cccfa1c9e1307012ea5d51c8efa44b80N[.]exe

Sharing

Copy URL

Twitter E-mail

General

Target

cccfa1c9e1307012ea5d51c8efa44b80N.exe
Size

803KB
MD5

cccfa1c9e1307012ea5d51c8efa44b80
SHA1

43d751c3b906c076438541b04dfc9a07493b30f4
SHA256

ab4715573b7ae90b47166b24f7b9b6c7cceeccabb732d55d7618e5b112a6c515
SHA512

241cffe6a2f157cbf1be94905bc0a71c095db8038f1bafd0525a9f479e7778d58b462f5b782e7fbf3f424b3f65f979e392aebe24b01140adc0eace82000d2a2c
SSDEEP

12288:M8SkHDCDTGJeutF1pcVqqLVjO8TQ5KfAIasG+o0eY7YGAZ5l:ZkVmOV3O80m/asDodmY9

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
cccfa1c9e1307012ea5d51c8efa44b80N.exe

Files

cccfa1c9e1307012ea5d51c8efa44b80N.exe
.exe windows:5 windows x86 arch:x86

e8e1c9a8bdcceb6c39aa393c0d234263

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

c:\bwa\iTunesWin-1000.68.1\srcroot\BuildResults\Production\iPodService.pdb

Imports

cfgmgr32

CM_Get_Device_ID_Size
CM_Get_Device_IDA
CM_Get_Parent
CM_Get_DevNode_Status
CM_Query_And_Remove_SubTreeW
CM_Setup_DevNode
CMP_WaitNoPendingInstallEvents

setupapi

SetupDiEnumDeviceInterfaces
SetupDiEnumDeviceInfo
SetupDiDestroyDeviceInfoList
SetupDiGetDeviceInterfaceDetailA
SetupDiGetDeviceInstallParamsA
SetupDiCallClassInstaller
SetupDiSetClassInstallParamsA
SetupDiGetClassDevsA
SetupDiGetDeviceRegistryPropertyA

version

GetFileVersionInfoW
GetFileVersionInfoSizeW
VerQueryValueA

rpcrt4

UuidFromStringW

kernel32

CloseHandle
OpenMutexA
GetCommandLineA
SizeofResource
LoadResource
FindResourceA
LoadLibraryExA
CreateMutexA
SetErrorMode
WaitForSingleObject
CreateEventA
GetCurrentProcess
GetCurrentThread
GetCurrentThreadId
Sleep
CreateThread
OutputDebugStringA
SetEvent
WaitForMultipleObjects
Process32Next
Process32First
CreateToolhelp32Snapshot
lstrcpyA
OpenEventA
TerminateThread
GetExitCodeThread
DeviceIoControl
CreateFileA
GetOverlappedResult
LoadLibraryA
GetTimeZoneInformation
ReadFile
GetFileSize
GetVolumeInformationA
GetTickCount
GetLocalTime
GetSystemTimeAsFileTime
IsDBCSLeadByte
FlushFileBuffers
WriteFile
GetLogicalDrives
GetFileAttributesA
InitializeCriticalSectionAndSpinCount
GetDiskFreeSpaceExA
GetFileAttributesExA
GetLogicalDriveStringsA
CopyFileW
SetFilePointer
CreateFileW
GetModuleFileNameW
DebugBreak
ReleaseSemaphore
CreateSemaphoreA
HeapSetInformation
GlobalFree
GlobalAlloc
GetLocaleInfoW
GetUserDefaultLCID
GetSystemDefaultLangID
HeapFree
GetProcessHeap
GetCurrentProcessId
QueryPerformanceCounter
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsA
HeapSize
GetFileType
SetHandleCount
GetStdHandle
ExitProcess
HeapCreate
VirtualFree
LCMapStringW
LCMapStringA
SetLastError
SetEnvironmentVariableA
TlsFree
TlsSetValue
TlsAlloc
GetModuleHandleW
GetModuleFileNameA
lstrcmpiA
lstrlenA
GetModuleHandleA
InterlockedDecrement
InterlockedIncrement
LoadLibraryW
GetProcAddress
FreeLibrary
VerSetConditionMask
VerifyVersionInfoA
GetLastError
DeleteCriticalSection
InitializeCriticalSection
LeaveCriticalSection
EnterCriticalSection
RaiseException
lstrlenW
WideCharToMultiByte
MultiByteToWideChar
GetStringTypeA
GetStringTypeW
GetLocaleInfoA
GetConsoleCP
GetConsoleMode
SetStdHandle
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
CompareStringA
CompareStringW
TryEnterCriticalSection
TlsGetValue
IsValidCodePage
GetOEMCP
GetACP
GetCPInfo
GetStartupInfoA
HeapReAlloc
ExitThread
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
TerminateProcess
RtlUnwind
VirtualQuery
GetSystemInfo
VirtualAlloc
VirtualProtect
HeapAlloc

