c5ccf42ee9f72ae1045beff7b1e405a2

Sharing

Copy URL Twitter E-mail

General

Target

c5ccf42ee9f72ae1045beff7b1e405a2
Size

165KB
MD5

c5ccf42ee9f72ae1045beff7b1e405a2
SHA1

47823215aeafb6519687d6680dda2a57ac1ca501
SHA256

93e5597b0d8de0bae010a0ed665b94fe21af2794fed67b3d920ef6ab5674f99a
SHA512

1f09a60a20975d7850e1bf8d09a2e3f935c076e6f11d445cef80143e86f5e3b6a15cf98aa5dda0580ab8cbf4e23b1ff28a211360a055d004e87110c64fedf84b
SSDEEP

3072:IxJ4s4QLrzsPf1OwYof+SyHtjQ9yO4oBhVKsC5rWRZH64Yr8EejLVZnN:O4s4jPtOwH16lQVfhQn567a4RLVl

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
c5ccf42ee9f72ae1045beff7b1e405a2

Files

c5ccf42ee9f72ae1045beff7b1e405a2
.exe windows:5 windows x86 arch:x86

e7ddd779128124f4fb3f579a351b18e0

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED

Imports

kernel32

GetModuleFileNameA
WideCharToMultiByte
DebugActiveProcess
SuspendThread
WriteFile
GetDriveTypeA
GlobalFree
GlobalAlloc
ExitProcess
DebugBreak
GetEnvironmentVariableA
GetThreadContext
SetThreadContext
SearchPathA
GetTickCount
WriteProcessMemory
SetPriorityClass
ReadFile
ResetEvent
CreateEventA
SetLastError
CreateNamedPipeA
CreateThread
GetPriorityClass
DuplicateHandle
SetStdHandle
GetStdHandle
SetFilePointer
GetFileAttributesA
GetThreadSelectorEntry
FormatMessageA
ReadProcessMemory
WaitForDebugEvent
OpenProcess
ContinueDebugEvent
GetCurrentThreadId
WaitForSingleObject
LoadLibraryA
GetSystemInfo
ResumeThread
SetEvent
GetCurrentProcess
GetVersionExA
GetCommandLineA
FreeLibrary
CreateProcessA
GetStartupInfoA
GetExitCodeProcess
CloseProfileUserMapping
GetOverlappedResult
WaitForMultipleObjects
AllocConsole
CreateRemoteThread
CloseHandle
GetProcAddress
GetModuleHandleA
GetCurrentProcessId
GetLastError
CreateFileA
SetConsoleCtrlHandler

psapi

EnumProcessModules
GetModuleFileNameExA

msvcrt

ctime
fclose
sscanf
fgets
fgetc
_memicmp
_strcmpi
strrchr
isalpha
_makepath
strncpy
strtok
strncmp
strtol
isdigit
memmove
strcpy
_setjmp3
isxdigit
_itoa
_exit
_XcptFilter
exit
__p___initenv
malloc
_initterm
__setusermatherr
_adjust_fdiv
__p__commode
__p__fmode
__set_app_type
_controlfp
_strupr
fopen
_iob
toupper
putchar
_strdup
__getmainargs
strchr
_close
_open
_write
calloc
free
tolower
_stricmp
sprintf
_except_handler3
_strlwr
strstr
strtoul
_strnicmp
isspace
_vsnprintf
_longjmpex
_splitpath
printf
getenv

advapi32

OpenProcessToken
LookupPrivilegeValueA
AdjustTokenPrivileges
RegOpenKeyExA
RegQueryValueExA
RegCloseKey

dbghelp

SymGetLineFromName64
StackWalk64
SymFunctionTableAccess64
SymUnloadModule64
SymRegisterCallback64
SymSetOptions
SymGetOptions
SymMatchFileName
SymInitialize
SymGetModuleInfo64
SymLoadModule64
SymCleanup
GetTimestampForLoadedLibrary
SymSetSearchPath
ImagehlpApiVersionEx
SymGetSymFromAddr64
SymEnumerateSymbols64
SymGetLineFromAddr64
SymGetSymFromName64
SymGetModuleInfoEx64
SymGetSymNext64
SymGetSymbolInfo64

ntdll

DbgPrint
NtQueryInformationThread
NtCreateSymbolicLinkObject
RtlFreeUnicodeString
NtSystemDebugControl
NtOpenDirectoryObject
RtlSetDaclSecurityDescriptor
RtlCreateSecurityDescriptor
RtlAnsiStringToUnicodeString
RtlInitAnsiString
NtQueryInformationProcess
DbgPrompt

Sections

.text
Size: 138KB - Virtual size: 138KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 17KB - Virtual size: 442KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 8KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

e7ddd779128124f4fb3f579a351b18e0

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

psapi

msvcrt

advapi32

dbghelp

ntdll

Sections

.text Size: 138KB - Virtual size: 138KB

.data Size: 17KB - Virtual size: 442KB

.rsrc Size: 8KB - Virtual size: 13KB

.text
Size: 138KB - Virtual size: 138KB

.data
Size: 17KB - Virtual size: 442KB

.rsrc
Size: 8KB - Virtual size: 13KB