cl64_406[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

cl64_406.exe
Size

2.1MB
MD5

194937a572cb41a383bf46fac6260001
SHA1

3f07cb23052a08321bda1af836d81bd012155ca5
SHA256

16c7a291d2fceda4942a17bdeef55ae34fd9db781a18e4d43dfcb8f79d13e957
SHA512

b36d4c9b65b21e33905e3105f1f1528a3eeaaaed627da6eb687d3e9ef91a57b7b130a4cdbaa22428067b4c4af992719e5de7e8f27a2fa9bf33b15b52c8738969
SSDEEP

49152:s0FqfY236useAOipWVhzVelBI2+vRCh/zBYAje:s0sQfuWW/AI9pc7ji

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
cl64_406.exe

Files

cl64_406.exe
.exe windows:6 windows x86 arch:x86

53bfa47947762dc04a8eb302df44f3eb

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

lstrlenW
GetSystemDirectoryW
GetModuleFileNameW
lstrcatW
CreateDirectoryW
CreateFileW
FileTimeToLocalFileTime
LocalFileTimeToFileTime
SetFileTime
GetTempPathW
CloseHandle
Sleep
GetWindowsDirectoryW
GlobalAlloc
GlobalReAlloc
GlobalUnlock
GlobalLock
GlobalHandle
GlobalFree
LocalFree
DosDateTimeToFileTime
FormatMessageW
lstrcmpW
FileTimeToSystemTime
MultiByteToWideChar
WideCharToMultiByte
IsDBCSLeadByte
GetSystemDefaultLangID
FindClose
FindFirstFileW
FindNextFileW
GetCurrentThreadId
SetCurrentDirectoryW
DeleteFileW
GetShortPathNameW
RemoveDirectoryW
SetFileAttributesW
WaitForSingleObject
GetCurrentProcess
GetExitCodeProcess
GetExitCodeThread
CreateProcessW
GetModuleHandleW
lstrcmpiW
lstrlenA
WriteConsoleW
lstrcpyW
HeapSize
FlushFileBuffers
GetProcessHeap
GetStringTypeW
SetEnvironmentVariableW
GetFileAttributesW
GetEnvironmentStringsW
GetCommandLineW
GetCommandLineA
GetCPInfo
GetOEMCP
GetACP
IsValidCodePage
FindFirstFileExW
SetEndOfFile
SetStdHandle
GetFullPathNameW
GetCurrentDirectoryW
GetFileSizeEx
LCMapStringW
CompareStringW
GetTimeZoneInformation
HeapAlloc
HeapFree
GetConsoleOutputCP
ReadConsoleW
GetConsoleMode
ExitProcess
WriteFile
GetStdHandle
SetFilePointerEx
SystemTimeToTzSpecificLocalTime
PeekNamedPipe
GetFileType
GetFileInformationByHandle
GetDriveTypeW
ReadFile
GetProcAddress
HeapReAlloc
GetModuleHandleA
GetModuleHandleExW
FreeLibraryAndExitThread
ExitThread
DecodePointer
CreateThread
RaiseException
EncodePointer
LoadLibraryExW
FreeLibrary
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
SetLastError
FreeEnvironmentStringsW
SearchPathW
GetLastError
RtlUnwind
TerminateProcess
InitializeSListHead
GetSystemTimeAsFileTime
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSectionAndSpinCount
DeleteCriticalSection
SetEvent
ResetEvent
WaitForSingleObjectEx
CreateEventW
IsDebuggerPresent
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetStartupInfoW
IsProcessorFeaturePresent
QueryPerformanceCounter
GetCurrentProcessId

user32

LoadStringW
wsprintfW
SendMessageW
PostMessageW
FindWindowW
MessageBeep
MessageBoxA
WaitForInputIdle
GetMessageW
CallNextHookEx
UnhookWindowsHookEx
SetWindowsHookExW
GetParent
GetDesktopWindow
SetWindowLongW
GetWindowLongW
SetWindowTextW
ReleaseDC
GetDC
GetKeyState
CheckDlgButton
SetWindowPos
CreateWindowExW
CallWindowProcW
IsDialogMessageW
MessageBoxW
PeekMessageW
DispatchMessageW
TranslateMessage
DestroyIcon
GetWindowRect
GetWindowTextW
InvalidateRect
UpdateWindow
IsDlgButtonChecked
GetDlgItemTextW
GetDlgItemTextA
SetDlgItemTextW
GetDlgItem
EndDialog
DialogBoxParamW
CreateDialogParamW
ShowWindow
DestroyWindow
IsWindow
PostQuitMessage

gdi32

GetTextExtentPoint32W
SelectObject

shell32

SHGetFileInfoW
SHGetMalloc
SHGetPathFromIDListW
SHBrowseForFolderW
SHGetSpecialFolderLocation
ShellExecuteExW
ShellExecuteW
ExtractIconW

ole32

CoTaskMemFree

oleaut32

SystemTimeToVariantTime
VarBstrFromDate
VariantTimeToSystemTime

comctl32

ord17

mpr

WNetOpenEnumW
WNetCloseEnum
WNetEnumResourceW

uxtheme

SetWindowTheme
EnableThemeDialogTexture

Sections

.text
Size: 174KB - Virtual size: 173KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 58KB - Virtual size: 58KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 14KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

53bfa47947762dc04a8eb302df44f3eb

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

gdi32

shell32

ole32

oleaut32

comctl32

mpr

uxtheme

Sections

.text Size: 174KB - Virtual size: 173KB

.rdata Size: 58KB - Virtual size: 58KB

.data Size: 3KB - Virtual size: 14KB

.rsrc Size: 14KB - Virtual size: 14KB

.reloc Size: 8KB - Virtual size: 8KB

.text
Size: 174KB - Virtual size: 173KB

.rdata
Size: 58KB - Virtual size: 58KB

.data
Size: 3KB - Virtual size: 14KB

.rsrc
Size: 14KB - Virtual size: 14KB

.reloc
Size: 8KB - Virtual size: 8KB