cb19ec0c5a5c1f4a5fecb3b72339adb2

Sharing

Copy URL Twitter E-mail

General

Target

cb19ec0c5a5c1f4a5fecb3b72339adb2
Size

28KB
MD5

cb19ec0c5a5c1f4a5fecb3b72339adb2
SHA1

d530f20513327639c0483f32b93b55ce9da3eaa8
SHA256

8f6876ef1ebb1686f0121eeae677ce644be4e64ec48faacce8cd45d05286f2b4
SHA512

7de5b78166d6fc25cfb1915abb903b0309ed75b9680c2ba50fc47fc66eb7e6d80c4f2b94f2cca6276fb171fbc2a75c542d40c9ac189f74005835888d07728503
SSDEEP

384:/8frPrQsJGV/Hndo2eO/5gh8o1sBjA5J99uX2MwJArVKQj9eK2CPF1yPFiHHJ3Rz:/2rDU9oO/5gh8o6Buu2Jc3tItiHHvWQ

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
cb19ec0c5a5c1f4a5fecb3b72339adb2

Files

cb19ec0c5a5c1f4a5fecb3b72339adb2
.exe windows:4 windows x86 arch:x86

1e2be9496b190e2d88a4a0d549607024

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

mfc42

ord3081
ord2976
ord3830
ord3831
ord2985
ord3825
ord3079
ord4080
ord4622
ord4424
ord3738
ord561
ord3136
ord2256
ord5303
ord4699
ord3353
ord3741
ord4465
ord3262
ord3259
ord1105
ord354
ord5186
ord2077
ord2029
ord3318
ord5797
ord5442
ord5479
ord6385
ord1995
ord1979
ord665
ord791
ord1187
ord565
ord3147
ord2982
ord537
ord5714
ord5289
ord5307
ord4698
ord4079
ord2725
ord5302
ord5300
ord3346
ord2396
ord5199
ord1089
ord3922
ord5731
ord2512
ord2554
ord4486
ord6375
ord4274
ord2915
ord5572
ord2818
ord967
ord523
ord2726
ord817
ord815
ord825
ord1168
ord1576
ord800
ord940
ord540
ord823
ord535
ord860

msvcrt

__p__fmode
_initterm
__setusermatherr
_adjust_fdiv
__set_app_type
_except_handler3
_controlfp
__getmainargs
_acmdln
exit
_XcptFilter
_exit
_onexit
__dllonexit
_purecall
strncmp
strlen
strcpy
memcpy
__CxxFrameHandler
_ftol
sprintf
_EH_prolog
memset
__p__commode
_setmbcp

kernel32

CloseHandle
TerminateProcess
WaitForSingleObject
CreateFileMappingA
GetCurrentProcessId
GetSystemDirectoryA
GetModuleFileNameA
CopyFileA
GetLocalTime
MoveFileA
SetFileAttributesA
DeleteFileA
Sleep
GetCurrentProcess
WinExec
GlobalFree
GetTickCount
GlobalSize
GlobalLock
GlobalAlloc
GlobalUnlock
GlobalReAlloc
UnmapViewOfFile
MapViewOfFile
OpenFileMappingA
TerminateThread
ExitThread
GetStartupInfoA
GetModuleHandleA
OpenProcess

user32

PostMessageA
ExitWindowsEx
ShowCursor
SystemParametersInfoA
EnableWindow
MessageBoxA
keybd_event
mouse_event
SetCursorPos
GetSystemMetrics
GetDC
GetWindowDC
GetWindowRect
ReleaseDC
GetDesktopWindow

gdi32

BitBlt
DeleteObject
RealizePalette
GetStockObject
SelectPalette
GetObjectA
GetDIBits
SelectObject
CreateCompatibleDC
CreateCompatibleBitmap

advapi32

AdjustTokenPrivileges
LookupPrivilegeValueA
OpenProcessToken
RegSetValueExA
RegCloseKey
RegOpenKeyExA

wsock32

getpeername
listen
gethostbyname
gethostname
socket
closesocket
send
accept
bind
WSACleanup
WSAStartup
htons
recv

wininet

InternetOpenA
InternetOpenUrlA
InternetCloseHandle

Sections

.text
Size: 21KB - Virtual size: 21KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 1024B - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 792B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

1e2be9496b190e2d88a4a0d549607024

Headers

File Characteristics

Imports

mfc42

msvcrt

kernel32

user32

gdi32

advapi32

wsock32

wininet

Sections

.text Size: 21KB - Virtual size: 21KB

.rdata Size: 4KB - Virtual size: 4KB

.data Size: 1024B - Virtual size: 1KB

.rsrc Size: 512B - Virtual size: 792B

.text
Size: 21KB - Virtual size: 21KB

.rdata
Size: 4KB - Virtual size: 4KB

.data
Size: 1024B - Virtual size: 1KB

.rsrc
Size: 512B - Virtual size: 792B