fac0021e6e72d07b72f8e346c734a431591caf91059ffe1bccb9c11861431cf7

Sharing

Copy URL Twitter E-mail

General

Target

fac0021e6e72d07b72f8e346c734a431591caf91059ffe1bccb9c11861431cf7
Size

238KB
MD5

205a70d2154232e87a3ee7afb7184544
SHA1

09b36335662882cd83209a48384be897a921d386
SHA256

fac0021e6e72d07b72f8e346c734a431591caf91059ffe1bccb9c11861431cf7
SHA512

d6273e07233b4c10ef26e94973c08d6d22ce284da415b8a996d5a474c83c00553e24fcf411117fadbc21f5f7a9385df12596c4a0efe3ffbdf5566d99c82c5651
SSDEEP

6144:MUsE1I/wlEY55qbHKVya+6uN7W2L9G6WXJRBp8:MNEq/s8KS6uNa2L9G6WM

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
fac0021e6e72d07b72f8e346c734a431591caf91059ffe1bccb9c11861431cf7

Files

fac0021e6e72d07b72f8e346c734a431591caf91059ffe1bccb9c11861431cf7
.exe windows:5 windows x86 arch:x86

eab88f15bbf7c1eaf15c65f4a5335a46

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

E:\LxemBuild\299\install\Project\DCMActions\DCMSetup\Release\DCMSetup.pdb

Imports

msi

ord70
ord190
ord16
ord141
ord88
ord169
ord205
ord43
ord113

shlwapi

StrCmpW
PathRemoveFileSpecW
StrCatW
StrCpyW
PathFileExistsW

kernel32

GetUserDefaultLCID
HeapReAlloc
GetSystemTimeAsFileTime
GetCurrentProcessId
QueryPerformanceCounter
GetEnvironmentStringsW
FreeEnvironmentStringsW
HeapSize
IsValidCodePage
GetOEMCP
GetACP
ReadFile
GetProcAddress
GetModuleHandleW
GetTickCount
SetEvent
CloseHandle
GetExitCodeProcess
WaitForSingleObject
CreateProcessW
FindClose
FindNextFileW
FindFirstFileW
GetLastError
DeleteFileW
SetFileAttributesW
RemoveDirectoryW
GetTempPathW
TerminateProcess
GetLocaleInfoA
Sleep
CreateEventW
CopyFileW
CreateDirectoryW
CreateThread
GetModuleFileNameW
GetCurrentProcess
SetEndOfFile
WriteFile
SetFilePointer
GetLocalTime
CreateFileW
GetSystemDirectoryW
FlushFileBuffers
GetConsoleMode
GetConsoleCP
ExitProcess
GetFileType
InitializeCriticalSectionAndSpinCount
GetStdHandle
SetHandleCount
GetCurrentThreadId
SetLastError
TlsFree
TlsSetValue
TlsGetValue
EnumSystemLocalesA
IsValidLocale
SetStdHandle
GetProcessHeap
LoadLibraryW
WriteConsoleW
OpenEventW
TlsAlloc
GetLocaleInfoW
HeapCreate
WideCharToMultiByte
InterlockedIncrement
InterlockedDecrement
InterlockedCompareExchange
InterlockedExchange
MultiByteToWideChar
GetStringTypeW
InitializeCriticalSection
DeleteCriticalSection
EnterCriticalSection
LeaveCriticalSection
EncodePointer
DecodePointer
HeapFree
RaiseException
GetCPInfo
RtlUnwind
HeapAlloc
GetCommandLineW
HeapSetInformation
GetStartupInfoW
LCMapStringW
IsProcessorFeaturePresent
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent

user32

PeekMessageW
TranslateMessage
DispatchMessageW
SetCursor
MessageBoxW
LoadCursorW
FindWindowExW
EndDialog
SetTimer
KillTimer
SendMessageW
DialogBoxParamW
CreateDialogParamW
ShowWindow

advapi32

QueryServiceStatusEx
OpenSCManagerW
OpenServiceW
CloseServiceHandle
ControlService
RegQueryValueExW
RegCloseKey
RegDeleteValueW
RegOpenKeyExW

shell32

SHGetSpecialFolderPathW
SHCreateDirectoryExW
CommandLineToArgvW

Sections

.text
Size: 135KB - Virtual size: 134KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 36KB - Virtual size: 35KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 6KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 49KB - Virtual size: 48KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 11KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

eab88f15bbf7c1eaf15c65f4a5335a46

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

msi

shlwapi

kernel32

user32

advapi32

shell32

Sections

.text Size: 135KB - Virtual size: 134KB

.rdata Size: 36KB - Virtual size: 35KB

.data Size: 6KB - Virtual size: 15KB

.rsrc Size: 49KB - Virtual size: 48KB

.reloc Size: 11KB - Virtual size: 10KB

.text
Size: 135KB - Virtual size: 134KB

.rdata
Size: 36KB - Virtual size: 35KB

.data
Size: 6KB - Virtual size: 15KB

.rsrc
Size: 49KB - Virtual size: 48KB

.reloc
Size: 11KB - Virtual size: 10KB