57ccc64804ee95a4606dec77c7675a2579517dceab9e1193454bd5dd737e0c0f[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

57ccc64804ee95a4606dec77c7675a2579517dceab9e1193454bd5dd737e0c0f.exe
Size

288KB
MD5

2369403e22880c1137e3e006ed28dbd8
SHA1

2ccd0813d4887a26a2add412dc756084f75fb0fc
SHA256

57ccc64804ee95a4606dec77c7675a2579517dceab9e1193454bd5dd737e0c0f
SHA512

361f539b6752b5efc318a1e8f0358586ebcc510c579162fcb5ae460d1c8fda601d8c528dac40b202fbe1d0f86fce4fb47d27b9120514c0dece6476a3bec92858
SSDEEP

6144:Loc2iTVu8nNU30bb6Ji5y9fytZ3XbrnojQU1sQ:G8NLnk4ydytZ3Xn3Uz

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
57ccc64804ee95a4606dec77c7675a2579517dceab9e1193454bd5dd737e0c0f.exe

Files

57ccc64804ee95a4606dec77c7675a2579517dceab9e1193454bd5dd737e0c0f.exe
.exe windows:4 windows x86 arch:x86

f0d273e03f5936fb903f41157c666217

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

d:\perforce\cc\oem\iron\mangusta\sw\trunk\win\installer\release\install.pdb

Imports

kernel32

GetCurrentProcessId
lstrlenW
GlobalUnlock
GlobalFree
InterlockedDecrement
LocalAlloc
TlsGetValue
GlobalReAlloc
GlobalHandle
TlsAlloc
TlsSetValue
LocalReAlloc
DeleteCriticalSection
TlsFree
GetVersionExA
LoadLibraryA
CompareStringW
GlobalFindAtomW
MoveFileW
GetThreadLocale
SetFilePointer
FlushFileBuffers
SetEndOfFile
GlobalDeleteAtom
WritePrivateProfileStringW
GetModuleHandleA
GlobalFlags
InterlockedIncrement
lstrlenA
FileTimeToSystemTime
SetErrorMode
FileTimeToLocalFileTime
GetFileAttributesW
GetStartupInfoW
GetDriveTypeW
TerminateProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
RtlUnwind
ExitProcess
RaiseException
HeapReAlloc
HeapSize
GetStdHandle
GetModuleFileNameA
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineA
GetCommandLineW
SetHandleCount
GetFileType
GetStartupInfoA
HeapDestroy
HeapCreate
VirtualFree
QueryPerformanceCounter
GetSystemTimeAsFileTime
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
LCMapStringA
LCMapStringW
GetCurrentDirectoryA
GetTimeZoneInformation
VirtualAlloc
GetConsoleCP
GetConsoleMode
GetStringTypeA
GetStringTypeW
GetLocaleInfoA
SetStdHandle
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
GetDriveTypeA
CreateFileA
SetEnvironmentVariableA
SetEnvironmentVariableW
ConvertDefaultLocale
GetVersion
EnumResourceLanguagesW
lstrcmpA
GetLocaleInfoW
CompareStringA
InterlockedExchange
GlobalLock
lstrcmpW
GlobalAlloc
GlobalAddAtomW
GetTickCount
WriteFile
FindClose
FindFirstFileW
ReadFile
CreateFileW
SetLastError
HeapFree
GetProcessHeap
HeapAlloc
LocalFree
FormatMessageW
OutputDebugStringW
LeaveCriticalSection
EnterCriticalSection
GetCurrentThreadId
GetLocalTime
InitializeCriticalSection
CreateMutexW
GetFullPathNameW
GetModuleFileNameW
GetVersionExW
FreeLibrary
GetExitCodeProcess
WaitForSingleObject
CreateProcessW
GetCurrentProcess
MultiByteToWideChar
WideCharToMultiByte
GetCurrentThread
GetModuleHandleW
LoadLibraryExW
GetSystemDefaultLangID
GetUserDefaultLangID
GetSystemDefaultUILanguage
GetUserDefaultUILanguage
GetProcAddress
LoadLibraryW
LoadResource
LockResource
SizeofResource
Sleep
GetLastError
DeleteFileW
GetTempPathW
GetWindowsDirectoryW
FindResourceW
GetSystemDirectoryW
CloseHandle
ReleaseMutex

