45ae84fc5d9245198a2d07fc9a6d1bcd1395ac2cb42bd07e752b230e9b37b220

Sharing

Copy URL Twitter E-mail

General

Target

45ae84fc5d9245198a2d07fc9a6d1bcd1395ac2cb42bd07e752b230e9b37b220
Size

154KB
MD5

805879af1fb3fdaf2b14159791681ed6
SHA1

6122a69230e849f4cb71d4b66b54ddd3fb5fd678
SHA256

45ae84fc5d9245198a2d07fc9a6d1bcd1395ac2cb42bd07e752b230e9b37b220
SHA512

1ca0ce741e78d06b8a6425e88b72232415f342e3c7ac5f1fcad6db8c2c4cdfc0f0745a4662a5de7724471db51070a3da544776a29ac34d9b877d18cf51edb5db
SSDEEP

1536:yeJCfcoG3o0pgPV1oOBDEzmoI2xoQVP54x8oiR:BCfcoG3o0K7omDEuQVB4x8oiR

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
45ae84fc5d9245198a2d07fc9a6d1bcd1395ac2cb42bd07e752b230e9b37b220

Files

45ae84fc5d9245198a2d07fc9a6d1bcd1395ac2cb42bd07e752b230e9b37b220
.exe windows:4 windows x86 arch:x86

c9ae941c0e36cef8a316a7c268fb93a9

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

f5ddfcb4

?sMarkPowerCobolMain@OFjCobCmpScr@@SGXXZ
?sLoadCobolCount@OFjCobCmpScr@@SGXXZ
?sUnloadCobolCount@OFjCobCmpScr@@SGXXZ
?sCanClearCobolRuntime@OFjCobCmpScr@@SGHXZ
XPOW_INVOKE_BY_ID_2

f5ddcy41

?sExeEntry@OCfModule@@SGKPAUHINSTANCE__@@PADHPAPAUICfModule@@PAX@Z

f5ddgadp

XPOWCFWNDGETNUMERIC
XPOWCMTEXTBOXGETTEXT
XPOWCFWNDSETTEXT
XPOWCFWNDSETNUMERIC

f3biprct

ord54
ord27
ord25
ord26
ord67
ord39
ord3
ord1

f3biio

ord38
ord22

kernel32

LoadLibraryA
MultiByteToWideChar
LCMapStringA
LCMapStringW
GetStringTypeA
GetStringTypeW
GetCurrentProcess
GetProcAddress
GetModuleHandleA
GetStartupInfoA
GetCommandLineA
GetVersion
ExitProcess
TerminateProcess
UnhandledExceptionFilter
GetModuleFileNameA
FreeEnvironmentStringsA
FreeEnvironmentStringsW
WideCharToMultiByte
GetEnvironmentStrings
GetEnvironmentStringsW
SetHandleCount
GetStdHandle
GetFileType
HeapDestroy
HeapCreate
VirtualFree
HeapFree
RtlUnwind
WriteFile
GetCPInfo
GetACP
GetOEMCP
HeapAlloc
VirtualAlloc
HeapReAlloc
IsBadWritePtr

Exports

Exports

F-STOCK

Sections

.text
Size: 40KB - Virtual size: 37KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 20KB - Virtual size: 21KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rodata
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 64KB - Virtual size: 62KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

c9ae941c0e36cef8a316a7c268fb93a9

Headers

File Characteristics

Imports

f5ddfcb4

f5ddcy41

f5ddgadp

f3biprct

f3biio

kernel32

Exports

Exports

Sections

.text Size: 40KB - Virtual size: 37KB

.rdata Size: 4KB - Virtual size: 2KB

.data Size: 20KB - Virtual size: 21KB

.rodata Size: 4KB - Virtual size: 1KB

.rsrc Size: 64KB - Virtual size: 62KB

.text
Size: 40KB - Virtual size: 37KB

.rdata
Size: 4KB - Virtual size: 2KB

.data
Size: 20KB - Virtual size: 21KB

.rodata
Size: 4KB - Virtual size: 1KB

.rsrc
Size: 64KB - Virtual size: 62KB