cc3ca0316a859f3e2f6046ea5a27f5e0

Sharing

Copy URL Twitter E-mail

General

Target

cc3ca0316a859f3e2f6046ea5a27f5e0
Size

51KB
MD5

cc3ca0316a859f3e2f6046ea5a27f5e0
SHA1

668c25052229c47f036150cca15cb3ce15a33b96
SHA256

5f76ff8ada52aeab02d6aabf6bf72a5038049a7220b6e2ef44577867432aa664
SHA512

9d16b600cedf970dbceba69406f5f708405f20634461b4e96a6cd0f48fbfcc5e5b13d3370b9ed3fe58ff77081cef4ed153d1afd87e2f796dca9bcea801daaa76
SSDEEP

768:C3nNqj4uiWOxd+Gz0fZXpLVMmppV2WVLhN9D7p/bZbgEiJkuS9nYXoKZaIASyJvk:wl10fZX9VMIpVvLbZbgEc8BY4O+J

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
cc3ca0316a859f3e2f6046ea5a27f5e0

Files

cc3ca0316a859f3e2f6046ea5a27f5e0
.exe .js windows:4 windows x86 arch:x86 polyglot

1b0124d36c25a650ee93b61a21a51360

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

psapi

EnumProcessModules
GetModuleFileNameExA

kernel32

GetCurrentProcess
GetTickCount
LeaveCriticalSection
EnterCriticalSection
GetModuleHandleA
InitializeCriticalSection
InterlockedIncrement
InterlockedDecrement
FindClose
FindNextFileA
FindFirstFileA
TerminateProcess
OpenProcess
DeleteFileA
ExpandEnvironmentStringsA
SetCurrentDirectoryA
Process32Next
MoveFileExA
Process32First
CreateToolhelp32Snapshot
lstrcpynA
CreateFileMappingA
SetErrorMode
GetLastError
lstrlenA
ExitProcess
CloseHandle
Sleep
CreateProcessA
GetStartupInfoA
WideCharToMultiByte
MultiByteToWideChar
LoadLibraryA
GetProcAddress
lstrcatA
GetLogicalDriveStringsA
GetDriveTypeA
SetFileAttributesA
GlobalAlloc
CreateThread
GetVersionExA
lstrcpyA
GetTempPathA
GetModuleFileNameA
GetTempFileNameA
GetVolumeInformationA
GetFileAttributesA

user32

SendMessageA
FindWindowExA
FindWindowA
ExitWindowsEx
ReleaseDC
GetDC
CallNextHookEx
UnhookWindowsHookEx
DispatchMessageA
TranslateMessage
GetMessageA
SetWindowsHookExA

advapi32

RegDeleteKeyA
RegOpenKeyExA
AdjustTokenPrivileges
LookupPrivilegeValueA
OpenProcessToken
RegCloseKey
DeleteService
ControlService
ChangeServiceConfigA
CloseServiceHandle
OpenSCManagerA
OpenServiceA
RegQueryValueExA

ole32

OleInitialize
CoCreateInstance
OleUninitialize

oleaut32

SysFreeString
VariantInit
VariantCopy
VariantClear
SysAllocString

gdi32

SetPixel
BitBlt
SelectObject
PatBlt
CreateCompatibleBitmap
CreateCompatibleDC
GetDeviceCaps
CreateDCA
GetDIBits

ws2_32

recv
shutdown
gethostbyname
accept
listen
bind
gethostname

version

GetFileVersionInfoSizeA
GetFileVersionInfoA
VerQueryValueA

msvcrt

_strcmpi
__dllonexit
__set_app_type
__p__fmode
__p__commode
_adjust_fdiv
rand
free
strtok
strcmp
strrchr
_controlfp
strchr
printf
??3@YAXPAX@Z
memcmp
??2@YAPAXI@Z
_strdup
_stricmp
_onexit
__setusermatherr
_initterm
__getmainargs
_acmdln
exit
_XcptFilter
_exit
time
__p___argc
__p___argv
srand
system
memset
sprintf
atoi
toupper
strstr
malloc
_except_handler3
fclose
ftell
fseek
fopen
fwrite
fputs
fread
strlen
abs
strcat
strcpy
wcslen

Sections

.bss
Size: - Virtual size: 17.4MB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 50KB - Virtual size: 50KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

1b0124d36c25a650ee93b61a21a51360

Headers

File Characteristics

Imports

psapi

kernel32

user32

advapi32

ole32

oleaut32

gdi32

ws2_32

version

msvcrt

Sections

.bss Size: - Virtual size: 17.4MB

.data Size: 50KB - Virtual size: 50KB

.bss
Size: - Virtual size: 17.4MB

.data
Size: 50KB - Virtual size: 50KB