59f8a5acf4045838d10094d1ef36f92935d0848078b7134c5e098ebba0d854e9

Sharing

Copy URL

Twitter E-mail

General

Target

59f8a5acf4045838d10094d1ef36f92935d0848078b7134c5e098ebba0d854e9
Size

286KB
MD5

4d478b1c882d74c16e57f43ea3a69106
SHA1

c1c42a0f3d2a39cc0e6479017378eae7183c11d6
SHA256

59f8a5acf4045838d10094d1ef36f92935d0848078b7134c5e098ebba0d854e9
SHA512

24dcf9fa936ddcd4fe1a0756200809c31584ad666209209dbedd36f7a2431f4bf5c2260da71ee0ce74b4a4a13ea385a5eeac1eae6db0fbf0232d8c78f498ebaf
SSDEEP

6144:3Y2h6cfaoj99K30G90Iw9X6UY2pSOFeGPPyKWxaMU2MPf:xh6cFjiEGPrjipPPW5rAf

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/sepscmos.dll

Files

59f8a5acf4045838d10094d1ef36f92935d0848078b7134c5e098ebba0d854e9
.cab
sepscmos.dll
.dll windows:4 windows x86 arch:x86

62958a69988560a71d5e57a25c7b416c

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GetLocalTime
GetCurrentThreadId
GetCurrentDirectoryA
LoadLibraryA
GetVersionExA
ResumeThread
SuspendThread
LocalAlloc
TerminateThread
WaitForSingleObject
GetModuleFileNameA
CreateDirectoryA
FindFirstFileA
FindClose
TlsGetValue
TlsSetValue
TlsFree
TlsAlloc
CreatePipe
GetCurrentProcess
DuplicateHandle
CloseHandle
CreateProcessA
Sleep
InterlockedIncrement
GetLastError
LocalFree
GlobalFree
GlobalAlloc
InitializeCriticalSection
LoadLibraryExA
FreeLibrary
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
GetProcAddress
GetTickCount
GetFullPathNameA
GetDriveTypeA
FileTimeToLocalFileTime
FileTimeToSystemTime
GetLocaleInfoW
SetEnvironmentVariableA
CompareStringW
CompareStringA
GetExitCodeProcess
IsBadCodePtr
SetEnvironmentVariableW
IsBadReadPtr
SetUnhandledExceptionFilter
GetStringTypeW
GetStringTypeA
GetEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsW
FreeEnvironmentStringsA
GetOEMCP
GetACP
LCMapStringW
LCMapStringA
MultiByteToWideChar
FlushFileBuffers
GetUserDefaultLCID
EnumSystemLocalesA
GetLocaleInfoA
IsValidCodePage
IsValidLocale
RtlUnwind
HeapReAlloc
HeapAlloc
HeapFree
GetTimeZoneInformation
GetSystemTime
ExitProcess
TerminateProcess
DeleteFileA
GetFileType
CreateFileA
SetStdHandle
MoveFileA
GetSystemTimeAsFileTime
InterlockedDecrement
CreateThread
ExitThread
GetCurrentProcessId
GetCommandLineA
GetVersion
SetLastError
VirtualFree
VirtualAlloc
IsBadWritePtr
GetModuleHandleA
GetEnvironmentVariableA
HeapDestroy
HeapCreate
HeapSize
WriteFile
GetStdHandle
SetFilePointer
SetHandleCount
GetStartupInfoA
WideCharToMultiByte
UnhandledExceptionFilter
GetFileAttributesA
SetEndOfFile
ReadFile
GetCPInfo

advapi32

SetSecurityDescriptorDacl
SetServiceStatus
RegQueryInfoKeyA
RegisterServiceCtrlHandlerA
RegisterEventSourceA
DeregisterEventSource
RegOpenKeyExA
RegQueryValueExA
RegCloseKey
ReportEventA
CloseEventLog
CryptGenRandom
CryptDecrypt
CryptGetUserKey
CryptGenKey
CryptImportKey
CryptSetKeyParam
CryptEncrypt
CryptAcquireContextA
CryptCreateHash
CryptHashData
CryptGetHashParam
CryptDestroyKey
CryptDestroyHash
CryptReleaseContext
InitializeSecurityDescriptor

ws2_32

WSACleanup
WSAStartup
getsockname
gethostbyname
getsockopt
ioctlsocket
connect
sendto
recvfrom
closesocket
getservbyname
inet_addr
accept
send
recv
setsockopt
bind
listen
gethostname
ntohs
ntohl
inet_ntoa
htonl
htons
__WSAFDIsSet
socket

Exports

Exports

?pmc_create_get_data@@YAPAVIPmcGetData@@PAJ@Z
?pms_create_pdu_list@@YAPAV?$IPmcPtrList@VIPmsPdu@@@@PAJ@Z

Sections

.text
Size: 508KB - Virtual size: 507KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 24KB - Virtual size: 21KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 80KB - Virtual size: 144KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 80KB - Virtual size: 78KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

62958a69988560a71d5e57a25c7b416c

Headers

File Characteristics

Imports

kernel32

advapi32

ws2_32

Exports

Exports

Sections

.text Size: 508KB - Virtual size: 507KB

.rdata Size: 24KB - Virtual size: 21KB

.data Size: 80KB - Virtual size: 144KB

.rsrc Size: 4KB - Virtual size: 1KB

.reloc Size: 80KB - Virtual size: 78KB

.text
Size: 508KB - Virtual size: 507KB

.rdata
Size: 24KB - Virtual size: 21KB

.data
Size: 80KB - Virtual size: 144KB

.rsrc
Size: 4KB - Virtual size: 1KB

.reloc
Size: 80KB - Virtual size: 78KB