92543d32da34e5df8e806d3103f326628d31f25670b4a99d1bd81828aa2158f7

Sharing

Copy URL

Twitter E-mail

General

Target

92543d32da34e5df8e806d3103f326628d31f25670b4a99d1bd81828aa2158f7
Size

366KB
MD5

cef6925b71d3f0a227b95555b8235755
SHA1

8253baf8b304e47b86d180093bef96e3d3155a31
SHA256

92543d32da34e5df8e806d3103f326628d31f25670b4a99d1bd81828aa2158f7
SHA512

b0ab6b9e7304ce0badd62b97c9128cff3c08162f883ebc9d3893f66938a29d61c251a74f48e4d8a3210b0e3aba6d48d42546ac73d0b62f4bc98a223e5cced141
SSDEEP

6144:CftSEjL6gtpwPxaDHwTbtjy+QqrAjeg70Mrg4Q+KGiLfEUCjHzjfJSa/3oFPEH5:qtn6q1i4JqyejMrK+mL8UCrffJF5

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
92543d32da34e5df8e806d3103f326628d31f25670b4a99d1bd81828aa2158f7

Files

92543d32da34e5df8e806d3103f326628d31f25670b4a99d1bd81828aa2158f7
.dll windows:6 windows x64 arch:x64

efe5263de4d20f3610659416decc3cb2

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

C:\code\master\exts\cctdes\make\x64\bin\Release\cctdes.pdb

Imports

kernel32

InitializeCriticalSection
DeleteCriticalSection
CreateFileW
SetFilePointer
GetFileSize
ReadFile
CloseHandle
CreateFileA
VirtualAlloc
VirtualQuery
VirtualFree
Sleep
GetSystemInfo
GetModuleFileNameW
EnterCriticalSection
LeaveCriticalSection
DeleteFileA
DeleteFileW
CreateDirectoryW
CreateDirectoryA
RtlLookupFunctionEntry
RtlVirtualUnwind
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
IsProcessorFeaturePresent
InitializeCriticalSectionAndSpinCount
RtlCaptureContext
SetEvent
ResetEvent
WaitForSingleObjectEx
CreateEventW
InitializeSListHead
GetSystemTimeAsFileTime
GetCurrentThreadId
GetCurrentProcessId
QueryPerformanceCounter
IsDebuggerPresent
GetProcAddress
GetModuleHandleW

msvcp140

?_Xlength_error@std@@YAXPEBD@Z

vcruntime140

memset
__C_specific_handler
__std_exception_destroy
memcpy
__std_terminate
memmove
__CxxFrameHandler3
__std_type_info_destroy_list
__std_exception_copy
memcmp
_CxxThrowException

api-ms-win-crt-stdio-l1-1-0

fseek
fopen
fwrite
fclose
__stdio_common_vfwprintf
_wfopen
__stdio_common_vswprintf
__stdio_common_vfprintf
__stdio_common_vswscanf
fread
__stdio_common_vsprintf
__stdio_common_vsscanf

api-ms-win-crt-string-l1-1-0

wcsncpy
strncpy

api-ms-win-crt-utility-l1-1-0

rand
srand
qsort

api-ms-win-crt-runtime-l1-1-0

_cexit
_initterm
_initterm_e
_seh_filter_dll
abort
_invalid_parameter_noinfo_noreturn
_configure_narrow_argv
_crt_atexit
_execute_onexit_table
_initialize_narrow_environment
_register_onexit_function
_initialize_onexit_table

