c633260c9a0aa2dff3aaa5324e248473419cc751fb659a13a919fbd5f8d49206

Sharing

Copy URL Twitter E-mail

General

Target

c633260c9a0aa2dff3aaa5324e248473419cc751fb659a13a919fbd5f8d49206
Size

353KB
MD5

97a4243be07ad6b18a4cfbdc29ce77d8
SHA1

2bd2dac25ffe3747e3ff5adb277c1276832fc697
SHA256

c633260c9a0aa2dff3aaa5324e248473419cc751fb659a13a919fbd5f8d49206
SHA512

9ee548f9fd6a9a33719c3742104c153ab7e6c04c6862d69c9ae1eaea607a1b86519df80c21111dde17f7dd541955daac092cc81adc2c195348f1b6ac300767e1
SSDEEP

3072:yIFN/UC6cQBOKKKK/S5ixvgzty/qMOY0z+QyX08cQ5zbHXLU4qPM3d0555QuuZZ3:ICoBOKKKKhQtpP+TbbrZZDESz

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
c633260c9a0aa2dff3aaa5324e248473419cc751fb659a13a919fbd5f8d49206

Files

c633260c9a0aa2dff3aaa5324e248473419cc751fb659a13a919fbd5f8d49206
.exe windows:1 windows x86 arch:x86

bb92b2b99a034aff2ece28ad1e7cb0f2

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Imports

clarun

Cla$ACCEPTED
Cla$ADDqueue
Cla$ALERT
Cla$BEEP
Cla$CHOICE
Cla$CLEAR
Cla$clearstr
Cla$CLOCK
Cla$code
Cla$comparestr
Cla$DecDistinct
Cla$DELETEqueue
Cla$DISPLAY
Cla$DPushLong
Cla$duplicate
Cla$ERRORCODE
Cla$EVENT
Cla$FIELD
Cla$FILE_ADDf
Cla$FILE_CLOSE
Cla$FILE_NEXT
Cla$FILE_PUTf
Cla$FILE_SETkk
Cla$FOCUS
Cla$FREEqueue
Cla$FREEqueuea
Cla$FreeUfo
Cla$freewindow
Cla$GetPropS
Cla$GETqueueptr
Cla$HIDE
Cla$init
Cla$KEYCODE
Cla$loadbtdate
Cla$loadbttime
Cla$Mem2Ufo
Cla$MessageBox
Cla$PopCString
Cla$PopString
Cla$PushCString
Cla$PushLong
Cla$PushPictDec
Cla$PushString
Cla$pwopen
Cla$RECORDSqueue
Cla$SELECT
Cla$SetPropF
Cla$SetPropS
Cla$Stack2DStack
Cla$StackCLIP
Cla$StackConcat
Cla$StackConcatR
Cla$StackErrstr
Cla$StackLen
Cla$STACKpop
Cla$storebtdate
Cla$storebttime
Cla$storecstr
Cla$storestr
Cla$TODAY
Cla$UNHIDE
THR$GetInstance
VIEWDRIVER
_exit
_free
_malloc
__sysinit
__sysstart

