3c9da2eeb42a98eb0f0a57feeefbfcadd13b17a6b3d5a11369f4a09b964ad3cb

Sharing

Copy URL Twitter E-mail

General

Target

3c9da2eeb42a98eb0f0a57feeefbfcadd13b17a6b3d5a11369f4a09b964ad3cb
Size

7.1MB
MD5

280acb29fd586cc37f9f130322c966e1
SHA1

d6b9b5d9758ce1fe7e9bfdc2277fd6bddda5852d
SHA256

3c9da2eeb42a98eb0f0a57feeefbfcadd13b17a6b3d5a11369f4a09b964ad3cb
SHA512

f03f395bd5983e014edd4ccd09945fe2b2dd2af5c51a09992e04d66742d0ff7d38b5002ff4cf0b2a9471c4dac3c724ee34fed748fed9370214291c0cd078b29c
SSDEEP

196608:+SXYw2TE1Li6hj9uFEyn+tgJJNepFkL3x:tIw2T6i6zuFP+tgJ6pFM

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
3c9da2eeb42a98eb0f0a57feeefbfcadd13b17a6b3d5a11369f4a09b964ad3cb

Files

3c9da2eeb42a98eb0f0a57feeefbfcadd13b17a6b3d5a11369f4a09b964ad3cb
.exe windows:6 windows x86 arch:x86

fa1c93ec225e73a01b284900cf0b77fe

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

Autorun_multi.pdb

Imports

crypt32

CertCloseStore
CertEnumCertificatesInStore
CertFindCertificateInStore
CertDuplicateCertificateContext
CertFreeCertificateContext
CertGetCertificateContextProperty
CertOpenStore

shlwapi

PathRemoveFileSpecW

version

VerQueryValueW

ws2_32

WSACleanup
htonl
ntohl

kernel32

GetModuleHandleExA
QueryDosDeviceA
GetLogicalDriveStringsA
ReadFile
SetFilePointer
CreateFileMappingW
MapViewOfFile
GetCurrentProcessId
UnmapViewOfFile
GetCurrentThreadId
GetModuleFileNameW
LoadLibraryW
CreateThread
WaitForSingleObject
CloseHandle
GetExitCodeThread
InitializeSRWLock
AcquireSRWLockExclusive
ReleaseSRWLockExclusive
AcquireSRWLockShared
ReleaseSRWLockShared
GetSystemTimeAsFileTime
SleepConditionVariableSRW
WakeAllConditionVariable
CreateEventA
SetEvent
WaitForSingleObjectEx
FormatMessageW
WideCharToMultiByte
LocalFree
FormatMessageA
GetProcessHeap
HeapAlloc
TlsAlloc
TlsFree
TlsGetValue
TlsSetValue
GetModuleHandleW
GetProcAddress
AreFileApisANSI
MultiByteToWideChar
ReleaseSemaphore
HeapFree
GetModuleHandleA
Sleep
ResetEvent
GetSystemInfo
GetLastError
QueryPerformanceCounter
OpenEventA
GetCurrentProcess
ReadProcessMemory
VirtualAlloc
VirtualFree
IsWow64Process
LoadLibraryA
GetTempPathA
GetTempFileNameA
CreateFileA
FlushFileBuffers
SetUnhandledExceptionFilter
OpenEventW
VirtualQuery
VirtualProtect
FlushInstructionCache
FreeLibrary
lstrcmpA
InitializeCriticalSection
EnterCriticalSection
LeaveCriticalSection
GetModuleFileNameA
GetTickCount
DeleteCriticalSection
GetVersionExW
VerSetConditionMask
VerifyVersionInfoW
FindResourceW
LoadResource
LockResource
GetEnvironmentStringsW
lstrlenW
FreeEnvironmentStringsW
SetEnvironmentVariableW
GetEnvironmentVariableW
GetTempPathW
CreateProcessW
CreateEventW
OpenFileMappingW
OpenProcess
WaitForMultipleObjects
GetExitCodeProcess
TerminateProcess
WriteProcessMemory
CreateFileW
WriteFile
CreateFileMappingA
LoadLibraryExW
GetModuleHandleExW
IsBadReadPtr
SizeofResource
SetLastError
GetStdHandle
GetFileType
InitializeCriticalSectionAndSpinCount
DeleteFiber
ConvertFiberToThread
FindClose
FindFirstFileW
FindNextFileW
GetConsoleMode
SetConsoleMode
ReadConsoleA
ReadConsoleW
LoadLibraryExA
UnhandledExceptionFilter
IsProcessorFeaturePresent
InitializeSListHead
IsDebuggerPresent
GetStartupInfoW
FindFirstFileExW
RaiseException

