9e53a6030d6051a56bab52f2eab7b23d31b66e77cc518318e266d026ef221017

Sharing

Copy URL Twitter E-mail

General

Target

9e53a6030d6051a56bab52f2eab7b23d31b66e77cc518318e266d026ef221017
Size

6.0MB
MD5

f4577097977c05f8bdb30ca2b865445a
SHA1

68acd03f8d6a9fb632ff2aa376315fd51f948d86
SHA256

9e53a6030d6051a56bab52f2eab7b23d31b66e77cc518318e266d026ef221017
SHA512

90b167d285fa120fd1cdcd207840ebeb55206dd7402ea3b59871475a11beede6fd9081e1725a45fa783c9f2c70e3cf09b54b469ddb2887c3dbccd8886b850566
SSDEEP

196608:Qj0pVcelb3HWFbTg8IYxWpO06Uppo/6bjuc:/pSev62po/63uc

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
9e53a6030d6051a56bab52f2eab7b23d31b66e77cc518318e266d026ef221017

Files

9e53a6030d6051a56bab52f2eab7b23d31b66e77cc518318e266d026ef221017
.exe windows:6 windows x86 arch:x86

7e4418f760df2bbb53477b0eff47d833

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

C:\BUILD\work\1eec6f7bdc46b64c\Client\SmbSolution\Release Static\CCUpgrade.pdb

Imports

crypt32

CertEnumCertificatesInStore
CertCloseStore
CertOpenSystemStoreW

ws2_32

getsockname
gethostbyname
inet_addr
select
__WSAFDIsSet
getaddrinfo
freeaddrinfo
bind
WSACleanup
socket
closesocket
ioctlsocket
connect
WSAGetLastError
getsockopt
ntohs
setsockopt
WSASetLastError
WSAIoctl
send
recv
getpeername
WSAStartup
gethostname
htons

kernel32

LoadResource
LockResource
lstrlenW
UnmapViewOfFile
CloseHandle
CreateFileMappingW
GetLastError
OpenFileMappingW
MapViewOfFile
GetProcAddress
GetModuleHandleW
FindFirstFileA
GetModuleFileNameA
LoadLibraryW
FreeLibrary
CreateFileW
WriteFile
CreateToolhelp32Snapshot
Process32FirstW
OpenProcess
Process32NextW
CreateProcessW
WaitForSingleObject
GetExitCodeProcess
GetCurrentProcess
GetTickCount
OpenMutexW
GetVersionExW
LoadLibraryA
CreateMutexW
ReleaseMutex
SetCurrentDirectoryW
AreFileApisANSI
ReadFile
EnterCriticalSection
GetFullPathNameW
GetDiskFreeSpaceW
LockFile
LeaveCriticalSection
InitializeCriticalSection
SetFilePointer
GetFullPathNameA
SetEndOfFile
GetCurrentThreadId
GetTempPathA
GetDiskFreeSpaceA
GetFileAttributesA
CreateFileA
DeleteFileA
UnlockFile
LocalFree
LockFileEx
GetFileSize
DeleteCriticalSection
GetCurrentProcessId
GetSystemTimeAsFileTime
GetSystemTime
QueryPerformanceCounter
FlushFileBuffers
InitializeCriticalSectionEx
SleepEx
VerSetConditionMask
SizeofResource
GetSystemDirectoryA
GetModuleHandleA
VerifyVersionInfoA
ExpandEnvironmentStringsA
WaitForSingleObjectEx
SetLastError
CreateMutexA
WriteConsoleW
GetFileAttributesExW
GetProcessHeap
SetEnvironmentVariableW
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineW
GetCommandLineA
GetOEMCP
GetACP
Sleep
CreateDirectoryW
CopyFileW
GetTempPathW
GetModuleFileNameW
FindNextFileW
DeleteFileW
GetFileAttributesW
FindFirstFileW
FindClose
MultiByteToWideChar
WideCharToMultiByte
IsValidCodePage
FindFirstFileExW
GetTimeZoneInformation
GetCurrentDirectoryW
SetStdHandle
EnumSystemLocalesW
GetUserDefaultLCID
IsValidLocale
GetLocaleInfoW
LCMapStringW
CompareStringW
HeapSize
GetFileSizeEx
HeapReAlloc
HeapAlloc
HeapFree
GetStdHandle
FreeLibraryAndExitThread
ExitThread
CreateThread
FindResourceW
GetLocalTime
FileTimeToSystemTime
SystemTimeToTzSpecificLocalTime
PeekNamedPipe
GetFileInformationByHandle
GetDriveTypeW
GetModuleHandleExW
ExitProcess
GetConsoleOutputCP
ReadConsoleW
GetConsoleMode
SetFilePointerEx
GetFileType
FormatMessageA
QueryPerformanceFrequency
FormatMessageW
LoadLibraryExW
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
InitializeCriticalSectionAndSpinCount
RaiseException
RtlUnwind
InitializeSListHead
GetStartupInfoW
IsDebuggerPresent
IsProcessorFeaturePresent
TerminateProcess
SetUnhandledExceptionFilter
GetStringTypeW
ReleaseSRWLockExclusive
AcquireSRWLockExclusive
EncodePointer
DecodePointer
LCMapStringEx
GetCPInfo
UnhandledExceptionFilter

advapi32

ConvertStringSecurityDescriptorToSecurityDescriptorW
RegCreateKeyExW
RegCloseKey
CryptGenRandom
CryptAcquireContextA
SetSecurityDescriptorSacl
GetSecurityDescriptorSacl
SetSecurityDescriptorDacl
InitializeSecurityDescriptor
RegDeleteValueA
RegSetValueExA
RegQueryValueExA
RegOpenKeyExA
CryptReleaseContext
CryptDestroyHash
CryptGetHashParam
CryptHashData
CryptCreateHash
CryptAcquireContextW
GetUserNameW
RegQueryValueExW
RegOpenKeyExW

shell32

SHGetSpecialFolderPathW

shlwapi

PathRemoveFileSpecW

version

VerQueryValueW
GetFileVersionInfoW
GetFileVersionInfoSizeW

Sections

.text
Size: 1.2MB - Virtual size: 1.2MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 247KB - Virtual size: 247KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 24KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4.5MB - Virtual size: 4.5MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 42KB - Virtual size: 42KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

7e4418f760df2bbb53477b0eff47d833

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

crypt32

ws2_32

kernel32

advapi32

shell32

shlwapi

version

Sections

.text Size: 1.2MB - Virtual size: 1.2MB

.rdata Size: 247KB - Virtual size: 247KB

.data Size: 8KB - Virtual size: 24KB

.rsrc Size: 4.5MB - Virtual size: 4.5MB

.reloc Size: 42KB - Virtual size: 42KB

.text
Size: 1.2MB - Virtual size: 1.2MB

.rdata
Size: 247KB - Virtual size: 247KB

.data
Size: 8KB - Virtual size: 24KB

.rsrc
Size: 4.5MB - Virtual size: 4.5MB

.reloc
Size: 42KB - Virtual size: 42KB