cb876fca4959e62f744185535873532e

Sharing

Copy URL Twitter E-mail

General

Target

cb876fca4959e62f744185535873532e
Size

108KB
MD5

cb876fca4959e62f744185535873532e
SHA1

d6c3f76055cb32bbbfc3cf15ccd63b6332c4ae06
SHA256

5bed7b4e6a1c8528e4c79a8f947dec4d8c6430476f34ef86d0fda332146390e8
SHA512

85bb0f0cc0b598c70d5d1e1649453ada756ecc5af7cc71ad402212ebc84cb36f62a31264329a673356be69d4f380b3003f6dd25ff0f73734c1c53e0f41a8da86
SSDEEP

1536:wyK5FRItk/B9f8ERDOfuMbf2e+8EZ20AufjYDn1052qYMykW69fg8mlmf7ZlSz5j:wyKTkqTD+3bs8bufMDUyMFKmNlSz7X5

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
cb876fca4959e62f744185535873532e

Files

cb876fca4959e62f744185535873532e
.exe windows:5 windows x86 arch:x86

97778e6315daa52e4718c025eb526a33

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

advapi32

RegCloseKey
RegQueryValueExA
RegOpenKeyExA
RegSetValueExA
RegCreateKeyExA
RegDeleteKeyA
QueryServiceConfigA
CloseServiceHandle
OpenServiceA
OpenSCManagerA

kernel32

GetWindowsDirectoryA
FindFirstFileA
SetLastError
Sleep
GetModuleFileNameA
WaitForSingleObject
MultiByteToWideChar
GetSystemDirectoryW
GetCommandLineA
HeapFree
HeapAlloc
GetProcessHeap
GetStartupInfoA
ExitProcess
GetProcAddress
GetModuleHandleA
WriteFile
GetStdHandle
UnhandledExceptionFilter
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
WideCharToMultiByte
GetEnvironmentStringsW
SetHandleCount
GetFileType
DeleteCriticalSection
TlsAlloc
GetCurrentThreadId
TlsFree
TlsSetValue
DeleteFileA
HeapDestroy
HeapCreate
VirtualFree
LeaveCriticalSection
EnterCriticalSection
VirtualAlloc
HeapReAlloc
CloseHandle
VirtualProtect
GetSystemInfo
VirtualQuery
LCMapStringA
LCMapStringW
LoadLibraryA
GetACP
GetOEMCP
GetCPInfo
InitializeCriticalSection
RtlUnwind
InterlockedExchange
CreateFileA
SetStdHandle
FlushFileBuffers
CompareStringA
CompareStringW
SetEnvironmentVariableA
GetLocaleInfoA
GetStringTypeA
GetStringTypeW
SetEndOfFile
ReadFile
SetFilePointer
lstrlenA
GetLastError
LocalAlloc
LocalFree
GetVersionExA
GetCurrentDirectoryA
TlsGetValue

cfgmgr32

CM_Get_DevNode_Status
CM_Connect_MachineA
CM_Locate_DevNode_ExA
CM_Reenumerate_DevNode_Ex
CM_Disconnect_Machine

setupapi

SetupFindNextLine
SetupGetStringFieldA
SetupFindFirstLineA
SetupCloseInfFile
SetupOpenInfFileA
SetupDiCallClassInstaller
SetupDiSetClassInstallParamsA
SetupDiDestroyDeviceInfoList
SetupDiOpenDevRegKey
SetupDiGetDeviceRegistryPropertyA
SetupDiEnumDeviceInfo
SetupDiGetClassDevsA
SetupDiClassGuidsFromNameA
SetupDiRemoveDevice
SetupDiDeleteDevRegKey
SetupCopyOEMInfA
SetupAddToSourceListA
SetupRemoveFromSourceListA

newdev

UpdateDriverForPlugAndPlayDevicesA

shell32

ShellExecuteExW

Sections

.text
Size: 55KB - Virtual size: 55KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 47KB - Virtual size: 48KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

97778e6315daa52e4718c025eb526a33

Headers

DLL Characteristics

File Characteristics

Imports

advapi32

kernel32

cfgmgr32

setupapi

newdev

shell32

Sections

.text Size: 55KB - Virtual size: 55KB

.data Size: 4KB - Virtual size: 14KB

.rsrc Size: 47KB - Virtual size: 48KB

.text
Size: 55KB - Virtual size: 55KB

.data
Size: 4KB - Virtual size: 14KB

.rsrc
Size: 47KB - Virtual size: 48KB