cab36b5af2c108948d0abf16e2f0f5a6

Sharing

Copy URL

Twitter E-mail

General

Target

cab36b5af2c108948d0abf16e2f0f5a6
Size

489KB
MD5

cab36b5af2c108948d0abf16e2f0f5a6
SHA1

f020e7084fc3a1dd035cbd13dee6c0576ba60650
SHA256

b21ff57887a0e821ac94e799a816a51ae7d14ff6c6804eebfda571f3321ecc6e
SHA512

0295d4d2fa17ac1eef1d81736874096194fc5e3cdf8ff8bd517cd2bd40d2ff0320df550c5739d6a4bd2702b8a06189098724047f39c7eacc620f9627a4cede1b
SSDEEP

6144:CB8z3xo2kWY75QGTIOVjRhRFZwCEtOKOOSWxY8XyTmIUbKskbwihqBAY3O+nc5sU:CBXM7OTctrBYkQmIzsWRhwQ5sF9Wr

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
cab36b5af2c108948d0abf16e2f0f5a6

Files

cab36b5af2c108948d0abf16e2f0f5a6
.exe windows:4 windows x86 arch:x86

a17c706ac11ae5d10c4fcfdedbbe980f

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

user32

ModifyMenuA
CascadeWindows
GetClassWord
DdeReconnect
SetDeskWallpaper
RegisterClassA
RegisterClassExA
SetActiveWindow
GrayStringW
GetParent
OpenWindowStationW
DrawStateA
SetClassLongW

kernel32

LocalFileTimeToFileTime
GetPrivateProfileStructA
InterlockedExchangeAdd
InterlockedExchange
LCMapStringW
ReadConsoleA
GetACP
SetStdHandle
GetFileAttributesExW
LCMapStringA
SetHandleCount
GetStringTypeW
SetLastError
WriteFile
WideCharToMultiByte
GetSystemTimeAsFileTime
GetCurrentProcess
InitializeCriticalSection
VirtualAllocEx
MultiByteToWideChar
GetLocalTime
IsBadWritePtr
GetCurrentThread
TlsAlloc
GetVersion
InterlockedDecrement
GetNumberFormatA
GetFileType
CreateProcessW
QueryPerformanceCounter
SetFilePointer
GetCurrentProcessId
GetUserDefaultLangID
VirtualAlloc
DeleteCriticalSection
GetStringTypeA
TlsGetValue
GetModuleHandleA
GetTickCount
HeapCreate
GetTimeZoneInformation
GetEnvironmentStringsW
TerminateProcess
GetCPInfo
VirtualQuery
GetSystemTime
PulseEvent
GetModuleFileNameA
RtlUnwind
ExitProcess
HeapReAlloc
EnterCriticalSection
CloseHandle
UnhandledExceptionFilter
LoadLibraryA
TlsFree
GetStringTypeExW
GetOEMCP
FreeEnvironmentStringsW
HeapFree
ReadFile
OpenEventA
VirtualFree
GetStdHandle
TlsSetValue
RaiseException
GetLastError
SetEnvironmentVariableA
LeaveCriticalSection
InterlockedIncrement
FlushFileBuffers
MapViewOfFileEx
HeapAlloc
FreeEnvironmentStringsA
CompareStringW
GetEnvironmentStrings
HeapDestroy
CompareStringA
ReadConsoleInputW
GetStartupInfoA
CreateMutexA
GetCommandLineA
OpenMutexA
GetProcAddress
GetCurrentThreadId

comctl32

InitCommonControlsEx

shell32

ExtractAssociatedIconW
SHAppBarMessage
RealShellExecuteA

Sections

.text
Size: 160KB - Virtual size: 159KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 34KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 313KB - Virtual size: 313KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 11KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

a17c706ac11ae5d10c4fcfdedbbe980f

Headers

File Characteristics

Imports

user32

kernel32

comctl32

shell32

Sections

.text Size: 160KB - Virtual size: 159KB

.rdata Size: 4KB - Virtual size: 34KB

.data Size: 313KB - Virtual size: 313KB

.rsrc Size: 11KB - Virtual size: 10KB

.text
Size: 160KB - Virtual size: 159KB

.rdata
Size: 4KB - Virtual size: 34KB

.data
Size: 313KB - Virtual size: 313KB

.rsrc
Size: 11KB - Virtual size: 10KB