c0ec28bfc852e21f05a5ecb4351b6cb4195faf9acc043a2f6feb32c58252ac5eN

Sharing

Copy URL Twitter E-mail

General

Target

c0ec28bfc852e21f05a5ecb4351b6cb4195faf9acc043a2f6feb32c58252ac5eN
Size

2.5MB
MD5

e2c257b248f1d2fcc0d5733d23b1d5b0
SHA1

c50ff2731bb5f24ce6d544b23497ab3e810e84ea
SHA256

c0ec28bfc852e21f05a5ecb4351b6cb4195faf9acc043a2f6feb32c58252ac5e
SHA512

e563973f58d3c1a5cd6d46ee4d806073118b6814617cd79102e8f52f1d36a93a2240c4c9a179d04a250e3d69c4bb3836992ffcfb5165a05e7b0f715711fe2044
SSDEEP

24576:WXcRrxmN3lYrnk5+PIGpkLOBc2XkmqEKP6AjVrItgcSNk0DD//op14gAwgqDTCvM:W8xmN3Aek03noj45wlDT4ITeqpcY/

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
c0ec28bfc852e21f05a5ecb4351b6cb4195faf9acc043a2f6feb32c58252ac5eN

Files

c0ec28bfc852e21f05a5ecb4351b6cb4195faf9acc043a2f6feb32c58252ac5eN
.exe windows:6 windows x86 arch:x86

15290a43eddd274f97a4f0470ad03b8c

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

P:\Target\x86\ship\dw\x-none\dw20.pdb

Imports

advapi32

GetSecurityDescriptorDacl
RegCloseKey
RegCreateKeyExA
RegDeleteValueA
RegDeleteValueW
RegOpenKeyExA
RegQueryValueExA
RegQueryValueExW
RegSetValueExA
RegSetValueExW
SetNamedSecurityInfoW
ConvertSidToStringSidA
ConvertStringSecurityDescriptorToSecurityDescriptorA
GetUserNameA
RegEnumKeyExA
RegEnumValueA
RegQueryInfoKeyA
DeregisterEventSource
RegisterEventSourceW
ReportEventA
ReportEventW
AllocateAndInitializeSid
CheckTokenMembership
FreeSid
RegEnumValueW
RegQueryInfoKeyW
OpenThreadToken
ConvertStringSecurityDescriptorToSecurityDescriptorW
SetSecurityDescriptorDacl
IsValidSid
InitializeSecurityDescriptor
InitializeAcl
GetLengthSid
EqualSid
CreateWellKnownSid
CopySid
AddAccessDeniedAce
AddAccessAllowedAce
RegOpenKeyExW
RegCreateKeyExW
GetTokenInformation
OpenProcessToken

comctl32

ord17
ImageList_Destroy
ImageList_ReplaceIcon
ImageList_Create

cabinet

ord14
ord11
ord10
ord20
ord21
ord22
ord13
ord12
ord23

gdi32

CreateDCW
GetTextFaceA
ExtTextOutW
GetObjectW
GetObjectA
GetTextMetricsA
CreateSolidBrush
SetTextAlign
CreateFontIndirectA
CreateFontIndirectW
CreateFontA
DeleteDC
DeleteObject
GetDeviceCaps
GetTextExtentPoint32W
RestoreDC
SaveDC
SelectObject
SetBkMode
SetMapMode
SetTextColor

