c0e8d3336839bb489b78a3f981f7aab93a4e4deb6c82ab95ed9be358f9805dee

Sharing

Copy URL Twitter E-mail

General

Target

c0e8d3336839bb489b78a3f981f7aab93a4e4deb6c82ab95ed9be358f9805dee
Size

786KB
MD5

50288025ca02b4e31e012f9077773bf5
SHA1

d4fda720a1fd89aa6583d4c2f5aa342842555c0c
SHA256

c0e8d3336839bb489b78a3f981f7aab93a4e4deb6c82ab95ed9be358f9805dee
SHA512

5deca8ae7a270846e1e51113917622801f5daf2b1443c83ece8edfcfdda51a0c3df917de714606700785d9fe354a1ca4388aeb9789cc0c0bae5775abb4821b62
SSDEEP

12288:5ITFy7NMvWJbMz8lO35nH7mN+bJSjpr6mYv0AdkzrJWpuboBHs:5IeG8bMzu27mN+AjFlnAG4AboBHs

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
c0e8d3336839bb489b78a3f981f7aab93a4e4deb6c82ab95ed9be358f9805dee

Files

c0e8d3336839bb489b78a3f981f7aab93a4e4deb6c82ab95ed9be358f9805dee
.exe windows:5 windows x86 arch:x86

ce7139ce0c37c0f6fc5944f7d8d99801

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

D:\app\TokenClient\Release\TokenClient.pdb

Imports

riched20

ord4

comctl32

_TrackMouseEvent
ord17

kernel32

SetEndOfFile
CreateFileW
WriteConsoleW
SetStdHandle
LoadLibraryW
IsValidLocale
EnumSystemLocalesA
GetLocaleInfoA
GetUserDefaultLCID
GetSystemTimeAsFileTime
GetCurrentProcessId
QueryPerformanceCounter
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetStringTypeW
GetLocaleInfoW
GetModuleFileNameW
HeapCreate
GetCurrentThreadId
SetLastError
TlsFree
TlsSetValue
TlsGetValue
IsValidCodePage
GetFileType
IsProcessorFeaturePresent
FlushFileBuffers
GetConsoleMode
GetConsoleCP
GetStdHandle
SetHandleCount
InitializeCriticalSectionAndSpinCount
ExitProcess
GetModuleHandleW
HeapSize
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
TerminateProcess
GetCPInfo
LCMapStringW
RtlUnwind
RaiseException
GetStartupInfoW
HeapSetInformation
GetCommandLineA
HeapAlloc
HeapReAlloc
HeapFree
DecodePointer
EncodePointer
Sleep
InterlockedDecrement
InterlockedIncrement
GetOEMCP
WriteFile
GetCurrentProcess
SystemTimeToFileTime
SetFilePointer
DosDateTimeToFileTime
ReadFile
GetFileSize
CreateFileA
GetCurrentDirectoryA
LockResource
SizeofResource
FreeResource
LoadResource
FindResourceA
GetLastError
WideCharToMultiByte
GetProcAddress
LoadLibraryA
GetACP
MultiByteToWideChar
MulDiv
GetModuleFileNameA
CreateThread
CloseHandle
GetModuleHandleA
OutputDebugStringA
GetTickCount
LeaveCriticalSection
EnterCriticalSection
DeleteCriticalSection
InitializeCriticalSection
GetVersionExA
TlsAlloc
GetProcessHeap

user32

HideCaret
ShowCaret
CreateCaret
CharPrevA
SetRect
DrawTextA
SetCaretPos
SetTimer
GetFocus
GetUpdateRect
GetKeyState
IsRectEmpty
GetWindowTextLengthA
SetWindowTextA
ClientToScreen
KillTimer
GetSysColor
PostQuitMessage
IsZoomed
LoadIconA
GetWindowTextA
ShowWindow
SetForegroundWindow
CharNextA
PtInRect
SetCursor
GetSystemMetrics
GetCursorPos
PostMessageA
FindWindowA
GetParent
SendMessageA
GetWindowLongA
SetWindowLongA
GetClientRect
SetWindowPos
GetMonitorInfoA
MonitorFromWindow
GetWindowRect
MapWindowPoints
MoveWindow
GetPropA
SetPropA
CallWindowProcA
RegisterClassExA
GetClassInfoExA
RegisterClassA
LoadCursorA
SystemParametersInfoA
DispatchMessageA
TranslateMessage
SetFocus
GetMessageA
EnableWindow
GetWindow
IsWindow
CreateWindowExA
wvsprintfA
OffsetRect
EndPaint
BeginPaint
CreateAcceleratorTableA
DefWindowProcA
InvalidateRgn
InvalidateRect
FillRect
ReleaseCapture
SetCapture
ReleaseDC
GetDC
DestroyWindow
SetWindowRgn
ScreenToClient
IsIconic
IntersectRect

gdi32

GetTextMetricsA
SelectClipRgn
RestoreDC
BitBlt
SaveDC
SelectObject
CreateCompatibleBitmap
CreateCompatibleDC
DeleteDC
CreatePen
CreateFontIndirectA
GetStockObject
GetObjectA
CreateSolidBrush
SetTextColor
SetBkMode
GetDeviceCaps
DeleteObject
CreateRoundRectRgn
SetWindowOrgEx
GetClipBox
CreateRectRgnIndirect
ExtSelectClipRgn
CombineRgn
CreateDIBSection
StretchBlt
SetStretchBltMode
SetBkColor
ExtTextOutA
MoveToEx
LineTo
RoundRect
GetCharABCWidthsA
GetTextExtentPoint32A
TextOutA
Rectangle

shell32

Shell_NotifyIconA
ShellExecuteA

ole32

CLSIDFromProgID
CLSIDFromString
OleLockRunning
CoInitialize
CoCreateInstance

iphlpapi

GetIpForwardTable
GetAdaptersInfo

wsock32

connect
socket
htons
ioctlsocket
inet_addr
gethostbyname
gethostname
WSAStartup
__WSAFDIsSet
select
recv
inet_ntoa
closesocket
send

Sections

.text
Size: 338KB - Virtual size: 337KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 57KB - Virtual size: 56KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 9KB - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 357KB - Virtual size: 357KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 23KB - Virtual size: 22KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

ce7139ce0c37c0f6fc5944f7d8d99801

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

riched20

comctl32

kernel32

user32

gdi32

shell32

ole32

iphlpapi

wsock32

Sections

.text Size: 338KB - Virtual size: 337KB

.rdata Size: 57KB - Virtual size: 56KB

.data Size: 9KB - Virtual size: 17KB

.rsrc Size: 357KB - Virtual size: 357KB

.reloc Size: 23KB - Virtual size: 22KB

.text
Size: 338KB - Virtual size: 337KB

.rdata
Size: 57KB - Virtual size: 56KB

.data
Size: 9KB - Virtual size: 17KB

.rsrc
Size: 357KB - Virtual size: 357KB

.reloc
Size: 23KB - Virtual size: 22KB