kernel32

GetComputerNameA

s6comn

GETNEXTCOSEQUENCE@FSBSBUC
HCTIMESTAMP@FLL
S6COMN:INIT@F10ERRORCLASS8INICLASS
S6COMN:KILL@F

s6data

$ACCESS:LOCATIONS
$ACCESS:QSERVICELOCATION
$ACCESS:QSERVICETYPE
$ACCESS:WORKSTATIONS
$FRGLO:PROCEDUREQUEUE
$FRGLO:WORKSTATIONID
$FRGLO:WORKSTATIONIDSIZE
$GLOBALREQUEST
$GLOBALRESPONSE
$GLOCOMPANYID
$GLOFLAGSPD
$GLOINIWORKSTATIONID
$GLOLOCATIONNET
$OSK:NoKeyboard
$QSERVICELOCATION
$QSERVICETRANSACTIONS
$RELATE:COMPANIES
$RELATE:QSERVICELOCATION
$RELATE:QSERVICETRANSACTIONS
$RELATE:QSERVICETYPE
$RELATE:SERVERS
$RESULTREQDETAIL
$VCRREQUEST
ADDITEM@F13WINDOWMANAGER12TOOLBARCLASS
ASK@F13WINDOWMANAGER
CHANGEACTION@F13WINDOWMANAGER
CONSTRUCT@F10ERRORCLASS
CONSTRUCT@F10FUZZYCLASS
CONSTRUCT@F16ERRORSTATUSCLASS
CONSTRUCT@F8INICLASS
DELETEACTION@F13WINDOWMANAGER
DESTRUCT@F16ERRORSTATUSCLASS
FETCH@F8INICLASSsbsbRu
GETINISAIL@F
GETINISAILDB@F
INIT@F10ERRORCLASS16ERRORSTATUSCLASS
INIT@F10FUZZYCLASS
INIT@F13WINDOWMANAGER
INIT@F8INICLASSsb
INIT@F8INICLASSsbll
INSERTACTION@F13WINDOWMANAGER
KILL@F10FUZZYCLASS
KILL@F13WINDOWMANAGER
KILL@F8INICLASS
LOCATIONS$LOC:BYLOCATION
LOCATIONS$LOC:RECORD
OPEN@F13WINDOWMANAGER
OPEN@F13WINDOWMANAGERBwBw
PRIMEFIELDS@F13WINDOWMANAGER
PRIMEUPDATE@F13WINDOWMANAGER
PROCEDURES$PRO:BYPROCEDURE
QSERVICELOCATION$QSL:BYLOCSVCTYPE
QSERVICELOCATION$QSL:RECORD
QSERVICELOCATION$TYPE$QSL:RECORD
QSERVICETRANSACTIONS$QSX:RECORD
QSERVICETRANSACTIONS$TYPE$QSX:RECORD
QSERVICETYPE$QST:BYTYPE
QSERVICETYPE$QST:RECORD
QSERVICETYPE$TYPE$QST:RECORD
RESET@F13WINDOWMANAGERUc
RESTOREFIELD@F13WINDOWMANAGERl
RUN@F13WINDOWMANAGER
RUN@F13WINDOWMANAGERUsUc
S6DATA:INIT@F10ERRORCLASS8INICLASS
S6DATA:KILL@F
SAILMESSAGE@FL
SAVEONCHANGEACTION@F13WINDOWMANAGER
SAVEONINSERTACTION@F13WINDOWMANAGER
SETALERTS@F13WINDOWMANAGER
SETCOMPANYPATH@F
SETOPENRELATED@F15RELATIONMANAGER
SETOPTION@F10FUZZYCLASSUcUc
SETPROCEDURENAME@F10ERRORCLASSOsb
SETRESPONSE@F13WINDOWMANAGERUc
TAKEACCEPTED@F13WINDOWMANAGER
TAKECLOSEEVENT@F13WINDOWMANAGER
TAKECOMPLETED@F13WINDOWMANAGER
TAKEDISABLEBUTTON@F13WINDOWMANAGERlUc
TAKEEVENT@F13WINDOWMANAGER
TAKEFIELDEVENT@F13WINDOWMANAGER
TAKENEWSELECTION@F13WINDOWMANAGER
TAKENOTIFY@F13WINDOWMANAGERlll
TAKEREJECTED@F13WINDOWMANAGER
TAKESELECTED@F13WINDOWMANAGER
TAKEWINDOWEVENT@F13WINDOWMANAGER
TCB$FRGLO:PROCEDUREQUEUE
TCB$FRGLO:QUEUE_BUFFER
TYPE$INICLASS
TYPE$TOOLBARCLASS
UPDATE@F13WINDOWMANAGER
UPDATE@F8INICLASSsbsbsb
VMT$ERRORCLASS
VMT$ERRORSTATUSCLASS
VMT$FUZZYCLASS
VMT$INICLASS
VMT$TOOLBARCLASS
WORKSTATIONS$WOR:BYWORKSTATION
WORKSTATIONS$WOR:RECORD

s6prnt

S6PRNT:INIT@F10ERRORCLASS8INICLASS
S6PRNT:KILL@F
SUBMITPRINT@FSBLOL

Sections

.text
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.cwtls
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 6KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 333KB - Virtual size: 333KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

bb92b2b99a034aff2ece28ad1e7cb0f2

Headers

File Characteristics

Imports

clarun

kernel32

s6comn

s6data

s6prnt

Sections

.text Size: 8KB - Virtual size: 7KB

.data Size: 2KB - Virtual size: 8KB

.cwtls Size: 512B - Virtual size: 4KB

.idata Size: 6KB - Virtual size: 5KB

.rsrc Size: 333KB - Virtual size: 333KB

.reloc Size: 1KB - Virtual size: 1KB

.text
Size: 8KB - Virtual size: 7KB

.data
Size: 2KB - Virtual size: 8KB

.cwtls
Size: 512B - Virtual size: 4KB

.idata
Size: 6KB - Virtual size: 5KB

.rsrc
Size: 333KB - Virtual size: 333KB

.reloc
Size: 1KB - Virtual size: 1KB