c5cf9e398d0863a6cabc07cf1fa611d6

Sharing

Copy URL Twitter E-mail

General

Target

c5cf9e398d0863a6cabc07cf1fa611d6
Size

580KB
MD5

c5cf9e398d0863a6cabc07cf1fa611d6
SHA1

e0e38f209aa8bd9045bac20543fa76789c0cf443
SHA256

90ba0bbe11882090acea2803fd084fa7ae0d9830ad543f9a5113dfff44e7e957
SHA512

f9637f3ef13632a70af337e842d7a4c50bb3cb35b8d9372ba2abc430a0efc9cd8a72fe32c0cba043d833439b647b53a4405d94936d2d87076f7ecca9bf088875
SSDEEP

12288:zBhtI2aqs1mTwcp395RUEve+GEUBBAEPGRq2:zBhtIf1Iwcp3zBvedBJGR

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
c5cf9e398d0863a6cabc07cf1fa611d6

Files

c5cf9e398d0863a6cabc07cf1fa611d6
.exe windows:4 windows x86 arch:x86

96f52aa1dd03b32c092f516c4bbd9eeb

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

shell32

SHQueryRecycleBinW
SHGetDesktopFolder

wininet

FindNextUrlCacheContainerA
FindFirstUrlCacheContainerW
UnlockUrlCacheEntryFile
FtpRemoveDirectoryA
InternetCrackUrlA
GopherCreateLocatorA
FindNextUrlCacheEntryExA

kernel32

GetModuleFileNameA
GetCPInfo
FreeEnvironmentStringsA
VirtualAlloc
Sleep
GetTickCount
IsValidCodePage
SetStdHandle
GetTimeZoneInformation
SetLastError
CompareStringW
GetStartupInfoA
WideCharToMultiByte
TlsSetValue
GetACP
ReadConsoleW
GetStdHandle
GetLastError
GetEnvironmentStrings
MultiByteToWideChar
GetStringTypeW
ReadFile
GetFileType
DeleteCriticalSection
InterlockedIncrement
TerminateProcess
WriteConsoleA
QueryPerformanceCounter
GetTimeFormatA
HeapFree
CopyFileExA
GetConsoleMode
GetLocaleInfoW
VirtualQuery
SetEnvironmentVariableA
LeaveCriticalSection
GetModuleHandleA
FileTimeToLocalFileTime
GetCommandLineA
LCMapStringA
GetConsoleCP
EnterCriticalSection
GetConsoleOutputCP
CompareStringA
GetCurrentProcess
HeapCreate
FlushFileBuffers
GetCurrentProcessId
GetUserDefaultLCID
HeapReAlloc
GetCurrentThread
FreeLibrary
GetSystemTimeAsFileTime
GetCurrentThreadId
HeapDestroy
TlsGetValue
GlobalLock
GetOEMCP
UnhandledExceptionFilter
SetConsoleTitleW
InterlockedExchange
EnumSystemLocalesA
OpenMutexA
LoadLibraryA
VirtualFree
HeapAlloc
CloseHandle
ExitProcess
CreateFileA
GetStringTypeA
HeapSize
GetProcessHeap
FreeEnvironmentStringsW
GetVersionExA
FreeResource
SetFilePointer
InterlockedDecrement
OpenProcess
TlsAlloc
SetHandleCount
SetConsoleCtrlHandler
InitializeCriticalSection
TlsFree
GetProcAddress
RtlUnwind
IsDebuggerPresent
IsValidLocale
WriteConsoleW
GetLocaleInfoA
CreateMutexA
SetUnhandledExceptionFilter
WriteFile
LCMapStringW
GetDateFormatA
GetLongPathNameA
GetEnvironmentStringsW

comctl32

InitCommonControlsEx

user32

SetClipboardData
RegisterClassExA
DefMDIChildProcA
CharLowerA
GetMenuItemInfoA
RegisterClassA
SetWindowsHookW
LoadIconW
WINNLSGetIMEHotkey

Sections

.text
Size: 243KB - Virtual size: 242KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 9KB - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 318KB - Virtual size: 317KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

96f52aa1dd03b32c092f516c4bbd9eeb

Headers

File Characteristics

Imports

shell32

wininet

kernel32

comctl32

user32

Sections

.text Size: 243KB - Virtual size: 242KB

.rdata Size: 9KB - Virtual size: 17KB

.data Size: 318KB - Virtual size: 317KB

.rsrc Size: 8KB - Virtual size: 8KB

.text
Size: 243KB - Virtual size: 242KB

.rdata
Size: 9KB - Virtual size: 17KB

.data
Size: 318KB - Virtual size: 317KB

.rsrc
Size: 8KB - Virtual size: 8KB