cc3d39dea52b4f0f632cdaa84c37d1e4

Sharing

Copy URL

Twitter E-mail

General

Target

cc3d39dea52b4f0f632cdaa84c37d1e4
Size

464KB
MD5

cc3d39dea52b4f0f632cdaa84c37d1e4
SHA1

0b818f49d765925b2763d9e8bd958481abb25a40
SHA256

33bcc5b1759b523a044b167f127f58a50a29e74c0333c4990dcc683c4e51e2b4
SHA512

6d748450ca294584bf173345a3f7b7b01e75dd0ea63f2fdb5868cf3097ec97b9d3db547f465cb9d68063e45eafcbe9eb49a8701a681c9ad253bfe121c3bf27a5
SSDEEP

12288:cAtdVSTQcXHGDl+oHyRbn6o3tAb81Xfn3NdlW0UZE:LSsGSl++I+oaA9dE

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
cc3d39dea52b4f0f632cdaa84c37d1e4

Files

cc3d39dea52b4f0f632cdaa84c37d1e4
.exe windows:4 windows x86 arch:x86

9921a41ce7bf18b378925e4d13d29bc1

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

urlmon

CoInternetCombineUrl

version

VerQueryValueW
GetFileVersionInfoSizeW
GetFileVersionInfoW

gdi32

GetBkColor
DeleteObject
RealizePalette
CreateFontIndirectA
GetObjectA
CreateFontIndirectW
GetTextExtentPoint32W
CreatePalette
SelectPalette
CreateBitmap
SelectObject
GetObjectW
BitBlt
GetDeviceCaps
CreateCompatibleBitmap
DeleteDC
SetBkColor
CreateDIBitmap
CreateCompatibleDC
SetPixel

msvcrt

iswprint
_initterm
wcschr
malloc
_wcsnicmp
_purecall
_adjust_fdiv
wcscpy
_wcsicmp
_except_handler3
wcsncpy
wcsrchr
wcscat
strtoul
wcscmp
wcslen
_wtol
memmove
_itow
iswspace
_ltow
strtok
free
_stricmp
_vsnwprintf
swprintf

rpcrt4

RpcNetworkIsProtseqValidA
RpcBindingFromStringBindingA
RpcStringBindingComposeA
RpcEpResolveBinding
RpcBindingFree
NdrClientCall2
UuidCreate
UuidToStringA
RpcStringFreeA

kernel32

GetFileSize
CompareStringW
UnhandledExceptionFilter
LoadLibraryExA
LoadLibraryA
ExpandEnvironmentStringsW
FormatMessageW
UnmapViewOfFile
GetCurrentDirectoryW
LocalAlloc
DisableThreadLibraryCalls
SetFilePointer
MulDiv
GetLocalTime
GlobalUnlock
FreeLibrary
GetModuleFileNameW
GetModuleHandleA
GlobalAlloc
GetTimeFormatA
FileTimeToLocalFileTime
GetCurrentThread
GetProcAddress
MapViewOfFile
FreeResource
LocalReAlloc
ExpandEnvironmentStringsA
GetTickCount
OutputDebugStringA
LoadLibraryW
InterlockedCompareExchange
GlobalLock
LockResource
GetTimeFormatW
lstrlenW
MultiByteToWideChar
SystemTimeToFileTime
GetACP
LoadResource
CloseHandle
EnterCriticalSection
InitializeCriticalSection
CreateFileMappingA
LocalFree
FindResourceA
LeaveCriticalSection
CompareStringA
GetCurrentThreadId
GetModuleHandleW
QueryPerformanceCounter
CreateFileW
GetCurrentProcessId
GetCurrentProcess
SetEndOfFile
GlobalFree
Sleep
lstrlenA
FileTimeToSystemTime
GetSystemTimeAsFileTime
GetComputerNameExW
GetDateFormatA
WriteFile
DelayLoadFailureHook
lstrcatA
GetComputerNameW
GetDateFormatW
lstrcpyA
WideCharToMultiByte
DeleteFileW
SetLastError
CreateFileA
TerminateProcess
lstrcmpA
GetLastError
DeleteCriticalSection
GetUserDefaultLCID
SetUnhandledExceptionFilter
CompareFileTime
GetVersionExA

user32

EndDialog
MapWindowPoints
DestroyWindow
GetWindowLongA
GetUpdateRect
GetDlgItemTextW
DrawTextExW
GetMonitorInfoW
SendDlgItemMessageA
GetWindowLongW
SendMessageW
MonitorFromWindow
PostMessageW
CreateWindowExA
GetFocus
LoadIconA
PeekMessageA
GetWindowRect
GetWindowTextW
MessageBoxExW
DrawFocusRect
UpdateWindow
IsWindowVisible
CreateWindowExW
ReleaseDC
wsprintfA
GetSysColorBrush
GetDesktopWindow
FillRect
SetWindowTextW
CopyRect
LoadBitmapW
SetWindowLongA
SetDlgItemTextW
RegisterClipboardFormatA
WinHelpW
GetWindowDC
PostMessageA
SetWindowTextA
SetWindowPos
LoadCursorW
SetRect
MessageBoxW
SystemParametersInfoA
GetNextDlgTabItem
LoadStringA
DestroyIcon
CallWindowProcA
SetWindowLongW
DrawIcon
GetDC
GetClientRect
GetDialogBaseUnits
CheckRadioButton
GetSysColor
SetCapture
SetFocus
SendMessageA
EndPaint
LoadStringW
IsWindowEnabled
MapDialogRect
EnableWindow
GetWindow
GetDlgItemTextA
LoadCursorA
GetDlgItem
SetCursor
BeginPaint
GetParent
SetClassLongA
InvalidateRect
SetDlgItemInt
IsDlgButtonChecked
ReleaseCapture
ShowWindow
GetDlgItemInt
SendDlgItemMessageW
MoveWindow
DialogBoxParamW