user32

DestroyMenu
UnregisterClassW
ClientToScreen
GrayStringW
DrawTextExW
DrawTextW
TabbedTextOutW
LoadCursorW
GetDC
ReleaseDC
GetSysColorBrush
ShowWindow
SetWindowTextW
RegisterWindowMessageW
LoadIconW
WinHelpW
GetCapture
GetClassLongW
GetClassNameW
SetPropW
GetPropW
RemovePropW
IsWindow
GetWindowTextW
GetForegroundWindow
GetDlgItem
DestroyWindow
GetMessageTime
GetMessagePos
MapWindowPoints
SetForegroundWindow
GetClientRect
GetMenu
CreateWindowExW
GetClassInfoExW
GetClassInfoW
RegisterClassW
GetSysColor
AdjustWindowRectEx
CopyRect
GetDlgCtrlID
DefWindowProcW
SystemParametersInfoA
IsIconic
GetWindowPlacement
GetWindow
GetMenuItemID
GetMenuItemCount
GetSubMenu
SetMenuItemBitmaps
GetMenuCheckMarkDimensions
LoadBitmapW
GetFocus
ModifyMenuW
GetMenuState
EnableMenuItem
CheckMenuItem
GetWindowThreadProcessId
GetParent
GetWindowLongW
GetLastActivePopup
IsWindowEnabled
EnableWindow
PostQuitMessage
SetCursor
GetMessageW
TranslateMessage
DispatchMessageW
GetActiveWindow
IsWindowVisible
SendMessageW
GetKeyState
PeekMessageW
GetCursorPos
ValidateRect
GetTopWindow
SetWindowsHookExW
CallNextHookEx
SetWindowLongW
SetWindowPos
GetWindowRect
GetSystemMetrics
CallWindowProcW
UnhookWindowsHookEx
MessageBoxW
LoadStringW
PostMessageW
PtInRect
UnregisterClassA

gdi32

PtVisible
RectVisible
TextOutW
ExtTextOutW
Escape
SelectObject
GetStockObject
DeleteDC
DeleteObject
SetMapMode
RestoreDC
SaveDC
SetBkColor
SetTextColor
GetClipBox
GetDeviceCaps
CreateBitmap
ScaleWindowExtEx
SetWindowExtEx
ScaleViewportExtEx
SetViewportExtEx
OffsetViewportOrgEx
SetViewportOrgEx

winspool.drv

OpenPrinterW
DocumentPropertiesW
ClosePrinter

advapi32

RegQueryValueW
RegOpenKeyW
RegEnumKeyW
RegDeleteKeyW
RegQueryValueExW
RegOpenKeyExW
RegSetValueExW
RegCloseKey
RegCreateKeyExW

shell32

ShellExecuteW
SHGetFolderPathW
ord680

shlwapi

PathFindFileNameW
PathFindExtensionW
PathAppendW

oleaut32

VariantInit
VariantChangeType
VariantClear

oleacc

CreateStdAccessibleObject
LresultFromObject

Sections

.text
Size: 164KB - Virtual size: 163KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 40KB - Virtual size: 36KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 27KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rmnet
Size: 60KB - Virtual size: 60KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

f0d273e03f5936fb903f41157c666217

Headers

File Characteristics

PDB Paths

Imports

kernel32

user32

gdi32

winspool.drv

advapi32

shell32

shlwapi

oleaut32

oleacc

Sections

.text Size: 164KB - Virtual size: 163KB

.rdata Size: 40KB - Virtual size: 36KB

.data Size: 12KB - Virtual size: 27KB

.rsrc Size: 8KB - Virtual size: 7KB

.rmnet Size: 60KB - Virtual size: 60KB

.text
Size: 164KB - Virtual size: 163KB

.rdata
Size: 40KB - Virtual size: 36KB

.data
Size: 12KB - Virtual size: 27KB

.rsrc
Size: 8KB - Virtual size: 7KB

.rmnet
Size: 60KB - Virtual size: 60KB