e058f63734542baa9610eb507156876b4dd9d5473e55c831a1fa9881a411b1b3N

Sharing

Copy URL Twitter E-mail

General

Target

e058f63734542baa9610eb507156876b4dd9d5473e55c831a1fa9881a411b1b3N
Size

19KB
MD5

920aa51450584883f4cac41419ce48a0
SHA1

98ba12749a558f0a572c760070f82cf7cad2064a
SHA256

e058f63734542baa9610eb507156876b4dd9d5473e55c831a1fa9881a411b1b3
SHA512

23ea827af21b5eea139996789cacfe5ece5d28cfc81382eeb634d5b30b4816558b68dbd1c7e9e0274e2655d78f7f4caceb819da7bb2121213e300cb5a91183af
SSDEEP

384:Ws7MrYwllBFTcsp7J+5Ovz+O+dEZQNzN1HqgGYZGd8Xksk5H/:WhrfLjea+OcRN1KgbDK5H/

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/csvde.exe

Files

e058f63734542baa9610eb507156876b4dd9d5473e55c831a1fa9881a411b1b3N
.cab
csvde.exe
.exe windows:5 windows x86 arch:x86

025b4a308b852cacb502c5034055ea77

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

ReadConsoleW
SetConsoleMode
GetConsoleMode
GetStdHandle
WriteFile
WideCharToMultiByte
GetConsoleOutputCP
WriteConsoleW
GetFileType
GetLastError
FormatMessageW
DeleteFileW
GetTempFileNameW
GetTempPathW
GetProcAddress
GetModuleHandleA
QueryPerformanceCounter
GetTickCount
GetCurrentThreadId
GetCurrentProcessId
GetSystemTimeAsFileTime
TerminateProcess
GetCurrentProcess
SetUnhandledExceptionFilter
LocalFree
LocalAlloc
SetThreadUILanguage
RaiseException

msvcrt

_initterm
__setusermatherr
_adjust_fdiv
__p__commode
__p__fmode
__wgetmainargs
_except_handler3
_controlfp
__winitenv
_vsnwprintf
exit
??2@YAPAXI@Z
_XcptFilter
_exit
_c_exit
fgetws
wcsncat
_itow
fread
fwrite
iswupper
towlower
fgetwc
_wcslwr
fputws
fwscanf
_memicmp
swprintf
wcscpy
wcscat
wcsstr
setlocale
fclose
_toupper
_wtoi
wcscmp
_wcsicmp
vfwprintf
fwprintf
_wfopen
fputwc
_iob
__set_app_type
wcslen
isspace
wprintf
putchar
??3@YAXPAX@Z
_cexit

wldap32

ord12
ord69
ord157
ord206
ord16
ord135
ord179
ord191
ord133
ord147
ord142
ord77
ord79
ord29
ord208
ord26
ord41
ord27
ord36
ord127
ord140
ord224
ord167
ord170
ord14
ord216
ord118
ord13
ord73

netapi32

DsRoleGetPrimaryDomainInformation
DsGetDcNameW
DsRoleFreeMemory
NetApiBufferFree

ntdll

RtlEnumerateGenericTable
RtlDeleteElementGenericTable
RtlLookupElementGenericTable
RtlInitializeGenericTable
RtlInsertElementGenericTable
RtlIsGenericTableEmpty

Sections

.text
Size: 25KB - Virtual size: 25KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 480B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 21KB - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

025b4a308b852cacb502c5034055ea77

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

msvcrt

wldap32

netapi32

ntdll

Sections

.text Size: 25KB - Virtual size: 25KB

.data Size: 512B - Virtual size: 480B

.rsrc Size: 21KB - Virtual size: 20KB

.text
Size: 25KB - Virtual size: 25KB

.data
Size: 512B - Virtual size: 480B

.rsrc
Size: 21KB - Virtual size: 20KB