c81be5fe4815d653b861b5848bba5a20N[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

c81be5fe4815d653b861b5848bba5a20N.exe
Size

534KB
MD5

c81be5fe4815d653b861b5848bba5a20
SHA1

91aeaa12ad93267d6419df7fe78bc8ca7ffd2961
SHA256

4f4d4538610f254ab667c95be9be67a74f154ffcbf00ab448d55657ebc7b5fc4
SHA512

37b7af75090496d2bfe95b1b6c8874cec34ea00984974b124cea6697a2e69d3dffc07a9ae882c51a21c461b65d2a9fc555e68d1060859a1e882dc5ce9e968476
SSDEEP

12288:PBv3mhYy7oqIfcK8M1icsltXw4OJ7Pp75lrFc3XLXDHC:Zv3mhYywfcqmth2NbFc3XbW

Score

3^/10

Malware Config

Signatures

Unsigned PE 4 IoCs

Checks for missing Authenticode signature.

resource
c81be5fe4815d653b861b5848bba5a20N.exe
unpack001/$SYSDIR/drivers/ntiowp.sys
unpack001/CPUFSB.exe
unpack001/coolsec.dll

NSIS installer 1 IoCs

installer

resource	yara_rule
sample	nsis_installer_1

Files

c81be5fe4815d653b861b5848bba5a20N.exe
.exe windows:4 windows x86 arch:x86

9632e80596371cfa7f563f680f3c4498

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

comctl32

ImageList_AddMasked
ord17
ImageList_Destroy
ImageList_Create

kernel32

SetErrorMode
GetExitCodeProcess
WaitForSingleObject
ExpandEnvironmentStringsA
GetEnvironmentVariableA
lstrcmpiA
FindNextFileA
DeleteFileA
FindFirstFileA
SetFileTime
GetFileAttributesA
CompareFileTime
SearchPathA
GetShortPathNameA
GetFullPathNameA
MoveFileA
lstrcatA
SetCurrentDirectoryA
CreateDirectoryA
SetFileAttributesA
CreateFileA
GetFileSize
GetModuleFileNameA
GetTickCount
GetModuleHandleA
ExitProcess
lstrcpynA
GetCommandLineA
GetWindowsDirectoryA
GetTempPathA
GetUserDefaultLangID
GetDiskFreeSpaceA
GetVersion
GlobalUnlock
GlobalLock
GlobalAlloc
CreateProcessA
RemoveDirectoryA
GetTempFileNameA
SetEndOfFile
UnmapViewOfFile
MapViewOfFile
CreateFileMappingA
lstrcpyA
lstrlenA
GetSystemDirectoryA
EnterCriticalSection
Sleep
LeaveCriticalSection
InitializeCriticalSection
CloseHandle
GlobalFree
LoadLibraryA
GetProcAddress
CreateThread
FreeLibrary
MultiByteToWideChar
GetCurrentProcess
WritePrivateProfileStringA
GetPrivateProfileStringA
WriteFile
ReadFile
SetFilePointer
FindClose
MulDiv
CopyFileA

user32

CharNextA
DialogBoxParamA
GetClassInfoA
CreateWindowExA
SystemParametersInfoA
RegisterClassA
EndDialog
ScreenToClient
GetWindowRect
SetClassLongA
IsWindowEnabled
SetWindowPos
GetSysColor
GetWindowLongA
LoadCursorA
SetCursor
CheckDlgButton
GetMessagePos
LoadBitmapA
CallWindowProcA
IsWindowVisible
CloseClipboard
SetClipboardData
EmptyClipboard
OpenClipboard
TrackPopupMenu
AppendMenuA
CreatePopupMenu
GetSystemMetrics
SetDlgItemTextA
GetDlgItemTextA
MessageBoxA
CharPrevA
CreateDialogParamA
DestroyWindow
SetTimer
SetWindowTextA
SetForegroundWindow
ShowWindow
wsprintfA
SendMessageTimeoutA
FindWindowExA
IsWindow
GetDlgItem
SetWindowLongA
LoadImageA
GetDC
EnableWindow
PeekMessageA
DispatchMessageA
ExitWindowsEx
InvalidateRect
SendMessageA
DefWindowProcA
BeginPaint
GetClientRect
FillRect
DrawTextA
EndPaint
PostQuitMessage

gdi32

GetDeviceCaps
CreateFontIndirectA
DeleteObject
CreateBrushIndirect
CreateFontA
SetBkMode
SetTextColor
SetBkColor
SelectObject

