ccd2d9814e102f3195d6e4269b4d711a

Sharing

Copy URL Twitter E-mail

General

Target

ccd2d9814e102f3195d6e4269b4d711a
Size

55KB
MD5

ccd2d9814e102f3195d6e4269b4d711a
SHA1

fad6824b297e131f46615208b9903d3c45dd0b4d
SHA256

6ec9d5ac171c674b00ed1e625d935199d185f5046b741bc4fdb89498a5939cc2
SHA512

aadf8eaef669b01fdebacbc150726fd7f3b55dfba8ab0f40b665e81bbf8534d4ad50e4086372b7734d18334fef42c159da2efc7811a057e38be1e4eee46f0038
SSDEEP

768:shecVn9MrU7eGa3/s8XYZk7JeaIOGvskfFYPSJ/CCjgH8:IMrUqGa3/H0k7JGskfiPXC

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
ccd2d9814e102f3195d6e4269b4d711a

Files

ccd2d9814e102f3195d6e4269b4d711a
.exe windows:4 windows x86 arch:x86

fe7dab20d0b6e91897074c268c02e8ab

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

msvcrt

isdigit
wcscmp
_adjust_fdiv
free
atol
memcpy
_wcsicmp
memmove
_ultoa
wcslen
_wcsnicmp
qsort
strncpy
isupper
_snwprintf
_initterm
isxdigit
_snprintf
_onexit
bsearch
_except_handler3
wcschr
_ltoa
sprintf
_itow
_ltow
strncmp
wcscat
strtoul
malloc
wcscpy
__dllonexit

user32

wsprintfW
LoadStringA
GetProcessDefaultLayout
wsprintfA
MessageBoxW
GetSystemMetrics
MessageBoxA
LoadStringW

kernel32

TerminateProcess
DeleteCriticalSection
DelayLoadFailureHook
CreateFileMappingA
GetLastError
GetSystemTime
UnmapViewOfFile
SetFileAttributesA
FindFirstFileA
GetTickCount
SystemTimeToFileTime
OutputDebugStringA
SetEvent
GetSystemTimeAsFileTime
LocalFree
MapViewOfFile
ReadFile
GetSystemDefaultLangID
ExpandEnvironmentStringsA
OpenMutexA
GetTimeFormatA
InterlockedExchange
FileTimeToSystemTime
GetFileAttributesW
TlsSetValue
FindFirstChangeNotificationA
InterlockedDecrement
CompareStringA
CreateDirectoryW
GetModuleHandleA
FindCloseChangeNotification
lstrcmpA
CompareStringW
CreateThread
TlsFree
EnterCriticalSection
InterlockedIncrement
GetFileAttributesA
LeaveCriticalSection
GetLocalTime
ReleaseMutex
GetCurrentThread
GetModuleFileNameA
FindFirstChangeNotificationW
GetCurrentThreadId
Sleep
GetFileAttributesExW
lstrlenW
WaitForSingleObjectEx
GetTimeFormatW
CloseHandle
GetACP
FindFirstFileW
GetTempFileNameA
CreateFileW
WaitForMultipleObjectsEx
FreeLibraryAndExitThread
FindClose
TlsAlloc
UnhandledExceptionFilter
LocalAlloc
CreateDirectoryA
GetCurrentProcess
PulseEvent
lstrcpyA
GetComputerNameA
FreeLibrary
FindNextChangeNotification
GetDateFormatW
FormatMessageA
CompareFileTime
GetCurrentProcessId
InterlockedCompareExchange
ExitThread
SetUnhandledExceptionFilter
LoadLibraryExA
GetEnvironmentVariableA
lstrlenA
FileTimeToLocalFileTime
TlsGetValue
MultiByteToWideChar
SetEndOfFile
CreateFileA
FindNextFileW
WriteFile
SetFilePointer
DeleteFileA
GetProcAddress
OpenFileMappingW
FormatMessageW
SetFileAttributesW
OpenMutexW
QueryPerformanceCounter
WaitForSingleObject
DeleteFileW
GetUserDefaultLCID
OpenEventA
CreateMutexW
LoadLibraryExW
GetFileSize
DuplicateHandle
GetDateFormatA
GetComputerNameW
CreateEventA
VirtualAlloc
GetVersionExA
FindNextFileA
CreateFileMappingW
GetTempPathA
CreateMutexA
LoadLibraryA
LocalSize
SetLastError
lstrcatA
ExpandEnvironmentStringsW
InitializeCriticalSection
LocalReAlloc
GetModuleFileNameW

rpcrt4

RpcBindingFromStringBindingA
NdrClientCall2
RpcImpersonateClient
RpcBindingSetAuthInfoExW
RpcRevertToSelf
UuidCreate
RpcStringBindingComposeW
RpcStringFreeA
RpcStringBindingComposeA
RpcStringFreeW
RpcBindingFree
UuidToStringA
RpcBindingFromStringBindingW
RpcEpResolveBinding

