0ccaa698f6f842122e5f8c20184fc1f0N[.]exe

Sharing

Copy URL

Twitter E-mail

General

Target

0ccaa698f6f842122e5f8c20184fc1f0N.exe
Size

202KB
MD5

0ccaa698f6f842122e5f8c20184fc1f0
SHA1

c9ab7fa3fcabb7d637877a47261ce1af62ad16c5
SHA256

267c2812d9908b0d5ae1b0969a6854af91b9c60ffb2c96d84787b36dcf78e20b
SHA512

453e50f0922825ba4c513eee00f4e6111c500b0513c905c063efbf87f9ce15a9c974ca2446201c06a9ae1bc33769a0bc78fb68afb9da47b6392741923a33789e
SSDEEP

6144:RpiUcZ4p6SvwclShYAWKRGAaJeHUiqC3:xpruhYJkQVi

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
0ccaa698f6f842122e5f8c20184fc1f0N.exe

Files

0ccaa698f6f842122e5f8c20184fc1f0N.exe
.exe windows:6 windows x86 arch:x86

d92c80d49382091310fb8db089f856a9

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

sctasks.pdb

Imports

msvcrt

_vsnwprintf
_CxxThrowException
__CxxFrameHandler3
wcsrchr
memset
free
memcpy_s
isspace
_wtol
_onexit
_lock
__dllonexit
_unlock
_controlfp
_except_handler4_common
?terminate@@YAXXZ
??1type_info@@UAE@XZ
__set_app_type
__p__fmode
__p__commode
__setusermatherr
_amsg_exit
_initterm
exit
_memicmp
_get_osfhandle
_errno
_fileno
fflush
fprintf
__iob_func
wcstod
wcstoul
wcstol
_purecall
memcpy
srand
_iob
_XcptFilter
_exit
_cexit
__wgetmainargs
_callnewh
malloc
_ultow
_wtoi
iswdigit
wcstok
wcschr
iswpunct
iswspace
wcspbrk

api-ms-win-core-console-l1-1-0

WriteConsoleW
SetConsoleMode
GetConsoleMode
ReadConsoleW

api-ms-win-core-datetime-l1-1-0

GetDateFormatW
GetTimeFormatW

api-ms-win-core-errorhandling-l1-1-0

SetLastError
GetLastError
SetUnhandledExceptionFilter
UnhandledExceptionFilter

api-ms-win-core-file-l1-1-0

CreateFileW
ReadFile
CompareFileTime
SetFilePointer
GetFileSizeEx
WriteFile

api-ms-win-core-handle-l1-1-0

CloseHandle

api-ms-win-core-heap-l1-1-0

HeapSetInformation

api-ms-win-core-interlocked-l1-1-0

InterlockedCompareExchange
InterlockedDecrement
InterlockedExchange

api-ms-win-core-libraryloader-l1-1-0

LoadStringW
GetProcAddress
FreeLibrary
LoadLibraryExA
GetModuleHandleA

api-ms-win-core-localization-l1-1-0

GetLocaleInfoW

api-ms-win-core-localregistry-l1-1-0

RegCloseKey
RegOpenKeyExW
RegQueryValueExW

api-ms-win-core-misc-l1-1-0

Sleep
LocalFree
lstrlenW

api-ms-win-core-processenvironment-l1-1-0

GetStdHandle

api-ms-win-core-processthreads-l1-1-0

GetCurrentThreadId
TerminateProcess
GetCurrentProcess
GetCurrentProcessId

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-string-l1-1-0

MultiByteToWideChar

api-ms-win-core-sysinfo-l1-1-0

GetTickCount
GetLocalTime
SystemTimeToFileTime
GetSystemTimeAsFileTime

api-ms-win-security-base-l1-1-0

CreateWellKnownSid
GetSidSubAuthority
GetSidSubAuthorityCount
GetSidIdentifierAuthority

ntdll

EtwTraceMessage
WinSqmAddToStream
RtlNtStatusToDosError
RtlCreateVirtualAccountSid
RtlInitUnicodeString
WinSqmIsOptedIn

user32

CharUpperW
MessageBeep

ole32

IIDFromString
CoUninitialize
StringFromGUID2
CoCreateGuid
CoCreateInstance
CoInitializeSecurity
CoInitializeEx

oleaut32

SysAllocStringByteLen
SysStringByteLen
VariantTimeToSystemTime
SysFreeString
VariantInit
VariantClear
SysAllocStringLen
GetErrorInfo
SysStringLen
VarBstrCat
VariantChangeType
SysAllocString

shlwapi

StrChrW
StrRChrIW
StrStrIW
StrChrIW
StrStrW

kernel32

HeapSize
HeapFree
HeapAlloc
GetProcessHeap
InitializeCriticalSectionAndSpinCount
DebugBreak
HeapValidate
WideCharToMultiByte
RegDeleteKeyExW
DeleteFileTransactedW
DeleteFileW
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
InterlockedIncrement
InitializeCriticalSection
RegSetValueExW
ExpandEnvironmentStringsW
UnregisterWait
GetComputerNameExW
CompareStringA
GetThreadLocale
CompareStringW
FileTimeToSystemTime
GetModuleFileNameW
ExitProcess
GetConsoleOutputCP
HeapReAlloc
lstrlenA
GetFileType
VerSetConditionMask
VerifyVersionInfoW
FormatMessageW
SetThreadUILanguage
DelayLoadFailureHook
GetComputerNameW

ktmw32

CommitTransaction
RollbackTransaction
CreateTransaction

Sections

.text
Size: 139KB - Virtual size: 138KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 24KB - Virtual size: 24KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 35KB - Virtual size: 36KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

d92c80d49382091310fb8db089f856a9

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

msvcrt

api-ms-win-core-console-l1-1-0

api-ms-win-core-datetime-l1-1-0

api-ms-win-core-errorhandling-l1-1-0

api-ms-win-core-file-l1-1-0

api-ms-win-core-handle-l1-1-0

api-ms-win-core-heap-l1-1-0

api-ms-win-core-interlocked-l1-1-0

api-ms-win-core-libraryloader-l1-1-0

api-ms-win-core-localization-l1-1-0

api-ms-win-core-localregistry-l1-1-0

api-ms-win-core-misc-l1-1-0

api-ms-win-core-processenvironment-l1-1-0

api-ms-win-core-processthreads-l1-1-0

api-ms-win-core-profile-l1-1-0

api-ms-win-core-string-l1-1-0

api-ms-win-core-sysinfo-l1-1-0

api-ms-win-security-base-l1-1-0

ntdll

user32

ole32

oleaut32

shlwapi

kernel32

ktmw32

Sections

.text Size: 139KB - Virtual size: 138KB

.data Size: 24KB - Virtual size: 24KB

.rsrc Size: 2KB - Virtual size: 2KB

.reloc Size: 35KB - Virtual size: 36KB

.text
Size: 139KB - Virtual size: 138KB

.data
Size: 24KB - Virtual size: 24KB

.rsrc
Size: 2KB - Virtual size: 2KB

.reloc
Size: 35KB - Virtual size: 36KB