58bf18843576ee3901da04f185511ba8fce54ab98187ca9f4ecf4a5a12c1f1e6[.]exe

Sharing

Copy URL

Twitter E-mail

General

Target

58bf18843576ee3901da04f185511ba8fce54ab98187ca9f4ecf4a5a12c1f1e6.exe
Size

787KB
MD5

d49cf4c0e5fab68c0d04a48174d7548a
SHA1

4599d95172ebdde078322c72ba6fedec48224229
SHA256

58bf18843576ee3901da04f185511ba8fce54ab98187ca9f4ecf4a5a12c1f1e6
SHA512

f370f4e32aea5e58a87175f9a15a96929c5c695d728397dcd9ac854db245f9f357aacf9304140ace5947f2e1da51d8f818c50edccdb62fc83fae8bbe36400e99
SSDEEP

12288:g5y7EG88YozELNGqN27LcsHdYkM2ypXUh97rVDoNpCQW37dwS7nd:AyIoYo17LcYdYkSK97rp2p3W3H

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
58bf18843576ee3901da04f185511ba8fce54ab98187ca9f4ecf4a5a12c1f1e6.exe

Files

58bf18843576ee3901da04f185511ba8fce54ab98187ca9f4ecf4a5a12c1f1e6.exe
.exe windows:5 windows x86 arch:x86

bc0c30c2b2cf2f019e81cd506bbecbd3

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

C:\DistributedAutoLink\Temp\CompileOutputDir\CloudSys.pdb

Imports

kernel32

FindNextFileA
DeleteFileA
FindFirstFileA
WaitForSingleObject
SetEvent
FreeLibrary
lstrcpynA
GetProcAddress
LoadLibraryA
lstrcatA
lstrlenA
GetExitCodeThread
GetSystemTime
CloseHandle
ReadFile
GetFileSize
CreateFileA
GetTempPathA
WideCharToMultiByte
FindResourceA
SizeofResource
LockResource
LoadResource
FindResourceExA
MapViewOfFile
CreateFileMappingA
UnmapViewOfFile
GetTickCount
FileTimeToSystemTime
SystemTimeToFileTime
InitializeCriticalSection
DeleteCriticalSection
EnterCriticalSection
LeaveCriticalSection
MultiByteToWideChar
OutputDebugStringA
CreateDirectoryA
WaitForMultipleObjects
GetCurrentThreadId
GetCurrentThread
TerminateThread
SetFilePointer
GetFileInformationByHandle
WriteFile
GetLocalTime
GetModuleFileNameA
FindClose
GetCurrentProcess
GetCurrentProcessId
SuspendThread
GetModuleHandleA
RaiseException
DeviceIoControl
GetVersionExA
GetPrivateProfileIntA
MoveFileA
SetFileAttributesA
InterlockedCompareExchange
AreFileApisANSI
SetEndOfFile
FlushFileBuffers
UnlockFile
LockFile
LockFileEx
CreateFileW
GetTempPathW
GetFileAttributesW
DeleteFileW
GetFullPathNameA
GetFullPathNameW
GetDiskFreeSpaceA
GetDiskFreeSpaceW
LoadLibraryW
FormatMessageA
QueryPerformanceCounter
GetSystemTimeAsFileTime
HeapFree
HeapAlloc
GetProcessHeap
lstrlenW
InterlockedIncrement
InterlockedDecrement
CreateEventA
ResetEvent
SetEnvironmentVariableA
CompareStringW
CompareStringA
SetStdHandle
WriteConsoleW
GetConsoleOutputCP
WriteConsoleA
GetCommandLineW
Sleep
GetFileAttributesA
GetPrivateProfileStringA
GetLastError
CreateMutexA
SetUnhandledExceptionFilter
GetLocaleInfoW
InitializeCriticalSectionAndSpinCount
IsValidLocale
EnumSystemLocalesA
GetUserDefaultLCID
GetStringTypeW
GetStringTypeA
GetLocaleInfoA
GetConsoleMode
GetConsoleCP
GetFileType
SetHandleCount
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsA
GetTimeZoneInformation
HeapCreate
VirtualAlloc
VirtualFree
GetStdHandle
IsValidCodePage
GetOEMCP
GetACP
ExitProcess
SetLastError
TlsFree
TlsSetValue
TlsAlloc
TlsGetValue
GetModuleHandleW
GetCPInfo
LCMapStringW
LCMapStringA
GetStartupInfoA
GetCommandLineA
CreateThread
HeapDestroy
HeapReAlloc
HeapSize
RtlUnwind
TerminateProcess
UnhandledExceptionFilter
IsDebuggerPresent
ExitThread

user32

CharUpperA
FindWindowA
SendMessageA
GetDesktopWindow
wsprintfA
IsWindow

advapi32

RegCreateKeyA
RegOpenKeyA
RegSetValueExA
RegOpenKeyExA
RegQueryValueExA
RegCloseKey

shell32

CommandLineToArgvW

ole32

CoInitialize
CoCreateInstance
CoInitializeSecurity
CoUninitialize

oleaut32

SysAllocStringLen
SysFreeString
SafeArrayDestroy
SafeArrayGetElement
SafeArrayGetUBound
SafeArrayGetLBound
SysAllocString
SysStringLen
VarBstrCat
VariantInit
VariantClear
VariantChangeType

shlwapi

PathRemoveExtensionA

wininet

HttpSendRequestExA
InternetWriteFile
InternetReadFile
FtpOpenFileA
InternetSetStatusCallback
HttpEndRequestA
HttpOpenRequestA
HttpAddRequestHeadersA
InternetSetCookieA
HttpSendRequestA
InternetOpenA
InternetSetOptionA
InternetCloseHandle
InternetAttemptConnect
HttpQueryInfoA
InternetConnectA

rpcrt4

UuidCreate

Sections

.text
Size: 678KB - Virtual size: 677KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 63KB - Virtual size: 62KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 28KB - Virtual size: 40KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

�cD|�u&
Size: 16KB - Virtual size: 20KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

bc0c30c2b2cf2f019e81cd506bbecbd3

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

user32

advapi32

shell32

ole32

oleaut32

shlwapi

wininet

rpcrt4

Sections

.text Size: 678KB - Virtual size: 677KB

.rdata Size: 63KB - Virtual size: 62KB

.data Size: 28KB - Virtual size: 40KB

.rsrc Size: 512B - Virtual size: 4KB

�cD|�u& Size: 16KB - Virtual size: 20KB

.text
Size: 678KB - Virtual size: 677KB

.rdata
Size: 63KB - Virtual size: 62KB

.data
Size: 28KB - Virtual size: 40KB

.rsrc
Size: 512B - Virtual size: 4KB

�cD|�u&
Size: 16KB - Virtual size: 20KB