cd5960ea70778ec9cc64025c3745f6c1

Sharing

Copy URL

Twitter E-mail

General

Target

cd5960ea70778ec9cc64025c3745f6c1
Size

864KB
MD5

cd5960ea70778ec9cc64025c3745f6c1
SHA1

37c26def5f1c48981c5cfa7112b24796f8352842
SHA256

c24b552c7dd7cbe5091eae4f84db04a0554e7f7d593c8d1d7569f45d6caff612
SHA512

dbec21bb9e9b0accfb91767dca91b72521080c68bd691f60331b16a1d8e3a8042f7e583c743df775413ea2aaaca42e677f8b722ea2626ff9a9e6df76f2e0131b
SSDEEP

24576:M+/khd1AN1nCCRvHPWoPe4PEQ+U9N3I237HC:Mv1A3bRvHeoPekEQ+U9NYS7HC

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
cd5960ea70778ec9cc64025c3745f6c1

Files

cd5960ea70778ec9cc64025c3745f6c1
.exe windows:5 windows x86 arch:x86

2ec3ef321a037b388128cf8538080028

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

ole32

CoRetireServer
OleMetafilePictFromIconAndLabel
CoUnmarshalInterface
HICON_UserSize
STGMEDIUM_UserSize
OleGetIconOfFile
StgCreatePropStg
UpdateDCOMSettings
RevokeDragDrop
CoLockObjectExternal
CoGetComCatalog
HBRUSH_UserSize
PropSysAllocString
CoMarshalHresult
OleFlushClipboard
BindMoniker
HBITMAP_UserFree
SNB_UserUnmarshal
OleDoAutoConvert
CoCreateFreeThreadedMarshaler
WriteClassStm
OleConvertIStorageToOLESTREAMEx
CreateItemMoniker
StringFromGUID2
OleCreateLinkEx
HDC_UserSize
HBRUSH_UserFree
CoInitializeWOW
StgOpenAsyncDocfileOnIFillLockBytes
CoGetContextToken
CLIPFORMAT_UserSize
StgConvertPropertyToVariant
GetRunningObjectTable
OleSaveToStream
OleSetContainedObject
OleCreate
OleCreateStaticFromData
IsValidPtrIn

lz32

LZCreateFileW
LZRead
GetExpandedNameA
LZInit
LZDone
LZClose
LZCopy
LZOpenFileA
LZStart
LZCloseFile
LZSeek
CopyLZFile
LZOpenFileW

rpcns4

RpcNsGroupMbrInqNextA
RpcNsEntryObjectInqNext
RpcNsProfileEltRemoveA
RpcNsMgmtHandleSetExpAge
RpcNsEntryObjectInqBeginW
RpcNsBindingExportA
RpcNsProfileEltInqNextA
RpcNsProfileEltAddW
RpcNsMgmtEntryDeleteA
RpcNsProfileEltRemoveW
RpcNsGroupMbrAddW
RpcNsProfileEltInqNextW
RpcNsEntryObjectInqBeginA
RpcNsMgmtEntryCreateA
RpcNsProfileEltInqDone
RpcNsBindingLookupDone
RpcNsBindingSelect
RpcNsGroupDeleteA
RpcNsEntryObjectInqDone
RpcNsBindingUnexportPnPA
RpcNsBindingExportPnPW
RpcNsProfileDeleteA
I_RpcNsSendReceive
RpcNsProfileEltInqBeginW
RpcNsGroupMbrInqBeginA
RpcNsMgmtEntryInqIfIdsA
I_RpcNsGetBuffer
RpcNsBindingUnexportW
RpcIfIdVectorFree
RpcNsMgmtBindingUnexportA
RpcNsMgmtSetExpAge
RpcNsBindingImportBeginA

