cb21516dd905626ae44e385fafb1a100N

Sharing

Copy URL Twitter E-mail

General

Target

cb21516dd905626ae44e385fafb1a100N
Size

2.1MB
MD5

cb21516dd905626ae44e385fafb1a100
SHA1

29978038a2611d140a90b77674ba592c7f3adf7b
SHA256

a4f590fe72c2bb50d764ad259d45852cb4a43573823f3390d12d5f4c899b0f79
SHA512

6e40239b11c39a55be68200c0a3ce26f25e39cfbee567807575c06087abef59a649e6d9a5ea61a0210733be8db27848a4e41289e1cee88538bc866a3000881ff
SSDEEP

49152:n+ADFznCPh/qNwffAj3g/bTqSk6BLrXySGkdwGJ:+ADA/lgQ/6SzrXyI

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
cb21516dd905626ae44e385fafb1a100N

Files

cb21516dd905626ae44e385fafb1a100N
.exe windows:6 windows x64 arch:x64

340c57288ed22064f4eddb0afd6e56ce

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

dwmapi

DwmExtendFrameIntoClientArea

kernel32

CreateEventW
GlobalAlloc
GlobalFree
GlobalLock
GlobalUnlock
QueryPerformanceFrequency
QueryPerformanceCounter
Process32First
GetConsoleScreenBufferInfo
SetConsoleTextAttribute
VirtualFree
SetConsoleTitleA
GetCurrentProcess
GetStdHandle
WriteFile
VirtualAlloc
TerminateProcess
InitializeCriticalSectionEx
GetVolumeInformationA
WaitForSingleObjectEx
CreateToolhelp32Snapshot
MultiByteToWideChar
Sleep
GetLastError
CreateFileA
Process32Next
CloseHandle
LoadLibraryW
CreateThread
Beep
GetProcAddress
DeleteCriticalSection
ExitProcess
GetModuleHandleW
WideCharToMultiByte
GetConsoleWindow
IsDebuggerPresent
ResetEvent
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsProcessorFeaturePresent
SetEvent
InitializeCriticalSectionAndSpinCount
GetCurrentProcessId
LeaveCriticalSection
GetModuleHandleA
GetCurrentThreadId
GetSystemTimeAsFileTime
InitializeSListHead
OutputDebugStringW
EnterCriticalSection

user32

GetWindow
DispatchMessageA
DestroyWindow
SetWindowPos
keybd_event
ShowWindow
GetAsyncKeyState
SetWindowLongA
MessageBoxA
GetForegroundWindow
DefWindowProcA
CreateWindowExA
SetClipboardData
GetWindowThreadProcessId
mouse_event
PeekMessageA
UnregisterClassA
PostQuitMessage
FindWindowA
RegisterClassExA
UpdateWindow
GetKeyState
LoadCursorA
ScreenToClient
GetActiveWindow
GetCapture
ClientToScreen
SetCapture
SetCursor
GetClientRect
ReleaseCapture
TranslateMessage
GetClipboardData
EmptyClipboard
CloseClipboard
OpenClipboard
GetCursorPos
SetCursorPos

imm32

ImmReleaseContext
ImmSetCompositionWindow
ImmGetContext

msvcp140

?getloc@ios_base@std@@QEBA?AVlocale@2@XZ
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@P6AAEAV01@AEAV01@@Z@Z
?_Getcat@?$ctype@D@std@@SA_KPEAPEBVfacet@locale@2@PEBV42@@Z
??Bid@locale@std@@QEAA_KXZ
_Query_perf_frequency
??1_Lockit@std@@QEAA@XZ
??0_Lockit@std@@QEAA@H@Z
?_Throw_Cpp_error@std@@YAXH@Z
?cout@std@@3V?$basic_ostream@DU?$char_traits@D@std@@@1@A
?_Getgloballocale@locale@std@@CAPEAV_Locimp@12@XZ
?uncaught_exception@std@@YA_NXZ
?cin@std@@3V?$basic_istream@DU?$char_traits@D@std@@@1@A
?_Xout_of_range@std@@YAXPEBD@Z
?_Throw_C_error@std@@YAXH@Z
?id@?$ctype@D@std@@2V0locale@2@A
?_Random_device@std@@YAIXZ
?_Xlength_error@std@@YAXPEBD@Z
_Cnd_do_broadcast_at_thread_exit
_Thrd_sleep
_Query_perf_counter
_Thrd_detach
_Xtime_get_ticks
?_Ipfx@?$basic_istream@DU?$char_traits@D@std@@@std@@QEAA_N_N@Z
?snextc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAAHXZ
?_Osfx@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAXXZ
?sputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAA_JPEBD_J@Z
?put@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@D@Z
?flush@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@XZ
?setstate@?$basic_ios@DU?$char_traits@D@std@@@std@@QEAAXH_N@Z
?widen@?$basic_ios@DU?$char_traits@D@std@@@std@@QEBADD@Z
?sgetc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAAHXZ
?sputc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAAHD@Z