advapi32

CryptExportKey
RegDeleteKeyW
RegSetKeySecurity
CryptCreateHash
CryptSetHashParam
RegDeleteKeyA
ChangeServiceConfigA
CloseServiceHandle
GetSecurityDescriptorDacl
GetUserNameA
MD5Init
RegOpenKeyExA
FreeSid
RegConnectRegistryA
CryptAcquireContextA
CryptEncrypt
RegEnumValueA
OpenServiceW
CryptSetProviderA
RegOpenKeyExW
SetSecurityDescriptorOwner
GetAce
RegNotifyChangeKeyValue
A_SHAInit
SetSecurityDescriptorDacl
RegDeleteValueA
RegQueryValueExA
QueryServiceStatus
RegSetValueExW
RegCreateKeyExW
GetSidIdentifierAuthority
InitializeAcl
AddAccessAllowedAce
RegGetKeySecurity
StartServiceA
RegEnumKeyExA
CryptGetHashParam
GetUserNameW
GetTokenInformation
GetSidSubAuthorityCount
RegEnumKeyA
CryptHashData
LookupPrivilegeValueA
RegQueryInfoKeyA
RegCloseKey
GetSecurityDescriptorOwner
RegSetValueExA
LockServiceDatabase
RegConnectRegistryW
SystemFunction040
RegQueryInfoKeyW
RegDeleteValueW
MD5Final
CryptGetProvParam
StartServiceW
A_SHAFinal
CryptDecrypt
OpenThreadToken
LsaNtStatusToWinError
RegCreateKeyExA
EqualSid
AllocateAndInitializeSid
GetLengthSid
QueryServiceConfigA
RegEnumValueW
CryptDeriveKey
CryptDestroyHash
CopySid
InitializeSecurityDescriptor
OpenSCManagerW
CryptGetDefaultProviderW
OpenProcessToken
CryptSetKeyParam
AdjustTokenPrivileges
CryptGenKey
IsValidSid
A_SHAUpdate
CryptImportKey
RegQueryValueExW
SetSecurityDescriptorGroup
CryptSetProvParam
CryptGetKeyParam
CryptSignHashA
CryptGetUserKey
CryptDestroyKey
LookupAccountSidW
SystemFunction041
MD5Update
RegEnumKeyExW
GetSidSubAuthority
CryptReleaseContext
CryptGenRandom
UnlockServiceDatabase
ControlService
CryptVerifySignatureA

adsldpc

ADsFreeColumn

msasn1

ASN1_FreeEncoded
ASN1DecRealloc
ASN1CEREncUTCTime
ASN1BERDecOctetString
ASN1objectidentifier2_cmp
ASN1open_free
ASN1BEREncChar32String
ASN1BERDecS32Val
ASN1BEREncUTF8String
ASN1BEREncEoid
ASN1octetstring_free
ASN1_CreateDecoder
ASN1BERDecEndOfContents
ASN1_CreateModule
ASN1BERDecBitString
ASN1BERDecUTCTime
ASN1BERDecU32Val
ASN1CEREncBeginBlk
ASN1BERDecEoid
ASN1ztcharstring_free
ASN1_CloseModule
ASN1CEREncFlushBlkElement
ASN1BERDecUTF8String
ASN1BEREncSX
ASN1BERDecChar32String
ASN1utf8string_free
ASN1_Encode
ASN1BEREncBitString
ASN1_Decode
ASN1BEREoid2DotVal
ASN1BERDecSXVal
ASN1CEREncNewBlkElement
ASN1BEREncCharString
ASN1_CreateEncoder
ASN1_CloseEncoder
ASN1Free
ASN1BERDecMultibyteString
ASN1_CloseDecoder
ASN1BERDecPeekTag
ASN1char32string_free
ASN1charstring_free
ASN1char16string_free
ASN1BEREncBool
ASN1BERDotVal2Eoid
ASN1BEREncOctetString
ASN1BEREncS32
ASN1BERDecOpenType2
ASN1BERDecObjectIdentifier2
ASN1BEREncEndOfContents
ASN1BEREncChar16String
ASN1BERDecBitString2
ASN1BERDecBool
ASN1BERDecOpenType
ASN1BERDecZeroCharString
ASN1BERDecOctetString2
ASN1BERDecExplicitTag
ASN1BEREncOpenType
ASN1EncSetError
ASN1CEREncGeneralizedTime
ASN1BEREncU32
ASN1BERDecChar16String
ASN1bitstring_free
ASN1BERDecGeneralizedTime
ASN1BEREoid_free
ASN1BEREncExplicitTag
ASN1BERDecNotEndOfContents
ASN1_FreeDecoded
ASN1BEREncMultibyteString
ASN1CEREncEndBlk
ASN1BERDecCharString
ASN1_SetEncoderOption
ASN1DecSetError
ASN1intx_free
ASN1BEREncObjectIdentifier2

Sections

.textbss
Size: - Virtual size: 1.3MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.text
Size: 512B - Virtual size: 412B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 512B - Virtual size: 32B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 448B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.idata
Size: 52KB - Virtual size: 132KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

fe7dab20d0b6e91897074c268c02e8ab

Headers

File Characteristics

Imports

msvcrt

user32

kernel32

rpcrt4

advapi32

adsldpc

msasn1

Sections

.textbss Size: - Virtual size: 1.3MB

.text Size: 512B - Virtual size: 412B

.rdata Size: 512B - Virtual size: 32B

.reloc Size: 512B - Virtual size: 448B

.idata Size: 52KB - Virtual size: 132KB

.textbss
Size: - Virtual size: 1.3MB

.text
Size: 512B - Virtual size: 412B

.rdata
Size: 512B - Virtual size: 32B

.reloc
Size: 512B - Virtual size: 448B

.idata
Size: 52KB - Virtual size: 132KB