ca6936827ec6be897edb7a3b99eb53075ef1d8c5851d06f0e45d8766ee77dfd1

Sharing

Copy URL Twitter E-mail

General

Target

ca6936827ec6be897edb7a3b99eb53075ef1d8c5851d06f0e45d8766ee77dfd1
Size

162KB
MD5

9a638da427f593e221831f8f2697bae0
SHA1

04a886cf51d613f7b0b8327b70fa209fa4690cff
SHA256

ca6936827ec6be897edb7a3b99eb53075ef1d8c5851d06f0e45d8766ee77dfd1
SHA512

d2233bbbe616c82588871d1de3fa800e3bbaa502078bb9ff693516dec2c3d38a111c9316f4027ddf11a3df69e88f21551026a456212df84147ff1879c41c94f4
SSDEEP

3072:g1w+mBKadrJNiOQ+FqfW3a56+BxKSOeUcTNXfn1F/pFE:g1s5liV+3fSKkU8RFE

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
ca6936827ec6be897edb7a3b99eb53075ef1d8c5851d06f0e45d8766ee77dfd1

Files

ca6936827ec6be897edb7a3b99eb53075ef1d8c5851d06f0e45d8766ee77dfd1
.dll windows:6 windows x86 arch:x86

8f04d8c4cfa28e80c5950a53951e3f79

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

customact.pdb

Imports

kernel32

FormatMessageW
GetLastError
OutputDebugStringW
LocalFree
CompareStringW
SetLastError
EnterCriticalSection
GetModuleFileNameW
LeaveCriticalSection
InitializeCriticalSection
GetCurrentThread
LoadLibraryW
GetProcAddress
DeleteCriticalSection
LCMapStringW
GetModuleHandleW
GetThreadTimes
VirtualQuery
WriteConsoleW
CloseHandle
CreateFileW
SetFilePointerEx
GetConsoleMode
GetConsoleCP
WriteFile
FlushFileBuffers
SetStdHandle
HeapReAlloc
HeapSize
GetStringTypeW
GetFileType
GetStdHandle
GetProcessHeap
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
IsProcessorFeaturePresent
IsDebuggerPresent
GetStartupInfoW
QueryPerformanceCounter
GetCurrentProcessId
GetCurrentThreadId
GetSystemTimeAsFileTime
RtlUnwind
RaiseException
InitializeCriticalSectionAndSpinCount
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
FreeLibrary
LoadLibraryExW
ExitProcess
HeapFree
HeapAlloc
FindClose
FindFirstFileExW
FindNextFileW
IsValidCodePage
GetACP
GetOEMCP
GetCPInfo
GetCommandLineA
GetCommandLineW
MultiByteToWideChar
WideCharToMultiByte
GetEnvironmentStringsW
FreeEnvironmentStringsW

shell32

ShellExecuteExW

ole32

CoCreateInstance
OleRun
CoUninitialize
CoInitialize

msi

ord125
ord121
ord8
ord34
ord51
ord160
ord32
ord145
ord58
ord49
ord139
ord103
ord118
ord74
ord159
ord47
ord17

Exports

Exports

LaunchShortcut
RestoreShortcutProps
SaveShortcutProps
UpdateFeatureState

Sections

.text
Size: 115KB - Virtual size: 114KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 35KB - Virtual size: 34KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 888B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 7KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

8f04d8c4cfa28e80c5950a53951e3f79

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

shell32

ole32

msi

Exports

Exports

Sections

.text Size: 115KB - Virtual size: 114KB

.rdata Size: 35KB - Virtual size: 34KB

.data Size: 3KB - Virtual size: 5KB

.rsrc Size: 1024B - Virtual size: 888B

.reloc Size: 7KB - Virtual size: 7KB

.text
Size: 115KB - Virtual size: 114KB

.rdata
Size: 35KB - Virtual size: 34KB

.data
Size: 3KB - Virtual size: 5KB

.rsrc
Size: 1024B - Virtual size: 888B

.reloc
Size: 7KB - Virtual size: 7KB