5c60b8cfa65c3381ace7969a0e2cec80f13dc8876b1ac88aa3beed9dec037472

Sharing

Copy URL Twitter E-mail

General

Target

5c60b8cfa65c3381ace7969a0e2cec80f13dc8876b1ac88aa3beed9dec037472
Size

311KB
MD5

e653584e3a1f4b388aaa3785a008ced9
SHA1

df31bfeb1923486ea8e11a3a33f831450eb18267
SHA256

5c60b8cfa65c3381ace7969a0e2cec80f13dc8876b1ac88aa3beed9dec037472
SHA512

8aa4d84ac7174178e868b41b263e3f466203cf9cf4f56a2602b80baf79b3296cf08dfc1d2725a8ab84e9090e0563ce22b1f1d6d6cc2f7b432277734c525cdf8a
SSDEEP

6144:kiblCpQkBWpU8eQdGHO8XnJ/24JVhYhY0zDzzv/Bxwszzv/BxSV:k7WpU8JYpZOWQxfZxwaZxSV

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
5c60b8cfa65c3381ace7969a0e2cec80f13dc8876b1ac88aa3beed9dec037472

Files

5c60b8cfa65c3381ace7969a0e2cec80f13dc8876b1ac88aa3beed9dec037472
.exe windows:1 windows x86 arch:x86

7e6e3c3a9305b83ad7557b14282daab9

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Imports

advapi32

DeregisterEventSource
GetUserNameA
RegisterEventSourceA
ReportEventW

c5cript

Descriptografa

c60ascx

ASCII

c60dosx

DOS

c60runx

Cla$ACCEPTED
Cla$ADDqueuekey
Cla$ADDqueueptr
Cla$ALERT
Cla$CLEAR
Cla$ClearBString
Cla$CLEARqueue
Cla$clearstr
Cla$CLOCK
Cla$CLOSEwindow
Cla$code
Cla$COMMAND
Cla$comparestr
Cla$CopyFile
Cla$crc32
Cla$DecAdd
Cla$DecCompareN
Cla$DecDistinct
Cla$DecDistinctR
Cla$DecDivide
Cla$DecDivideR
Cla$DecMul
Cla$DecSub
Cla$DecSubR
Cla$DELETEqueue
Cla$DISPLAY
Cla$DISPOSEqueue
Cla$DISPOSEref
Cla$DPopDec
Cla$DPopLong
Cla$DPopReal
Cla$DPushConstant
Cla$DPushDec
Cla$DPushLong
Cla$DPushReal
Cla$DPushULong
Cla$DRound
Cla$DStack2Stack
Cla$EndEventLoop
Cla$ERRORCODE
Cla$EVENT
Cla$FileExists
Cla$FILE_ADDf
Cla$FILE_ADDfu
Cla$FILE_CLOSE
Cla$FILE_CREATE
CLA$FILE_DESTROY
Cla$FILE_GETfk
Cla$FILE_GETfl
Cla$FILE_NEXT
Cla$FILE_OPEN
Cla$FILE_PUTf
Cla$FILE_PUTfl
Cla$FILE_SETf
Cla$FILE_SETfl
Cla$FILE_SET_PROPERTY
Cla$FILE_SHARE
Cla$FreeBStringTmp
Cla$FREEqueue
Cla$FREEqueuea
Cla$freestr
Cla$FreeUfo
Cla$freewindow
Cla$GETINI
Cla$GetPropS
Cla$GETqueuekey
Cla$GETqueueptr
Cla$GETREG
Cla$HALT
Cla$HELP
Cla$init
Cla$KEYCODE
Cla$LFNDIRECTORY
Cla$loadbtdate
Cla$loadbttime
Cla$loaddec
Cla$LONGPATH
Cla$MakeAString
Cla$Mem2Ufo
Cla$MessageBox
Cla$MONTH
Cla$NewCriticalSection
Cla$NewMemT
Cla$NewMemZ
Cla$NEWqueue
Cla$OPENwindow
Cla$paopen
Cla$PopAString
Cla$PopCString
Cla$PopReal
Cla$PopString
Cla$PopTemp
Cla$POST
Cla$PushAString
Cla$PushBString
Cla$PushCString
Cla$PushLong
Cla$PushPictDec
Cla$PushPictLong
Cla$PushReal
Cla$PushString
Cla$PushUfo
Cla$PushVariant
Cla$PUTINI
Cla$PUTqueue
Cla$PUTREG
Cla$pwopen
Cla$RANDOM
Cla$realdistinct
Cla$RECORDSqueue
Cla$RemoveFile
Cla$rterr
Cla$SELECT
Cla$SETCLIPBOARD
Cla$SETCURSOR
Cla$SETKEYCODE
Cla$SETPATH
Cla$SetPropS
Cla$SetPropV
Cla$SETTARGET
Cla$SHORTPATH
Cla$SORTqueuekey
Cla$Stack2BString
Cla$Stack2DStack
Cla$StackALL
Cla$StackCLIP
Cla$StackCompare
Cla$StackCompareN
Cla$StackCompareNEQ
Cla$StackCompareR
Cla$StackConcat
Cla$StackConcatR
Cla$StackDEFORMAT
Cla$StackErrstr
Cla$StackHeap
Cla$StackINSTRING
Cla$StackLEFT
Cla$StackLen
Cla$StackLOWER
Cla$StackRotate
Cla$StackSUB
Cla$StackUPPER
Cla$START
Cla$StartEventLoop
Cla$StashBP
Cla$storebtdate
Cla$storebttime
Cla$storecstr
Cla$storedec
Cla$storestr
Cla$THREAD
Cla$THREAD_FILE
Cla$TODAY
Cla$WHATqueue
Cla$WHOqueue
Cla$YEAR
THR$GetInstance
Wsl$CloseDown
_exit
_free
_malloc
_memcpy
_mkdir
__sysinit
__sysstart