advapi32

RegEnumValueA
RegEnumKeyA
RegQueryValueExA
RegSetValueExA
RegDeleteKeyA
RegOpenKeyExA
RegDeleteValueA
RegCreateKeyA
RegCloseKey

shell32

ShellExecuteA
SHBrowseForFolderA
SHGetPathFromIDListA
SHGetMalloc
SHGetSpecialFolderLocation
SHFileOperationA

ole32

OleInitialize
OleUninitialize
CoCreateInstance

version

GetFileVersionInfoSizeA
GetFileVersionInfoA
VerQueryValueA

Sections

.text
Size: 23KB - Virtual size: 23KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 107KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.ndata
Size: - Virtual size: 32KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 3KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
$SYSDIR/drivers/ntiowp.sys
.sys windows:4 windows x86 arch:x86

abe725275fe1df48bb98ad183df78731

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

ntoskrnl.exe

IoGetCurrentProcess
Ke386QueryIoAccessMap
sprintf
strncmp
Ke386IoSetAccessProcess
MmMapIoSpace
IofCompleteRequest
IoDeleteSymbolicLink
DbgPrint
Ke386SetIoAccessMap
KeDelayExecutionThread
RtlInitUnicodeString
IoCreateDevice
IoCreateSymbolicLink
MmUnmapIoSpace
IoDeleteDevice

hal

READ_PORT_USHORT
READ_PORT_ULONG
WRITE_PORT_ULONG
WRITE_PORT_UCHAR
READ_PORT_UCHAR
WRITE_PORT_USHORT

Sections

.text
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 864B - Virtual size: 852B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 768B - Virtual size: 760B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.reloc
Size: 672B - Virtual size: 658B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$SYSDIR/iowp9598.vxd
CPUFSB.exe
.exe windows:4 windows x86 arch:x86

5023cead86aa156725fda594045e0df1

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

mfc42

ord4627
ord4425
ord3597
ord641
ord324
ord825
ord3663
ord3626
ord795
ord800
ord2414
ord2301
ord4234
ord4710
ord6334
ord6241
ord858
ord860
ord6199
ord2818
ord3092
ord1200
ord540
ord939
ord940
ord823
ord941
ord6648
ord5981
ord2642
ord2864
ord3744
ord2629
ord798
ord2652
ord1199
ord1669
ord1168
ord533
ord922
ord4673
ord537
ord4274
ord6375
ord4486
ord2554
ord2512
ord5731
ord3922
ord1089
ord5199
ord2396
ord3346
ord5300
ord5302
ord2725
ord4079
ord4698
ord5307
ord4080
ord5714
ord4622
ord4424
ord3738
ord561
ord815
ord4220
ord2584
ord3654
ord617
ord2438
ord6117
ord2621
ord5214
ord296
ord3573
ord1146
ord4160
ord2863
ord6215
ord2379
ord755
ord470
ord6270
ord926
ord1644
ord613
ord289
ord1175
ord2302
ord5148
ord6453
ord3402
ord3619
ord6055
ord1776
ord5290
ord3721
ord1641
ord567
ord4275
ord5875
ord3874
ord3522
ord535
ord1768
ord6111
ord4694
ord2370
ord2358
ord1929
ord2860
ord3797
ord6197
ord6379
ord2086
ord3079
ord3825
ord3831
ord3830
ord2976
ord3081
ord2985
ord3262
ord3136
ord4465
ord3259
ord3147
ord2982
ord5277
ord2124
ord2446
ord5261
ord1727
ord5065
ord3749
ord6376
ord2055
ord2648
ord4441
ord4837
ord3798
ord5280
ord4353
ord6374
ord5163
ord2385
ord5241
ord4407
ord1775
ord4078
ord6052
ord2514
ord4998
ord4853
ord4376
ord5289
ord5265
ord1576

msvcrt

__set_app_type
__p__fmode
__p__commode
_adjust_fdiv
__setusermatherr
_initterm
__getmainargs
_acmdln
_XcptFilter
_exit
?terminate@@YAXXZ
_onexit
__dllonexit
free
setlocale
_strdup
fscanf
strchr
strrchr
strncmp
rewind
_setmbcp
__CxxFrameHandler
fwrite
fclose
sprintf
ctime
time
fopen
malloc
_ftol
strncpy
exit
floor
_except_handler3
difftime
_ftime
_mbsnbcmp
fgets
_controlfp

