8397ac5fe302c6c53cc916f2b6705529e3c8d589d8496d6779d6ac63ea9d9ae3

Sharing

Copy URL Twitter E-mail

General

Target

8397ac5fe302c6c53cc916f2b6705529e3c8d589d8496d6779d6ac63ea9d9ae3
Size

4.8MB
MD5

d26ecb795eb471c9e7dd8973a677ab1f
SHA1

c53d3a6a9196b61e8bfc67712cdfac3076e4744a
SHA256

8397ac5fe302c6c53cc916f2b6705529e3c8d589d8496d6779d6ac63ea9d9ae3
SHA512

9fec99f2aaea54aa80fe98b0b8328acf3bbc251c5c4a81f1a8ee6169f905f0d65bedb6236c7b31af808affe0873c4077f5b7f26dc2f79c379293660b0e20d389
SSDEEP

6144:LmgwQU+sB73Y2EiKMcFTck3SFe7ZAPqYzeikP+ziX9IWwGLHIfuTcVdsHdm2mP7p:yV2GziXPmJIH8J

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
8397ac5fe302c6c53cc916f2b6705529e3c8d589d8496d6779d6ac63ea9d9ae3

Files

8397ac5fe302c6c53cc916f2b6705529e3c8d589d8496d6779d6ac63ea9d9ae3
.exe windows:4 windows x86 arch:x86

f56f6597568f5cb7cb5d523b182b12dd

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

shell32

ShellExecuteA

f3bicblr

ord11
ord12

f5ddfcb4

?sLoadCobolCount@OFjCobCmpScr@@SGXXZ
?sUnloadCobolCount@OFjCobCmpScr@@SGXXZ
?sMarkPowerCobolMain@OFjCobCmpScr@@SGXXZ
XPOW_SET_COBOL_PARAM
XPOW_CPY_COBOL_PARAM
XPOW_RELEASE_DISPATCH
XPOW_INVOKE_BY_ID_2
?sCanClearCobolRuntime@OFjCobCmpScr@@SGHXZ

f5ddcy41

?sExeEntry@OCfModule@@SGKPAUHINSTANCE__@@PADHPAPAUICfModule@@PAX@Z

f5ddgadp

XPOWCFWNDSETDATE
XPOWCFWNDSETTEXT
XPOWCMTEXTBOXGETTEXT
XPOWCFWNDSETNUMERIC
XPOWCFWNDGETNUMERIC

f3biprct

ord18
ord28
ord39
ord25
ord26
ord67
ord54
ord1
ord3
ord31
ord27

f3binuc

ord9

f3biio

ord1
ord38
ord22

f3biifnc

ord9

f3bilpio

ord1
ord9
ord8

kernel32

GetStringTypeW
GetStringTypeA
VirtualAlloc
LCMapStringW
HeapReAlloc
IsBadWritePtr
GetProcAddress
LoadLibraryA
LCMapStringA
MultiByteToWideChar
GetOEMCP
GetACP
GetModuleHandleA
GetStartupInfoA
GetCommandLineA
GetVersion
ExitProcess
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
GetModuleFileNameA
FreeEnvironmentStringsA
FreeEnvironmentStringsW
WideCharToMultiByte
GetEnvironmentStrings
GetEnvironmentStringsW
SetHandleCount
GetStdHandle
GetFileType
HeapDestroy
HeapCreate
VirtualFree
HeapFree
RtlUnwind
WriteFile
GetCPInfo
HeapAlloc

user32

SendMessageA

Exports

Exports

FORMCAMBIOIATA
FORMHELPDESK
FORMLOGIN
FORMMESSAGE
FORMSENHA
FORMSENHAMUDAR
FORMSOBRE
GATMILLENNIUMPRO
ROT_ACESSOHISTORICO

Sections

.text
Size: 728KB - Virtual size: 724KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 3.6MB - Virtual size: 3.6MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rodata
Size: 80KB - Virtual size: 77KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 384KB - Virtual size: 383KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

f56f6597568f5cb7cb5d523b182b12dd

Headers

File Characteristics

Imports

shell32

f3bicblr

f5ddfcb4

f5ddcy41

f5ddgadp

f3biprct

f3binuc

f3biio

f3biifnc

f3bilpio

kernel32

user32

Exports

Exports

Sections

.text Size: 728KB - Virtual size: 724KB

.rdata Size: 4KB - Virtual size: 3KB

.data Size: 3.6MB - Virtual size: 3.6MB

.rodata Size: 80KB - Virtual size: 77KB

.rsrc Size: 384KB - Virtual size: 383KB

.text
Size: 728KB - Virtual size: 724KB

.rdata
Size: 4KB - Virtual size: 3KB

.data
Size: 3.6MB - Virtual size: 3.6MB

.rodata
Size: 80KB - Virtual size: 77KB

.rsrc
Size: 384KB - Virtual size: 383KB