cc1832da3322d70b8a5ea65fefe05635

Sharing

Copy URL Twitter E-mail

General

Target

cc1832da3322d70b8a5ea65fefe05635
Size

601KB
MD5

cc1832da3322d70b8a5ea65fefe05635
SHA1

271678ba4c8c7327230fbe33f4043d7bfede8dbe
SHA256

cdf520bf7d255fb42c126b2c2e5bb0506c634098f01ef6bce04a5865fb8eba64
SHA512

20ccce8af5b55bf3077059eeff2cfca71d0ae1505503f7159e7dd4dc48563dd16f6674ffd7c203da82ae243421a1517227d7f3511ba50d75b57c69ae45bd647b
SSDEEP

12288:HzUJPTklnjVB9TZfWInXfXkYwizbVwObzslMSerK:oJLklnjVB9TzX1ElMSerK

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
cc1832da3322d70b8a5ea65fefe05635

Files

cc1832da3322d70b8a5ea65fefe05635
.exe windows:4 windows x86 arch:x86

413e9107d14d4ee61963885cbe6a647f

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

advapi32

RegCloseKey
RegQueryValueExW
RegOpenKeyExW
RegEnumKeyExW
RegQueryInfoKeyW
SetSecurityInfo
GetSecurityDescriptorSacl
ConvertStringSecurityDescriptorToSecurityDescriptorW
RegEnumValueW
RegQueryValueExA
RegOpenKeyExA
RegSetValueExW
RegCreateKeyExW

version

GetFileVersionInfoSizeW
GetFileVersionInfoW
VerQueryValueW

mfc42u

ord1570
ord1568
ord1165
ord2385
ord5349
ord5352
ord5804
ord5199
ord3224
ord2755
ord389
ord4273
ord6655
ord942
ord940
ord3806
ord6374
ord1143
ord1230
ord2078
ord551
ord6868
ord4219
ord1940
ord2388
ord3341
ord5296
ord5299
ord4074
ord4693
ord5303
ord5285
ord817
ord565
ord2718
ord4221
ord2248
ord927
ord5819
ord3659
ord996
ord415
ord613
ord289
ord715
ord5637
ord3568
ord3566
ord3621
ord3658
ord640
ord2406
ord5781
ord1634
ord1633
ord323
ord2854
ord1859
ord1130
ord2861
ord3614
ord816
ord5785
ord562
ord283
ord2746
ord1863
ord5603
ord2754
ord897
ord1854
ord4215
ord2576
ord3649
ord3696
ord500
ord772
ord2430
ord1173
ord2858
ord6138
ord2559
ord5784
ord5783
ord5871
ord4272
ord2606
ord3915
ord472
ord2966
ord5755
ord6188
ord5752
ord6182
ord4324
ord6185
ord6017
ord6168
ord5869
ord5790
ord5674
ord5732
ord5575
ord5567
ord6057
ord5860
ord3591
ord6190
ord2855
ord5856
ord5568
ord2914
ord3697
ord1083
ord501
ord2859
ord1172
ord1637
ord1614
ord4197
ord5852
ord536
ord2745
ord696
ord1258
ord5638
ord4180
ord5624
ord3701
ord2444
ord4018
ord909
ord1808
ord2447
ord2538
ord3810
ord291
ord5679
ord2715
ord2382
ord3054
ord5094
ord5097
ord4461
ord4298
ord3345
ord5006
ord975
ord5468
ord3398
ord2874
ord2873
ord4146
ord4072
ord5233
ord5278
ord2641
ord1658
ord4430
ord1717
ord5252
ord4421
ord706
ord1857
ord5095
ord2093
ord5098
ord3346
ord976
ord4147
ord2374
ord5279
ord5250
ord2437
ord674
ord1850
ord2094
ord5469
ord645
ord1856
ord5248
ord1834
ord5801
ord4140
ord5480
ord3227
ord1134
ord1137
ord4155
ord2144
ord1851
ord1811
ord3097
ord6150
ord2523
ord4358
ord4052
ord5467
ord4116
ord2381
ord5077
ord1702
ord1706
ord5230
ord6365
ord5275
ord5244
ord2436
ord331
ord4231
ord6644
ord2706
ord6871
ord3651
ord407
ord3652
ord408
ord3645
ord401
ord3618
ord366
ord3638
ord394
ord773
ord4242
ord4243
ord4240
ord4237
ord4241
ord4451
ord4718
ord5047
ord4493
ord4804
ord4768
ord3016
ord6451
ord4452
ord4494
ord4495
ord4769
ord668
ord2762
ord356
ord941
ord4269
ord6371
ord4480
ord2546
ord2504
ord5727
ord3917
ord1089
ord5193
ord5298
ord4692
ord5710
ord3733
ord561
ord815
ord4041
ord2137
ord2136
ord6221
ord5227
ord5243
ord2124
ord4595
ord6113
ord1202
ord1131
ord824
ord826
ord2717
ord665
ord1971
ord5180
ord354
ord6381
ord2822
ord1941
ord4029
ord5706
ord4124
ord4279
ord6195
ord6278
ord860
ord726
ord823
ord426
ord3574
ord4616
ord3348
ord2425
ord2541
ord4030
ord6091
ord4027
ord3519
ord6088
ord5715
ord3791
ord3132
ord4278
ord4281
ord6194
ord3868
ord3869
ord3866
ord3083
ord5944
ord4293
ord6192
ord6210
ord4117
ord2633
ord5976
ord2620
ord1666
ord1676
ord5431
ord537
ord922
ord2756
ord6211
ord861
ord2910
ord2810
ord925
ord535
ord6376
ord6193
ord538
ord858
ord4704
ord2371
ord4294
ord2680
ord4229
ord2294
ord800
ord818
ord2127
ord324
ord567
ord540
ord641
ord4418
ord4621
ord4075
ord3074
ord3820
ord3826
ord3825
ord3397
ord2971
ord3076
ord2980
ord3257
ord3131
ord4459
ord3254
ord3142
ord2977
ord5273
ord2438
ord5257
ord1720
ord5059
ord3744
ord6372
ord2047
ord2640
ord4435
ord4831
ord3793
ord5286
ord4347
ord6370
ord5157
ord2377
ord5237
ord4401
ord1768
ord4073
ord6051
ord3592
ord4419
ord2116
ord5276
ord1767
ord6048
ord2506
ord4992
ord4847
ord4370
ord5261
ord6303
ord521
ord711
ord413
ord2243
ord2721
ord2722
ord6466
ord2719
ord6445
ord825
ord1109

