8d0d68e973f4c3b4a8c62838dba5cd8a33c34880d79030158e01d0ff2c0507c5

Sharing

Copy URL Twitter E-mail

General

Target

8d0d68e973f4c3b4a8c62838dba5cd8a33c34880d79030158e01d0ff2c0507c5
Size

577KB
MD5

cdb1d750ff2064faa877ce5f9b17ce06
SHA1

092311b4c3fa90da7826e5ab63fce1d2912e57f5
SHA256

8d0d68e973f4c3b4a8c62838dba5cd8a33c34880d79030158e01d0ff2c0507c5
SHA512

363abc7b6db83726a2e6a430ea20c67687f825e21929a264e538174545208ddcb7bb93cc0cdecc60454043d2fbddee2836cd023e1bb8c7fa867abf00c9a481c9
SSDEEP

12288:Rs0FxIRpcDlTAJw1J20UccW7xHv0Xg0YF:RseaaBTAJw1A0Ucc8lvAg0YF

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
8d0d68e973f4c3b4a8c62838dba5cd8a33c34880d79030158e01d0ff2c0507c5

Files

8d0d68e973f4c3b4a8c62838dba5cd8a33c34880d79030158e01d0ff2c0507c5
.exe windows:5 windows x86 arch:x86

2bea4550208ddd0aa71ebd7b35afce01

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

C:\ntepad\ABIT\JSR\vol\CeLoaderDis.pdb

Imports

kernel32

HeapSize
HeapReAlloc
GetConsoleMode
GetConsoleCP
SetFilePointer
IsValidLocale
EnumSystemLocalesA
GetLocaleInfoA
GetUserDefaultLCID
GetStringTypeW
LCMapStringW
GetSystemTimeAsFileTime
GetTickCount
QueryPerformanceCounter
HeapCreate
GetFileType
SetHandleCount
GetEnvironmentStringsW
FreeEnvironmentStringsW
WriteFile
GetLocaleInfoW
FlushFileBuffers
SetStdHandle
WriteConsoleW
WTSGetActiveConsoleSessionId
GetLocalTime
GetModuleFileNameA
SetNamedPipeHandleState
WaitNamedPipeA
WaitForMultipleObjects
CreateNamedPipeA
CreateDirectoryA
LocalAlloc
lstrlenA
GetModuleFileNameW
Sleep
LocalFree
FormatMessageA
OpenProcess
GetCurrentProcessId
GlobalUnlock
ReadFile
SetConsoleCursorPosition
FillConsoleOutputAttribute
FillConsoleOutputCharacterA
GetConsoleScreenBufferInfo
GetStdHandle
GlobalLock
GlobalAlloc
FindClose
FindFirstFileA
GetFileSize
LoadLibraryW
IsProcessorFeaturePresent
DeleteCriticalSection
InitializeCriticalSectionAndSpinCount
HeapFree
CreateFileW
GetCurrentProcess
TerminateProcess
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
SetLastError
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
EncodePointer
IsValidCodePage
GetOEMCP
HeapAlloc
GetProcAddress
GetACP
InterlockedIncrement
GetCPInfo
LeaveCriticalSection
EnterCriticalSection
GetModuleHandleA
lstrcatA
WideCharToMultiByte
CloseHandle
DeviceIoControl
CreateFileA
SetThreadPriority
GetLastError
GetStartupInfoW
HeapSetInformation
GetCommandLineA
DecodePointer
ExitProcess
GetModuleHandleW
CreateThread
GetCurrentThreadId
GetTempPathA
MultiByteToWideChar
GetThreadLocale
LoadLibraryA
InterlockedDecrement
RaiseException
RtlUnwind
ExitThread

user32

SetWindowRgn
GetTopWindow
CreateWindowExA
SendMessageA
SetWindowTextA
MoveWindow
SetScrollPos
BeginPaint
GetDC
FillRect
UpdateWindow
MessageBoxA
GetDlgItemTextA
MessageBoxW
GetWindowLongA
PostQuitMessage
DestroyWindow
GetDialogBaseUnits
GetClientRect
GetForegroundWindow
EnumWindowStationsW
DefWindowProcA
LoadBitmapA
ReleaseDC

gdi32

SetBkMode
CreateFontA
TextOutA
GetTextExtentPoint32A
SetTextAlign
GetTextMetricsA
SelectObject
GetStockObject
GetCharABCWidthsI
GetCharABCWidthsA
SetViewportOrgEx
GetBoundsRect
DeleteObject
CreateSolidBrush
GetPixel

advapi32

LogonUserA
ConvertStringSidToSidA
ImpersonateLoggedOnUser
DuplicateToken
OpenSCManagerA
CryptAcquireContextA
CryptReleaseContext
RegOpenKeyExA
RegQueryValueExA
GetUserNameA
OpenProcessToken
LookupAccountNameA
RegSetValueExA
RegCreateKeyExA
RegCloseKey

shell32

SHGetDesktopFolder
SHGetMalloc
DragQueryFileA
SHGetPathFromIDListA

ole32

CreateStreamOnHGlobal
StringFromGUID2
CoCreateGuid
CoCreateInstance
CoInitialize
CoTaskMemFree

oleaut32

VariantClear
OleLoadPicture
OleLoadPicturePath
OleSavePictureFile
VariantInit

wininet

InternetOpenA

psapi

GetModuleFileNameExA

mpr

WNetGetUserW

avicap32

capGetDriverDescriptionW

shlwapi

SHStrDupW
SHCreateStreamOnFileA
PathFindFileNameW
StrDupA

comctl32

DestroyPropertySheetPage
ord6
CreatePropertySheetPageW
CreateToolbarEx

activeds

ord8
ord7

pdh

PdhBrowseCountersA

opengl32

glClear
glClearColor

setupapi

SetupOpenFileQueue
SetupOpenInfFileA

authz

AuthzAccessCheck

Sections

.text
Size: 137KB - Virtual size: 137KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.text1
Size: 512B - Virtual size: 148B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 73KB - Virtual size: 73KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 7KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.text
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 512B - Virtual size: 9B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data1
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.trace
Size: 10KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 334KB - Virtual size: 333KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.htext
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

2bea4550208ddd0aa71ebd7b35afce01

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

user32

gdi32

advapi32

shell32

ole32

oleaut32

wininet

psapi

mpr

avicap32

shlwapi

comctl32

activeds

pdh

opengl32

setupapi

authz

Sections

.text Size: 137KB - Virtual size: 137KB

.text1 Size: 512B - Virtual size: 148B

.rdata Size: 73KB - Virtual size: 73KB

.data Size: 7KB - Virtual size: 14KB

.text Size: 5KB - Virtual size: 5KB

.tls Size: 512B - Virtual size: 9B

.data1 Size: 3KB - Virtual size: 2KB

.trace Size: 10KB - Virtual size: 10KB

.rsrc Size: 334KB - Virtual size: 333KB

.htext Size: 4KB - Virtual size: 4KB

.text
Size: 137KB - Virtual size: 137KB

.text1
Size: 512B - Virtual size: 148B

.rdata
Size: 73KB - Virtual size: 73KB

.data
Size: 7KB - Virtual size: 14KB

.text
Size: 5KB - Virtual size: 5KB

.tls
Size: 512B - Virtual size: 9B

.data1
Size: 3KB - Virtual size: 2KB

.trace
Size: 10KB - Virtual size: 10KB

.rsrc
Size: 334KB - Virtual size: 333KB

.htext
Size: 4KB - Virtual size: 4KB