3329641a171508fa6b1ad7674b31431093d46be190d1a51acd77e486f42d9c8e

Sharing

Copy URL

Twitter E-mail

General

Target

3329641a171508fa6b1ad7674b31431093d46be190d1a51acd77e486f42d9c8e
Size

600KB
MD5

1720b1748ad7b8ac0bfc1c3636fead95
SHA1

97bae63417df5bde4a05cd44c6c523db50f6ab76
SHA256

3329641a171508fa6b1ad7674b31431093d46be190d1a51acd77e486f42d9c8e
SHA512

36d1f098c9ef9a80b42ad058c2a86e5cee794d12f74e479a79059197b82c847d8f88b256f17e2276fc0a9e21cf9b3210c563017d03d9c4ff3638484190a16b76
SSDEEP

12288:aKVWGHUsNNXxgAQWE9J4TyP5SqWiboPZnVXDsm:/UANB/Q7wqWicLXD

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
3329641a171508fa6b1ad7674b31431093d46be190d1a51acd77e486f42d9c8e

Files

3329641a171508fa6b1ad7674b31431093d46be190d1a51acd77e486f42d9c8e
.exe windows:4 windows x86 arch:x86

87b1bf5d6ea7e7bea778583978f61b64

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

clbcatq

DowngradeAPL
SetSetupSave

cfgmgr32

CM_Add_Empty_Log_Conf
CMP_Report_LogOn
CM_Add_IDA
CM_Add_Range

user32

wsprintfA
LoadBitmapW
IsDialogMessageA
DispatchMessageW
PostMessageW
CharToOemA
LoadIconA
IsCharLowerW
DialogBoxParamA
MessageBoxA
GetClassLongA
DrawStateW
PeekMessageW
InsertMenuW

cryptdll

MD5Update
MD5Final

kernel32

GetCommandLineW
InterlockedIncrement
CreateNamedPipeA
GetEnvironmentVariableW
WaitForSingleObject
GetLocalTime
CreateThread
GetModuleFileNameW
FindClose
FindResourceExA
OpenProcess
GlobalAddAtomA
GetConsoleTitleA
SetPriorityClass
FindNextFileW
CreateFileMappingW
FindFirstFileW
FormatMessageA
CloseHandle
GetLogicalDriveStringsA
GetProcAddress
GetPrivateProfileStringA
CreateDirectoryA
CreateSemaphoreW
LoadLibraryA
SetEnvironmentVariableA
GetModuleHandleA

shlwapi

UrlGetPartW
PathCompactPathW
UrlCreateFromPathW
UrlCombineA
UrlEscapeW
UrlCompareW
UrlUnescapeW
PathIsRootW
UrlHashA
UrlIsNoHistoryW
UrlGetLocationA
PathCommonPrefixW
UrlIsW
PathCombineA

rsaenh

CPDecrypt
CPDeriveKey

shell32

Shell_NotifyIconA
DllCanUnloadNow
DragQueryFileA
DllGetVersion
SHBrowseForFolderW
SHGetFolderPathA
StrChrA
ExtractIconW
SHEmptyRecycleBinA
SHCreateDirectoryExA

Sections

.text
Size: 55KB - Virtual size: 54KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE

.rdata
Size: 538KB - Virtual size: 538KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.dec
Size: 2KB - Virtual size: 256KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

87b1bf5d6ea7e7bea778583978f61b64

Headers

DLL Characteristics

File Characteristics

Imports

clbcatq

cfgmgr32

user32

cryptdll

kernel32

shlwapi

rsaenh

shell32

Sections

.text Size: 55KB - Virtual size: 54KB

.rdata Size: 538KB - Virtual size: 538KB

.dec Size: 2KB - Virtual size: 256KB

.rsrc Size: 3KB - Virtual size: 3KB

.text
Size: 55KB - Virtual size: 54KB

.rdata
Size: 538KB - Virtual size: 538KB

.dec
Size: 2KB - Virtual size: 256KB

.rsrc
Size: 3KB - Virtual size: 3KB