cdc437c06d8c1f9f5272a72f1ae4665b

Sharing

Copy URL

Twitter E-mail

General

Target

cdc437c06d8c1f9f5272a72f1ae4665b
Size

311KB
MD5

cdc437c06d8c1f9f5272a72f1ae4665b
SHA1

088e6facdfd7716175d12b32239a27d4c70d040e
SHA256

9e7d2158b7f54920553095bdfefe85f6f59f431eed755bb2a4d6b6252dcf30e3
SHA512

cb94136eb1249080da0952b2abe7d84fd35e6e660dc78914088d7cd89a2dd2af0f25feac0f023b63b71c2e98ffe17945f04fbad8effb954dea21b68e0b82f83d
SSDEEP

6144:TLuEraZbwX2Cg0hwg5XQooLdnvq6YyhavoaWdaRQzyvQ:TfWsGCg0hwOXQooZAyhaidCQzy

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
cdc437c06d8c1f9f5272a72f1ae4665b

Files

cdc437c06d8c1f9f5272a72f1ae4665b
.exe windows:4 windows x86 arch:x86

1b2f878c1554c41b511945a98b206151

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

comdlg32

GetSaveFileNameA
ChooseColorA
GetSaveFileNameW

wininet

InternetFortezzaCommand
GopherOpenFileA
FtpGetFileEx
FindFirstUrlCacheContainerW
InternetGetCookieW
FtpPutFileA
SetUrlCacheHeaderData
FtpGetFileA
ShowSecurityInfo

kernel32

GetLocaleInfoW
CompareStringW
Sleep
EnumCalendarInfoA
GetLastError
GetCPInfo
GetStringTypeW
WideCharToMultiByte
WriteConsoleA
InterlockedDecrement
SetComputerNameW
GetTimeZoneInformation
GetProcAddress
FreeEnvironmentStringsW
GetEnvironmentStrings
IsDebuggerPresent
GetCompressedFileSizeA
GetLocaleInfoA
TlsSetValue
CreateDirectoryExA
GetStartupInfoW
GetACP
GetCommandLineW
TlsFree
GetStdHandle
IsValidLocale
GetProcessHeap
SetHandleCount
VirtualFree
GetDateFormatA
FreeLibrary
HeapSize
CreateProcessA
HeapReAlloc
DeleteCriticalSection
GetModuleHandleA
GetTimeFormatA
InitializeCriticalSection
SetEnvironmentVariableA
GetVersionExA
IsBadWritePtr
GetEnvironmentStringsW
ReleaseMutex
HeapDestroy
HeapCreate
SetUnhandledExceptionFilter
LCMapStringA
GetCurrentThread
VirtualQuery
SetConsoleCtrlHandler
LoadLibraryA
SetLastError
GlobalGetAtomNameW
InterlockedCompareExchange
WaitForSingleObjectEx
TlsAlloc
OpenSemaphoreA
GetSystemTimeAsFileTime
HeapAlloc
GetCommandLineA
GetCurrentThreadId
GetCurrentProcessId
CompareStringA
EnumSystemLocalesA
LeaveCriticalSection
GetModuleFileNameW
TerminateProcess
GlobalFlags
FindAtomA
GetOEMCP
LCMapStringW
GetWindowsDirectoryW
QueryPerformanceCounter
GetUserDefaultLCID
ExitProcess
VirtualAlloc
InterlockedIncrement
GetSystemDirectoryA
GetCurrentProcess
EnterCriticalSection
FreeEnvironmentStringsA
TlsGetValue
IsValidCodePage
MultiByteToWideChar
GetStringTypeA
InterlockedExchange
GetProfileIntA
GetTickCount
GetModuleFileNameA
UnhandledExceptionFilter
RtlUnwind
WriteFile
GetStartupInfoA
GetExitCodeProcess
GetFileType
HeapFree

Sections

.text
Size: 120KB - Virtual size: 120KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 8KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 173KB - Virtual size: 173KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 7KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

1b2f878c1554c41b511945a98b206151

Headers

File Characteristics

Imports

comdlg32

wininet

kernel32

Sections

.text Size: 120KB - Virtual size: 120KB

.rdata Size: 8KB - Virtual size: 13KB

.data Size: 173KB - Virtual size: 173KB

.rsrc Size: 7KB - Virtual size: 7KB

.text
Size: 120KB - Virtual size: 120KB

.rdata
Size: 8KB - Virtual size: 13KB

.data
Size: 173KB - Virtual size: 173KB

.rsrc
Size: 7KB - Virtual size: 7KB