c60tpsx

TOPSPEED

cwhh60

Init@F11tagHTMLHelpsbl
Kill@F11tagHTMLHelp
SetTopic@F11TAGHTMLHELPsb
TYPE$tagHTMLHelp
VMT$tagHTMLHelp

gdi32

CreateSolidBrush
DeleteObject

iqxml

XML:FINDNEXTNODE@FsbOsbOsbOsbOsbOUc
XML:FREE@F
XML:GOTOTOP@F
XML:LOADFROMFILE@FsbOUcOUcOlOUc
XML:LOADQUEUE@FBqOUcOUcOUcOlOUc

kernel32

CloseHandle
CreateFileMappingA
FindClose
FindFirstFileA
FormatMessageA
FreeLibrary
GetEnvironmentVariableA
GetLastError
GetProcAddress
GetProcessHeap
GetVolumeInformationA
HeapFree
LoadLibraryA
MapViewOfFile
OpenFile
OpenFileMappingA
OutputDebugStringA
ReadFile
SearchPathA
SetLastError
Sleep
SleepEx
UnmapViewOfFile
WriteFile

ole32

CoCreateGuid
StringFromGUID2

s6odbcx

ds_Allowed
ds_CloseTables
ds_CurrentLogin
ds_LicenceOk
ds_LoginText
ds_Logout
ds_SecwinMessage
ds_SetAccess
ds_SetDatabase
ds_SetDefaultFont
ds_SetPath
ds_SetSuperUser
ds_UseLicence
ds_UsersEx

