9dd1839b1090c0467211f689214df91e5eb8e73830f2a2ea9e3408e527fe4096[.]exe

Sharing

Copy URL

Twitter E-mail

General

Target

9dd1839b1090c0467211f689214df91e5eb8e73830f2a2ea9e3408e527fe4096.exe
Size

389KB
MD5

cb8375fd6fa86b6a54f47ac9578921e3
SHA1

8c5002405eb68905d651d7deb15f0f49b385d246
SHA256

9dd1839b1090c0467211f689214df91e5eb8e73830f2a2ea9e3408e527fe4096
SHA512

ed7b20d6081b6dc1150cf809a8741870df311e56743f7aee492d4e2f148f1cf53da5f5cb3772b674321a2d2dc09c74b19369149eab353e99a4b1ccdaeaa079f7
SSDEEP

6144:afL9naphiuR/GcryF0Feo+49ixXUaQP4YSfa2+NlxHekyWSTtR85kD:gLVapcuRLryiMo+4957fSatkSSY5M

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
9dd1839b1090c0467211f689214df91e5eb8e73830f2a2ea9e3408e527fe4096.exe

Files

9dd1839b1090c0467211f689214df91e5eb8e73830f2a2ea9e3408e527fe4096.exe
.exe windows:5 windows x86 arch:x86

5ba86f8a483464b471a428d25af86f93

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_REMOVABLE_RUN_FROM_SWAP
IMAGE_FILE_NET_RUN_FROM_SWAP

PDB Paths

C:\creatively\launched\Office2\Tux.pdb

Imports

kernel32

GetConsoleMode
GetConsoleCP
GetStringTypeW
FreeLibrary
HeapQueryInformation
HeapSize
HeapReAlloc
HeapFree
LCMapStringW
SetFilePointerEx
VirtualQuery
SetStdHandle
FlushFileBuffers
CreateFileW
CloseHandle
GetStdHandle
GetConsoleWindow
GetUserGeoID
GetVersionExW
GetModuleFileNameA
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetSystemTimeAsFileTime
GetCurrentProcessId
QueryPerformanceCounter
GetProcessHeap
WriteConsoleW
OutputDebugStringA
GetFileType
LoadLibraryExW
WriteFile
GetProcAddress
GetModuleHandleW
GetStartupInfoW
TlsFree
CreateEventW
FormatMessageA
CreateThread
WaitForSingleObjectEx
OutputDebugStringW
GetLastError
HeapAlloc
HeapCreate
LocalFree
InterlockedDecrement
GetCurrentThreadId
GetCPInfo
GetOEMCP
GetACP
IsValidCodePage
TlsSetValue
ExitProcess
GetSystemInfo
HeapValidate
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
lstrlenA
MultiByteToWideChar
WideCharToMultiByte
EncodePointer
DecodePointer
IsDebuggerPresent
IsProcessorFeaturePresent
GetModuleFileNameW
GetModuleHandleExW
RaiseException
RtlUnwind
GetCommandLineA
UnhandledExceptionFilter
SetUnhandledExceptionFilter
SetLastError
InitializeCriticalSectionAndSpinCount
GetCurrentProcess
TerminateProcess
TlsAlloc
TlsGetValue

user32

CreateWindowExA
ShowWindow
MoveWindow
BringWindowToTop
GetDlgItem
SendMessageA
GetDC
BeginPaint
InvalidateRect
GetClientRect
HideCaret
OffsetRect
GetWindowLongA
SetActiveWindow
SetClassLongA
LoadImageA
CopyImage
EnumDisplayDevicesW

gdi32

MoveToEx
GetObjectA
SetStretchBltMode
SetDCPenColor
SelectObject
Rectangle
LineTo
GetStockObject
GetCurrentObject
DeleteObject
CreateSolidBrush
CreatePen

winspool.drv

DeletePortA

comdlg32

ChooseColorA

shell32

SHGetDesktopFolder

ole32

StringFromGUID2
CoCreateInstance
CoSetProxyBlanket
CoInitializeSecurity
CoInitializeEx
CoInitialize
CoUninitialize
CoCreateGuid

oleaut32

VariantChangeType
VariantClear
VariantInit
SysFreeString
SysAllocString

avifil32

AVIStreamWrite

winmm

auxOutMessage
auxGetVolume

crypt32

CertEnumPhysicalStore

comctl32

ImageList_GetImageCount
ImageList_GetImageInfo

pdh

PdhCollectQueryData

wintrust

CryptCATCDFOpen
CryptCATCDFClose
CryptCATCDFEnumMembers

rpcrt4

RpcServerListen

setupapi

CM_Get_DevNode_Registry_PropertyA

quartz

AMGetErrorTextW

Sections

.text
Size: 170KB - Virtual size: 170KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 67KB - Virtual size: 66KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 5KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.text
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 129KB - Virtual size: 128KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 10KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

5ba86f8a483464b471a428d25af86f93

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

user32

gdi32

winspool.drv

comdlg32

shell32

ole32

oleaut32

avifil32

winmm

crypt32

comctl32

pdh

wintrust

rpcrt4

setupapi

quartz

Sections

.text Size: 170KB - Virtual size: 170KB

.rdata Size: 67KB - Virtual size: 66KB

.data Size: 5KB - Virtual size: 13KB

.text Size: 5KB - Virtual size: 5KB

.rsrc Size: 129KB - Virtual size: 128KB

.reloc Size: 10KB - Virtual size: 10KB

.text
Size: 170KB - Virtual size: 170KB

.rdata
Size: 67KB - Virtual size: 66KB

.data
Size: 5KB - Virtual size: 13KB

.text
Size: 5KB - Virtual size: 5KB

.rsrc
Size: 129KB - Virtual size: 128KB

.reloc
Size: 10KB - Virtual size: 10KB