e00e645cf09c1af95c67723d24858088

Sharing

Copy URL Twitter E-mail

General

Target

e00e645cf09c1af95c67723d24858088
Size

140KB
MD5

e00e645cf09c1af95c67723d24858088
SHA1

9483b82c7034ab9edf1037cdbbaae2f17806e4dd
SHA256

057e1756e472ff4a156b284b34270888e6152da2249efb421b395b10b6ed8b5a
SHA512

7427c128fb2c3c586b2ec50ed7d8fc451c497653212cb8ff25cbf7c2c03212feeedc991801d7fb9853bdcb1e0ac06f813c1b26f4619d0b082a870a645766b83a
SSDEEP

1536:3mCA35baHKg23Asn6Pn+v+xH4bB7q3F5tQBh6JUEPrzZS6mQcbWQwlxaO:rA35bxAC2RGV7WF5tQBh6Jlp6WQwlgO

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
e00e645cf09c1af95c67723d24858088

Files

e00e645cf09c1af95c67723d24858088
.exe windows:4 windows x86 arch:x86

8318c9ffb191a574eefb4e2167984159

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

c:\Documents and Settings\liu\桌面\vircs\release\cssrs.pdb

Imports

advapi32

RegSetValueExW
RegCreateKeyExW
RegQueryValueExW
RegCloseKey

psapi

GetModuleBaseNameW
EnumProcesses
EnumProcessModules

shell32

SHGetFolderPathW
CommandLineToArgvW

shlwapi

PathFileExistsW

user32

BeginPaint
DispatchMessageW
PeekMessageW
RegisterDeviceNotificationW
PostQuitMessage
TranslateMessage
CreateWindowExW
TranslateAcceleratorW
EndPaint
LoadCursorW
LoadIconW
DefWindowProcW
RegisterClassExW
LoadStringW
LoadAcceleratorsW
wsprintfW

kernel32

FlushFileBuffers
CreateFileA
WriteConsoleW
GetConsoleOutputCP
WriteConsoleA
SetStdHandle
LCMapStringW
LCMapStringA
GetStringTypeW
GetStringTypeA
GetLocaleInfoA
HeapSize
GetConsoleMode
GetConsoleCP
WideCharToMultiByte
SetFilePointer
CloseHandle
GetCommandLineW
Sleep
WaitForSingleObject
GetFileSize
CreateMutexW
CreateFileW
CopyFileW
lstrlenW
CreateProcessW
OpenProcess
UpdateResourceW
FindNextFileW
FindFirstFileW
FindResourceW
FreeLibrary
DeleteFileW
LoadResource
EndUpdateResourceW
LoadLibraryW
SizeofResource
GetLastError
BeginUpdateResourceW
FindClose
LockResource
HeapFree
GetVersionExA
HeapAlloc
GetProcessHeap
GetStartupInfoW
GetSystemTimeAsFileTime
SetUnhandledExceptionFilter
GetProcAddress
GetModuleHandleA
ExitProcess
WriteFile
GetStdHandle
GetModuleFileNameA
GetModuleFileNameW
FreeEnvironmentStringsA
MultiByteToWideChar
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineA
SetHandleCount
GetFileType
GetStartupInfoA
DeleteCriticalSection
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
InterlockedIncrement
SetLastError
GetCurrentThreadId
InterlockedDecrement
HeapDestroy
HeapCreate
VirtualFree
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
IsDebuggerPresent
LeaveCriticalSection
EnterCriticalSection
LoadLibraryA
InitializeCriticalSection
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
VirtualAlloc
HeapReAlloc
RtlUnwind

Sections

.text
Size: 40KB - Virtual size: 40KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 16KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 72KB - Virtual size: 68KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

8318c9ffb191a574eefb4e2167984159

Headers

File Characteristics

PDB Paths

Imports

advapi32

psapi

shell32

shlwapi

user32

kernel32

Sections

.text Size: 40KB - Virtual size: 40KB

.rdata Size: 16KB - Virtual size: 16KB

.data Size: 8KB - Virtual size: 15KB

.rsrc Size: 72KB - Virtual size: 68KB

.text
Size: 40KB - Virtual size: 40KB

.rdata
Size: 16KB - Virtual size: 16KB

.data
Size: 8KB - Virtual size: 15KB

.rsrc
Size: 72KB - Virtual size: 68KB