7c89cb4605246bd926b6e4436d6efd64c0c8a621dfdc251d0c03d4c9c301e878

Sharing

Copy URL Twitter E-mail

General

Target

7c89cb4605246bd926b6e4436d6efd64c0c8a621dfdc251d0c03d4c9c301e878
Size

280KB
MD5

7d0f8e26d5c24f488d57487a5431f624
SHA1

07dde3f400897d8d9f82c0f876841048722b9c83
SHA256

7c89cb4605246bd926b6e4436d6efd64c0c8a621dfdc251d0c03d4c9c301e878
SHA512

5020ddf0bc86d7f2e514cee91c9729a9ec2b45a2c98050fc20f160ae0e10aaf52dfb1b43e56062fbd4b4f542a2cec5a6fecd9d282bbf65a218fe26715283c7d3
SSDEEP

6144:YmQVxEHGkWLjply5RuppWCM9b43xZ+cE6tn:hQVxEHGkcjm5Rufi8BZ+cD

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
7c89cb4605246bd926b6e4436d6efd64c0c8a621dfdc251d0c03d4c9c301e878

Files

7c89cb4605246bd926b6e4436d6efd64c0c8a621dfdc251d0c03d4c9c301e878
.exe windows:4 windows x86 arch:x86

f4ec8bb7dc49a3ccf3a402d31d331b9d

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

r:\pro666\freezer\lex7-0959\_bin_\wksipurl-1-UMT.pdb

Imports

kernel32

GetCommandLineW
LocalFree
GetModuleFileNameW
FlushFileBuffers
CreateFileA
WriteConsoleW
GetConsoleOutputCP
TlsAlloc
TlsFree
TlsGetValue
TlsSetValue
InitializeCriticalSection
LeaveCriticalSection
EnterCriticalSection
GetCurrentThreadId
OutputDebugStringA
OutputDebugStringW
DeleteCriticalSection
CloseHandle
OpenMutexW
WaitForSingleObject
CreateEventW
MapViewOfFile
OpenFileMappingW
OpenEventW
UnmapViewOfFile
CreateProcessW
GetLastError
MultiByteToWideChar
WideCharToMultiByte
InterlockedIncrement
InterlockedDecrement
InterlockedCompareExchange
InterlockedExchange
Sleep
HeapFree
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
RaiseException
RtlUnwind
GetVersionExA
HeapAlloc
GetProcessHeap
GetStartupInfoW
HeapReAlloc
LCMapStringA
LCMapStringW
GetCPInfo
GetStringTypeA
GetStringTypeW
HeapDestroy
HeapCreate
VirtualFree
VirtualAlloc
WriteFile
GetStdHandle
GetModuleFileNameA
GetModuleHandleA
GetProcAddress
SetLastError
GetACP
GetOEMCP
IsValidCodePage
ExitProcess
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineA
SetHandleCount
GetFileType
GetStartupInfoA
QueryPerformanceCounter
GetCurrentProcessId
GetSystemTimeAsFileTime
VirtualQuery
HeapSize
GetLocaleInfoA
GetUserDefaultLCID
EnumSystemLocalesA
IsValidLocale
LoadLibraryA
GetLocaleInfoW
SetFilePointer
GetConsoleCP
GetConsoleMode
SetStdHandle
WriteConsoleA
GetTickCount

shell32

CommandLineToArgvW

rpcrt4

RpcMgmtIsServerListening
RpcEpResolveBinding
NdrClientCall2
RpcBindingFree
RpcStringBindingComposeW
RpcBindingFromStringBindingW
UuidCreate
UuidToStringW
UuidFromStringW
RpcStringFreeW

shlwapi

UrlUnescapeA
SHDeleteKeyW

user32

SetActiveWindow
BringWindowToTop
SetForegroundWindow
SetFocus
ShowWindow

advapi32

RegSetValueExW
RegEnumValueW
RegQueryInfoKeyW
RegOpenKeyExW
RegEnumKeyExW
RegCreateKeyExW
RegCloseKey

Sections

.text
Size: 220KB - Virtual size: 219KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 36KB - Virtual size: 32KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 8KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

f4ec8bb7dc49a3ccf3a402d31d331b9d

Headers

File Characteristics

PDB Paths

Imports

kernel32

shell32

rpcrt4

shlwapi

user32

advapi32

Sections

.text Size: 220KB - Virtual size: 219KB

.rdata Size: 36KB - Virtual size: 32KB

.data Size: 12KB - Virtual size: 17KB

.rsrc Size: 8KB - Virtual size: 4KB

.text
Size: 220KB - Virtual size: 219KB

.rdata
Size: 36KB - Virtual size: 32KB

.data
Size: 12KB - Virtual size: 17KB

.rsrc
Size: 8KB - Virtual size: 4KB