kernel32

GetFileSize
SetFilePointer
RaiseException
ExitThread
SuspendThread
SetPriorityClass
GetTickCount64
UnmapViewOfFile
CreateFileMappingA
GetComputerNameA
GetModuleFileNameA
GetModuleHandleW
LoadLibraryExA
MulDiv
GetACP
GetSystemDefaultUILanguage
GetSystemDefaultLangID
GetUserDefaultLangID
GetSystemDefaultLCID
SetEnvironmentVariableA
ExpandEnvironmentStringsW
CreateDirectoryW
GetTimeFormatW
SetEndOfFile
GetTempPathW
SetEvent
CreateRemoteThread
SetThreadPriority
CreateProcessW
OpenProcess
GetSystemInfo
GetSystemDirectoryA
VirtualQueryEx
ReadProcessMemory
WideCharToMultiByte
IsDBCSLeadByte
GetLongPathNameW
GetShortPathNameW
GlobalAlloc
GlobalFree
lstrcmpiW
WriteConsoleW
GetConsoleMode
GetConsoleCP
FlushFileBuffers
SetStdHandle
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineA
GetDateFormatW
MoveFileW
LocalFree
GetSystemWindowsDirectoryW
GetTickCount
GetSystemTimeAsFileTime
SetLastError
WriteFile
FindNextFileW
FindFirstFileW
FindClose
MultiByteToWideChar
GetModuleFileNameW
FreeLibrary
GetVersionExW
GetVersionExA
DeleteCriticalSection
InitializeCriticalSection
GetProcessHeap
MapViewOfFile
SetProcessWorkingSetSize
GetProcAddress
GetModuleHandleA
CreateThread
TerminateProcess
GetCurrentProcessId
GetCurrentProcess
WaitForMultipleObjects
Sleep
WaitForSingleObject
ReleaseMutex
SetErrorMode
SetUnhandledExceptionFilter
CloseHandle
DeleteFileW
GetCommandLineW
GetLocalTime
LeaveCriticalSection
EnterCriticalSection
GetLastError
GetFileAttributesW
VirtualProtect
VirtualQuery
OutputDebugStringA
LoadLibraryW
LCIDToLocaleName
LocaleNameToLCID
GetLocaleInfoEx
GetStringTypeExW
IsValidCodePage
GetUserDefaultLocaleName
InitializeCriticalSectionEx
IsWow64Process
GetShortPathNameA
CreateMutexA
CreateEventA
OpenEventA
OpenMutexA
CreateSemaphoreA
OpenSemaphoreA
HeapAlloc
HeapFree
LocalAlloc
GetCurrentThread
CreateFileW
GetFileType
SetFilePointerEx
CreateFileA
GetSystemDefaultLocaleName
GetDateFormatEx
GetCalendarInfoEx
EnumSystemLocalesEx
GetThreadUILanguage
LoadLibraryExW
LoadResource
SizeofResource
FindResourceW
CompareStringEx
GetCurrentThreadId
QueryPerformanceCounter
DuplicateHandle
WaitForSingleObjectEx
TryEnterCriticalSection
InitializeCriticalSectionAndSpinCount
CreateEventW
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
ResetEvent
UnhandledExceptionFilter
IsProcessorFeaturePresent
InitializeSListHead
IsDebuggerPresent
GetStartupInfoW
RtlUnwind
EncodePointer
InterlockedPushEntrySList
InterlockedFlushSList
CreateTimerQueue
SignalObjectAndWait
SwitchToThread
GetThreadPriority
GetLogicalProcessorInformation
CreateTimerQueueTimer
ChangeTimerQueueTimer
DeleteTimerQueueTimer
GetNumaHighestNodeNumber
GetProcessAffinityMask
SetThreadAffinityMask
RegisterWaitForSingleObject
UnregisterWait
GetThreadTimes
FreeLibraryAndExitThread
VirtualAlloc
VirtualFree
ReleaseSemaphore
InterlockedPopEntrySList
QueryDepthSList
UnregisterWaitEx
HeapSize
GetModuleHandleExW
GetStdHandle
ExitProcess
DecodePointer
HeapReAlloc
GetStringTypeW
LCMapStringW
FindFirstFileExA
FindNextFileA
GetOEMCP
GetCPInfo

ole32

CoTaskMemFree
StringFromIID
CoCreateGuid
CoCreateInstance
CoInitializeEx
CoUninitialize

oleaut32

SysStringLen
SysFreeString
SysAllocString
SystemTimeToVariantTime
VariantTimeToDosDateTime

wintrust

WinVerifyTrust
WTHelperProvDataFromStateData

Sections

.text
Size: 485KB - Virtual size: 485KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 242KB - Virtual size: 242KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 147KB - Virtual size: 152KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 512B - Virtual size: 9B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 15KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 29KB - Virtual size: 29KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

15290a43eddd274f97a4f0470ad03b8c

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

advapi32

comctl32

cabinet

gdi32

kernel32

ole32

oleaut32

wintrust

Sections

.text Size: 485KB - Virtual size: 485KB

.rdata Size: 242KB - Virtual size: 242KB

.data Size: 147KB - Virtual size: 152KB

.tls Size: 512B - Virtual size: 9B

.rsrc Size: 15KB - Virtual size: 14KB

.reloc Size: 29KB - Virtual size: 29KB

.text
Size: 485KB - Virtual size: 485KB

.rdata
Size: 242KB - Virtual size: 242KB

.data
Size: 147KB - Virtual size: 152KB

.tls
Size: 512B - Virtual size: 9B

.rsrc
Size: 15KB - Virtual size: 14KB

.reloc
Size: 29KB - Virtual size: 29KB