ca8ecd2069248e77eff885484dd2e55c

Sharing

Copy URL Twitter E-mail

General

Target

ca8ecd2069248e77eff885484dd2e55c
Size

130KB
MD5

ca8ecd2069248e77eff885484dd2e55c
SHA1

98b021dba2672db5373f572796c1ac32e44edc09
SHA256

78a290bfb01bcbb7c56977baa3a48f778706c17d9e951f08a5bf080ab1b43bd0
SHA512

267d523ecebcf85633e0ba659c512d864e7565006cec988d1f7931db974f834e96db5d609bff77eae2fa521508b91c4eaa517c5ba92ac7021f8c2f877c6bb3a2
SSDEEP

3072:wS02QAkY7EUyN7az2dMAK+TBfIX89AD7l4rsIj+:wPAkwnyE+TB0dD7SsIj+

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
ca8ecd2069248e77eff885484dd2e55c

Files

ca8ecd2069248e77eff885484dd2e55c
.dll windows:4 windows x86 arch:x86

bb62c6720729f60516226547bce2f019

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

i:\dev\clones\bannermodifier_dummy_20006\_release\BM.pdb

Imports

msvcrt

malloc
iswdigit
wcsncmp
_wcsnicmp
isdigit
strtol
wcstol
memcmp
_time64
atoi
isspace
strncpy
atol
atof
strtoul
strstr
rand
srand
_unlock
__dllonexit
_lock
_onexit
??1type_info@@UAE@XZ
realloc
_XcptFilter
_initterm
_amsg_exit
_adjust_fdiv
strncmp
wcstombs
calloc
free
_strnicmp
mbstowcs
_wcsicmp
_purecall
memcpy
??2@YAPAXI@Z
??_U@YAPAXI@Z
memmove
??_V@YAXPAX@Z
strlen
wcslen
memset
??3@YAXPAX@Z
wcschr
_vsnwprintf
_wcslwr
_strlwr
_errno
_CxxThrowException
_except_handler3

kernel32

FreeLibrary
FreeLibraryAndExitThread
LoadLibraryA
GetVersionExA
GetThreadLocale
GetLocaleInfoA
GetACP
GetTickCount
QueryPerformanceCounter
SetUnhandledExceptionFilter
UnhandledExceptionFilter
TerminateProcess
InterlockedCompareExchange
InterlockedExchange
RtlUnwind
OutputDebugStringA
MultiByteToWideChar
OpenFileMappingW
LocalAlloc
GetCurrentThreadId
SetLastError
FlushInstructionCache
CreateFileMappingW
UnmapViewOfFile
MapViewOfFile
TerminateThread
GetUserDefaultLCID
ResetEvent
CreateEventW
GetShortPathNameW
GetLocaleInfoW
GetSystemTimeAsFileTime
LeaveCriticalSection
GetVersionExW
lstrlenA
EnterCriticalSection
DeleteCriticalSection
WaitForMultipleObjects
WideCharToMultiByte
InitializeCriticalSection
LocalFree
lstrcmpiW
lstrcpyW
ReleaseMutex
HeapAlloc
HeapFree
GetProcessHeap
VirtualProtect
VirtualAlloc
GetProcAddress
GetModuleHandleW
CreateFileW
CloseHandle
RaiseException
GetWindowsDirectoryW
OpenEventW
MoveFileExW
SetEvent
Sleep
lstrlenW
GetVolumeInformationW
VirtualFreeEx
lstrcmpiA
VirtualAllocEx
Process32FirstW
Process32NextW
CreateToolhelp32Snapshot
WriteProcessMemory
GetCurrentProcess
WaitForSingleObject
CreateRemoteThread
OpenProcess
DisableThreadLibraryCalls
lstrcpynW
lstrcatW
CreateThread
SetFilePointer
InterlockedIncrement
GetCurrentThread
GetCurrentProcessId
ExitProcess
InterlockedDecrement
GetCommandLineW
CreateMutexW
GetThreadPriority
ReadFile
GetLastError
GetModuleFileNameW
SetThreadPriority
CreateProcessW
LoadLibraryW

user32

GetDesktopWindow
SetWindowPos
SendMessageW
GetWindowRect
IsWindow
SetWindowTextW
DestroyIcon
GetWindowThreadProcessId
SetWindowsHookExW
CallNextHookEx
UnhookWindowsHookEx
PostMessageW
wsprintfW

advapi32

SetEntriesInAclW
AllocateAndInitializeSid
RegCreateKeyExW
GetSidSubAuthorityCount
GetTokenInformation
GetLengthSid
SetTokenInformation
GetSidSubAuthority
SetThreadToken
SetSecurityInfo
GetSecurityDescriptorSacl
ConvertStringSecurityDescriptorToSecurityDescriptorW
InitializeSecurityDescriptor
RegCreateKeyW
ConvertStringSidToSidW
RegSetKeySecurity
SetSecurityDescriptorDacl
RegOpenKeyExW
GetUserNameA
CreateProcessAsUserW
DuplicateTokenEx
OpenProcessToken
AdjustTokenPrivileges
LookupPrivilegeValueW
FreeSid
RegSetValueExW
RegCloseKey
RegOpenKeyW
RegEnumKeyExW
CheckTokenMembership
RegFlushKey
RegQueryValueExW
RegDeleteValueW
RegDeleteKeyW

ole32

CoCreateInstance
CoUninitialize
CoInitialize
CoInitializeEx

oleaut32

VariantInit
VariantChangeType
VariantClear
SysAllocString
SysFreeString

Exports

Exports

E0D197A2_D21D_4d5c_AA5C_0CA8E3507931
a
s

Sections

.text
Size: 82KB - Virtual size: 82KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 33KB - Virtual size: 33KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 16B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 10KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

bb62c6720729f60516226547bce2f019

Headers

File Characteristics

PDB Paths

Imports

msvcrt

kernel32

user32

advapi32

ole32

oleaut32

Exports

Exports

Sections

.text Size: 82KB - Virtual size: 82KB

.rdata Size: 33KB - Virtual size: 33KB

.data Size: 2KB - Virtual size: 6KB

.rsrc Size: 512B - Virtual size: 16B

.reloc Size: 10KB - Virtual size: 9KB

.text
Size: 82KB - Virtual size: 82KB

.rdata
Size: 33KB - Virtual size: 33KB

.data
Size: 2KB - Virtual size: 6KB

.rsrc
Size: 512B - Virtual size: 16B

.reloc
Size: 10KB - Virtual size: 9KB