09f49fabd3d3d3dd96f18e7358a9d30e336194254e53a93aa28ee60b7416afec

Sharing

Copy URL Twitter E-mail

General

Target

09f49fabd3d3d3dd96f18e7358a9d30e336194254e53a93aa28ee60b7416afec
Size

4.5MB
MD5

cfa4e6f676a64b18412af804f51e27f9
SHA1

a30149510753ab5c7a26eca5a908d2be66a81183
SHA256

09f49fabd3d3d3dd96f18e7358a9d30e336194254e53a93aa28ee60b7416afec
SHA512

ed33beddbabd24b82986340c6020ab0e4835aff19b1c46eb695bace4b9ee37d418dc0189953a6b87739e3352fdccefb3d74cad8f389e58ddc241644665f69e36
SSDEEP

98304:EkpddkK8vBX5WPBFUTBtXVTbe3xLR2ssnGNEpdfZXh7H:EkpAtvB8PAUhdVON5h7

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
09f49fabd3d3d3dd96f18e7358a9d30e336194254e53a93aa28ee60b7416afec

Files

09f49fabd3d3d3dd96f18e7358a9d30e336194254e53a93aa28ee60b7416afec
.exe windows:6 windows x86 arch:x86

f18d2852beaa09e7309f4099aaf47d63

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

O:\webex-windows-plugin\output\bin\win32\Release\CiscoWebExStart.pdb

Imports

wintrust

WinVerifyTrust

imagehlp

ImageGetCertificateData
ImageEnumerateCertificates
ImageGetCertificateHeader

kernel32

OpenFileMappingW
FileTimeToLocalFileTime
GetSystemTimeAsFileTime
FileTimeToSystemTime
SystemTimeToFileTime
WritePrivateProfileStringW
GetSystemDefaultLangID
WritePrivateProfileSectionW
ResetEvent
CreateEventW
LCIDToLocaleName
OpenFileMappingA
lstrcmpiW
CreateMutexA
CompareFileTime
OpenMutexW
GetSystemDirectoryW
GetLogicalDriveStringsW
GlobalAlloc
CreateEventA
GetLocaleInfoW
WaitForMultipleObjects
GetCommandLineA
CreateDirectoryA
CreateFileA
DeleteFileA
FindFirstFileA
FindNextFileA
GetFileAttributesA
GetFileAttributesW
SetEndOfFile
SetFileAttributesA
SetFileAttributesW
SetFilePointerEx
GetTempPathA
GetTempFileNameA
OpenEventA
GetVersionExA
GetModuleFileNameA
GetModuleHandleA
LoadLibraryA
GetPrivateProfileIntA
GetPrivateProfileStringA
WritePrivateProfileStringA
CopyFileA
MoveFileExA
EnumSystemGeoID
QueryDosDeviceW
OutputDebugStringW
QueryPerformanceCounter
QueryPerformanceFrequency
GetLocalTime
VirtualQuery
FlushViewOfFile
OpenFile
GetOEMCP
AreFileApisANSI
TryEnterCriticalSection
HeapCreate
GetFullPathNameW
GetDiskFreeSpaceW
OutputDebugStringA
LockFile
GetFullPathNameA
UnlockFileEx
HeapValidate
GetDiskFreeSpaceA
WaitForSingleObjectEx
GetSystemInfo
CreateFileMappingW
UnlockFile
LockFileEx
GetSystemTime
FlushFileBuffers
InitOnceBeginInitialize
TerminateThread
WriteConsoleW
SetStdHandle
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetACP
IsValidCodePage
EnumSystemLocalesW
GetUserDefaultLCID
