Causarol[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

Causarol.exe
Size

3.9MB
MD5

5e2d2dcf6dc20faa55ed287e10adac75
SHA1

ed4df03d468c7dc4ab2a148cea3019de93a9404b
SHA256

b4421857a65fb5abd82f4395da78e09fe28c9a322bbc85ee948a85037c6ff631
SHA512

31afd9a9e24c054f45835a2dd05656228aec11d2f4addf60f69f369dedddcaf4845e0c86584f1f0a0a83cffbbc9c809ce8e358972cadb8ca2078dce1367b15d7
SSDEEP

49152:2W2CdKiakDInh8j3yvgYmCrmNh0t4DRQhND9O9J/DU+iZRFTaXQAVdiT48r7ERsk:2tqxyhbuV6VDj/lgxKlHC

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
Causarol.exe

Files

Causarol.exe
.exe windows:6 windows x64 arch:x64

3c7b1e427db2c64ea4e94d35132b54bd

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

kernel32

LoadLibraryA
GetProcAddress
GetCommandLineW
CreateFileW
GetFileInformationByHandle
GetFileSize
GetFileType
InitializeCriticalSection
EnterCriticalSection
LeaveCriticalSection
SetEvent
ResetEvent
ReleaseMutex
CreateMutexW
CreateEventW
WaitForMultipleObjects
DeleteAtom
AddAtomW
WriteConsoleW
CloseHandle
SetFilePointerEx
GetConsoleMode
GetConsoleOutputCP
FlushFileBuffers
HeapReAlloc
HeapSize
GetProcessHeap
LCMapStringW
FlsFree
FlsSetValue
FlsGetValue
FlsAlloc
GetStringTypeW
SetStdHandle
FreeEnvironmentStringsW
GetEnvironmentStringsW
WideCharToMultiByte
MultiByteToWideChar
GetCommandLineA
GetCPInfo
GetOEMCP
GetACP
IsValidCodePage
FindNextFileW
FindFirstFileExW
FindClose
HeapFree
HeapAlloc
GetModuleHandleExW
TerminateProcess
ExitProcess
GetCurrentProcess
GetModuleFileNameW
WriteFile
GetStdHandle
RtlPcToFileHeader
RaiseException
EncodePointer
LoadLibraryExW
FreeLibrary
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
InitializeCriticalSectionAndSpinCount
DeleteCriticalSection
SetLastError
GetLastError
RtlUnwindEx
GetModuleHandleW
IsProcessorFeaturePresent
GetStartupInfoW
SetUnhandledExceptionFilter
UnhandledExceptionFilter
IsDebuggerPresent
RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext
InitializeSListHead
GetSystemTimeAsFileTime
QueryPerformanceCounter
GetCurrentProcessId
GetCurrentThreadId

winspool.drv

SetPortW
ConfigurePortW
EnumFormsW
SetFormW
SetPrinterDataExW
SetPrinterDataW
EnumPrinterKeyW
EnumPrinterDataExW
EnumPrinterDataW
GetPrinterDataExW
GetPrinterDataW
GetPrinterW
SetPrinterW
EnumJobsW
SetJobW
ResetPrinterW
EnumPrintersW
ConnectToPrinterDlg

shell32

ord716
SHPathPrepareForWriteW
SHParseDisplayName
SHBindToParent
SHGetSettings
ord176
ord75
ord47
ord88
SHGetDataFromIDListW
SHGetInstanceExplorer
ord645
ord644
ord4
ord2
ord192
SHChangeNotify
SHGetDesktopFolder
SHBrowseForFolderW
SHGetPathFromIDListW
ord154
ord27
ord23
ord21
ord17
ord16
ord24
ord152
ord153
ord155
ord25
ord19
ord18
SHGetIconOverlayIndexW
ord727
ord245
SHSetLocalizedName
SHIsFileAvailableOffline
ord180
ord6
SHGetDiskFreeSpaceExA
SHGetFileInfoW
Shell_NotifyIconW
SHEmptyRecycleBinW
SHQueryRecycleBinW
ShellExecuteExW
SHFileOperationW
ExtractIconExW
ExtractIconW
ExtractAssociatedIconW
DuplicateIcon
FindExecutableW
ShellExecuteW
DragAcceptFiles
DragFinish
DragQueryPoint
DragQueryFileW
CommandLineToArgvW
SHGetDiskFreeSpaceExW

Sections

.text
Size: 3.3MB - Virtual size: 3.3MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 161KB - Virtual size: 160KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 351KB - Virtual size: 379KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

_RDATA
Size: 512B - Virtual size: 500B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 93KB - Virtual size: 92KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

3c7b1e427db2c64ea4e94d35132b54bd

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

winspool.drv

shell32

Sections

.text Size: 3.3MB - Virtual size: 3.3MB

.rdata Size: 161KB - Virtual size: 160KB

.data Size: 351KB - Virtual size: 379KB

.pdata Size: 4KB - Virtual size: 4KB

_RDATA Size: 512B - Virtual size: 500B

.rsrc Size: 93KB - Virtual size: 92KB

.reloc Size: 2KB - Virtual size: 1KB

.text
Size: 3.3MB - Virtual size: 3.3MB

.rdata
Size: 161KB - Virtual size: 160KB

.data
Size: 351KB - Virtual size: 379KB

.pdata
Size: 4KB - Virtual size: 4KB

_RDATA
Size: 512B - Virtual size: 500B

.rsrc
Size: 93KB - Virtual size: 92KB

.reloc
Size: 2KB - Virtual size: 1KB