cabd11213ce74fdf9bc0abda91b8e22f18c2cba8708f1029ccdec90a7504c9d7

Sharing

Copy URL Twitter E-mail

General

Target

cabd11213ce74fdf9bc0abda91b8e22f18c2cba8708f1029ccdec90a7504c9d7
Size

103KB
MD5

b6c57e3979a6ed759af6fa39d9e24765
SHA1

1895762fd34e4a45a093780eceded747edaedd12
SHA256

cabd11213ce74fdf9bc0abda91b8e22f18c2cba8708f1029ccdec90a7504c9d7
SHA512

5e87a90112245b2f6c99f2ff1a4fa2b5d72c40cb1627b7d004c38087092a6ef9cd8f99a7c500f90951cee3833e309c9065a4fb6d905b47539a5e95a2799a1243
SSDEEP

3072:NICt9XX/Eakx5kZ8tmotU5sdDZqT2y7udyUA5dHGwRR+Nd:NICvPwkOYH597X7R

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
cabd11213ce74fdf9bc0abda91b8e22f18c2cba8708f1029ccdec90a7504c9d7

Files

cabd11213ce74fdf9bc0abda91b8e22f18c2cba8708f1029ccdec90a7504c9d7
.exe windows:6 windows x86 arch:x86

019eec513a911fa71fd512630a915679

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

C:\xampp\htdocs\1bd5ae345b6349e5bcb2cef9cccf9b90\Loader\Release\Loader.pdb

Imports

kernel32

lstrlenW
FileTimeToSystemTime
GetDateFormatW
MultiByteToWideChar
GetLocaleInfoW
DecodePointer
SetEndOfFile
GetConsoleCP
FlushFileBuffers
HeapSize
SetFilePointerEx
LCMapStringW
GetStringTypeW
SetStdHandle
FreeEnvironmentStringsW
GetEnvironmentStringsW
WideCharToMultiByte
GetCommandLineW
GetCommandLineA
GetCPInfo
GetOEMCP
HeapAlloc
IsValidCodePage
FindNextFileW
FormatMessageW
FindClose
ReadConsoleW
GetConsoleMode
ReadFile
GetFileType
GetModuleHandleExW
ExitProcess
GetModuleFileNameW
WriteFile
GetStdHandle
RaiseException
LoadLibraryExW
GetProcAddress
FreeLibrary
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
InitializeCriticalSectionAndSpinCount
DeleteCriticalSection
LeaveCriticalSection
EnterCriticalSection
RtlUnwind
TerminateProcess
GetCurrentProcess
GetModuleHandleW
WriteConsoleW
IsProcessorFeaturePresent
GetStartupInfoW
SetUnhandledExceptionFilter
VirtualAlloc
GetProcessHeap
HeapFree
FindFirstFileExW
SetLastError
GetLastError
CloseHandle
CreateFileW
HeapReAlloc
GetACP
QueryPerformanceCounter
GetCurrentProcessId
GetCurrentThreadId
GetSystemTimeAsFileTime
InitializeSListHead
IsDebuggerPresent
UnhandledExceptionFilter

pdh

PdhValidatePathA
PdhVbOpenQuery
PdhCloseQuery
PdhGetRawCounterValue
PdhVbCreateCounterPathList
PdhGetDefaultPerfObjectW
PdhVbGetOneCounterPath

odbc32

ord42
ord301
ord147
ord7
ord111
ord162
ord37
ord253

wsock32

ord1108
gethostbyname
ord1130
accept
WSACleanup
setsockopt
WSAAsyncGetHostByName
socket
ntohs

rtutils

TraceGetConsoleW
TracePrintfA
RouterAssert
LogEventA
TraceVprintfExA

mapi32

ord72
ord43
ord8
ord121
ord244
ord131
ord165
ord148
ord29

user32

LoadStringW

Sections

.text
Size: 71KB - Virtual size: 70KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 28KB - Virtual size: 27KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

019eec513a911fa71fd512630a915679

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

pdh

odbc32

wsock32

rtutils

mapi32

user32

Sections

.text Size: 71KB - Virtual size: 70KB

.rdata Size: 28KB - Virtual size: 27KB

.data Size: 3KB - Virtual size: 5KB

.text
Size: 71KB - Virtual size: 70KB

.rdata
Size: 28KB - Virtual size: 27KB

.data
Size: 3KB - Virtual size: 5KB