api-ms-win-crt-heap-l1-1-0

_callnewh
free
malloc

api-ms-win-crt-filesystem-l1-1-0

_waccess
_access

Exports

Exports

crypt_AES_Decode
crypt_AES_Encode
crypt_Base16_Decode1A
crypt_Base16_Decode1W
crypt_Base16_Decode2A
crypt_Base16_Decode2W
crypt_Base16_Decode4A
crypt_Base16_Decode4W
crypt_Base16_Encode1A
crypt_Base16_Encode1W
crypt_Base16_Encode2A
crypt_Base16_Encode2W
crypt_Base16_Encode4A
crypt_Base16_Encode4W
crypt_Base32_DecodeA
crypt_Base32_DecodeW
crypt_Base32_EncodeA
crypt_Base32_EncodeW
crypt_Base64_DecodeA
crypt_Base64_DecodeW
crypt_Base64_EncodeA
crypt_Base64_EncodeW
crypt_Blowfish_Decode
crypt_Blowfish_Encode
crypt_CRC16
crypt_CRC16_End
crypt_CRC16_Start
crypt_CRC16_StringA
crypt_CRC16_StringIA
crypt_CRC16_StringIW
crypt_CRC16_StringW
crypt_CRC16_Update
crypt_CRC32
crypt_CRC32_End
crypt_CRC32_Start
crypt_CRC32_StringA
crypt_CRC32_StringIW
crypt_CRC32_Update
crypt_DES_Decode
crypt_DES_DecodeH
crypt_DES_DecodeV
crypt_DES_Encode
crypt_DES_EncodeH
crypt_DES_EncodeV
crypt_DSA_ClearKey
crypt_DSA_DeleteKey
crypt_DSA_GenerateKey
crypt_DSA_InitializeKey
crypt_DSA_KeyIDA
crypt_DSA_KeyIDW
crypt_DSA_KeyIsValid
crypt_DSA_LoadA
crypt_DSA_LoadW
crypt_DSA_SaveA
crypt_DSA_SaveW
crypt_DSA_Sign
crypt_DSA_Verify
crypt_Huffman_Decode
crypt_Huffman_Encode
crypt_IDEA_Decode
crypt_IDEA_DecodeH
crypt_IDEA_DecodeV
crypt_IDEA_Encode
crypt_IDEA_EncodeH
crypt_IDEA_EncodeV
crypt_MD5
crypt_MD5_End
crypt_MD5_FileA
crypt_MD5_FileW
crypt_MD5_Start
crypt_MD5_StringA
crypt_MD5_StringW
crypt_MD5_Update
crypt_RC2_Decode
crypt_RC2_Encode
crypt_RC2_Key
crypt_RC4_Encode
crypt_RC4_Key
crypt_RC5_Decode
crypt_RC5_Encode
crypt_RC5_Key
crypt_RC6_Decode
crypt_RC6_Encode
crypt_RC6_Key
crypt_RL_Decode
crypt_RL_Encode
crypt_RSA_Bits
crypt_RSA_ClearKey
crypt_RSA_Decode
crypt_RSA_DeleteKey
crypt_RSA_Encode
crypt_RSA_GenerateKeyPairA
crypt_RSA_GenerateKeyPairW
crypt_RSA_InitializeKey
crypt_RSA_KeyIDA
crypt_RSA_KeyIDW
crypt_RSA_KeyIsValid
crypt_RSA_LoadA
crypt_RSA_LoadW
crypt_RSA_SaveA
crypt_RSA_SaveW
crypt_RSA_Sign
crypt_RSA_Verify
crypt_SHA1
crypt_SHA1_End
crypt_SHA1_FileA
crypt_SHA1_FileW
crypt_SHA1_Start
crypt_SHA1_StringA
crypt_SHA1_StringW
crypt_SHA1_Update
crypt_TDES_Decode
crypt_TDES_Encode
crypt_Zip_Decode
crypt_Zip_Encode
mem_calloc
mem_create_p
mem_destroy_p
mem_free
mem_free_p
mem_malloc
mem_malloc_p
td_ClearA
td_ClearW
td_CopyFromA
td_CopyFromW
td_CreateA
td_CreateW
td_DeleteA
td_DeletePathA
td_DeletePathW
td_DeleteW
td_DestroyA
td_DestroyW
td_FindA
td_FindW
td_GetAStringW
td_GetBinaryA
td_GetBinaryW
td_GetDoubleA
td_GetDoubleW
td_GetDoublesA
td_GetDoublesW