msvcp140

??0_Locinfo@std@@QAE@HPBD@Z
?_Makeloc@_Locimp@locale@std@@CAPAV123@ABV_Locinfo@3@HPAV123@PBV23@@Z
??4?$_Yarn@D@std@@QAEAAV01@PBD@Z
??1_Locinfo@std@@QAE@XZ
?_Getname@_Locinfo@std@@QBEPBDXZ
?good@ios_base@std@@QBE_NXZ
?sputc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAEHD@Z
?clear@?$basic_ios@DU?$char_traits@D@std@@@std@@QAEXH_N@Z
?uncaught_exception@std@@YA_NXZ
?_Osfx@?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEXXZ
?flush@?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV12@XZ
??1?$basic_streambuf@DU?$char_traits@D@std@@@std@@UAE@XZ
??1ios_base@std@@UAE@XZ
??0ios_base@std@@IAE@XZ
?init@?$basic_ios@DU?$char_traits@D@std@@@std@@IAEXPAV?$basic_streambuf@DU?$char_traits@D@std@@@2@_N@Z
??0?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAE@XZ
?_Lock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@UAEXXZ
?_Unlock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@UAEXXZ
?showmanyc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAE_JXZ
?uflow@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAEHXZ
?xsgetn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAE_JPAD_J@Z
?xsputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAE_JPBD_J@Z
?setbuf@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAEPAV12@PAD_J@Z
?sync@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAEHXZ
?imbue@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAEXABVlocale@2@@Z
?write@?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV12@PBD_J@Z
?write@?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QAEAAV12@PB_W_J@Z
?clear@ios_base@std@@QAEXH_N@Z
?_Init@locale@std@@CAPAV_Locimp@12@_N@Z
??0_Lockit@std@@QAE@H@Z
?_Id_cnt@id@locale@std@@0HA
??1_Lockit@std@@QAE@XZ
?id@?$codecvt@_WDU_Mbstatet@@@std@@2V0locale@2@A
??0?$codecvt@_WDU_Mbstatet@@@std@@QAE@I@Z
?_New_Locimp@_Locimp@locale@std@@CAPAV123@ABV123@@Z
?_Locimp_Addfac@_Locimp@locale@std@@CAXPAV123@PAVfacet@23@I@Z
??1?$codecvt@_WDU_Mbstatet@@@std@@MAE@XZ
?_Incref@facet@locale@std@@UAEXXZ
?_Decref@facet@locale@std@@UAEPAV_Facet_base@3@XZ
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@K@Z
?_Winerror_map@std@@YAHH@Z
?_Winerror_message@std@@YAKKPADK@Z
?_Execute_once@std@@YAHAAUonce_flag@1@P6GHPAX1PAPAX@Z1@Z
?_Xout_of_range@std@@YAXPBD@Z
?_Xlength_error@std@@YAXPBD@Z
?_Xruntime_error@std@@YAXPBD@Z
?_New_Locimp@_Locimp@locale@std@@CAPAV123@_N@Z
?_Syserror_map@std@@YAPBDH@Z