IsValidLocale
GetTimeFormatW
GetDateFormatW
GetFileSizeEx
GetConsoleOutputCP
ReadConsoleW
GetConsoleMode
GetFileType
ExitProcess
GetTimeZoneInformation
GetModuleHandleExW
ExitThread
RtlUnwind
UnregisterWaitEx
QueryDepthSList
InterlockedFlushSList
ReleaseSemaphore
DuplicateHandle
VirtualProtect
LoadLibraryExW
FreeLibraryAndExitThread
GetThreadTimes
UnregisterWait
RegisterWaitForSingleObject
SetThreadAffinityMask
GetProcessAffinityMask
GetNumaHighestNodeNumber
DeleteTimerQueueTimer
ChangeTimerQueueTimer
CreateTimerQueueTimer
GetLogicalProcessorInformation
GetThreadPriority
SetThreadPriority
SignalObjectAndWait
CreateTimerQueue
InitOnceComplete
SwitchToThread
GetExitCodeThread
FindFirstFileExW
GetFileInformationByHandle
GetStartupInfoW
ReleaseMutex
InitializeCriticalSection
GlobalFree
SetUnhandledExceptionFilter
FormatMessageW
lstrcmpW
lstrcmpiA
MoveFileExW
CopyFileW
GetTempPathW
RemoveDirectoryW
GetTempFileNameW
GetFileAttributesExW
GetDriveTypeW
FindNextFileW
FindFirstFileW
FindClose
DeleteFileW
CreateDirectoryW
GetPrivateProfileStringW
GetPrivateProfileIntW
lstrlenW
lstrlenA
Process32NextW
Process32FirstW
CreateToolhelp32Snapshot
GetUserGeoID
GetGeoInfoW
LoadLibraryW
GetProcAddress
GetModuleHandleW
FreeLibrary
IsProcessInJob
GetVersionExW
OpenProcess
GetProcessId
CreateProcessW
GetCurrentThread
TerminateProcess
GetCurrentProcess
IsDebuggerPresent
GetLongPathNameW
SetEnvironmentVariableW
GetEnvironmentVariableW
CreateFileMappingA
UnmapViewOfFile
MapViewOfFile
MultiByteToWideChar
FormatMessageA
GetModuleFileNameW
Sleep
CreateThread
WaitForSingleObject
WriteFile
WideCharToMultiByte
FindResourceW
SizeofResource
LockResource
LoadResource
FindResourceExW
GetStdHandle
OpenEventW
SetEvent
SetFilePointer
ReadFile
GetFileSize
CreateFileW
IsBadReadPtr
LocalFree
GetCurrentThreadId
CreateMutexW
LeaveCriticalSection
EnterCriticalSection
SetLastError
CloseHandle
UnhandledExceptionFilter
LoadLibraryExA
VirtualFree
VirtualAlloc
IsProcessorFeaturePresent
FlushInstructionCache
InterlockedPushEntrySList
InterlockedPopEntrySList
InitializeSListHead
LCMapStringW
GetCommandLineW
GetTickCount
CompareStringW
GetCurrentProcessId
DeleteCriticalSection
InitializeCriticalSectionEx
GetProcessHeap
HeapSize
HeapFree
HeapReAlloc
HeapAlloc
HeapDestroy
GetLastError
RaiseException
DecodePointer
WritePrivateProfileStructW
GetWindowsDirectoryW
HeapCompact
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
InitializeCriticalSectionAndSpinCount
GetCPInfo
EncodePointer
GetStringTypeW

