c1dbcc15fe9411f44061da66a5c7352a1b8ecd73c8d2c3af4c508ecfac0b1485N

Sharing

Copy URL Twitter E-mail

General

Target

c1dbcc15fe9411f44061da66a5c7352a1b8ecd73c8d2c3af4c508ecfac0b1485N
Size

56KB
MD5

f4736eefa40fb26b6cb79f4455445160
SHA1

88c2e45dbe351790cae224c5578eeef5a9f1490d
SHA256

c1dbcc15fe9411f44061da66a5c7352a1b8ecd73c8d2c3af4c508ecfac0b1485
SHA512

a7e8077952d49e2a1f12e4b485fa964ed13acb61d4807f3d79a128e166312af8209bc3a2ead36899b79f945bb5ae94d9cff1fae734e57d506d048f9bd360f6e5
SSDEEP

768:Ul5AMPVLDtyw2iJBgYGl77NXVJVYhY6YRYvYQYfY3Y4YgsjT5dsG3tiNwkhckdMr:GdPn+4sllXn5LtRkpaJxnGY4If

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
c1dbcc15fe9411f44061da66a5c7352a1b8ecd73c8d2c3af4c508ecfac0b1485N

Files

c1dbcc15fe9411f44061da66a5c7352a1b8ecd73c8d2c3af4c508ecfac0b1485N
.dll windows:6 windows x64 arch:x64

6024fe20a1717428d48d924ab6d3c2a3

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

Imports

mgwhelp

StackWalk64
SymCleanup
SymFromAddr
SymFunctionTableAccess64
SymGetLineFromAddr64
SymGetModuleBase64
SymGetOptions
SymInitialize
SymSetOptions
UnDecorateSymbolName

kernel32

CloseHandle
CreateFileA
CreateToolhelp32Snapshot
DeleteCriticalSection
EnterCriticalSection
FlushFileBuffers
GetCurrentProcess
GetCurrentThread
GetDateFormatA
GetLastError
GetLocalTime
GetModuleFileNameA
GetModuleHandleA
GetProcAddress
GetProcessId
GetStdHandle
GetTimeFormatA
GetVersionExA
InitializeCriticalSection
IsWow64Process
K32GetModuleFileNameExA
LeaveCriticalSection
Module32First
Module32Next
OutputDebugStringA
RaiseException
RtlLookupFunctionEntry
RtlRestoreContext
RtlUnwindEx
RtlVirtualUnwind
SetErrorMode
SetFilePointer
SetUnhandledExceptionFilter
Sleep
TlsGetValue
VirtualProtect
VirtualQuery
WriteFile

libc++

_ZNSt11logic_errorC2EPKc
_ZNSt12length_errorD1Ev
_ZNSt3__112basic_stringIcNS_11char_traitsIcEENS_9allocatorIcEEE6appendEPKc
_ZNSt3__112basic_stringIcNS_11char_traitsIcEENS_9allocatorIcEEE6assignEPKc
_ZNSt3__112basic_stringIcNS_11char_traitsIcEENS_9allocatorIcEEE7replaceEyyPKcy
_ZTVN10__cxxabiv117__class_type_infoE
_ZTVN10__cxxabiv120__si_class_type_infoE
_ZTVSt12length_error
_ZdlPv
_Znwy
__cxa_allocate_exception
__cxa_free_exception
__cxa_throw
__gxx_personality_seh0

api-ms-win-crt-private-l1-1-0

memcpy
memmove

api-ms-win-crt-runtime-l1-1-0

__p___argc
__p___argv
__p___wargv
_configure_narrow_argv
_configure_wide_argv
_crt_at_quick_exit
_crt_atexit
_execute_onexit_table
_exit
_initialize_narrow_environment
_initialize_onexit_table
_initialize_wide_environment
_initterm
_register_onexit_function
abort

api-ms-win-crt-string-l1-1-0

isprint
memset
strlen
strncmp
strncpy

api-ms-win-crt-stdio-l1-1-0

__acrt_iob_func
__stdio_common_vfprintf
__stdio_common_vfwprintf
__stdio_common_vsprintf
_close
_open
_write
fclose
feof
fflush
fgetc
fopen
fwrite

api-ms-win-crt-heap-l1-1-0

_set_new_mode
calloc
free
malloc

version

GetFileVersionInfoA
GetFileVersionInfoSizeA
VerQueryValueA

api-ms-win-crt-environment-l1-1-0

__p__environ
__p__wenviron
getenv

shell32

SHGetFolderPathA

advapi32

CryptAcquireContextA
CryptGenRandom
CryptReleaseContext

api-ms-win-crt-time-l1-1-0

__daylight
__timezone
__tzname
_tzset

Exports

Exports

ExcHndlInit
ExcHndlSetLogFileNameA

Sections

.text
Size: 23KB - Virtual size: 23KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 12KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.buildid
Size: 512B - Virtual size: 53B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 443B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 1024B - Virtual size: 996B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.tls
Size: 512B - Virtual size: 16B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 816B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 168B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/3310
Size: 512B - Virtual size: 24B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

6024fe20a1717428d48d924ab6d3c2a3

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

mgwhelp

kernel32

libc++

api-ms-win-crt-private-l1-1-0

api-ms-win-crt-runtime-l1-1-0

api-ms-win-crt-string-l1-1-0

api-ms-win-crt-stdio-l1-1-0

api-ms-win-crt-heap-l1-1-0

version

api-ms-win-crt-environment-l1-1-0

shell32

advapi32

api-ms-win-crt-time-l1-1-0

Exports

Exports

Sections

.text Size: 23KB - Virtual size: 23KB

.rdata Size: 12KB - Virtual size: 12KB

.buildid Size: 512B - Virtual size: 53B

.data Size: 512B - Virtual size: 443B

.pdata Size: 1024B - Virtual size: 996B

.tls Size: 512B - Virtual size: 16B

.rsrc Size: 1024B - Virtual size: 816B

.reloc Size: 512B - Virtual size: 168B

/3310 Size: 512B - Virtual size: 24B

.text
Size: 23KB - Virtual size: 23KB

.rdata
Size: 12KB - Virtual size: 12KB

.buildid
Size: 512B - Virtual size: 53B

.data
Size: 512B - Virtual size: 443B

.pdata
Size: 1024B - Virtual size: 996B

.tls
Size: 512B - Virtual size: 16B

.rsrc
Size: 1024B - Virtual size: 816B

.reloc
Size: 512B - Virtual size: 168B

/3310
Size: 512B - Virtual size: 24B