eef419a1828b0f18c9169ac01465a9ef9ed4441e3183560cc5f126b8061ccf51

Sharing

Copy URL Twitter E-mail

General

Target

eef419a1828b0f18c9169ac01465a9ef9ed4441e3183560cc5f126b8061ccf51
Size

396KB
MD5

09d56536bce8e23f7a6ebcf4c56a0a3a
SHA1

a9b412ddc8c1fc557351512b67aedcf80057bec5
SHA256

eef419a1828b0f18c9169ac01465a9ef9ed4441e3183560cc5f126b8061ccf51
SHA512

18f6ee103bde956438dc23bdebb1772cbc88cfe613b172f2d52e630a7c8319f08bb567e45f2d4fdca78026439608bb9336f42f30dd9905335dc8a557c46a85fd
SSDEEP

6144:R73+2b+zhzJ+mP2t1fA+4h3I4Rs1G+MymhBbX:eT+tLERs1G7b

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
eef419a1828b0f18c9169ac01465a9ef9ed4441e3183560cc5f126b8061ccf51

Files

eef419a1828b0f18c9169ac01465a9ef9ed4441e3183560cc5f126b8061ccf51
.exe windows:4 windows x86 arch:x86

166ebc7b72858ae07cc0f4e9830e949d

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

cblrtss

CBL_SHOW_MOUSE
_mFiD789
_mFiD7B7
CBL_CLASSIFY_DBCS_CHAR
_mFiD7D9
CBL_ALLOC_MEM
CBL_FREE_MEM
_mFiD7F6
_mFiD7BA
_mFiD791
ord1015
ord1245
CBL_FN_INTEGER
ord1250
_mFiD7A1
_mFiD7CC
_mFiD7B9
_mFiD7B5
ord1006
_mFiD7AA
_mFgF802
_mFiD7CB
_mFgF803
_mFiD7E6
_mFiD7E4
CBL_READ_SCR_CHATTRS
_mFgCE
EXTFH
_mFgF813
_mFgF811
_mFiD78D
_mFiD7E3
CBL_INIT_MOUSE
CBL_GET_MOUSE_POSITION
CBL_TERM_MOUSE
CBL_SET_MOUSE_MASK
CBL_GET_MOUSE_MASK
CBL_SET_MOUSE_POSITION
_COYIELD
PC_READ_KBD_SCAN
_mFiD7B4
CBL_READ_MOUSE_EVENT
_mFiD781
_mFiD783
CBL_GET_MOUSE_STATUS
_mFgproglink
_mFgprogunlock
mF_eloc
CBL_EXIT_PROC
CBL_GET_OS_INFO
CBL_DELETE_FILE
CBL_GET_CURRENT_DIR
ord1021
ord1155
cobgetenv
CBL_TOUPPER
ord1246
ord1156
ord1244
CBL_CANCEL
CBL_GET_PROGRAM_INFO
CBL_FILENAME_CONVERT
CBL_MBCS_CHAR_LEN
CBL_SPLIT_FILENAME
CBL_JOIN_FILENAME
CBL_GET_FILE_INFO
CBL_HIDE_MOUSE
_mFgAE
CBL_CTF_TRACER_GET
CBL_CTF_TRACER_LEVEL_GET
ord1275
CBL_CTF_TRACER_NOTIFY
CBL_CTF_COMP_PROPERTY_GET
ord1266
ord1001
CBL_CTF_TRACE
_mFgF801
CBL_OPEN_FILE
CBL_CLOSE_FILE
CBL_FLUSH_FILE
CBL_CHECK_FILE_EXIST
CBL_CREATE_FILE
CBL_WRITE_FILE
CBL_READ_FILE
ord1471
ord1370
CBL_RENAME_FILE
ord1701
CBL_CMPNLS
ord1461
ord1294
ord1333
_mFgF800
ord1475
_mFgF806
ord1448
ord1389
cob_COYIELD
CBL_FN_CURRENT0DATE
ord1574
ord1573
ord1267
ord1579
ord1578
mF_tmpfilename
ord1463
_mFgproglock
_mFerr
CBL_COPY_FILE
CBL_LCKFILE
CBL_UNLFILE
CBL_UNLOCK
CBL_SET_SEMAPHORE
CBL_FREE_SEMAPHORE
CBL_TEST_LOCK
CBL_GET_LOCK
CBL_FREE_LOCK
CBL_OPEN_VFILE
CBL_CLOSE_VFILE
CBL_READ_VFILE
CBL_WRITE_VFILE
CBL_FN_UPPER0CASE
ord1307
ord1190
ord1206
ord1186
CBL_LOCATE_FILE
_mFginitdat_dll
ord969
ord733
ord968
ord2038
ord2006
_mFiD7E5
_mFiD782
ord1016
_mFiD7B0
_mFiD7B3
_mFiD78F
_mFiD7A7
_mFgprogchain
_mFgtypecheck
_mFgprogcheckexit
ord1422
ord1304
ord1424
ord1379
CBL_NLS_GET_MSG
_mFgF805
_mFgmain2
_mFgWinMain2
_mFfindp
ord1012
_mFgprogunchain

msvcrt

_controlfp
_except_handler3
__set_app_type
__p__fmode
__p__commode
_adjust_fdiv
__setusermatherr
_initterm
__getmainargs
__p___initenv
exit
_XcptFilter
_exit

kernel32

GetCommandLineA
GetModuleHandleA

Exports

Exports

_mFdllinfo

Sections

.text
Size: 380KB - Virtual size: 376KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 94KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

166ebc7b72858ae07cc0f4e9830e949d

Headers

File Characteristics

Imports

cblrtss

msvcrt

kernel32

Exports

Exports

Sections

.text Size: 380KB - Virtual size: 376KB

.rdata Size: 4KB - Virtual size: 3KB

.data Size: 8KB - Virtual size: 94KB

.text
Size: 380KB - Virtual size: 376KB

.rdata
Size: 4KB - Virtual size: 3KB

.data
Size: 8KB - Virtual size: 94KB