cfff41b848f205a63938a3e5731edbec5beb4ae1abf0ee108e08dc1e263dd052

Sharing

Copy URL Twitter E-mail

General

Target

cfff41b848f205a63938a3e5731edbec5beb4ae1abf0ee108e08dc1e263dd052
Size

19.6MB
MD5

4689e1c6ffeca2cac8372920f54730e6
SHA1

79d8dfa2d68b1229246f3d4d34f242e1f1526b5c
SHA256

cfff41b848f205a63938a3e5731edbec5beb4ae1abf0ee108e08dc1e263dd052
SHA512

8480a316690600a2ad5649e54d3a805617e9a2c511d755705e5ae3a6f0c3afcf540933da09ecd26f4773468b6932be134dc2bcd880c4999e240ba14626235c8b
SSDEEP

393216:9+9Ux4A1myf32RMVRs6rpMNorLLPvFmTIQlZFBDCywNDFSQD:kGjp26Vi6qNALPsHlZFcy+z

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/Setupprogram_01234.exe

Files

cfff41b848f205a63938a3e5731edbec5beb4ae1abf0ee108e08dc1e263dd052
.zip
Setupprogram_01234.exe
.exe windows:6 windows x86 arch:x86

e68f6e06458f4914010d75d6c214598e

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

InitializeSListHead
TlsSetValue
GlobalLock
GetCurrentProcessId
GetModuleHandleW
GetFileSizeEx
RtlUnwind
GetModuleFileNameW
WaitForMultipleObjects
GetFileAttributesW
LeaveCriticalSection
CreateSemaphoreW
GetLocaleInfoW
FindFirstFileExW
WideCharToMultiByte
GlobalMemoryStatus
GetCurrentThread
ReadFile
TlsFree
SwitchToThread
DeleteTimerQueueTimer
ReadConsoleW
IsValidCodePage
lstrcatA
EnterCriticalSection
SetFilePointerEx
GetLastError
GetModuleHandleExW
GetThreadPriority
GetLogicalProcessorInformation
GetCurrentThreadId
GetSystemDirectoryW
InitializeCriticalSectionAndSpinCount
GetACP
EnumSystemLocalesW
MoveFileW
LoadLibraryW
VirtualFree
GetTickCount64
SetFileAttributesW
SetEndOfFile
InterlockedFlushSList
LCMapStringW
GetStringTypeW
ResetEvent
GetFileType
VirtualProtect
TlsGetValue
IsProcessorFeaturePresent
WriteConsoleW
SetEnvironmentVariableW
ReleaseSRWLockExclusive
InitializeCriticalSection
VerSetConditionMask
GetNumaHighestNodeNumber
GetTickCount
SystemTimeToTzSpecificLocalTime
InitializeCriticalSectionEx
GetDateFormatW
HeapReAlloc
UnregisterWaitEx
SleepEx
DeleteCriticalSection
GetUserDefaultLCID
QueryPerformanceCounter
GetEnvironmentVariableA
FindFirstFileW
HeapAlloc
GetCurrentDirectoryW
AcquireSRWLockExclusive
ChangeTimerQueueTimer
GlobalFree
GetProcAddress
ExitProcess
GetProcessAffinityMask
SetLastError
SetFilePointer
IsDebuggerPresent
GetOEMCP
SetFileTime
CreateEventW
IsValidLocale
GetFullPathNameW
FreeLibraryAndExitThread
EncodePointer
SignalObjectAndWait
SetStdHandle
GetConsoleOutputCP
InterlockedPushEntrySList
TerminateProcess
CloseHandle
HeapSize
QueryDepthSList
CompareStringW
GetModuleHandleA
LocalFree
GetSystemInfo
VerifyVersionInfoW
GetVersionExW
GetThreadTimes
CreateTimerQueue
FindClose
ReleaseSemaphore
GetTimeFormatW
GlobalAlloc
GetCPInfo
FileTimeToSystemTime
CreateThread
FormatMessageW
DecodePointer
RaiseException
lstrlenA
FileTimeToLocalFileTime
GetCurrentProcess
GetLogicalDriveStringsW
GetEnvironmentStringsW
GetFileInformationByHandle
RemoveDirectoryW
HeapFree
CreateTimerQueueTimer
CreateFileW
UnhandledExceptionFilter
TryEnterCriticalSection
FlushFileBuffers
GetTimeZoneInformation
GlobalUnlock
GetDriveTypeW
QueryPerformanceFrequency
DeleteFileW
TlsAlloc
GetProcessHeap
CreateDirectoryW
GetVersion
VirtualAlloc
GetSystemTimeAsFileTime
WaitForSingleObjectEx
SetEvent
FreeLibrary
MultiByteToWideChar
GetStdHandle
GetCommandLineW
FindNextFileW
SetThreadPriority
RegisterWaitForSingleObject
WriteFile
FreeEnvironmentStringsW
GetCommandLineA
GetFileAttributesExW
MoveFileExW
PeekNamedPipe
DuplicateHandle
UnregisterWait
SetThreadAffinityMask
SetPriorityClass
SetUnhandledExceptionFilter
ExitThread
InterlockedPopEntrySList
GetConsoleMode
WaitForSingleObject
LoadLibraryExW
CompareFileTime
GetFileSize
GetStartupInfoW
Sleep