bcrypt

BCryptGenRandom

vcruntime140

strrchr
strstr
memchr
_except_handler4_common
_purecall
strchr
wcsstr
wcsrchr
__CxxFrameHandler3
__std_exception_destroy
__std_exception_copy
memmove
_CxxThrowException
memcpy
memcmp
__std_terminate
memset
_except_handler3
wcschr

api-ms-win-crt-runtime-l1-1-0

strerror_s
_exit
raise
_controlfp_s
strerror
_crt_atexit
_register_onexit_function
_initialize_onexit_table
_errno
terminate
_invalid_parameter_noinfo_noreturn
_register_thread_local_exe_atexit_callback
_c_exit
_cexit
_initterm_e
_initterm
signal
exit
_seh_filter_exe
_set_app_type
_configure_wide_argv
_initialize_wide_environment
_get_wide_winmain_command_line

api-ms-win-crt-string-l1-1-0

_stricmp
strcat_s
wcsnlen
_wcsicmp
strspn
strcpy_s
wcscpy_s
strcspn
strncmp
strcmp
wcsncpy_s
strncpy
strlen
_strnicmp
isspace
wcslen

api-ms-win-crt-heap-l1-1-0

_callnewh
realloc
_set_new_mode
free
malloc

api-ms-win-crt-time-l1-1-0

_time64
_localtime64
_gmtime64_s

api-ms-win-crt-stdio-l1-1-0

__stdio_common_vswprintf_s
_set_fmode
__stdio_common_vsscanf
_wfopen
fopen
fgetc
__p__commode
fread
_setmode
_fileno
fgets
ferror
fseek
feof
__acrt_iob_func
fputs
fflush
__stdio_common_vsprintf
__stdio_common_vfprintf
ungetc
__stdio_common_vswprintf
ftell
fputc
__stdio_common_vsprintf_s
fclose
fwrite

api-ms-win-crt-convert-l1-1-0

atoi
mbstowcs
strtol
strtoul
wcstombs

api-ms-win-crt-filesystem-l1-1-0

_stat64i32

api-ms-win-crt-utility-l1-1-0

qsort

api-ms-win-crt-environment-l1-1-0

getenv

api-ms-win-crt-math-l1-1-0

_except1
_fdopen
__setusermatherr

api-ms-win-crt-locale-l1-1-0

___lc_codepage_func
_configthreadlocale

psapi

GetMappedFileNameA

Sections

.text
Size: 1.3MB - Virtual size: 1.3MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 395KB - Virtual size: 395KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 39KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 347KB - Virtual size: 346KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 54KB - Virtual size: 53KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

fa1c93ec225e73a01b284900cf0b77fe

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

crypt32

shlwapi

version

ws2_32

kernel32

msvcp140

bcrypt

vcruntime140

api-ms-win-crt-runtime-l1-1-0

api-ms-win-crt-string-l1-1-0

api-ms-win-crt-heap-l1-1-0

api-ms-win-crt-time-l1-1-0

api-ms-win-crt-stdio-l1-1-0

api-ms-win-crt-convert-l1-1-0

api-ms-win-crt-filesystem-l1-1-0

api-ms-win-crt-utility-l1-1-0

api-ms-win-crt-environment-l1-1-0

api-ms-win-crt-math-l1-1-0

api-ms-win-crt-locale-l1-1-0

psapi

Sections

.text Size: 1.3MB - Virtual size: 1.3MB

.rdata Size: 395KB - Virtual size: 395KB

.data Size: 12KB - Virtual size: 39KB

.rsrc Size: 347KB - Virtual size: 346KB

.reloc Size: 54KB - Virtual size: 53KB

.text
Size: 1.3MB - Virtual size: 1.3MB

.rdata
Size: 395KB - Virtual size: 395KB

.data
Size: 12KB - Virtual size: 39KB

.rsrc
Size: 347KB - Virtual size: 346KB

.reloc
Size: 54KB - Virtual size: 53KB