cb4d25fc77b47c7049afe89ef5d2f89c747390b6d8d14110731942d456b86ccc

Sharing

Copy URL

Twitter E-mail

General

Target

cb4d25fc77b47c7049afe89ef5d2f89c747390b6d8d14110731942d456b86ccc
Size

5.2MB
MD5

7dc7142e9aa7666b5a05e45bda7e2fcc
SHA1

0d6b242b94a3ed6a5e38b2a81de94d95d7c5ddee
SHA256

cb4d25fc77b47c7049afe89ef5d2f89c747390b6d8d14110731942d456b86ccc
SHA512

ed4a2faa8e740fd860d37b04e20ff1d4f1f279a4742263c67b4ef36995ce8d50926097df72af2b22502f7bc8bf46ee20a82fc87b295a4869ba551ae9a6b1ae72
SSDEEP

98304:6Sctp4E8B/lnZgcjtjblemarKXO5g4BtxXjEoj1KPC:63p4E8B/lnyDKYguHECF

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
cb4d25fc77b47c7049afe89ef5d2f89c747390b6d8d14110731942d456b86ccc

Files

cb4d25fc77b47c7049afe89ef5d2f89c747390b6d8d14110731942d456b86ccc
.exe windows:6 windows x86 arch:x86

2bee667c7ce8cbfc86ab19f9132b6c8d

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

ntdll

NtClose
NtOpenThread
NtQuerySystemInformation
NtResumeThread
NtSuspendThread

msvcrt

__mb_cur_max
__p__commode
__p__fmode
__set_app_type
__setusermatherr
__wgetmainargs
__winitenv
_aligned_free
_aligned_malloc
_amsg_exit
_assert
_cexit
_errno
_filelengthi64
_fileno
_initterm
_iob
_lock
_onexit
_stricmp
_sys_nerr
_unlock
_vsnprintf
_wcslwr_s
abort
atoi
calloc
exit
fflush
fgetpos
fprintf
fputc
fputwc
free
fsetpos
fwprintf
fwrite
getc
getenv
isalnum
islower
isspace
isupper
iswctype
isxdigit
localeconv
malloc
memchr
memcmp
memcpy
memmove
memset
realloc
setlocale
signal
strchr
strcmp
strerror
strlen
strncmp
strncpy_s
strstr
strtol
strtoul
tolower
ungetc
vfprintf
wcscpy_s
wcslen

advapi32

GetUserNameA

shell32

CommandLineToArgvW

kernel32

AcquireSRWLockExclusive
AcquireSRWLockShared
CloseHandle
CreateFileA
CreateFileMappingW
DeleteCriticalSection
EnterCriticalSection
ExitThread
FlsAlloc
FlsGetValue
FlsSetValue
FreeLibrary
GetCurrentProcess
GetLastError
GetModuleHandleA
GetModuleHandleW
GetProcAddress
GetSystemTimeAsFileTime
GetTickCount64
GetTickCount
GlobalFlags
GlobalSize
InitOnceExecuteOnce
InitializeCriticalSection
IsDBCSLeadByteEx
K32EnumProcessModules
K32GetModuleFileNameExA
LeaveCriticalSection
LoadLibraryA
LoadLibraryW
LocalAlloc
LocalHandle
MapViewOfFile
MultiByteToWideChar
ReleaseSRWLockExclusive
ReleaseSRWLockShared
SetUnhandledExceptionFilter
Sleep
SleepConditionVariableSRW
TlsGetValue
UnmapViewOfFile
VirtualProtect
VirtualQuery
WakeAllConditionVariable
WideCharToMultiByte

Sections

.text
Size: 565KB - Virtual size: 564KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 56KB - Virtual size: 56KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 41KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.eh_fram
Size: 257KB - Virtual size: 257KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.gcc_exc
Size: 51KB - Virtual size: 50KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.tls
Size: 512B - Virtual size: 8B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 51KB - Virtual size: 51KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.rsrc
Size: 4.2MB - Virtual size: 4.2MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

2bee667c7ce8cbfc86ab19f9132b6c8d

Headers

DLL Characteristics

File Characteristics

Imports

ntdll

msvcrt

advapi32

shell32

kernel32

Sections

.text Size: 565KB - Virtual size: 564KB

.rdata Size: 56KB - Virtual size: 56KB

.data Size: 1024B - Virtual size: 41KB

.eh_fram Size: 257KB - Virtual size: 257KB

.gcc_exc Size: 51KB - Virtual size: 50KB

.tls Size: 512B - Virtual size: 8B

.reloc Size: 51KB - Virtual size: 51KB

.rsrc Size: 4.2MB - Virtual size: 4.2MB

.text
Size: 565KB - Virtual size: 564KB

.rdata
Size: 56KB - Virtual size: 56KB

.data
Size: 1024B - Virtual size: 41KB

.eh_fram
Size: 257KB - Virtual size: 257KB

.gcc_exc
Size: 51KB - Virtual size: 50KB

.tls
Size: 512B - Virtual size: 8B

.reloc
Size: 51KB - Virtual size: 51KB

.rsrc
Size: 4.2MB - Virtual size: 4.2MB