c33fefeb00a6c7e41c69d68c07ac857b

Sharing

Copy URL Twitter E-mail

General

Target

c33fefeb00a6c7e41c69d68c07ac857b
Size

83KB
MD5

c33fefeb00a6c7e41c69d68c07ac857b
SHA1

6bb4b7f854d1d4c700a89ba9a7391039ea19432c
SHA256

b6f4b94f372e5f477154d3131cb027d9cf6a3400c9f5d7a89d499d2c3d3943dd
SHA512

1a90df7f7e13b97f8ef702eeaf8c3a35aeb21bbbd961e55eafad20aadad2b0b4d184f4efff851d4ec7ca947e0eb561f2e13bd416d366e14860bb62b8d74089f8
SSDEEP

1536:7te9oDWvba4spycdSFNVNlHwg6vgxIhVK5kG+/VZX7jyS7/lhm86ZWiDBNXjsLK6:KoDWTCuFNVNVYDPG+1u+tgBNuwY

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
c33fefeb00a6c7e41c69d68c07ac857b

Files

c33fefeb00a6c7e41c69d68c07ac857b
.exe windows:5 windows x86 arch:x86

87d01c1ceb6adc5f136b25748a6fe91e

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

TerminateThread
GetCurrentThreadId
InterlockedExchangeAdd
Process32NextW
QueryPerformanceCounter
GetThreadPriority
RegisterConsoleIME
Heap32Next
Heap32First
WriteFileEx
GetTickCount
GetUserDefaultLCID
VirtualUnlock
SetCalendarInfoA
GetConsoleFontInfo
GetCalendarInfoW
SetEvent
GetSystemTimeAsFileTime
SetThreadIdealProcessor
GetCurrentProcessId
IsValidLocale
FormatMessageA
VirtualAlloc
QueryActCtxW
ConnectNamedPipe
GetFirmwareEnvironmentVariableA
GetLongPathNameA
SetThreadPriority
GetConsoleAliasExesA
LoadLibraryA
ExpungeConsoleCommandHistoryW
EnumLanguageGroupLocalesA
GetStartupInfoA
NlsGetCacheUpdateCount
WritePrivateProfileStructW
LCMapStringW
DefineDosDeviceW
InterlockedExchange
CloseHandle

ntdll

LdrGetDllHandleEx
ZwCreateKeyedEvent
ZwQueryInformationProcess
RtlAreAllAccessesGranted
NtResumeProcess
ZwCreateEventPair
NtCancelIoFile
NtQueryDebugFilterState
cos
RtlCreateTagHeap
RtlpNtOpenKey
ZwWaitLowEventPair
NtGetContextThread
RtlpApplyLengthFunction
NtUnloadKey
NtInitializeRegistry
RtlCaptureStackBackTrace
CsrCaptureTimeout
NtWriteFile
ZwAccessCheckByTypeAndAuditAlarm
NtOpenSection
RtlValidRelativeSecurityDescriptor
RtlInitializeSid
NtQuerySystemEnvironmentValue
ZwCreateFile
RtlFormatCurrentUserKeyPath
RtlRaiseException
RtlpNtSetValueKey
RtlDosSearchPath_U
RtlUnhandledExceptionFilter

msvcp60

?copy@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QBEIPAGII@Z
?append@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@ID@Z
??5?$basic_istream@DU?$char_traits@D@std@@@std@@QAEAAV01@P6AAAVios_base@1@AAV21@@Z@Z
?_Psum@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@CAPADPADI@Z
??X?$_Complex_base@N@std@@QAEAAV01@ABN@Z
?assign@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAEAAV12@ABV12@@Z
?find@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QBEIPBGII@Z
??_7?$basic_iostream@DU?$char_traits@D@std@@@std@@6B@
??1bad_exception@std@@UAE@XZ
?do_encoding@codecvt_base@std@@MBEHXZ
?exp@std@@YA?AV?$complex@O@1@ABV21@@Z
?swap@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEXAAV12@@Z
?compare@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QBEHIIPBG@Z
?log@?$_Ctr@M@std@@SAMM@Z

Sections

.text
Size: 29KB - Virtual size: 29KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 29KB - Virtual size: 97KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 19KB - Virtual size: 19KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 232B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

87d01c1ceb6adc5f136b25748a6fe91e

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

ntdll

msvcp60

Sections

.text Size: 29KB - Virtual size: 29KB

.rdata Size: 3KB - Virtual size: 3KB

.data Size: 29KB - Virtual size: 97KB

.rsrc Size: 19KB - Virtual size: 19KB

.reloc Size: 512B - Virtual size: 232B

.text
Size: 29KB - Virtual size: 29KB

.rdata
Size: 3KB - Virtual size: 3KB

.data
Size: 29KB - Virtual size: 97KB

.rsrc
Size: 19KB - Virtual size: 19KB

.reloc
Size: 512B - Virtual size: 232B