a9cc9b3c3260bdbcb3df3503586d1e581f957112e61a2e309947f3aff224323eN

Sharing

Copy URL Twitter E-mail

General

Target

a9cc9b3c3260bdbcb3df3503586d1e581f957112e61a2e309947f3aff224323eN
Size

101KB
MD5

d57ed03b10d95d3004d947696ea13a20
SHA1

dc699b1cd020344036d4fe0c4adfa61f9537530e
SHA256

a9cc9b3c3260bdbcb3df3503586d1e581f957112e61a2e309947f3aff224323e
SHA512

a76e9137553cb27fb0fd5b50959331dc1f3f8251fb551021843307986b958a24cce6aa945928d63664591bdaf1c01dba57fc9be59a7012c69230a963f46378a8
SSDEEP

1536:4HjjfNR3oP0igHd9nGYh65VEgSepbEOAehAUiUz4cynRxOv5l7QF9leNAFjkEh:8NRLigHdZGYhjgSepxXJfynvORleeOX

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
a9cc9b3c3260bdbcb3df3503586d1e581f957112e61a2e309947f3aff224323eN

Files

a9cc9b3c3260bdbcb3df3503586d1e581f957112e61a2e309947f3aff224323eN
.exe windows:6 windows x86 arch:x86

c4e7d54b41a3fb8bfd24209b32bf260d

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

sysinfo.pdb

Imports

advapi32

RegQueryValueExW
RegCloseKey
RegOpenKeyExW
RegConnectRegistryW

kernel32

WriteConsoleW
SetConsoleCursorPosition
GetNumberFormatW
GetLocaleInfoW
GetConsoleScreenBufferInfo
GetLastError
InterlockedDecrement
GetStdHandle
InterlockedIncrement
LocalAlloc
lstrlenW
FormatMessageW
GetModuleFileNameW
GetComputerNameExW
FileTimeToSystemTime
SetConsoleMode
ReadFile
ReadConsoleW
GetDateFormatW
GetConsoleOutputCP
HeapReAlloc
HeapFree
HeapSize
HeapAlloc
GetProcessHeap
HeapValidate
WideCharToMultiByte
MultiByteToWideChar
CompareStringA
GetThreadLocale
CompareStringW
lstrlenA
GetUserDefaultLCID
GetFileType
GetConsoleMode
VerSetConditionMask
VerifyVersionInfoW
SetThreadUILanguage
UnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
GetSystemTimeAsFileTime
InterlockedExchange
LocalFree
GetTimeFormatW
SetLastError
ExitProcess
InterlockedCompareExchange
SetUnhandledExceptionFilter
GetModuleHandleA
GetCurrentProcessId
GetCurrentThreadId
GetTickCount
QueryPerformanceCounter
Sleep

msvcrt

_cexit
wcstol
wcstoul
wcstod
fprintf
fflush
_vsnwprintf
_controlfp
_except_handler4_common
?terminate@@YAXXZ
??1type_info@@UAE@XZ
__set_app_type
__p__fmode
__p__commode
__setusermatherr
_amsg_exit
_initterm
exit
_XcptFilter
_exit
wcstok
__wgetmainargs
_CxxThrowException
memcpy
_wcsicmp
_ftol2
_wtoi64
_ui64tow
??2@YAPAXI@Z
__iob_func
??3@YAXPAX@Z
memset
__CxxFrameHandler3
_memicmp
_get_osfhandle
_errno
_fileno

user32

LoadStringW
CharUpperW
wsprintfW

mpr

WNetCancelConnection2W
WNetGetLastErrorW

ole32

CoTaskMemFree
CoTaskMemAlloc
CoCreateInstance
CoInitializeSecurity
CoInitializeEx
CoUninitialize

oleaut32

VariantClear
VariantChangeType
SysAllocStringByteLen
SafeArrayGetElement
VariantCopy
SafeArrayGetLBound
VariantInit
SafeArrayGetUBound
SysFreeString
SysAllocString
SysStringLen

framedynos

??0CHString@@QAE@PBG@Z
?Mid@CHString@@QBE?AV1@H@Z
??H@YG?AVCHString@@PBGABV0@@Z
??YCHString@@QAEABV0@ABV0@@Z
?Format@CHString@@QAAXPBGZZ
?Mid@CHString@@QBE?AV1@HH@Z
?GetBuffer@CHString@@QAEPAGH@Z
?ReleaseBuffer@CHString@@QAEXH@Z
??0CHString@@QAE@XZ
??1CHString@@QAE@XZ
?Right@CHString@@QBE?AV1@H@Z
?Empty@CHString@@QAEXXZ
?Left@CHString@@QBE?AV1@H@Z
?FindOneOf@CHString@@QBEHPBG@Z
??4CHString@@QAEABV0@ABV0@@Z
??4CHString@@QAEABV0@PBG@Z
?GetData@CHString@@IBEPAUCHStringData@@XZ
?GetBufferSetLength@CHString@@QAEPAGH@Z
?Compare@CHString@@QBEHPBG@Z
?Find@CHString@@QBEHG@Z

secur32

GetUserNameExW

ws2_32

WSAStartup
WSAGetLastError
WSACleanup
FreeAddrInfoW
GetNameInfoW
GetAddrInfoW

shlwapi

StrStrIW
StrStrW
StrChrIW
StrChrW
ord487

version

GetFileVersionInfoSizeW
GetFileVersionInfoW
VerQueryValueW

Sections

.text
Size: 66KB - Virtual size: 65KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 512B - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 31KB - Virtual size: 32KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

c4e7d54b41a3fb8bfd24209b32bf260d

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

advapi32

kernel32

msvcrt

user32

mpr

ole32

oleaut32

framedynos

secur32

ws2_32

shlwapi

version

Sections

.text Size: 66KB - Virtual size: 65KB

.data Size: 512B - Virtual size: 1KB

.rsrc Size: 2KB - Virtual size: 2KB

.reloc Size: 31KB - Virtual size: 32KB

.text
Size: 66KB - Virtual size: 65KB

.data
Size: 512B - Virtual size: 1KB

.rsrc
Size: 2KB - Virtual size: 2KB

.reloc
Size: 31KB - Virtual size: 32KB