cbfcc528f88b68b7349ae7f1ded3d010

Sharing

Copy URL Twitter E-mail

General

Target

cbfcc528f88b68b7349ae7f1ded3d010
Size

136KB
MD5

cbfcc528f88b68b7349ae7f1ded3d010
SHA1

e77fa55e2777759a91e5e39fa23b8845b6a7b4de
SHA256

ae9a821435c6dcf2aaadfa2758545f2681699115627de715daf6a2bc55583bed
SHA512

8fa44b5b26bac14ee5396bb57f9725d974589a181ff7a6f65a1994455d7a67d6833f3aa447ec562a3b980e60f34e877678b538be2746328fae243f77aec56360
SSDEEP

1536:remzXa61j3G06IcTCOlTCnBKrZNKDiL1CZsR1s+LUupgX2At:CwzBOlTCngIDipR6+LU6+rt

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
cbfcc528f88b68b7349ae7f1ded3d010

Files

cbfcc528f88b68b7349ae7f1ded3d010
.exe windows:4 windows x86 arch:x86

0b9f2a65db6ae097cf49c98dd33061f9

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

d:\myfile\vs\tangXoffice\debug\xoffice.pdb

Imports

kernel32

OpenProcess
CloseHandle
VirtualFreeEx
WaitForSingleObject
CreateRemoteThread
GetProcAddress
GetModuleHandleA
WriteProcessMemory
VirtualAllocEx
lstrlenA
Sleep
CopyFileA
CreateThread
GetSystemDirectoryA
CompareStringW
CompareStringA
GetTimeZoneInformation
IsValidCodePage
IsValidLocale
EnumSystemLocalesA
GetUserDefaultLCID
GetDateFormatA
GetTimeFormatA
GetStringTypeW
RtlUnwind
GetLastError
HeapFree
HeapAlloc
GetCommandLineA
GetVersionExA
GetProcessHeap
GetStartupInfoA
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
RaiseException
DebugBreak
WideCharToMultiByte
MultiByteToWideChar
LoadLibraryA
HeapDestroy
HeapCreate
VirtualFree
DeleteCriticalSection
LeaveCriticalSection
FatalAppExitA
EnterCriticalSection
VirtualAlloc
HeapReAlloc
ExitProcess
WriteFile
GetStdHandle
GetModuleFileNameA
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
SetHandleCount
GetFileType
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
InterlockedIncrement
SetLastError
GetCurrentThreadId
InterlockedDecrement
GetCurrentThread
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
GetSystemTimeAsFileTime
FreeLibrary
GetModuleFileNameW
VirtualQuery
InitializeCriticalSection
SetConsoleCtrlHandler
InterlockedExchange
GetCPInfo
GetACP
GetOEMCP
HeapSize
GetLocaleInfoA
GetLocaleInfoW
LCMapStringA
LCMapStringW
GetStringTypeA
SetEnvironmentVariableA

user32

CharLowerA

mpr

WNetCloseEnum
WNetEnumResourceA
WNetOpenEnumA

psapi

EnumProcessModules
EnumProcesses
GetModuleBaseNameA

Sections

.textbss
Size: - Virtual size: 64KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.text
Size: 100KB - Virtual size: 97KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 16KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

0b9f2a65db6ae097cf49c98dd33061f9

Headers

File Characteristics

PDB Paths

Imports

kernel32

user32

mpr

psapi

Sections

.textbss Size: - Virtual size: 64KB

.text Size: 100KB - Virtual size: 97KB

.rdata Size: 16KB - Virtual size: 15KB

.data Size: 8KB - Virtual size: 8KB

.idata Size: 4KB - Virtual size: 3KB

.rsrc Size: 4KB - Virtual size: 3KB

.textbss
Size: - Virtual size: 64KB

.text
Size: 100KB - Virtual size: 97KB

.rdata
Size: 16KB - Virtual size: 15KB

.data
Size: 8KB - Virtual size: 8KB

.idata
Size: 4KB - Virtual size: 3KB

.rsrc
Size: 4KB - Virtual size: 3KB