c3bc230bb12e0a060ac522b211008d51

Sharing

Copy URL Twitter E-mail

General

Target

c3bc230bb12e0a060ac522b211008d51
Size

86KB
MD5

c3bc230bb12e0a060ac522b211008d51
SHA1

0b7bb6d31ba59bd2445e1e886c6efe68d7f7b046
SHA256

18adfec5251bc96c9ebea0c2f212277c32a6d227ee0bb5decf346588eece75eb
SHA512

734b9aaa9f5c7e8500e5d8e332f858e94c96f39ac4939c9ac09b09b3a576b675a2eb44eac3bf9a204ee0fa10387764e2141f8df9d0fc8117b8e3f5ce61062f18
SSDEEP

1536:aRqyQMLIBL2qg7GA+GSimBS4oVVtWR7i7MX7xJzSEJnb9wqdqphFjJcFLNMVNrUC:BxAr+GkBOVq0MXfJXdqjuFK2+Y

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
c3bc230bb12e0a060ac522b211008d51

Files

c3bc230bb12e0a060ac522b211008d51
.exe windows:5 windows x86 arch:x86

d1abd588ea82f0ee026348c193045d31

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

ntdll

NtSaveKey
_wtoi
NtResumeThread
ZwQueryInformationToken
RtlInterlockedPopEntrySList
NtAddAtom
RtlNewInstanceSecurityObject
RtlAbortRXact
NtCompressKey
RtlTraceDatabaseUnlock
RtlConvertSharedToExclusive
NtAccessCheckByType
NtRaiseHardError

oleacc

AccessibleObjectFromWindow
AccessibleObjectFromEvent
ObjectFromLresult
GetOleaccVersionInfo
CreateStdAccessibleProxyA
GetStateTextW
AccessibleChildren
DllRegisterServer
CreateStdAccessibleProxyW
CreateStdAccessibleObject
GetRoleTextW
WindowFromAccessibleObject
DllGetClassObject
IID_IAccessible
LresultFromObject
DllCanUnloadNow
GetStateTextA
DllUnregisterServer
GetRoleTextA
AccessibleObjectFromPoint

hhsetup

?GetLangId@CCollection@@QAEGPBD@Z
?MergeKeywords@CCollection@@QAEHPAD@Z
?SetLanguage@CTitle@@QAEXG@Z
?GetTitle@CLocation@@QAEPADXZ
?GetColNo@CCollection@@QAEKXZ
??1CLocation@@QAE@XZ
?FirstLocation@CCollection@@QAEPAVCLocation@@XZ
?GetNextTitle@CTitle@@QAEPAV1@XZ
?SetFindMergedCHMS@CCollection@@QAEXH@Z
??0CPointerList@@QAE@XZ
?FindLocation@CCollection@@QAEPAVCLocation@@PBDPAI@Z

urlmon

GetComponentIDFromCLSSPEC
CoGetClassObjectFromURL
AsyncInstallDistributionUnit
HlinkSimpleNavigateToString
URLOpenStreamW
DllCanUnloadNow
GetClassFileOrMime
ObtainUserAgentString
RevokeFormatEnumerator
URLOpenBlockingStreamA

kernel32

QueryPerformanceCounter
GetLastError
GetTickCount
SetEvent
GetSystemTimeAsFileTime
InitializeCriticalSectionAndSpinCount
GetStartupInfoA
SetLocaleInfoA
ProcessIdToSessionId
GetProcessPriorityBoost
GetSystemDirectoryW
GetCurrentProcessId
LoadLibraryA
HeapCreate
GlobalReAlloc
TerminateProcess
VirtualAlloc
CancelWaitableTimer
SetConsoleNumberOfCommandsA
SetPriorityClass
GetModuleHandleA
IsBadStringPtrA
GetLongPathNameW
EnumSystemCodePagesW
GetCurrentThreadId
GetLocalTime
GlobalDeleteAtom
RegisterConsoleVDM
GetLongPathNameA
lstrcmpi
BuildCommDCBAndTimeoutsW
EnumTimeFormatsA
GetFileSize

msi

MsiGetPatchInfoW
MsiRecordGetInteger
MsiGetFileHashA
MsiUseFeatureW
MsiInstallMissingComponentA
MsiVerifyPackageA
MsiGetSourcePathW
MsiSetFeatureAttributesA
MsiRecordSetInteger
MsiGetPropertyA
MsiNotifySidChangeA
MsiLoadStringW
MsiMessageBoxA
MsiGetUserInfoA
MsiEnableLogW
MsiEnumFeaturesA
MsiQueryFeatureStateA
MsiEnumProductsA

Sections

.text
Size: 32KB - Virtual size: 31KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 12KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 19KB - Virtual size: 29KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 21KB - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 312B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

d1abd588ea82f0ee026348c193045d31

Headers

DLL Characteristics

File Characteristics

Imports

ntdll

oleacc

hhsetup

urlmon

kernel32

msi

Sections

.text Size: 32KB - Virtual size: 31KB

.rdata Size: 12KB - Virtual size: 12KB

.data Size: 19KB - Virtual size: 29KB

.rsrc Size: 21KB - Virtual size: 20KB

.reloc Size: 512B - Virtual size: 312B

.text
Size: 32KB - Virtual size: 31KB

.rdata
Size: 12KB - Virtual size: 12KB

.data
Size: 19KB - Virtual size: 29KB

.rsrc
Size: 21KB - Virtual size: 20KB

.reloc
Size: 512B - Virtual size: 312B