winhttp

WinHttpGetProxyForUrl
WinHttpGetIEProxyConfigForCurrentUser
WinHttpReceiveResponse
WinHttpOpen
WinHttpAddRequestHeaders
WinHttpSetTimeouts
WinHttpReadData
WinHttpOpenRequest
WinHttpSetOption
WinHttpWriteData
WinHttpConnect
WinHttpCrackUrl
WinHttpQueryDataAvailable
WinHttpCloseHandle
WinHttpQueryHeaders
WinHttpSendRequest

d3d9

Direct3DCreate9Ex

crypt32

CryptBinaryToStringA

vcruntime140_1

__CxxFrameHandler4

vcruntime140

__std_exception_destroy
memcmp
memmove
_CxxThrowException
memset
__current_exception_context
__current_exception
__std_exception_copy
memcpy
__C_specific_handler
strstr
__std_terminate
memchr

api-ms-win-crt-stdio-l1-1-0

_wfopen
fflush
__acrt_iob_func
ftell
__p__commode
__stdio_common_vswprintf
fseek
__stdio_common_vfprintf
fwrite
__stdio_common_vsnwprintf_s
__stdio_common_vsnprintf_s
_set_fmode
__stdio_common_vsprintf_s
__stdio_common_vsscanf
fread
__stdio_common_vsprintf
fclose

api-ms-win-crt-string-l1-1-0

isprint
_wcslwr_s
_wcsicmp
iswdigit
strncpy
wcscpy_s
strcmp
wcsncmp
_wcsnicmp

api-ms-win-crt-utility-l1-1-0

rand
srand
qsort

api-ms-win-crt-heap-l1-1-0

calloc
_callnewh
malloc
_set_new_mode
free

api-ms-win-crt-convert-l1-1-0

_wtoi
atof
wcstol

api-ms-win-crt-runtime-l1-1-0

_invalid_parameter_noinfo
_beginthreadex
exit
_register_thread_local_exe_atexit_callback
system
_invalid_parameter_noinfo_noreturn
_initterm_e
_errno
_configure_narrow_argv
_initialize_narrow_environment
_initialize_onexit_table
_register_onexit_function
_crt_atexit
_cexit
_seh_filter_exe
_set_app_type
terminate
_get_initial_narrow_environment
_initterm
_c_exit
_exit
__p___argv
__p___argc

api-ms-win-crt-time-l1-1-0

clock
_time64

api-ms-win-crt-filesystem-l1-1-0

remove

api-ms-win-crt-math-l1-1-0

cosf
ceilf
fmodf
sqrtf
sinf
__setusermatherr
floorf
powf

api-ms-win-crt-conio-l1-1-0

_getch

api-ms-win-crt-multibyte-l1-1-0

_mbsicmp

api-ms-win-crt-locale-l1-1-0

_configthreadlocale

ntdll

RtlLookupFunctionEntry
RtlCaptureContext
RtlVirtualUnwind

Sections

.text
Size: 262KB - Virtual size: 261KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 52KB - Virtual size: 51KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1.8MB - Virtual size: 1.8MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 11KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 512B - Virtual size: 488B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 224B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

340c57288ed22064f4eddb0afd6e56ce

Headers

DLL Characteristics

File Characteristics

Imports

dwmapi

kernel32

user32

imm32

msvcp140

winhttp

d3d9

crypt32

vcruntime140_1

vcruntime140

api-ms-win-crt-stdio-l1-1-0

api-ms-win-crt-string-l1-1-0

api-ms-win-crt-utility-l1-1-0

api-ms-win-crt-heap-l1-1-0

api-ms-win-crt-convert-l1-1-0

api-ms-win-crt-runtime-l1-1-0

api-ms-win-crt-time-l1-1-0

api-ms-win-crt-filesystem-l1-1-0

api-ms-win-crt-math-l1-1-0

api-ms-win-crt-conio-l1-1-0

api-ms-win-crt-multibyte-l1-1-0

api-ms-win-crt-locale-l1-1-0

ntdll

Sections

.text Size: 262KB - Virtual size: 261KB

.rdata Size: 52KB - Virtual size: 51KB

.data Size: 1.8MB - Virtual size: 1.8MB

.pdata Size: 11KB - Virtual size: 10KB

.rsrc Size: 512B - Virtual size: 488B

.reloc Size: 512B - Virtual size: 224B

.text
Size: 262KB - Virtual size: 261KB

.rdata
Size: 52KB - Virtual size: 51KB

.data
Size: 1.8MB - Virtual size: 1.8MB

.pdata
Size: 11KB - Virtual size: 10KB

.rsrc
Size: 512B - Virtual size: 488B

.reloc
Size: 512B - Virtual size: 224B