9c7879f2baaa14f4dd08d6bb29c1e5fdabca1876cefe51f45d623658b283ec38

Sharing

Copy URL Twitter E-mail

General

Target

9c7879f2baaa14f4dd08d6bb29c1e5fdabca1876cefe51f45d623658b283ec38
Size

9.0MB
MD5

c325936098e9926a09d59f373d28a4fc
SHA1

2cf36f5790f947f6c9dcfe1bf7770ab99777bcbe
SHA256

9c7879f2baaa14f4dd08d6bb29c1e5fdabca1876cefe51f45d623658b283ec38
SHA512

9023eb6070d18797a6b14c7baf594d831792946bf5f96b85cc9320f91a93d028e02a3dbc18a3bf5457dafa3811256251263564713e3fe0f9f5a62fcb66167ba9
SSDEEP

196608:ZYic0uT7QCb2amtd3LGS967R26KUsJDYeI/0R:ZG

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
9c7879f2baaa14f4dd08d6bb29c1e5fdabca1876cefe51f45d623658b283ec38

Files

9c7879f2baaa14f4dd08d6bb29c1e5fdabca1876cefe51f45d623658b283ec38
.exe windows:1 windows x86 arch:x86

5c4e5c154d2a46ca7c2fff41984a6a15

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Imports

advapi32

AdjustTokenPrivileges
DeregisterEventSource
GetUserNameA
LookupPrivilegeValueA
OpenProcessToken
RegCloseKey
RegCreateKeyExA
RegisterEventSourceA
RegOpenKeyExA
RegQueryValueExA
RegSetValueExA
ReportEventW

