caa6f17b91369f3b2df1058e9095ab23

Sharing

Copy URL Twitter E-mail

General

Target

caa6f17b91369f3b2df1058e9095ab23
Size

36KB
MD5

caa6f17b91369f3b2df1058e9095ab23
SHA1

e464c536916b05b0d9a247dc55f0d9a0bf44c1a0
SHA256

b67c3492c4db03965e3cc353f1c16487455262605fcd16eb67334a901540242b
SHA512

6e6c08fbffd3d9aa9a7518a9cfceb832417a57864542a26b9928d094b6e0905698a4c01d3fa534572388aec2d3dd4a7a5ec4e6f53bffebebcacbd282ee65d5bb
SSDEEP

384:jm8Q6Ft4D5OrYa4niZlraVoMl/lWDlno8y2MW52NxmlE6xaqdG/TdcHHRm:V7j4D5OrYa4ir9oJ2MW5Mk1F

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
caa6f17b91369f3b2df1058e9095ab23

Files

caa6f17b91369f3b2df1058e9095ab23
.exe windows:4 windows x86 arch:x86

f0542c71d74c6a07099587d73e9a6a1c

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

ExitProcess
GetFileSize
SetFilePointer
WriteFile
ReadFile
CreateFileA
ResumeThread
CreateProcessA
SetThreadPriority
GetCurrentThread
SetPriorityClass
lstrcatA
lstrcpyA
GetEnvironmentVariableA
GetShortPathNameA
GetModuleFileNameA
SetFileTime
GetFileTime
GlobalFree
LockResource
GlobalAlloc
WinExec
SizeofResource
FindResourceA
Sleep
SetFileAttributesA
GetVolumeInformationA
CopyFileA
CreateThread
GetPrivateProfileStringA
GetPrivateProfileIntA
GetCurrentProcessId
lstrcmpiA
TerminateProcess
SetThreadContext
WriteProcessMemory
VirtualAllocEx
ReadProcessMemory
GetThreadContext
lstrlenA
GetLastError
GetStartupInfoA
GetModuleHandleA
GetSystemDirectoryA
GetDriveTypeA
FindFirstFileA
FindNextFileA
FindClose
GetVersion
LoadLibraryA
GetProcAddress
FreeLibrary
CreateRemoteThread
WaitForSingleObject
OpenProcess
CreateToolhelp32Snapshot
Process32First
Process32Next
GetCurrentProcess
LoadResource
CloseHandle

user32

PostMessageA
GetCursorPos
WindowFromPoint
GetWindowTextA
wsprintfA
GetParent

advapi32

StartServiceA
RegOpenKeyExA
StartServiceCtrlDispatcherA
RegisterServiceCtrlHandlerA
SetServiceStatus
RegOpenKeyA
RegCreateKeyA
RegSetValueExA
RegCloseKey
OpenProcessToken
LookupPrivilegeValueA
AdjustTokenPrivileges
OpenServiceA
CreateServiceA
OpenSCManagerA
ControlService
DeleteService
CloseServiceHandle

mfc42

ord537
ord924
ord540
ord2818
ord535
ord800

msvcrt

_strlwr
strncmp
strtoul
isdigit
_except_handler3
_stricmp
strstr
__CxxFrameHandler
fclose
fopen
fputs
exit
printf
__dllonexit
_onexit
_exit
_XcptFilter
_acmdln
__getmainargs
_initterm
__setusermatherr
_adjust_fdiv
__p__commode
__p__fmode
__set_app_type
_controlfp

msvcp60

??0Init@ios_base@std@@QAE@XZ
??1_Winit@std@@QAE@XZ
??0_Winit@std@@QAE@XZ
??1Init@ios_base@std@@QAE@XZ

Sections

.text
Size: 16KB - Virtual size: 13KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

f0542c71d74c6a07099587d73e9a6a1c

Headers

File Characteristics

Imports

kernel32

user32

advapi32

mfc42

msvcrt

msvcp60

Sections

.text Size: 16KB - Virtual size: 13KB

.rdata Size: 4KB - Virtual size: 3KB

.data Size: 8KB - Virtual size: 4KB

.rsrc Size: 4KB - Virtual size: 3KB

.text
Size: 16KB - Virtual size: 13KB

.rdata
Size: 4KB - Virtual size: 3KB

.data
Size: 8KB - Virtual size: 4KB

.rsrc
Size: 4KB - Virtual size: 3KB