cc5b863687f4a133bc58770a5f5276b8a278b290501dccc8b2a41d67cf06d5a4

Sharing

Copy URL Twitter E-mail

General

Target

cc5b863687f4a133bc58770a5f5276b8a278b290501dccc8b2a41d67cf06d5a4
Size

6.9MB
MD5

d64d657ea82788237b28f9ad33a056f3
SHA1

8c8fd638cdb843b046567831d3e9897c22276bbf
SHA256

cc5b863687f4a133bc58770a5f5276b8a278b290501dccc8b2a41d67cf06d5a4
SHA512

a266c201a8c75ad37f91e740c6f3cefb57499b2dd291d6ed0ff3c6ca1c30572f07d6327bf45515bea871728825a14f020c5ea08f9ed3846dbc8e861e3d9cae55
SSDEEP

49152:mU5s0VpjZztvHLe2y4F8uzjm2THJVM3USipB80JsWeq+vPnWC5Z6KWn3sgsxNbJZ:npztjA4WZVWeqiK99yfZBZJm5

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
cc5b863687f4a133bc58770a5f5276b8a278b290501dccc8b2a41d67cf06d5a4

Files

cc5b863687f4a133bc58770a5f5276b8a278b290501dccc8b2a41d67cf06d5a4
.exe windows:6 windows x64 arch:x64

1a683ccca07351d0f9eb1612901884c7

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

application_opt.pdb

Imports

kernel32

AddDllDirectory
AllocConsole
AttachConsole
CloseHandle
ConnectNamedPipe
CopyFileW
CreateDirectoryW
CreateEventW
CreateFileW
CreateMutexA
CreateNamedPipeW
CreatePipe
CreateProcessW
CreateThread
CreateTimerQueue
CreateTimerQueueTimer
CreateToolhelp32Snapshot
DeleteCriticalSection
DeleteFileW
DeleteTimerQueue
DeleteTimerQueueTimer
DisconnectNamedPipe
DuplicateHandle
EnterCriticalSection
ExpandEnvironmentStringsW
FileTimeToSystemTime
FindClose
FindFirstFileW
FindNextFileW
FlsAlloc
FlsFree
FlsSetValue
FormatMessageW
FreeLibrary
GetActiveProcessorCount
GetCommandLineW
GetComputerNameExW
GetConsoleMode
GetConsoleScreenBufferInfo
GetConsoleTitleW
GetConsoleWindow
GetCurrentProcess
GetCurrentProcessId
GetCurrentThread
GetCurrentThreadId
GetEnvironmentStringsW
GetExitCodeProcess
GetFileAttributesW
GetFileTime
GetFinalPathNameByHandleW
GetLastError
GetLogicalDriveStringsW
GetLogicalProcessorInformationEx
GetLongPathNameW
GetModuleFileNameW
GetModuleHandleA
GetModuleHandleW
GetNativeSystemInfo
GetProcAddress
GetProcessId
GetProductInfo
GetStartupInfoW
GetStdHandle
GetSystemInfo
GetSystemTimeAsFileTime
GetTempPathW
GetThreadContext
GetThreadTimes
GetUserPreferredUILanguages
GetVolumeInformationW
GlobalMemoryStatusEx
InitializeConditionVariable
InitializeCriticalSection
InitializeCriticalSectionAndSpinCount
InitializeSListHead
IsDebuggerPresent
IsProcessorFeaturePresent
IsWow64Process
LeaveCriticalSection
LoadLibraryW
LocalAlloc
LocalFree
MoveFileExW
MultiByteToWideChar
OpenProcess
OpenThread
OutputDebugStringA
OutputDebugStringW
PeekNamedPipe
Process32FirstW
Process32NextW
QueryFullProcessImageNameW
QueryPerformanceCounter
QueryPerformanceFrequency
RaiseException
ReadConsoleA
ReadFile
RemoveDirectoryW
RemoveDllDirectory
ResetEvent
ResumeThread
RtlCaptureContext
RtlCaptureStackBackTrace
RtlLookupFunctionEntry
RtlVirtualUnwind
SetConsoleCP
SetConsoleCtrlHandler
SetConsoleMode
SetConsoleOutputCP
SetConsoleTitleW
SetDefaultDllDirectories
SetDllDirectoryW
SetEvent
SetFileAttributesW
SetFileTime
SetProcessPriorityBoost
SetThreadContext
SetThreadErrorMode
SetThreadGroupAffinity
SetThreadPriority
SetUnhandledExceptionFilter
Sleep
SleepConditionVariableCS
SuspendThread
SwitchToThread
TerminateProcess
Thread32First
Thread32Next
TlsAlloc
TlsFree
TlsGetValue
TlsSetValue
UnhandledExceptionFilter
VerSetConditionMask
VerifyVersionInfoW
VirtualAlloc
VirtualProtect
WaitForMultipleObjects
WaitForSingleObject
WaitForSingleObjectEx
WakeAllConditionVariable
WakeConditionVariable
WideCharToMultiByte
WriteFile
lstrcmpA

user32

CreateWindowExA
DefWindowProcA
DestroyWindow
DispatchMessageW
EnumDisplayDevicesW
EnumWindows
GetClassNameA
GetSystemMetrics
KillTimer
LoadCursorW
MsgWaitForMultipleObjectsEx
PeekMessageW
PostMessageW
PostThreadMessageW
RegisterClassA
RegisterWindowMessageA
SetTimer
TranslateMessage

gdi32

GetStockObject

advapi32

CryptAcquireContextW
CryptGenRandom
CryptReleaseContext
GetUserNameW
RegCloseKey
RegCreateKeyExA
RegOpenKeyExA
RegOpenKeyExW
RegQueryValueExA
RegQueryValueExW
RegSetValueExA

