c31a83d9d6c2ee667293f0d8c604d6704ee47db22e430b3819a5b09f98381088

Sharing

Copy URL Twitter E-mail

General

Target

c31a83d9d6c2ee667293f0d8c604d6704ee47db22e430b3819a5b09f98381088
Size

1.0MB
MD5

756d57981bdce849f46b43c916fd3e91
SHA1

7ef6b763eac0e228460730b36a2336d488a37632
SHA256

c31a83d9d6c2ee667293f0d8c604d6704ee47db22e430b3819a5b09f98381088
SHA512

1ddb225a96debdbcd10f29b74def9bc7bc613ee68dd81e331edf5afc4ecacf2c41bec5fa84579f54800ae969f07e4ca6313b2b384b2e2fb863a55e288dd9f47c
SSDEEP

12288:fIVZBKVNBPzUyAB77E2EnBAXkbwtm0kpj7exz:fUZBsNBPQyM742EKkbwVUj7o

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
c31a83d9d6c2ee667293f0d8c604d6704ee47db22e430b3819a5b09f98381088

Files

c31a83d9d6c2ee667293f0d8c604d6704ee47db22e430b3819a5b09f98381088
.exe windows:5 windows x86 arch:x86

c380c9a47a6f08ad32859a6a56459e6f

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Imports

kernel32

GetACP
CloseHandle
LocalFree
VirtualProtect
QueryPerformanceFrequency
IsDebuggerPresent
VirtualFree
GetFullPathNameW
ExitProcess
HeapAlloc
GetCPInfoExW
RtlUnwind
GetCPInfo
EnumSystemLocalesW
GetStdHandle
GetModuleHandleW
FreeLibrary
HeapDestroy
ReadFile
HeapSize
GetLastError
GetModuleFileNameW
SetLastError
CreateThread
CompareStringW
LoadLibraryA
ResetEvent
GetVersion
RaiseException
FormatMessageW
SwitchToThread
GetExitCodeThread
OutputDebugStringW
GetCurrentThread
LoadLibraryExW
GetCurrentThreadId
UnhandledExceptionFilter
VirtualQuery
VirtualQueryEx
Sleep
EnterCriticalSection
SetFilePointer
SuspendThread
GetTickCount
WritePrivateProfileStringW
GetFileSize
GetStartupInfoW
GetFileAttributesW
GetCurrentDirectoryW
SetCurrentDirectoryW
InitializeCriticalSection
GetThreadPriority
SetThreadPriority
GetCurrentProcess
VirtualAlloc
GetSystemInfo
GetCommandLineW
LeaveCriticalSection
GetProcAddress
ResumeThread
GetVersionExW
VerifyVersionInfoW
HeapCreate
VerSetConditionMask
GetDiskFreeSpaceW
FindFirstFileW
GetUserDefaultUILanguage
lstrlenW
QueryPerformanceCounter
SetEndOfFile
HeapFree
WideCharToMultiByte
FindClose
MultiByteToWideChar
SetEvent
GetLocaleInfoW
CreateFileW
GetSystemDirectoryW
DeleteFileW
GetLocalTime
WaitForSingleObject
WriteFile
ExitThread
DeleteCriticalSection
TlsGetValue
GetDateFormatW
IsValidLocale
TlsSetValue
CreateDirectoryW
GetSystemDefaultUILanguage
EnumCalendarInfoW
LocalAlloc
RemoveDirectoryW
GetPrivateProfileStringW
CreateEventW
SetThreadLocale
GetThreadLocale

shell32

SHGetSpecialFolderPathW

ole32

CoLockObjectExternal
CoFreeUnusedLibraries
CoRevokeClassObject
CoInitializeEx
CoRegisterClassObject
CoInitialize
CoCreateInstance
CoUninitialize
CLSIDFromString
CoCreateFreeThreadedMarshaler

version

GetFileVersionInfoSizeW
VerQueryValueW
GetFileVersionInfoW

user32

CharUpperBuffW
CharNextW
MsgWaitForMultipleObjects
CharLowerBuffW
LoadStringW
CharUpperW
PeekMessageW
GetSystemMetrics
MessageBoxW

oleaut32

SysFreeString
VariantClear
VariantInit
GetErrorInfo
SysReAllocStringLen
SafeArrayCreate
SysAllocStringLen
SafeArrayPtrOfIndex
SafeArrayGetUBound
SafeArrayGetLBound
VariantCopy
VariantChangeType

netapi32

NetWkstaGetInfo
NetApiBufferFree

advapi32

RegQueryValueExW
AdjustTokenPrivileges
LookupPrivilegeValueW
RegCloseKey
OpenProcessToken
RegOpenKeyExW

Exports

Exports

TMethodImplementationIntercept
__dbk_fcall_wrapper
dbkFCallWrapperAddr

Sections

.text
Size: 1000KB - Virtual size: 999KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.itext
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 15KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.bss
Size: - Virtual size: 23KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.didata
Size: 512B - Virtual size: 490B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.edata
Size: 512B - Virtual size: 168B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.tls
Size: - Virtual size: 32B

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 512B - Virtual size: 93B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 16KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

c380c9a47a6f08ad32859a6a56459e6f

Headers

File Characteristics

Imports

kernel32

shell32

ole32

version

user32

oleaut32

netapi32

advapi32

Exports

Exports

Sections

.text Size: 1000KB - Virtual size: 999KB

.itext Size: 3KB - Virtual size: 3KB

.data Size: 15KB - Virtual size: 15KB

.bss Size: - Virtual size: 23KB

.idata Size: 4KB - Virtual size: 3KB

.didata Size: 512B - Virtual size: 490B

.edata Size: 512B - Virtual size: 168B

.tls Size: - Virtual size: 32B

.rdata Size: 512B - Virtual size: 93B

.rsrc Size: 16KB - Virtual size: 16KB

.text
Size: 1000KB - Virtual size: 999KB

.itext
Size: 3KB - Virtual size: 3KB

.data
Size: 15KB - Virtual size: 15KB

.bss
Size: - Virtual size: 23KB

.idata
Size: 4KB - Virtual size: 3KB

.didata
Size: 512B - Virtual size: 490B

.edata
Size: 512B - Virtual size: 168B

.tls
Size: - Virtual size: 32B

.rdata
Size: 512B - Virtual size: 93B

.rsrc
Size: 16KB - Virtual size: 16KB