msvcrt

strncmp
isspace
isalnum
fputc
fprintf
_snprintf
_vsnprintf
_vsnwprintf
malloc
free
_atoi64
memmove
strchr
isalpha
_mbstok
swscanf
_wtoi
fseek
ftell
fread
fopen
strstr
atol
strtok
printf
_itoa
_strlwr
_stricmp
tolower
_exit
_XcptFilter
_wcmdln
__wgetmainargs
_initterm
__setusermatherr
_adjust_fdiv
__p__commode
__p__fmode
__set_app_type
?terminate@@YAXXZ
__dllonexit
_onexit
??1type_info@@UAE@XZ
_controlfp
wcscat
atoi
getenv
strncat
wcsncmp
wcslen
wprintf
wcsncpy
wcscpy
strcpy
__CxxFrameHandler
strlen
sprintf
memset
memcpy
wcscmp
_wcsicmp
exit
strcat
_except_handler3
_purecall
memcmp
?what@exception@@UBEPBDXZ
fclose
fflush
fwrite
_wfopen
_wtol
??0exception@@QAE@ABQBD@Z
_CxxThrowException
??1exception@@UAE@XZ
rand
srand
time
_ftol
strcmp
swprintf
sscanf

kernel32

GetTickCount
GetCurrentThreadId
LoadLibraryA
GetProcAddress
FreeLibrary
HeapFree
HeapAlloc
GetProcessHeap
LocalFree
FindClose
FindNextFileA
FindFirstFileA
CreateProcessW
GlobalMemoryStatusEx
GetLastError
DeleteFileW
SetFileAttributesW
DeleteFileA
WritePrivateProfileStringW
MoveFileExW
Process32NextW
Process32FirstW
CreateToolhelp32Snapshot
lstrlenA
ResumeThread
OpenProcess
GetLongPathNameW
LoadResource
FindResourceW
GetVersion
FormatMessageW
MulDiv
SetLastError
GlobalDeleteAtom
GlobalFindAtomW
GlobalAddAtomW
CreateDirectoryW
GetSystemDirectoryW
UnmapViewOfFile
MapViewOfFile
CreateFileMappingW
OpenFileMappingW
lstrcmpW
HeapReAlloc
GetStartupInfoW
GetTempPathW
MultiByteToWideChar
CloseHandle
lstrcpynW
IsBadCodePtr
IsBadReadPtr
GetVersionExW
lstrcpyW
FileTimeToSystemTime
FileTimeToLocalFileTime
GetFileTime
CreateFileW
lstrlenW
GetModuleFileNameW
WideCharToMultiByte
GetCurrentProcess
GetCurrentProcessId
LoadLibraryW
WriteFile
TerminateProcess
GetModuleHandleW
GetFileSize
InterlockedDecrement
WaitForSingleObject
CreateThread
Sleep
GetDiskFreeSpaceExA
GetDriveTypeA
GetLogicalDrives
GetTempPathA
CompareStringW
LockResource
GetPrivateProfileStringW
GetCommandLineW
GetSystemDirectoryA