shlwapi

PathFindFileNameW
PathUndecorateW
StrCmpNIW

ntdll

NtAllocateVirtualMemory

advapi32

RegSetValueExW
CryptGetKeyParam
ControlService
CryptSetProvParam
OpenThreadToken
OpenSCManagerW
CloseServiceHandle
RegCloseKey
OpenServiceW
RegOpenKeyExW
AllocateAndInitializeSid
RegSetValueExA
RegEnumKeyExW
FreeSid
RegEnumValueW
RegQueryValueExW
OpenProcessToken
EqualSid
CryptDestroyKey
RegOpenKeyExA
StartServiceA
RegEnumKeyExA
LockServiceDatabase
StartServiceW
DuplicateToken
CryptGetUserKey
QueryServiceStatus
RegQueryValueExA
RegEnumValueA
GetUserNameW
RegCreateKeyExA
RegQueryInfoKeyA
CryptAcquireContextA
CryptReleaseContext
CryptGetProvParam
CryptAcquireContextW
UnlockServiceDatabase
RegCreateKeyExW
GetTokenInformation
ChangeServiceConfigA
QueryServiceConfigA

netapi32

DsGetDcNameW
NetGetDCName
NetApiBufferFree

wininet

InternetCanonicalizeUrlW
InternetCrackUrlW

crypt32

CertGetEnhancedKeyUsage
CryptFindOIDInfo
CertFreeCTLContext
CertGetValidUsages
CertEnumCTLsInStore
CertGetCertificateContextProperty
CryptEncodeObject
CertVerifyTimeValidity
CertFindAttribute
CertCreateCertificateContext
CertCompareCertificate
CertNameToStrW
CryptAcquireCertificatePrivateKey
CertGetPublicKeyLength
CertFindCRLInStore
CryptMsgGetParam
CertEnumSystemStore
CryptMsgVerifyCountersignatureEncoded
CryptInitOIDFunctionSet
CertGetCertificateChain
CertDuplicateCertificateContext
CertSaveStore
CryptBinaryToStringA
CertFreeCRLContext
CertGetNameStringW
CertAddCertificateContextToStore
CertGetStoreProperty
CertFindCTLInStore
CryptFormatObject
CertDuplicateStore
CryptGetDefaultOIDDllList
CertFindCertificateInStore
CertCloseStore
CryptFindCertificateKeyProvInfo
CertCreateCTLContext
CryptFindLocalizedName
CryptMsgOpenToDecode
CertFindExtension
PFXImportCertStore
PFXExportCertStore
CertOpenStore
CertGetSubjectCertificateFromStore
CryptFreeOIDFunctionAddress
CertFreeCertificateContext
PFXExportCertStoreEx
CertSetCTLContextProperty
CertFreeCertificateChain
CertSetCertificateContextProperty
CertSetEnhancedKeyUsage
CertGetCTLContextProperty
CertEnumCertificatesInStore
CryptMsgDuplicate
CertAddCRLContextToStore
CertEnumPhysicalStore
CryptQueryObject
CryptEnumOIDInfo
CryptMsgUpdate
CryptSIPRetrieveSubjectGuid
CryptGetDefaultOIDFunctionAddress
CryptMsgControl
CertCreateCertificateChainEngine
PFXVerifyPassword
CertDeleteCertificateFromStore
CryptDecodeObjectEx
CryptMsgClose
CertAddCTLContextToStore
CryptDecodeObject
CertFreeCertificateChainEngine
CertGetCRLFromStore
CryptMsgEncodeAndSignCTL

wintrust

TrustIsCertificateSelfSigned
WTHelperGetKnownUsages
WintrustGetDefaultForUsage
WTHelperGetProvCertFromChain
WTHelperGetProvSignerFromChain
WinVerifyTrustEx
WTHelperProvDataFromStateData

Sections

.text
Size: 19KB - Virtual size: 19KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 20B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.rsrc
Size: 10KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 952KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 428KB - Virtual size: 428KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

9921a41ce7bf18b378925e4d13d29bc1

Headers

File Characteristics

Imports

urlmon

version

gdi32

msvcrt

rpcrt4

kernel32

user32

shlwapi

ntdll

advapi32

netapi32

wininet

crypt32

wintrust

Sections

.text Size: 19KB - Virtual size: 19KB

.reloc Size: 512B - Virtual size: 20B

.rsrc Size: 10KB - Virtual size: 9KB

.data Size: 4KB - Virtual size: 952KB

.rdata Size: 428KB - Virtual size: 428KB

.text
Size: 19KB - Virtual size: 19KB

.reloc
Size: 512B - Virtual size: 20B

.rsrc
Size: 10KB - Virtual size: 9KB

.data
Size: 4KB - Virtual size: 952KB

.rdata
Size: 428KB - Virtual size: 428KB