1cca86cb29efd0ae80de127366f2cf56fff8745cef80af5f88be758461f5a593

Resubmissions

03/09/2024, 19:04

240903-xrdelatgpk 10

02/09/2024, 06:24

240902-g6an9atgnn 10

Sharing

Copy URL

Twitter E-mail

General

Target

1cca86cb29efd0ae80de127366f2cf56fff8745cef80af5f88be758461f5a593
Size

136KB
MD5

c52270c58ce9328fb48b3200c7f093ac
SHA1

05ebc332d7f53bef53604a7b830b51effb4f998e
SHA256

1cca86cb29efd0ae80de127366f2cf56fff8745cef80af5f88be758461f5a593
SHA512

f1a318a197e214791f26e8ba07acc9cb978c88f11dc204d492152ecd9ad143dfb07b2e66479727433d98af06ad442b5d3a29db855120e6908ca92a903d5400ec
SSDEEP

3072:sK27b6ogl7nMTRItpvt0AHao1SyJwOru6OViL:gyl7M8peoacSyCOvOY

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/1429e0971c8264f8f2a571de617e426f76be1a8dea8b19ff14f0ad4d66e139ff.exe

Files

1cca86cb29efd0ae80de127366f2cf56fff8745cef80af5f88be758461f5a593
.zip

Password: infected
1429e0971c8264f8f2a571de617e426f76be1a8dea8b19ff14f0ad4d66e139ff.exe
.exe windows:6 windows x64 arch:x64

d341178c8e4dad7e37f5facb53c20692

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

user32

wsprintfA

ole32

CoUninitialize
CoInitialize
CoCreateInstance

oleaut32

VariantClear

wininet

InternetOpenUrlW
InternetReadFile
HttpQueryInfoA
InternetCloseHandle
InternetOpenW

shell32

SHGetFolderPathA
SHGetFolderPathW

advapi32

RegCloseKey
RegOpenKeyExW
RegOpenKeyExA
RegDeleteKeyW
RegSetValueExA
GetTokenInformation
GetUserNameW
AdjustTokenPrivileges
LookupPrivilegeValueA
OpenProcessToken
RegSetValueExW

shlwapi

PathFindFileNameW

kernel32

SetFilePointerEx
InitOnceExecuteOnce
GetFileType
FlushFileBuffers
GetStartupInfoW
FlsFree
FlsSetValue
GetConsoleCP
GetConsoleMode
QueryPerformanceCounter
GetTickCount64
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetUserDefaultLocaleName
LCMapStringEx
IsValidLocaleName
EnumSystemLocalesEx
HeapReAlloc
LoadLibraryExW
OutputDebugStringW
ReadConsoleW
SetStdHandle
WriteConsoleW
GetModuleHandleW
CopyFileA
FlsGetValue
FlsAlloc
SetUnhandledExceptionFilter
GetThreadContext
GetTempFileNameW
GetFileSize
SetThreadContext
SetFilePointer
FreeLibrary
GetCurrentProcess
WaitForSingleObject
WriteFile
OpenProcess
GetSystemDirectoryW
LoadLibraryW
GetModuleFileNameW
CreateFileW
GetTempPathW
GetLastError
GetProcAddress
VirtualAllocEx
LoadLibraryA
GetModuleHandleA
Wow64SetThreadContext
CloseHandle
WriteProcessMemory
ResumeThread
Wow64GetThreadContext
CreateThread
HeapAlloc
GetProcessHeap
Sleep
Process32First
CreateRemoteThread
Process32Next
CreateToolhelp32Snapshot
VirtualProtectEx
ExitProcess
GetFileAttributesA
GetModuleFileNameA
LocalFree
FindFirstFileW
MapViewOfFile
UnmapViewOfFile
SetEndOfFile
CreateProcessW
CompareFileTime
VirtualFree
GetWindowsDirectoryA
GetProcessTimes
GetVolumeInformationA
CopyFileW
TerminateProcess
ReadFile
lstrcatA
MultiByteToWideChar
CreateDirectoryA
VirtualAlloc
SetFileAttributesA
FindClose
Process32FirstW
CreateFileMappingA
IsWow64Process
Process32NextW
CreateMutexA
IsDebuggerPresent
FindNextFileW
DeleteFileW
SetFileAttributesW
ExpandEnvironmentStringsW
WideCharToMultiByte
GetStringTypeW
EncodePointer
DecodePointer
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSectionEx
DeleteCriticalSection
GetLocaleInfoEx
HeapFree
IsProcessorFeaturePresent
GetCPInfo
GetSystemTimeAsFileTime
GetCommandLineW
RtlLookupFunctionEntry
RtlUnwindEx
RtlPcToFileHeader
RaiseException
InitializeCriticalSectionAndSpinCount
IsValidCodePage
GetACP
GetOEMCP
SetLastError
GetCurrentThreadId
GetModuleHandleExW
GetStdHandle
HeapSize
RtlCaptureContext
RtlVirtualUnwind
UnhandledExceptionFilter

Sections

.text
Size: 138KB - Virtual size: 138KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 59KB - Virtual size: 59KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 83KB - Virtual size: 93KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 7KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1024B - Virtual size: 800B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 7KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Resubmissions

Sharing

General

Malware Config

Signatures

Files

Password: infected

d341178c8e4dad7e37f5facb53c20692

Headers

DLL Characteristics

File Characteristics

Imports

user32

ole32

oleaut32

wininet

shell32

advapi32

shlwapi

kernel32

Sections

.text Size: 138KB - Virtual size: 138KB

.rdata Size: 59KB - Virtual size: 59KB

.data Size: 83KB - Virtual size: 93KB

.pdata Size: 7KB - Virtual size: 6KB

.rsrc Size: 1024B - Virtual size: 800B

.reloc Size: 7KB - Virtual size: 6KB

.text
Size: 138KB - Virtual size: 138KB

.rdata
Size: 59KB - Virtual size: 59KB

.data
Size: 83KB - Virtual size: 93KB

.pdata
Size: 7KB - Virtual size: 6KB

.rsrc
Size: 1024B - Virtual size: 800B

.reloc
Size: 7KB - Virtual size: 6KB