c699ac5b940377df722b0b1f723e849d

Sharing

Copy URL Twitter E-mail

General

Target

c699ac5b940377df722b0b1f723e849d
Size

60KB
MD5

c699ac5b940377df722b0b1f723e849d
SHA1

9f78046c970f28a1087eb1d9e5c9f89278acae37
SHA256

59229e1c8c48dd3385a42d58bc0bd704420db26532db56c0e956dd0938858d2a
SHA512

37f8b92efc987fe134cc398eca4de14df5209703b76b58018764cdc323e1c2525397e9c5de60824d262e102025c5718165320144806b39b663c8998c62fd0eef
SSDEEP

768:U41+sQOv1vcQyfIjbDNi4YWCPT9NxiUBAjoc9SYdl611EGZ:UOv1vcXIjbDNpYWanxrE0El6PjZ

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
c699ac5b940377df722b0b1f723e849d

Files

c699ac5b940377df722b0b1f723e849d
.exe windows:4 windows x86 arch:x86

cc2b6ac05daedb535dc8188644c551a1

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

PDB Paths

e:\nbw\WebPro\ty\TroDwn_Apc\Release\TroDwn.pdb

Imports

kernel32

GetTickCount
GetSystemDirectoryA
VirtualFree
WriteProcessMemory
GetCurrentProcess
VirtualProtect
VirtualAlloc
GetModuleHandleA
IsBadReadPtr
GetFullPathNameA
GetFileSize
lstrcatA
DeleteFileA
ExitProcess
GetLastError
Sleep
GetLocaleInfoA
FlushFileBuffers
GetStringTypeW
GetStringTypeA
LCMapStringW
MultiByteToWideChar
LCMapStringA
HeapSize
SetStdHandle
GetCPInfo
GetOEMCP
GetACP
VirtualQuery
WriteFile
CreateProcessA
CreateFileMappingA
MapViewOfFile
CloseHandle
LoadLibraryA
GetProcAddress
ResumeThread
UnmapViewOfFile
GetModuleFileNameA
CreateFileA
SetFilePointer
ReadFile
CreateMutexA
HeapFree
HeapAlloc
GetCommandLineA
GetVersionExA
HeapDestroy
HeapCreate
HeapReAlloc
QueryPerformanceCounter
GetCurrentThreadId
GetCurrentProcessId
GetSystemTimeAsFileTime
TerminateProcess
GetStdHandle
UnhandledExceptionFilter
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
WideCharToMultiByte
GetEnvironmentStringsW
SetHandleCount
GetFileType
GetStartupInfoA
RtlUnwind
InterlockedExchange
GetSystemInfo

user32

GetMessageA
TranslateAcceleratorA
TranslateMessage
DispatchMessageA
CreatePopupMenu
AppendMenuA
TrackPopupMenu
DestroyMenu
CreateDialogParamA
ShowWindow
GetDlgItem
wsprintfA

advapi32

LookupPrivilegeValueA
OpenServiceA
DeleteService
CloseServiceHandle
OpenSCManagerA
CreateServiceA
RegCreateKeyA
RegDeleteKeyA
OpenProcessToken
AdjustTokenPrivileges
RegOpenKeyExA
RegSetValueExA
RegCloseKey

Sections

.text
Size: 32KB - Virtual size: 28KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.date
Size: 4KB - Virtual size: 59B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_READ

.rdata
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

cc2b6ac05daedb535dc8188644c551a1

Headers

File Characteristics

PDB Paths

Imports

kernel32

user32

advapi32

Sections

.text Size: 32KB - Virtual size: 28KB

.date Size: 4KB - Virtual size: 59B

.rdata Size: 8KB - Virtual size: 7KB

.data Size: 12KB - Virtual size: 15KB

.text
Size: 32KB - Virtual size: 28KB

.date
Size: 4KB - Virtual size: 59B

.rdata
Size: 8KB - Virtual size: 7KB

.data
Size: 12KB - Virtual size: 15KB