anuario-cielo[.]doc[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

anuario-cielo.doc.exe
Size

148KB
MD5

546fa31bb7a4164ca25c8667d4352338
SHA1

6a64249bc0a2767569e49f54dc96c3f87f3ab150
SHA256

60db904b68bc85f4fc62388ee5a00569f46d29ee0c88fae5d6c07624d17efcf1
SHA512

58640ec99773538c80d14b3476664a7086f2de89308856c486be8baf8e25f528edfbec2c35024f0264550eac5e4e5bd3cf45ae143aec4a82a95793561ee192c5
SSDEEP

1536:VcWyI/EQVaQ6Jo5ahQKG+oFXX8yZAzKFR+anMZRBwDJjmabEYEIfm75a//KvMtww:OWtKGDnliGF4avCcnKvMtwO2xZ5cay

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
anuario-cielo.doc.exe

Files

anuario-cielo.doc.exe
.exe windows:5 windows x86 arch:x86

cabf8632dc15f66af129bbc9e08c5f20

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

shell32

SHGetSpecialFolderLocation
SHGetPathFromIDListA
SHGetFolderPathA

urlmon

URLDownloadToFileA

kernel32

FindResourceA
LoadResource
FindResourceExA
WideCharToMultiByte
SizeofResource
MultiByteToWideChar
GetProcAddress
LoadLibraryA
LockResource
GetModuleFileNameA
GetTickCount
GetComputerNameA
GetCurrentProcess
GetLastError
SetProcessWorkingSetSize
CreateMutexA
PeekNamedPipe
WaitForSingleObject
CreateProcessA
ReadFile
CreatePipe
DuplicateHandle
CloseHandle
GetVersionExA
SetStdHandle
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
CreateFileA
Sleep
GetSystemTimeAsFileTime
SetEnvironmentVariableA
CompareStringW
CompareStringA
GetConsoleMode
GetConsoleCP
SetFilePointer
GetLocaleInfoA
RaiseException
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSection
DeleteCriticalSection
HeapDestroy
HeapAlloc
HeapFree
HeapReAlloc
HeapSize
GetProcessHeap
FlushFileBuffers
TerminateProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
GetCommandLineA
GetStartupInfoA
RtlUnwind
HeapCreate
VirtualFree
VirtualAlloc
GetModuleHandleW
ExitProcess
WriteFile
GetStdHandle
GetCPInfo
InterlockedIncrement
InterlockedDecrement
GetACP
GetOEMCP
IsValidCodePage
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
SetLastError
GetCurrentThreadId
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
SetHandleCount
GetFileType
QueryPerformanceCounter
GetCurrentProcessId
InitializeCriticalSectionAndSpinCount
LCMapStringA
LCMapStringW
GetStringTypeA
GetStringTypeW

advapi32

RegCloseKey
RegOpenKeyExA
RegCreateKeyA
RegQueryValueExA
RegSetValueExA
GetUserNameA

ole32

CoInitialize
CoCreateInstance
CoUninitialize

oleaut32

VariantClear
SysStringLen
SysFreeString
SysAllocStringLen

Sections

.text
Size: 118KB - Virtual size: 117KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 22KB - Virtual size: 21KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

cabf8632dc15f66af129bbc9e08c5f20

Headers

DLL Characteristics

File Characteristics

Imports

shell32

urlmon

kernel32

advapi32

ole32

oleaut32

Sections

.text Size: 118KB - Virtual size: 117KB

.rdata Size: 22KB - Virtual size: 21KB

.data Size: 4KB - Virtual size: 11KB

.rsrc Size: 2KB - Virtual size: 2KB

.text
Size: 118KB - Virtual size: 117KB

.rdata
Size: 22KB - Virtual size: 21KB

.data
Size: 4KB - Virtual size: 11KB

.rsrc
Size: 2KB - Virtual size: 2KB