c60ascx

ASCII

c60basx

BASIC

c60db3x

DBASE3

c60dosx

DOS

c60memx

MEMORY

c60runx

Cla$ACCEPTED
Cla$ADDqueue
Cla$ADDqueuekey
Cla$ADDqueueptr
Cla$AddressUfo
Cla$ALERT
Cla$ASK
Cla$AssignLong2RefUfo
Cla$AssignReal2RefUfo
Cla$AssignRefUfo
Cla$BEEP
Cla$BindG
Cla$BindV
Cla$BLOB_GET_PROPERTY
Cla$BLOB_YIELD
Cla$BSHIFT
Cla$CHANGE
Cla$CHOICE
Cla$CLEAR
Cla$ClearBString
Cla$ClearDec
Cla$CLEARqueue
Cla$clearstr
Cla$ClearType
Cla$ClearUfo
Cla$CLOCK
Cla$CloneUfo
Cla$CLOSEwindow
Cla$code
Cla$COMMAND
Cla$COMMIT
Cla$comparestr
Cla$CONVERTANSITOOEM
Cla$CONVERTOEMTOANSI
Cla$CopyFile
Cla$crc32
Cla$CREATE
Cla$DAbs
Cla$DATE
Cla$DAY
Cla$DecAdd
Cla$DecCompareN
Cla$DecDistinct
Cla$DecDistinctR
Cla$DecDivide
Cla$DecDivideR
Cla$DecMul
Cla$DecSub
Cla$DecSubR
Cla$DeepAssign
Cla$DELETEqueue
Cla$DELETEREG
Cla$DESTROY
Cla$DInt
Cla$DISABLE
Cla$DISPLAY
Cla$DISPOSEqueue
Cla$DISPOSEref
Cla$DISPOSEvref
Cla$Dlongpower
Cla$DPopDec
Cla$DPopLong
Cla$DPopPict
Cla$DPopReal
Cla$DPopUlong
Cla$DPushConstant
Cla$DPushDec
Cla$DPushLong
Cla$DPushReal
Cla$DPushStringP
Cla$DPushULong
Cla$DRAGID
Cla$DROPID
Cla$DRound
Cla$DStack2Stack
Cla$DStack2Ufo
Cla$duplicate
Cla$ENABLE
Cla$EndEventLoop
Cla$EndEventLoops
Cla$ENDPAGE
Cla$ERRORCODE
Cla$Evaluate
Cla$EVENT
Cla$FIELD
Cla$FILEDIALOG
Cla$FILEERRORCODE
Cla$FILEERRORMSG
Cla$FileExists
Cla$FILE_ADDf
Cla$FILE_ADDfu
Cla$FILE_APPENDf
Cla$FILE_BUFFER
Cla$FILE_BUILDf
Cla$FILE_BYTES
CLA$FILE_CALLBACK
Cla$FILE_CEOF
Cla$FILE_CLEAR
Cla$FILE_CLOSE
Cla$FILE_COPY
Cla$FILE_CREATE
Cla$FILE_DELETE
CLA$FILE_DESTROY
Cla$FILE_DUPLICATEk
Cla$FILE_EMPTY
Cla$FILE_FLUSH
CLA$FILE_FREESTATE
Cla$FILE_GETfk
Cla$FILE_GETfl
Cla$FILE_GETflu
Cla$FILE_GETNULLS
CLA$FILE_GETSTATE
Cla$FILE_GET_PROPERTY
Cla$FILE_LOCKf
Cla$FILE_NAME
Cla$FILE_NEXT
Cla$FILE_NOMEMO
Cla$FILE_OPEN
Cla$FILE_POINTERf
Cla$FILE_POSITIONf
Cla$FILE_POSITIONk
Cla$FILE_PREV
Cla$FILE_PUTf
Cla$FILE_PUTflu
Cla$FILE_RECORDSf
Cla$FILE_REGETf
Cla$FILE_REGETk
Cla$FILE_REMOVE
Cla$FILE_RESETf
Cla$FILE_RESETk
CLA$FILE_RESTORESTATE
Cla$FILE_SEND
Cla$FILE_SETf
Cla$FILE_SETfl
Cla$FILE_SETk
Cla$FILE_SETkk
Cla$FILE_SETNULLS
Cla$FILE_SET_PROPERTY
Cla$FILE_SHARE
Cla$FILE_STREAM
Cla$FILE_UNLOCK
Cla$FILE_WATCH
Cla$FOCUS
Cla$FreeBStringTmp
Cla$FREEqueue
Cla$FREEqueuea
Cla$freestr
Cla$FreeUfo
Cla$freewindow
Cla$GETINI
Cla$GETPOSITION
Cla$GetPropS
Cla$GETqueuekey
Cla$GETqueueptr
Cla$GETqueueskey
Cla$GETREG
Cla$Group2Ufo
Cla$HALT
Cla$HELP
Cla$HIDE
Cla$init
Cla$INSTANCE
Cla$IsAlpha
Cla$IsUfoString
Cla$IsUpper
Cla$KEYBOARD
Cla$KEYCHAR
Cla$KEYCODE
Cla$KEY_GET_PROPERTY
Cla$LASTFIELD
Cla$LFNDIRECTORY
Cla$LINE
Cla$loadbtdate
Cla$loaddec
Cla$LOGOUT
Cla$Long2Ufo
Cla$LONGPATH
Cla$longtostr
Cla$MakeAString
Cla$MATCH
Cla$Mem2Ufo
Cla$MessageBox
Cla$MONTH
Cla$MOUSEX
Cla$MOUSEY
Cla$NewCriticalSection
Cla$NewMemB
Cla$NewMemT
Cla$NewMemZ
Cla$NEWqueue
Cla$NOTIFICATION
Cla$OPENowned
Cla$OPENwindow
Cla$paopen
Cla$PEEK
Cla$Picture2Ufo
Cla$pmopen
Cla$POINTERqueue
Cla$PopAString
Cla$PopBind
Cla$PopCString
Cla$PopReal
Cla$PopString
Cla$PopTemp
Cla$POPUP
Cla$POST
Cla$PRESSKEY
Cla$PRINTreport
Cla$propen
Cla$PushAString
Cla$PushBind
Cla$PushBString
Cla$PushCString
Cla$PushLong
Cla$PushPictDec
Cla$PushPictLong
Cla$PushReal
Cla$PushString
Cla$PushTemp
Cla$PushUfo
Cla$PushVariant
Cla$PUTINI
Cla$PUTqueue
Cla$PUTqueuekey
Cla$PUTREG
Cla$pwopen
Cla$QUOTE
Cla$RANDOM
Cla$realdistinct
Cla$RECORDSqueue
Cla$RefAssignAny
Cla$REGISTEREVENT
Cla$REGULAR
Cla$RemoveFile
Cla$RenameFile
Cla$ROLLBACK
Cla$rterr
Cla$SELECT
Cla$SELECTED
Cla$SETCLIPBOARD
Cla$SETCURSOR
Cla$SETDROPID
Cla$SETFONT
Cla$SETKEYCODE
Cla$SETPATH
Cla$SETPENCOLOR
Cla$SETPOSITION
Cla$SetPropF
Cla$SetPropQ
Cla$SetPropS
Cla$SetPropV
Cla$SETTARGET
Cla$SHORTPATH
Cla$SORTqueuefkey
Cla$SORTqueuekey
Cla$SORTqueueskey
Cla$Stack2BString
Cla$Stack2DStack
Cla$Stack2Ufo
Cla$StackALL
Cla$StackCLIP
Cla$StackCompare
Cla$StackCompareN
Cla$StackCompareNEQ
Cla$StackCompareR
Cla$StackConcat
Cla$StackConcatR
Cla$StackCONTENTS
Cla$StackDEFORMAT
Cla$StackDEFORMAT2
Cla$StackErrstr
Cla$StackFORMAT2
Cla$StackHeap
Cla$StackINLIST
Cla$StackINSTRING
Cla$StackLEFT
Cla$StackLen
Cla$StackLOWER
Cla$StackNUMERIC
Cla$STACKpop
Cla$StackRIGHT
Cla$StackRotate
Cla$StackSUB
Cla$StackUPPER
Cla$StackVAL
Cla$START
Cla$START2
Cla$StartEventLoop
Cla$StashBP
Cla$STATUSfile
Cla$STOP
Cla$storebtdate
Cla$storecstr
Cla$storedec
Cla$storepstr
Cla$storestr
Cla$String2Ref
Cla$THREAD
Cla$THREAD_FILE
Cla$TODAY
Cla$Ufo2Real
Cla$UfoCompareN
Cla$Ufodistinct
Cla$UfoRealDiff
Cla$UnbindA
Cla$UnbindV
Cla$UNHIDE
Cla$UNREGISTEREVENT
Cla$UPDATE
Cla$VIEW_RESETvf
Cla$VIEW_SETvl
Cla$WHAT
Cla$WHATqueue
Cla$WHERE
Cla$WHO
Cla$WHOqueue
Cla$YEAR
Cla$YIELD
THR$GetInstance
VIEWDRIVER
Wsl$CloseDown
_access
_exit
_fnsplit
_free
_longjmp
_ltoa
_malloc
_memcpy
_remove
_rename
_setjmp
__sysinit
__sysstart

