ccd21eec82f9e51fa98ad49bdead925bda7791b4e088396b757246e2cf133cde

Sharing

Copy URL

Twitter E-mail

General

Target

ccd21eec82f9e51fa98ad49bdead925bda7791b4e088396b757246e2cf133cde
Size

211KB
MD5

64faafc7f880a36f002cacd722049567
SHA1

c5abbb7f84c55078da945ccf0cb7840ba5378fba
SHA256

ccd21eec82f9e51fa98ad49bdead925bda7791b4e088396b757246e2cf133cde
SHA512

e32b10a8c7a2e1881829e1507df524c8659422705ed0ead8019ebd074f242f099a39fcd5f42f375b89fb2f85e9e0ca66c4e81bb86b41800855a0e212f535613d
SSDEEP

3072:bUu5AV9F0zF4R+iA9aI6Ks2pWqSY8YMwNpg4BFB5KFO9B54gmjK/d:bUlF0zFbi9I6KMHOzvhBV3Bmv

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
ccd21eec82f9e51fa98ad49bdead925bda7791b4e088396b757246e2cf133cde

Files

ccd21eec82f9e51fa98ad49bdead925bda7791b4e088396b757246e2cf133cde
.exe windows:6 windows x86 arch:x86

a8ffa8f05204dbd831484a4120599c72

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_REMOVABLE_RUN_FROM_SWAP
IMAGE_FILE_NET_RUN_FROM_SWAP

PDB Paths

P:\Target\x86\ship\delivery\x-none\ose.pdb

Imports

advapi32

RegCloseKey
RegCreateKeyExW
RegEnumKeyExW
RegOpenKeyExW
SetThreadToken
RegEnumValueW
RegQueryValueExW
RegSetValueExW
RegNotifyChangeKeyValue
SetServiceStatus
StartServiceCtrlDispatcherW
DuplicateToken
GetUserNameA
RegDeleteValueW
RegisterServiceCtrlHandlerW
CryptGetHashParam
CryptCreateHash
CryptHashData
CryptDestroyHash
AllocateAndInitializeSid
CheckTokenMembership
FreeSid
LookupAccountNameW
ConvertStringSecurityDescriptorToSecurityDescriptorW
OpenThreadToken
SetFileSecurityW
RegDeleteKeyW
CryptAcquireContextW
CryptReleaseContext

kernel32

CloseHandle
GetLastError
SetEvent
GetModuleFileNameW
GetDriveTypeW
GetLogicalDrives
lstrcmpW
lstrlenW
InitializeCriticalSection
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
Sleep
ExitProcess
GetCommandLineW
SetErrorMode
ResetEvent
ReleaseMutex
WaitForMultipleObjectsEx
CreateMutexW
CreateEventW
CreateProcessW
GetSystemInfo
GetTickCount
MoveFileExW
CreateFileA
CreateFileW
ReadFile
SetFilePointer
FreeLibrary
GetModuleHandleW
GetProcAddress
LoadLibraryExW
DosDateTimeToFileTime
MultiByteToWideChar
WideCharToMultiByte
ReleaseSemaphore
WaitForSingleObject
CreateThread
WaitForMultipleObjects
CreateSemaphoreW
SetFilePointerEx
VirtualAlloc
VirtualFree
GlobalAlloc
GlobalFree
GetSystemTimeAsFileTime
ExpandEnvironmentStringsW
CompareStringW
SetEndOfFile
SetFileTime
WriteFile
GetSystemTime
SystemTimeToFileTime
GetCommandLineA
HeapSetInformation
GetStartupInfoW
DecodePointer
EncodePointer
SetUnhandledExceptionFilter
GetStdHandle
GetModuleFileNameA
FreeEnvironmentStringsW
GetEnvironmentStringsW
SetHandleCount
InitializeCriticalSectionAndSpinCount
GetFileType
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
InterlockedIncrement
SetLastError
GetCurrentThreadId
InterlockedDecrement
GetCurrentThread
HeapCreate
QueryPerformanceCounter
GetCurrentProcessId
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
IsDebuggerPresent
HeapAlloc
RaiseException
HeapFree
IsProcessorFeaturePresent
InterlockedExchange
LoadLibraryW
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
RtlUnwind
HeapSize
LCMapStringW
GetStringTypeW
HeapReAlloc
LocalFree
SystemTimeToTzSpecificLocalTime
GetTimeZoneInformation
FindClose
FindFirstFileW
GetFileSizeEx
CreateDirectoryW
GetFileAttributesW
GetTempPathW
DeleteFileW
FindNextFileW
GetFileAttributesExW
GetFileTime
SetFileAttributesW
GetTempPathA
CopyFileW
CreateHardLinkW
RemoveDirectoryW
FormatMessageA
lstrlenA
GetComputerNameW
GetProcessHeap
FlushFileBuffers
WriteConsoleW
SetStdHandle
GetConsoleMode
GetConsoleCP
LoadLibraryA
LocalAlloc

rpcrt4

RpcRevertToSelf
RpcServerRegisterIfEx
RpcServerUnregisterIf
RpcServerUseProtseqEpW
RpcImpersonateClient
NdrServerCall2

version

VerQueryValueW
GetFileVersionInfoW
GetFileVersionInfoSizeW

wintrust

WinVerifyTrust

Sections

.text
Size: 128KB - Virtual size: 127KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 4KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 69KB - Virtual size: 72KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

a8ffa8f05204dbd831484a4120599c72

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

advapi32

kernel32

rpcrt4

version

wintrust

Sections

.text Size: 128KB - Virtual size: 127KB

.data Size: 4KB - Virtual size: 12KB

.rsrc Size: 2KB - Virtual size: 1KB

.reloc Size: 69KB - Virtual size: 72KB

.text
Size: 128KB - Virtual size: 127KB

.data
Size: 4KB - Virtual size: 12KB

.rsrc
Size: 2KB - Virtual size: 1KB

.reloc
Size: 69KB - Virtual size: 72KB