c70644e2ba04bc0198c1a32d57c8eff3

Sharing

Copy URL Twitter E-mail

General

Target

c70644e2ba04bc0198c1a32d57c8eff3
Size

45KB
MD5

c70644e2ba04bc0198c1a32d57c8eff3
SHA1

729ca5d8f305877be897a18dacac118bf4b84088
SHA256

32bf42291815e6d499168a0ec8c8f3ee5ab0310b1d85b6627403d222a3e5f027
SHA512

5a302a399a3163f479035ac33154d6f87b0d5eb431a3ec4131e9cf415324bc64c309230d23b5edf1a8b6bb46d9bd33ab5795e40bcef53deee11ce30bf20a82f9
SSDEEP

768:G/GkrTXEZz0BO8jSoIXBYfmb16OV7uxIMDlqe15Pbr:Gx20O5Yfmb1vE15Tr

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
c70644e2ba04bc0198c1a32d57c8eff3

Files

c70644e2ba04bc0198c1a32d57c8eff3
.exe windows:5 windows x86 arch:x86

40335fcc08dd546e9d89a01749aa72dc

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

dbghelp

SymRegisterFunctionEntryCallback64
SymGetSymFromName64
SymEnumTypes
SymUnDName64
ImageNtHeader
SymUnloadModule
SymGetLineNext
ExtensionApiVersion
FindExecutableImageEx
SymGetModuleBase64
SymGetTypeInfo
SymEnumerateModules
SymUnDName
SymFromName
SymSetContext
SymGetModuleInfo
ImageDirectoryEntryToDataEx
ImageRvaToVa
dbghelp
SymGetLinePrev
WinDbgExtensionDllInit
SymEnumerateSymbols
SymGetLineNext64

msvcrt20

_fgetchar
??4strstream@@QAEAAV0@AAV0@@Z
signal
??5istream@@QAEAAV0@PAD@Z
memcpy
_tcsnccnt
??5istream@@QAEAAV0@AAM@Z
_mbctokata
_setjmp3
iswctype
?dbp@streambuf@@QAEXXZ
fflush
isalnum
_except_handler2
?seekp@ostream@@QAEAAV1@J@Z
strcoll
_mbsnbcnt
?attach@filebuf@@QAEPAV1@H@Z
_eof
_mbsnset
_mbsncat
floor
?openprot@filebuf@@2HB
_wchmod
_wcsrev
_tcsnccpy

oleaut32

SafeArrayGetLBound
VarBstrFromI4
VarUI4FromUI2
ClearCustData
SafeArrayGetUBound
VarI2FromCy
VarDecDiv
VarDecAbs
VarI4FromUI1
VarDecCmpR8
VarUI8FromR4
VarUI4FromI8
VarFormatFromTokens
VarCmp
SafeArrayCreate
RegisterActiveObject
VarUI2FromStr
VarI4FromUI4
VarUI8FromCy
SysAllocStringLen
VarDateFromCy
OleLoadPicturePath
VarI2FromI8
VarR4FromR8
CreateStdDispatch
VarXor

kernel32

ResetEvent
VirtualAllocEx
LoadLibraryA
GetCurrentActCtx
SetFileApisToANSI
_lread
SetMailslotInfo
FindResourceA
GetUserGeoID
OpenEventW
WriteFileEx
CreateThread
AttachConsole
PrivCopyFileExW
VirtualAlloc
GetPrivateProfileSectionNamesW
CreateHardLinkA
GlobalGetAtomNameW
SetLastError
GetWriteWatch
GetModuleHandleA
InitAtomTable
CreateWaitableTimerA
IsValidCodePage
SetVolumeLabelW

shlwapi

SHOpenRegStream2A
PathIsSystemFolderW
PathIsDirectoryW
PathIsURLW
StrRetToBufW
StrToIntA
StrCpyNW
SHRegSetPathA
PathRemoveExtensionA
StrToIntW
PathFindSuffixArrayW
SHEnumValueW
SHStrDupA
PathAddBackslashA
PathFindFileNameW
StrChrA
AssocQueryStringByKeyA
StrFormatByteSizeA
StrRChrW
StrNCatW
StrCatChainW
PathCompactPathExW
SHSetThreadRef
SHRegEnumUSValueA

msasn1

ASN1_CreateDecoderEx
ASN1BERDecMultibyteString
ASN1generalizedtime_cmp
ASN1intx_setuint32
ASN1utctime_cmp
ASN1bitstring_free
ASN1CEREncCharString
ASN1char16string_cmp
ASN1CEREncZeroMultibyteString
ASN1intxisuint32
ASN1BERDecBitString
ASN1utf8string_free
ASN1intx2uint32
ASN1BERDecPeekTag
ASN1CEREncNewBlkElement
ASN1ztchar16string_free
ASN1_CloseModule
ASN1octetstring_cmp
ASN1CEREncChar16String
ASN1BERDecZeroMultibyteString
ASN1BERDecCharString
ASN1BEREncChar16String
ASN1CEREncChar32String

Sections

.text
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 14KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 15KB - Virtual size: 76KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 9KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 168B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

40335fcc08dd546e9d89a01749aa72dc

Headers

DLL Characteristics

File Characteristics

Imports

dbghelp

msvcrt20

oleaut32

kernel32

shlwapi

msasn1

Sections

.text Size: 4KB - Virtual size: 4KB

.rdata Size: 14KB - Virtual size: 13KB

.data Size: 15KB - Virtual size: 76KB

.rsrc Size: 9KB - Virtual size: 9KB

.reloc Size: 512B - Virtual size: 168B

.text
Size: 4KB - Virtual size: 4KB

.rdata
Size: 14KB - Virtual size: 13KB

.data
Size: 15KB - Virtual size: 76KB

.rsrc
Size: 9KB - Virtual size: 9KB

.reloc
Size: 512B - Virtual size: 168B