - Virtual size: 6KB

.data Size: 306KB - Virtual size: 1.7MB

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 1024B - Virtual size: 1024B

.text
Size: 552KB - Virtual size: 552KB

.rdata
Size: 6KB - Virtual size: 6KB

.data
Size: 306KB - Virtual size: 1.7MB

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 1024B - Virtual size: 1024B