user32

LoadStringA
CharNextA
RegisterClassA
CreateWindowExA
PostQuitMessage
RegisterDeviceNotificationA
GetPropA
DefWindowProcA
DestroyWindow
SetPropA
SetTimer
SendMessageA
wsprintfA
GetMessageA
DispatchMessageA
TranslateMessage
MessageBoxA
CharNextW
PostThreadMessageA
CharUpperA
UnregisterDeviceNotification

advapi32

RegDeleteValueA
RegCloseKey
RegCreateKeyExA
RegOpenKeyExA
RegQueryValueExA
RegSetValueExA
RegQueryInfoKeyA
CloseServiceHandle
RegOpenKeyExW
RegQueryValueExW
OpenThreadToken
OpenProcessToken
GetTokenInformation
SetSecurityDescriptorGroup
SetSecurityDescriptorOwner
IsValidSid
GetLengthSid
CopySid
LockServiceDatabase
ChangeServiceConfig2A
UnlockServiceDatabase
QueryServiceStatusEx
InitializeSecurityDescriptor
SetSecurityDescriptorDacl
StartServiceCtrlDispatcherA
RegisterServiceCtrlHandlerA
ControlService
DeleteService
CreateServiceA
RegEnumKeyExA
SetServiceStatus
RegisterEventSourceA
ReportEventA
DeregisterEventSource
OpenSCManagerA
OpenServiceA
RegDeleteKeyA

ole32

CoTaskMemFree
CoUninitialize
CoTaskMemRealloc
CoInitializeEx
StringFromGUID2
CoCreateInstance
CoRevokeClassObject
CoRegisterClassObject
CoSuspendClassObjects
CoInitializeSecurity
CoResumeClassObjects
IIDFromString
CoTaskMemAlloc

oleaut32

UnRegisterTypeLi
RegisterTypeLi
VarUI4FromStr
LoadRegTypeLi
SysAllocStringByteLen
SysStringByteLen
SafeArrayUnaccessData
SafeArrayAccessData
SafeArrayGetUBound
SafeArrayGetLBound
SafeArrayCreateVector
VariantClear
LoadTypeLi
SysAllocString
SysFreeString
SysStringLen

Sections

.text
Size: 292KB - Virtual size: 292KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 79KB - Virtual size: 78KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 11KB - Virtual size: 19KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 386KB - Virtual size: 386KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 32KB - Virtual size: 32KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

e8e1c9a8bdcceb6c39aa393c0d234263

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

cfgmgr32

setupapi

version

rpcrt4

kernel32

user32

advapi32

ole32

oleaut32

Sections

.text Size: 292KB - Virtual size: 292KB

.rdata Size: 79KB - Virtual size: 78KB

.data Size: 11KB - Virtual size: 19KB

.rsrc Size: 386KB - Virtual size: 386KB

.reloc Size: 32KB - Virtual size: 32KB

.text
Size: 292KB - Virtual size: 292KB

.rdata
Size: 79KB - Virtual size: 78KB

.data
Size: 11KB - Virtual size: 19KB

.rsrc
Size: 386KB - Virtual size: 386KB

.reloc
Size: 32KB - Virtual size: 32KB