kernel32

GetUserDefaultLangID
GetSystemInfo
GetVersionExA
CreateMutexA
GetModuleHandleA
GetStartupInfoA
SetPriorityClass
GetCurrentThread
SetThreadAffinityMask
QueryPerformanceFrequency
QueryPerformanceCounter
GlobalMemoryStatus
WaitForSingleObject
CreateFileA
Sleep
GetLastError
GetCurrentProcess
DeviceIoControl
CloseHandle
ReleaseMutex
LoadLibraryA
SetThreadPriority
GetProcAddress
FreeLibrary

user32

IsIconic
PostMessageA
GetCursorPos
CreatePopupMenu
SetForegroundWindow
ShowWindow
GetSysColor
RedrawWindow
UpdateWindow
InvalidateRect
SetCursor
SetWindowLongA
MessageBeep
BringWindowToTop
GetSystemMetrics
GetSystemMenu
AppendMenuA
SendMessageA
RegisterWindowMessageA
LoadIconA
FindWindowA
GetWindowDC
LoadImageA
GetDC
FillRect
CreateIcon
ReleaseDC
CreateIconIndirect
SetCapture
SetFocus
ReleaseCapture
SetActiveWindow
GetClientRect
DestroyIcon
EnableWindow
DrawIcon

gdi32

CreateFontIndirectA
CreateFontA
CreateDIBitmap
CreateCompatibleDC
CreateCompatibleBitmap
CreateBitmap
SelectObject
GetStockObject
SetTextColor
SetBkColor
TextOutA
GetObjectA
GetBitmapBits
DeleteDC
DeleteObject
CreateSolidBrush

shell32

Shell_NotifyIconA
ShellExecuteA

Sections

.text
Size: 148KB - Virtual size: 147KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 20KB - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 116KB - Virtual size: 140KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 92KB - Virtual size: 90KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
coolsec.dll
.dll windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Exports

Exports

PCG01
PCG02
PCG04
PCG05
PCG06
PCG07
PCG08

Sections

Size: 8KB - Virtual size: 5KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Size: 4KB - Virtual size: 1018B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Size: 8KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Size: 88KB - Virtual size: 88KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
cpufsbd.cnt
cpufsbd.hlp
cpufsbe.cnt
cpufsbe.hlp
messages.txt

Sharing

General

Malware Config

Signatures

Files

9632e80596371cfa7f563f680f3c4498

Headers

File Characteristics

Imports

comctl32

kernel32

user32

gdi32

advapi32

shell32

ole32

version

Sections

.text Size: 23KB - Virtual size: 23KB

.rdata Size: 4KB - Virtual size: 4KB

.data Size: 1024B - Virtual size: 107KB

.ndata Size: - Virtual size: 32KB

.rsrc Size: 3KB - Virtual size: 4KB

abe725275fe1df48bb98ad183df78731

Headers

File Characteristics

Imports

ntoskrnl.exe

hal

Sections

.text Size: 6KB - Virtual size: 6KB

.data Size: 864B - Virtual size: 852B

.rsrc Size: 768B - Virtual size: 760B

.reloc Size: 672B - Virtual size: 658B

5023cead86aa156725fda594045e0df1

Headers

File Characteristics

Imports

mfc42

msvcrt

kernel32

user32

gdi32

shell32

Sections

.text Size: 148KB - Virtual size: 147KB

.rdata Size: 20KB - Virtual size: 17KB

.data Size: 116KB - Virtual size: 140KB

.rsrc Size: 92KB - Virtual size: 90KB

Headers

File Characteristics

Exports

Exports

Sections

Size: 8KB - Virtual size: 5KB

Size: 4KB - Virtual size: 1KB

Size: 4KB - Virtual size: 1018B

Size: 8KB - Virtual size: 6KB

Size: 88KB - Virtual size: 88KB

.text
Size: 23KB - Virtual size: 23KB

.rdata
Size: 4KB - Virtual size: 4KB

.data
Size: 1024B - Virtual size: 107KB

.ndata
Size: - Virtual size: 32KB

.rsrc
Size: 3KB - Virtual size: 4KB

.text
Size: 6KB - Virtual size: 6KB

.data
Size: 864B - Virtual size: 852B

.rsrc
Size: 768B - Virtual size: 760B

.reloc
Size: 672B - Virtual size: 658B

.text
Size: 148KB - Virtual size: 147KB

.rdata
Size: 20KB - Virtual size: 17KB

.data
Size: 116KB - Virtual size: 140KB

.rsrc
Size: 92KB - Virtual size: 90KB