user32

GetClassInfoExW
CreateWindowExW
GetDesktopWindow
LoadCursorW
GetShellWindow
GetWindowThreadProcessId
PeekMessageW
SendMessageW
DispatchMessageW
SetTimer
GetForegroundWindow
PostThreadMessageW
LoadStringW
SendMessageTimeoutA
GetPropA
MessageBoxW
ShowWindow
TranslateMessage
RegisterClassExW
GetWindowTextW
GetMessageW
SetWindowLongW
GetWindowLongW
DestroyWindow
IsWindow
CallWindowProcW
PostQuitMessage
DefWindowProcW
PostMessageW
GetPropW
MoveWindow
FindWindowExW
FindWindowExA
IsWindowVisible
SetWindowPos
SendMessageA
RegisterClassW
RegisterWindowMessageW
WaitForInputIdle
GetMonitorInfoW
MonitorFromWindow
GetWindowRect
SetWindowTextW
GetSystemMetrics
GetDlgItem
CreateDialogIndirectParamW
UnregisterClassW

shell32

SHGetPathFromIDListW
SHGetSpecialFolderLocation
ShellExecuteExA
SHFileOperationW
ShellExecuteExW
CommandLineToArgvW
SHGetPathFromIDListA

ole32

CoInitialize
CoCreateGuid
CoTaskMemFree
CoCreateInstance
CoUninitialize

advapi32

CryptGetUserKey
StartServiceW
QueryServiceStatus
OpenServiceW
OpenSCManagerW
CloseServiceHandle
ConvertStringSecurityDescriptorToSecurityDescriptorW
CreateProcessAsUserW
OpenProcessToken
OpenThreadToken
AllocateAndInitializeSid
DuplicateTokenEx
EqualSid
FreeSid
GetLengthSid
GetSecurityDescriptorSacl
GetSidSubAuthority
GetSidSubAuthorityCount
ConvertSidToStringSidW
RegDeleteTreeW
RegDeleteTreeA
RegSetValueExW
RegSetValueExA
RegSetValueW
RegSetValueA
RegQueryValueExA
RegQueryValueW
RegQueryValueA
RegQueryInfoKeyW
RegQueryInfoKeyA
RegOpenKeyExA
RegOpenKeyA
RegFlushKey
RegEnumValueW
RegEnumValueA
RegEnumKeyExA
RegDeleteValueW
RegDeleteValueA
RegDeleteKeyW
RegDeleteKeyA
RegCreateKeyExW
RegCreateKeyExA
RegCreateKeyW
RegCreateKeyA
CryptDestroyKey
CryptEncrypt
CryptDecrypt
CryptExportKey
CryptDeriveKey
CryptImportKey
LookupAccountSidW
CryptGenKey
GetUserNameW
GetNamedSecurityInfoW
CryptDestroyHash
CryptHashData
CryptCreateHash
CryptGetHashParam
CryptReleaseContext
CryptAcquireContextW
RegEnumKeyExW
RevertToSelf
MapGenericMask
ImpersonateSelf
GetFileSecurityW
AccessCheck
SetNamedSecurityInfoW
RegQueryValueExW
RegOpenKeyExW
RegOpenKeyW
RegCloseKey
CreateProcessWithTokenW
SetTokenInformation
SetFileSecurityW
GetTokenInformation

shlwapi

PathCanonicalizeA
PathBuildRootW
PathFileExistsW
PathGetDriveNumberW
PathFileExistsA
SHDeleteKeyA
SHDeleteKeyW
PathAppendW
StrChrIW

comctl32

InitCommonControlsEx

urlmon

CoInternetParseUrl
ObtainUserAgentString

authz

AuthzFreeContext
AuthzInitializeContextFromToken
AuthzAccessCheck
AuthzInitializeResourceManager
AuthzFreeResourceManager

crypt32

CertFreeCertificateContext
CertComparePublicKeyInfo
CertGetNameStringW
CryptVerifyMessageSignature
CertGetCertificateChain
CertFreeCertificateChain
CertVerifyCertificateChainPolicy
CryptUnprotectData
CryptProtectData

version

GetFileVersionInfoSizeW
GetFileVersionInfoW
VerQueryValueW
GetFileVersionInfoSizeA
GetFileVersionInfoA
VerQueryValueA

wininet

HttpAddRequestHeadersW
HttpQueryInfoW
InternetQueryOptionW
HttpQueryInfoA
InternetQueryOptionA
HttpOpenRequestA
InternetErrorDlg
InternetCrackUrlA
InternetSetOptionA
InternetOpenA
InternetCloseHandle
HttpSendRequestA
InternetConnectA
HttpSendRequestW
HttpOpenRequestW
InternetReadFileExW
InternetReadFileExA
InternetConnectW
InternetOpenW
InternetCrackUrlW
InternetReadFile
InternetSetOptionW

winspool.drv

GetPrinterDriverDirectoryW

Sections

.text
Size: 3.0MB - Virtual size: 3.0MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 654KB - Virtual size: 653KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 120KB - Virtual size: 140KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 566KB - Virtual size: 565KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 228KB - Virtual size: 232KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

f18d2852beaa09e7309f4099aaf47d63

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

wintrust

imagehlp

kernel32

user32

shell32

ole32

advapi32

shlwapi

comctl32

urlmon

authz

crypt32

version

wininet

winspool.drv

Sections

.text Size: 3.0MB - Virtual size: 3.0MB

.rdata Size: 654KB - Virtual size: 653KB

.data Size: 120KB - Virtual size: 140KB

.rsrc Size: 566KB - Virtual size: 565KB

.reloc Size: 228KB - Virtual size: 232KB

.text
Size: 3.0MB - Virtual size: 3.0MB

.rdata
Size: 654KB - Virtual size: 653KB

.data
Size: 120KB - Virtual size: 140KB

.rsrc
Size: 566KB - Virtual size: 565KB

.reloc
Size: 228KB - Virtual size: 232KB