kernel32

LZDone
GetExitCodeProcess
WriteProcessMemory
DeleteCriticalSection
FindResourceW
IsWow64Process
EnumSystemCodePagesA
GlobalAlloc
FindActCtxSectionGuid
GetCPInfoExW
GlobalLock
LoadLibraryA
lstrlenA
RemoveLocalAlternateComputerNameW
GetVDMCurrentDirectories
GetThreadContext
GetProcessHeaps
GetTapeParameters
GetVolumePathNamesForVolumeNameW
ConvertFiberToThread
DefineDosDeviceW
LeaveCriticalSection
ReadConsoleInputExA
FatalAppExitW
CloseConsoleHandle
SetNamedPipeHandleState
EnumLanguageGroupLocalesA
ZombifyActCtx
IsValidLocale
SetComputerNameExA
GetACP
DeleteFileW
GlobalFlags
LocalFlags
SetProcessPriorityBoost
GetNumberFormatW
InterlockedFlushSList
FoldStringW
IsValidCodePage
GetGeoInfoW
GetTapeStatus
ReadConsoleOutputW
IsDebuggerPresent
SetHandleInformation
FindNextVolumeMountPointA
GetConsoleInputExeNameA
EnumUILanguagesW
MulDiv
GetSystemDefaultLCID
GetUserDefaultLCID
QueryPerformanceCounter
EnterCriticalSection
BuildCommDCBAndTimeoutsA
SetComputerNameW
CreateJobSet
FreeResource
InterlockedExchangeAdd
WaitForSingleObjectEx
IsBadWritePtr
SearchPathW
GetOverlappedResult
FindNextVolumeMountPointW
AssignProcessToJobObject
WritePrivateProfileStringW
ReadConsoleOutputA
GetConsoleCursorInfo
TransmitCommChar
ScrollConsoleScreenBufferA
SetDefaultCommConfigW
GetCommandLineW
UnhandledExceptionFilter
VirtualAlloc
PrepareTape
WriteFileGather

clusapi

ClusterGroupCloseEnum
ClusterResourceEnum
ClusterNetworkControl
OpenClusterGroup
SetClusterGroupName
ClusterRegEnumKey
ClusterNetworkEnum
GetClusterNetworkId
ChangeClusterResourceGroup
GetClusterNodeState
BackupClusterDatabase
ClusterRegCloseKey
ClusterNetworkOpenEnum
SetClusterName
AddClusterResourceDependency
ClusterResourceControl
CloseClusterNetInterface
ClusterRegCreateKey
GetClusterNetInterfaceKey
CloseClusterNotifyPort
GetClusterNodeKey
ClusterResourceCloseEnum
GetClusterNetworkKey
GetClusterNodeId
AddClusterResourceNode
GetClusterQuorumResource
GetClusterNetInterfaceState
ResumeClusterNode
EvictClusterNodeEx
GetClusterResourceNetworkName
ClusterNodeEnum
OpenClusterNetwork
ClusterResourceTypeOpenEnum
GetClusterNetworkState
ClusterNetInterfaceControl
GetClusterGroupState
OpenClusterResource
PauseClusterNode

setupapi

CM_Delete_DevNode_Key
pSetupIsGuidNull
SetupDiGetHwProfileListExA
SetupScanFileQueueA
SetupAddSectionToDiskSpaceListA
SetupDiRemoveDevice
CM_Query_Remove_SubTree_Ex
pSetupAddTagToGroupOrderListEntry
CM_Modify_Res_Des_Ex
SetupGetFieldCount
SetupDiInstallClassW
SetupDiSetDeviceInstallParamsA
pSetupShouldDeviceBeExcluded
CM_Get_Device_ID_ListA
CM_Get_Device_Interface_List_Size_ExA
SetupCopyErrorW
CM_Free_Resource_Conflict_Handle
SetupQueueRenameSectionA
UnicodeToMultiByte
CM_Detect_Resource_Conflict
SetupDiSetDeviceInterfaceDefault
pSetupSetQueueFlags
pSetupUnmapAndCloseFile
CM_Get_Log_Conf_Priority
SetupInstallServicesFromInfSectionW
CM_Merge_Range_List

qdv

DllGetClassObject

Sections

.text
Size: 193KB - Virtual size: 193KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 231KB - Virtual size: 231KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 436KB - Virtual size: 1.9MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 1024B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

2ec3ef321a037b388128cf8538080028

Headers

DLL Characteristics

File Characteristics

Imports

ole32

lz32

rpcns4

kernel32

clusapi

setupapi

qdv

Sections

.text Size: 193KB - Virtual size: 193KB

.rdata Size: 231KB - Virtual size: 231KB

.data Size: 436KB - Virtual size: 1.9MB

.rsrc Size: 1024B - Virtual size: 1024B

.reloc Size: 1KB - Virtual size: 1KB

.text
Size: 193KB - Virtual size: 193KB

.rdata
Size: 231KB - Virtual size: 231KB

.data
Size: 436KB - Virtual size: 1.9MB

.rsrc
Size: 1024B - Virtual size: 1024B

.reloc
Size: 1KB - Virtual size: 1KB