shell32

CommandLineToArgvW
SHGetDesktopFolder
SHGetDiskFreeSpaceExW
SHGetFolderPathA
SHGetFolderPathW
SHGetSpecialFolderLocation
ShellExecuteW

ole32

CoInitializeEx
CoTaskMemFree
CoUninitialize
OleInitialize
OleUninitialize

oleaut32

VariantClear
VariantTimeToSystemTime

imagehlp

ImageLoad
ImageUnload
SymCleanup
SymGetModuleInfo64
SymGetSymFromAddr64
SymInitialize
UnDecorateSymbolName

psapi

EnumProcessModules
GetModuleFileNameExW
GetProcessMemoryInfo

rpcrt4

RpcStringFreeA
UuidCreate
UuidFromStringA
UuidToStringA

api-ms-win-core-winrt-string-l1-1-0

WindowsCreateStringReference

api-ms-win-core-winrt-l1-1-0

RoGetActivationFactory
RoInitialize
RoUninitialize

vcruntime140

__C_specific_handler
__CxxFrameHandler3
__current_exception
__current_exception_context
__std_terminate
memcmp
memcpy
memmove
memset
strchr
strrchr
strstr
wcsstr

api-ms-win-crt-stdio-l1-1-0

__acrt_iob_func
__p__commode
__stdio_common_vfprintf
__stdio_common_vsprintf
__stdio_common_vsscanf
__stdio_common_vswprintf
__stdio_common_vswprintf_s
_close
_fseeki64
_ftelli64
_getcwd
_set_fmode
_wfdopen
_wfopen
_wsopen_s
fclose
feof
fflush
fopen
fputc
fputs
fread
freopen
fseek
ftell
fwrite
setbuf
setvbuf

api-ms-win-crt-runtime-l1-1-0

_beginthread
_c_exit
_cexit
_clearfp
_configure_narrow_argv
_controlfp
_crt_atexit
_errno
_exit
_get_narrow_winmain_command_line
_initialize_narrow_environment
_initialize_onexit_table
_initterm
_initterm_e
_register_onexit_function
_register_thread_local_exe_atexit_callback
_seh_filter_exe
_set_app_type
exit
strerror
terminate

api-ms-win-crt-math-l1-1-0

__setusermatherr
_dtest
_fdtest

api-ms-win-crt-time-l1-1-0

_gmtime64_s
_localtime64_s
_time64
_tzset
strftime

api-ms-win-crt-environment-l1-1-0

_putenv_s
_wgetenv

api-ms-win-crt-string-l1-1-0

_wcslwr
islower
isspace
strcat
strcmp
strcpy
strlen
strncat
strncmp
strncpy
strnlen
tolower
toupper
wcscat
wcscmp
wcscpy
wcslen
wcsncmp
wcsncpy

api-ms-win-crt-filesystem-l1-1-0

_wrename

api-ms-win-crt-convert-l1-1-0

atol
strtod
wcstombs

api-ms-win-crt-heap-l1-1-0

_set_new_mode
calloc
free
malloc
realloc

api-ms-win-crt-locale-l1-1-0

_configthreadlocale

Exports

Exports

MaxonDebugDumpThreadProfile
g_CpuYieldDelegate
g_maxon

Sections

.text
Size: 4.6MB - Virtual size: 4.6MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1.6MB - Virtual size: 1.6MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 47KB - Virtual size: 959KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 398KB - Virtual size: 398KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.00cfg
Size: 512B - Virtual size: 40B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.gehcont
Size: 512B - Virtual size: 8B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.retplne
Size: 512B - Virtual size: 12B

.tls
Size: 512B - Virtual size: 13B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 178KB - Virtual size: 177KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 18KB - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

1a683ccca07351d0f9eb1612901884c7

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

user32

gdi32

advapi32

shell32

ole32

oleaut32

imagehlp

psapi

rpcrt4

api-ms-win-core-winrt-string-l1-1-0

api-ms-win-core-winrt-l1-1-0

vcruntime140

api-ms-win-crt-stdio-l1-1-0

api-ms-win-crt-runtime-l1-1-0

api-ms-win-crt-math-l1-1-0

api-ms-win-crt-time-l1-1-0

api-ms-win-crt-environment-l1-1-0

api-ms-win-crt-string-l1-1-0

api-ms-win-crt-filesystem-l1-1-0

api-ms-win-crt-convert-l1-1-0

api-ms-win-crt-heap-l1-1-0

api-ms-win-crt-locale-l1-1-0

Exports

Exports

Sections

.text Size: 4.6MB - Virtual size: 4.6MB

.rdata Size: 1.6MB - Virtual size: 1.6MB

.data Size: 47KB - Virtual size: 959KB

.pdata Size: 398KB - Virtual size: 398KB

.00cfg Size: 512B - Virtual size: 40B

.gehcont Size: 512B - Virtual size: 8B

.retplne Size: 512B - Virtual size: 12B

.tls Size: 512B - Virtual size: 13B

.rsrc Size: 178KB - Virtual size: 177KB

.reloc Size: 18KB - Virtual size: 17KB

.text
Size: 4.6MB - Virtual size: 4.6MB

.rdata
Size: 1.6MB - Virtual size: 1.6MB

.data
Size: 47KB - Virtual size: 959KB

.pdata
Size: 398KB - Virtual size: 398KB

.00cfg
Size: 512B - Virtual size: 40B

.gehcont
Size: 512B - Virtual size: 8B

.retplne
Size: 512B - Virtual size: 12B

.tls
Size: 512B - Virtual size: 13B

.rsrc
Size: 178KB - Virtual size: 177KB

.reloc
Size: 18KB - Virtual size: 17KB