user32

ShowWindow
EnableWindow
GetWindowLongW
GetWindowTextW
OpenClipboard
DialogBoxParamW
LoadIconW
PostMessageW
CloseClipboard
MessageBoxW
LoadStringW
MoveWindow
MessageBoxA
InvalidateRect
GetParent
wsprintfA
SetFocus
GetMonitorInfoA
GetDlgItem
SetWindowLongW
SetCursor
GetWindowTextLengthW
CheckDlgButton
EndDialog
SetClipboardData
GetWindowRect
GetFocus
SystemParametersInfoW
GetKeyState
KillTimer
MapDialogRect
ScreenToClient
IsDlgButtonChecked
LoadCursorW
EmptyClipboard
SetTimer
SetWindowTextW
SetDlgItemTextW
SendMessageW
MonitorFromWindow
CharUpperW

advapi32

CryptReleaseContext
CryptImportKey
CryptCreateHash
CryptEncrypt
CryptAcquireContextW
CryptGetHashParam
CryptDestroyKey
CloseServiceHandle
CryptDestroyHash
CryptHashData

shell32

SHBrowseForFolderW
SHGetPathFromIDListW
SHGetFileInfoW
SHGetSpecialFolderPathW

ole32

CoTaskMemFree
CoInitialize
CoUninitialize
OleInitialize
CoCreateInstance

oleaut32

SysAllocString
SysFreeString
VariantClear
SysAllocStringLen
SysStringLen

bcrypt

BCryptGenRandom

crypt32

CertGetCertificateChain
CertFreeCertificateChainEngine
CryptDecodeObjectEx
CryptQueryObject
CertAddCertificateContextToStore
CertFindCertificateInStore
CertFreeCertificateChain
CertOpenStore
PFXImportCertStore
CertCloseStore
CertEnumCertificatesInStore
CertGetNameStringW
CertFreeCertificateContext
CryptStringToBinaryW
CertCreateCertificateChainEngine
CertFindExtension

wldap32

ord73
ord301
ord147
ord133
ord79
ord142
ord167
ord127
ord145
ord219
ord46
ord14
ord216
ord208
ord41
ord117
ord26
ord27

ws2_32

recvfrom
sendto
getpeername
ioctlsocket
gethostname
freeaddrinfo
WSACreateEvent
getsockopt
send
WSAWaitForMultipleEvents
WSAEnumNetworkEvents
WSAEventSelect
socket
WSAIoctl
WSAResetEvent
closesocket
WSAGetLastError
ntohs
WSASetLastError
WSAStartup
WSACleanup
htons
setsockopt
getaddrinfo
__WSAFDIsSet
select
accept
bind
connect
getsockname
htonl
listen
recv
WSACloseEvent

Sections

.text
Size: 6.6MB - Virtual size: 6.6MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 276KB - Virtual size: 275KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 13KB - Virtual size: 34KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.gfids
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.tls
Size: 512B - Virtual size: 9B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 9KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 96KB - Virtual size: 96KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

e68f6e06458f4914010d75d6c214598e

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

advapi32

shell32

ole32

oleaut32

bcrypt

crypt32

wldap32

ws2_32

Sections

.text Size: 6.6MB - Virtual size: 6.6MB

.rdata Size: 276KB - Virtual size: 275KB

.data Size: 13KB - Virtual size: 34KB

.gfids Size: 3KB - Virtual size: 2KB

.tls Size: 512B - Virtual size: 9B

.rsrc Size: 9KB - Virtual size: 9KB

.reloc Size: 96KB - Virtual size: 96KB

.text
Size: 6.6MB - Virtual size: 6.6MB

.rdata
Size: 276KB - Virtual size: 275KB

.data
Size: 13KB - Virtual size: 34KB

.gfids
Size: 3KB - Virtual size: 2KB

.tls
Size: 512B - Virtual size: 9B

.rsrc
Size: 9KB - Virtual size: 9KB

.reloc
Size: 96KB - Virtual size: 96KB