c60tpsx

TOPSPEED

gdi32

CreateEllipticRgn
CreateFontIndirectA
CreateRectRgn
CreateSolidBrush
DeleteObject
GetDeviceCaps
GetTextExtentPoint32A
SelectObject
SetBkColor
SetTextCharacterExtra
SetTextColor

kernel32

CloseHandle
CopyFileA
CreateDirectoryA
CreateFileA
CreateFileMappingA
CreateProcessA
CreateToolhelp32Snapshot
ExpandEnvironmentStringsA
FindClose
FindFirstFileA
FindNextFileA
FormatMessageA
FreeLibrary
GetCurrentProcess
GetDriveTypeA
GetEnvironmentStringsA
GetEnvironmentVariableA
GetFileAttributesA
GetLastError
GetLogicalDrives
GetLogicalDriveStringsA
GetProcAddress
GetProcessHeap
GetSystemDefaultLCID
GetSystemDirectoryA
GetTempFileNameA
GetTimeZoneInformation
GetVolumeInformationA
GetWindowsDirectoryA
HeapFree
LoadLibraryA
MapViewOfFile
MoveFileExA
MulDiv
OpenFile
OpenFileMappingA
OpenProcess
OutputDebugStringA
Process32First
Process32Next
ReadFile
RemoveDirectoryA
SearchPathA
SetEnvironmentVariableA
SetFileAttributesA
SetFileTime
SetLastError
Sleep
SleepEx
SystemTimeToFileTime
TerminateProcess
UnmapViewOfFile
WideCharToMultiByte
WinExec
WriteFile

mpr

WNetGetUniversalNameA

ole32

CoCreateGuid
CoTaskMemFree
StringFromGUID2

shell32

SHBrowseForFolder
ShellExecuteA
Shell_NotifyIconA
SHFormatDrive
SHGetPathFromIDList
SHGetSpecialFolderLocation

user32

BringWindowToTop
CallWindowProcA
ChildWindowFromPoint
DrawIconEx
DrawMenuBar
DrawTextA
ExitWindowsEx
FillRect
FrameRect
GetActiveWindow
GetAsyncKeyState
GetClassLongA
GetClientRect
GetCursorPos
GetDC
GetFocus
GetForegroundWindow
GetMenu
GetMenuItemCount
GetMenuItemInfoA
GetParent
GetSysColor
GetSysColorBrush
GetSystemMenu
GetSystemMetrics
GetWindow
GetWindowLongA
GetWindowTextA
IsMenu
IsWindow
LoadImageA
RegisterHotKey
ReleaseDC
ScreenToClient
SendMessageA
SendNotifyMessageA
SetActiveWindow
SetClassLongA
SetFocus
SetForegroundWindow
SetMenuItemInfoA
SetWindowLongA
SetWindowPos
SetWindowRgn
ShowWindow
SystemParametersInfoA
UnregisterHotKey
WindowFromDC

we60x

ds_SetEndSessionHandler
ds_SetOkToEndSessionHandler
ds_VisibleOnDesktop
WinAlert

winmm

sndPlaySoundA

Sections

.text
Size: 5.8MB - Virtual size: 5.8MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 1.1MB - Virtual size: 1.1MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.cwtls
Size: 104KB - Virtual size: 2.5MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 14KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1.3MB - Virtual size: 1.3MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 713KB - Virtual size: 712KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

5c4e5c154d2a46ca7c2fff41984a6a15

Headers

File Characteristics

Imports

advapi32

c60ascx

c60basx

c60db3x

c60dosx

c60memx

c60runx

c60tpsx

gdi32

kernel32

mpr

ole32

shell32

user32

we60x

winmm

Sections

.text Size: 5.8MB - Virtual size: 5.8MB

.data Size: 1.1MB - Virtual size: 1.1MB

.cwtls Size: 104KB - Virtual size: 2.5MB

.idata Size: 14KB - Virtual size: 13KB

.rsrc Size: 1.3MB - Virtual size: 1.3MB

.reloc Size: 713KB - Virtual size: 712KB

.text
Size: 5.8MB - Virtual size: 5.8MB

.data
Size: 1.1MB - Virtual size: 1.1MB

.cwtls
Size: 104KB - Virtual size: 2.5MB

.idata
Size: 14KB - Virtual size: 13KB

.rsrc
Size: 1.3MB - Virtual size: 1.3MB

.reloc
Size: 713KB - Virtual size: 712KB