shell32

ShellExecuteA

user32

GetForegroundWindow
GetWindow
GetWindowTextA
SendMessageA
SetClassLongA

wbibf

WBIBF:INIT@F10ERRORCLASS8INICLASS
WBIBF:KILL@F

wfifu

WFIFU:INIT@F10ERRORCLASS8INICLASS
WFIFU:KILL@F

wfinc

WFINC:INIT@F10ERRORCLASS8INICLASS
WFINC:KILL@F

wglob

$AppNameDesc
$AppNumQueue
$CLCLIENT
$CLTRANSP
$CPCTDESP
$DUMMYLONG
$DUMMYREAL
$DUMMYSTRING
$ESTANQUE
$FIFILIAL
$FILIVROFIS
$FTCODFIS
$FTNATOPE
$GLO:DADOS_OVER01
$GLO:DADOS_OVER12
$GLO:DADOS_OVER18
$GLO:DADOS_OVER19
$GLO:FONTE_GOL
$GLO:PORTAOUT
$GLO:SISTEMA
$GLOBALREQUEST
$GLOBALRESPONSE
$PCDESCCOMB
$PCNFCAPA
$PCNFCUPOM
$PCNFDUPL
$PCNFITEM
$PCPROFOR
$PDPRODUT
$RELATE:CONTROLE
$RELATE:PDPRODUT
$TBEMBALAGEM
$TBNCM
$TBPAIS
$TBTIPDOC
$VCRREQUEST
ADDITEM@F13WINDOWMANAGER12TOOLBARCLASS
ASK@F13WINDOWMANAGER
CARREGACONTROLE@F
CARREGAEMPRESA@F
CHANGEACTION@F13WINDOWMANAGER
CHECKERRO@Fsbsb
CLCLIENT$CLI:KCODIGO
CLCLIENT$CLI:RECORD
CLCLIENT$TYPE$CLI:RECORD
CONSTRUCT@F10ERRORCLASS
CONSTRUCT@F10FUZZYCLASS
CONSTRUCT@F16ERRORSTATUSCLASS
CONSTRUCT@F8INICLASS
DELETEACTION@F13WINDOWMANAGER
DESTRUCT@F16ERRORSTATUSCLASS
DUMMYLONG$DUL:RECORD
DUMMYSTRING$DUS:RECORD
FETCH@F8INICLASSsbBw
FIFILIAL$FIL:KCODIGO
FIFILIAL$FIL:RECORD
FILIVROFIS$FLF:KFILIAL
FILIVROFIS$FLF:RECORD
INIT@F10ERRORCLASS16ERRORSTATUSCLASS
INIT@F10FUZZYCLASS
INIT@F13WINDOWMANAGER
INIT@F8INICLASSsbll
INSERTACTION@F13WINDOWMANAGER
KILL@F10FUZZYCLASS
KILL@F13WINDOWMANAGER
KILL@F8INICLASS
MONTACODIGO_CLIPRO@Fsb
OPEN@F13WINDOWMANAGER
OPEN@F13WINDOWMANAGERBwBw
PCDESCCOMB$NDC:PK_NFI_UID
PCDESCCOMB$NDC:RECORD
PCDESCCOMB$TYPE$NDC:RECORD
PCNFCAPA$NFC:KNF
PCNFCAPA$NFC:PK_NFC_UID
PCNFCAPA$NFC:RECORD
PCNFDUPL$NFD:RECORD
PCNFITEM$NFI:PK_NFI_UID
PCNFITEM$NFI:RECORD
PCPROFOR$PCP:RECORD
PDPRODUT$PRO:KCODIGO
PDPRODUT$PRO:RECORD
PDPRODUT$TYPE$PRO:RECORD
PRIMEFIELDS@F13WINDOWMANAGER
PRIMEUPDATE@F13WINDOWMANAGER
RESET@F13WINDOWMANAGERUc
RESTOREFIELD@F13WINDOWMANAGERl
RUN@F13WINDOWMANAGER
RUN@F13WINDOWMANAGERUsUc
SAVEONCHANGEACTION@F13WINDOWMANAGER
SAVEONINSERTACTION@F13WINDOWMANAGER
SETALERTS@F13WINDOWMANAGER
SETOPTION@F10FUZZYCLASSUcUc
SETPROCEDURENAME@F10ERRORCLASSOsb
SETRESPONSE@F13WINDOWMANAGERUc
TAKEACCEPTED@F13WINDOWMANAGER
TAKECLOSEEVENT@F13WINDOWMANAGER
TAKECOMPLETED@F13WINDOWMANAGER
TAKEDISABLEBUTTON@F13WINDOWMANAGERlUc
TAKEEVENT@F13WINDOWMANAGER
TAKEFIELDEVENT@F13WINDOWMANAGER
TAKENEWSELECTION@F13WINDOWMANAGER
TAKENOTIFY@F13WINDOWMANAGERlll
TAKEREJECTED@F13WINDOWMANAGER
TAKESELECTED@F13WINDOWMANAGER
TAKEWINDOWEVENT@F13WINDOWMANAGER
TBEMBALAGEM$EMB:PK_CODIGO
TBEMBALAGEM$EMB:RECORD
TBEMBALAGEM$TYPE$EMB:RECORD
TBNCM$TBN:KCODIGO
TBNCM$TBN:RECORD
TBPAIS$PAI:RECORD
TBPAIS$TYPE$PAI:RECORD
TCB$AppNumQueue
TYPE$TOOLBARCLASS
UPDATE@F13WINDOWMANAGER
UPDATE@F8INICLASSsbBw
VMT$ERRORCLASS
VMT$ERRORSTATUSCLASS
VMT$FUZZYCLASS
VMT$INICLASS
VMT$TOOLBARCLASS
WGLOB:INIT@F10ERRORCLASS8INICLASS
WGLOB:KILL@F

Sections

.text
Size: 106KB - Virtual size: 106KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 31KB - Virtual size: 38KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.cwtls
Size: 512B - Virtual size: 3.8MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 11KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 146KB - Virtual size: 145KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 15KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

7e6e3c3a9305b83ad7557b14282daab9

Headers

File Characteristics

Imports

advapi32

c5cript

c60ascx

c60dosx

c60runx

c60tpsx

cwhh60

gdi32

iqxml

kernel32

ole32

s6odbcx

shell32

user32

wbibf

wfifu

wfinc

wglob

Sections

.text Size: 106KB - Virtual size: 106KB

.data Size: 31KB - Virtual size: 38KB

.cwtls Size: 512B - Virtual size: 3.8MB

.idata Size: 11KB - Virtual size: 11KB

.rsrc Size: 146KB - Virtual size: 145KB

.reloc Size: 15KB - Virtual size: 14KB

.text
Size: 106KB - Virtual size: 106KB

.data
Size: 31KB - Virtual size: 38KB

.cwtls
Size: 512B - Virtual size: 3.8MB

.idata
Size: 11KB - Virtual size: 11KB

.rsrc
Size: 146KB - Virtual size: 145KB

.reloc
Size: 15KB - Virtual size: 14KB