td_GetDwordA
td_GetDwordW
td_GetDwordsA
td_GetDwordsW
td_GetFloatA
td_GetFloatW
td_GetFloatsA
td_GetFloatsW
td_GetInt64A
td_GetInt64W
td_GetInt64sA
td_GetInt64sW
td_GetIntA
td_GetIntW
td_GetIntsA
td_GetIntsW
td_GetKeyA
td_GetKeyW
td_GetLengthA
td_GetLengthW
td_GetParentA
td_GetParentW
td_GetPathA
td_GetPathW
td_GetRootA
td_GetRootW
td_GetShortA
td_GetShortW
td_GetShortsA
td_GetShortsW
td_GetStringA
td_GetStringW
td_GetSubCountA
td_GetSubCountW
td_GetSubDataA
td_GetSubDataW
td_GetValueA
td_GetValueW
td_GetWStringA
td_GetWordA
td_GetWordW
td_GetWordsA
td_GetWordsW
td_QueryKeyA
td_QueryKeyW
td_QuerySubDataA
td_QuerySubDataW
td_QuerySubKeyA
td_QuerySubKeyW
td_ReadDataA
td_ReadDataW
td_ReadFileA
td_ReadFileRsaA
td_ReadFileRsaW
td_ReadFileW
td_ReadStreamA
td_ReadStreamRsaA
td_ReadStreamRsaW
td_ReadStreamW
td_RenameA
td_RenameW
td_SetAStringW
td_SetBinaryA
td_SetBinaryW
td_SetDoubleA
td_SetDoubleW
td_SetDoublesA
td_SetDoublesW
td_SetDwordA
td_SetDwordW
td_SetDwordsA
td_SetDwordsW
td_SetFloatA
td_SetFloatW
td_SetFloatsA
td_SetFloatsW
td_SetInt64A
td_SetInt64W
td_SetInt64sA
td_SetInt64sW
td_SetIntA
td_SetIntW
td_SetIntsA
td_SetIntsW
td_SetShortA
td_SetShortW
td_SetShortsA
td_SetShortsW
td_SetStringA
td_SetStringW
td_SetSubDataA
td_SetSubDataW
td_SetSubValueA
td_SetSubValueW
td_SetValueA
td_SetValueW
td_SetWStringA
td_SetWordA
td_SetWordW
td_SetWordsA
td_SetWordsW
td_WriteDataA
td_WriteDataW
td_WriteFileA
td_WriteFileRsaA
td_WriteFileRsaW
td_WriteFileW
td_WriteStreamA
td_WriteStreamRsaA
td_WriteStreamRsaW
td_WriteStreamW

Sections

.text
Size: 147KB - Virtual size: 147KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 206KB - Virtual size: 206KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 124B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

efe5263de4d20f3610659416decc3cb2

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

msvcp140

vcruntime140

api-ms-win-crt-stdio-l1-1-0

api-ms-win-crt-string-l1-1-0

api-ms-win-crt-utility-l1-1-0

api-ms-win-crt-runtime-l1-1-0

api-ms-win-crt-heap-l1-1-0

api-ms-win-crt-filesystem-l1-1-0

Exports

Exports

Sections

.text Size: 147KB - Virtual size: 147KB

.rdata Size: 206KB - Virtual size: 206KB

.data Size: 512B - Virtual size: 3KB

.pdata Size: 8KB - Virtual size: 8KB

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 512B - Virtual size: 124B

.text
Size: 147KB - Virtual size: 147KB

.rdata
Size: 206KB - Virtual size: 206KB

.data
Size: 512B - Virtual size: 3KB

.pdata
Size: 8KB - Virtual size: 8KB

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 512B - Virtual size: 124B