user32

IntersectRect
UnhookWindowsHookEx
GetPropW
CallWindowProcW
DestroyMenu
GetCursorPos
MenuItemFromPoint
IsChild
UpdateWindow
LoadAcceleratorsW
TranslateAcceleratorW
ModifyMenuW
GetMenuDefaultItem
GrayStringW
DrawTextW
TabbedTextOutW
DrawEdge
SetRect
DrawFocusRect
GetMessagePos
DrawStateW
InflateRect
GetMenuItemCount
GetSubMenu
GetMenuItemID
GetSystemMenu
WindowFromDC
CopyRect
GetMenuInfo
DestroyIcon
FillRect
GetMenuItemRect
GetMenuItemInfoW
OffsetRect
IsMenu
SetMenuInfo
GetWindowDC
GetSysColor
IsWindow
RemovePropW
IsRectEmpty
ClientToScreen
RedrawWindow
PostQuitMessage
MoveWindow
SetForegroundWindow
WindowFromPoint
GetClassNameW
LoadIconW
LoadCursorW
ShowWindow
GetParent
SendMessageW
RegisterWindowMessageW
EnableWindow
CallNextHookEx
GetMenuState
GetFocus
LoadMenuW
GetMenu
GetMenuStringW
GetClientRect
SetWindowsHookExW
SetPropW
BringWindowToTop
BeginPaint
EndPaint
SetWindowLongW
GetWindowLongW
DefWindowProcW
GetDC
SetTimer
KillTimer
GetWindowRect
FindWindowW
GetSystemMetrics
PostMessageW
SystemParametersInfoW
wsprintfW
MessageBoxW
SetWindowPos
CreateWindowExW
RegisterClassExW
UpdateLayeredWindow
EqualRect
ReleaseDC

gdi32

Rectangle
DeleteDC
SelectClipRgn
CreateRectRgn
CombineRgn
CreateRectRgnIndirect
Escape
ExtTextOutW
TextOutW
RectVisible
PtVisible
UnrealizeObject
SetBrushOrgEx
BitBlt
CreatePen
DeleteObject
GetTextExtentPoint32W
RoundRect
GetObjectW
GetPixel
SetPixel
GetNearestColor
CreateFontIndirectW
CreateCompatibleBitmap
CreatePatternBrush
CreateSolidBrush
GetStockObject
CreateCompatibleDC
CreateDIBSection
SelectObject
GetDeviceCaps

shell32

Shell_NotifyIconW
CommandLineToArgvW
SHGetFolderPathW
ShellExecuteW

comctl32

ImageList_GetIcon
ImageList_GetIconSize
ImageList_Draw

ole32

CLSIDFromString
CLSIDFromProgID
OleDraw
CoUninitialize
OleCreate
OleSetContainedObject
CoCreateInstance
OleRun
CoInitialize

oleaut32

SysAllocString
VariantInit
VariantClear
SysAllocStringByteLen
SysStringByteLen
VariantChangeType
GetErrorInfo
SysFreeString

ws2_32

htons
WSACleanup
inet_ntoa
gethostbyaddr
gethostbyname
inet_addr
socket
closesocket
sendto
recv
send
connect
setsockopt
WSAGetLastError
recvfrom
WSAStartup

msvcp60

?find_last_not_of@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIPBDII@Z
??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ
?_Tidy@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AAEX_N@Z
?assign@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@PBDI@Z
?append@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@PBDI@Z
?assign@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@ABV12@II@Z
?npos@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@2IB
?c_str@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEPBDXZ
?erase@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@II@Z
?find_first_not_of@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIPBDII@Z
??1_Lockit@std@@QAE@XZ
??0_Lockit@std@@QAE@XZ
??9std@@YA_NABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@PBD@Z
??8std@@YA_NABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@0@Z
??8std@@YA_NABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@PBD@Z
??Mstd@@YA_NABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@0@Z
?_C@?1??_Nullstr@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@CAPBDXZ@4DB

shlwapi

PathFileExistsW
PathIsDirectoryW

psapi

EmptyWorkingSet

wininet

InternetQueryOptionW

iphlpapi

GetIpForwardTable
GetBestInterface
GetIpAddrTable
GetAdaptersInfo

winmm

waveOutGetNumDevs

Exports

Exports

?interfaceMap@CCustomControlSite@@1UAFX_INTERFACEMAP@@B

Sections

.text
Size: 212KB - Virtual size: 211KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 56KB - Virtual size: 55KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 24KB - Virtual size: 125KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 160KB - Virtual size: 159KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rrdata
Size: 72KB - Virtual size: 72KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

413e9107d14d4ee61963885cbe6a647f

Headers

File Characteristics

Imports

advapi32

version

mfc42u

msvcrt

kernel32

user32

gdi32

shell32

comctl32

ole32

oleaut32

ws2_32

msvcp60

shlwapi

psapi

wininet

iphlpapi

winmm

Exports

Exports

Sections

.text Size: 212KB - Virtual size: 211KB

.rdata Size: 56KB - Virtual size: 55KB

.data Size: 24KB - Virtual size: 125KB

.rsrc Size: 160KB - Virtual size: 159KB

.rrdata Size: 72KB - Virtual size: 72KB

.text
Size: 212KB - Virtual size: 211KB

.rdata
Size: 56KB - Virtual size: 55KB

.data
Size: 24KB - Virtual size: 125KB

.rsrc
Size: 160KB - Virtual size: 159KB

.rrdata
Size: 72KB - Virtual size: 72KB