c3ec167bc24e86e10581efc8f52840c6af30a72fe312924da4bc3f115ed55756

Sharing

Copy URL

Twitter E-mail

General

Target

c3ec167bc24e86e10581efc8f52840c6af30a72fe312924da4bc3f115ed55756
Size

664KB
MD5

72dbe7ff8cb3b1c782692f3cc9615602
SHA1

7b97c3abc1e53da0d174f5f49bac65b2e005f13b
SHA256

c3ec167bc24e86e10581efc8f52840c6af30a72fe312924da4bc3f115ed55756
SHA512

cb5f4ef030942e8136626b9a225ef2b2d243dad900b2b196289335c592c537d5289382d25491c3e89bd0546a126ebdda8b6c0eee7dacd713ae155f62e8b0ea72
SSDEEP

6144:P34xznfAp4x+NWMqW/KZ1vCDTEpc2bysCZR6iwAtUnWKT5WK8Rpv1llfFfCRAuTF:PIKp/UWCZdCDh2IZDwAFRpR6Au

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
c3ec167bc24e86e10581efc8f52840c6af30a72fe312924da4bc3f115ed55756

Files

c3ec167bc24e86e10581efc8f52840c6af30a72fe312924da4bc3f115ed55756
.dll windows:5 windows x64 arch:x64

6bd45a7f6736c7032f1cc8ae9fa751af

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

TTPnpins.pdb

Imports

comdlg32

GetSaveFileNameW

wininet

GetUrlCacheEntryInfoW

setupapi

CM_Get_Sibling_Ex

advapi32

RegEnumValueW
SaferCreateLevel

Exports

Exports

WerAddExcludedApplication
WerRemoveExcludedApplication
WerReportAddDump
WerReportAddFile
WerReportCloseHandle
WerReportCreate
WerReportSetParameter
WerReportSetUIOption
WerReportSubmit
WerSysprepCleanup
WerSysprepGeneralize
WerSysprepSpecialize
WerUnattendedSetup
WerpAddAppCompatData
WerpAddFile
WerpAddMemoryBlock
WerpAddRegisteredDataToReport
WerpAddSecondaryParameter
WerpAddTextToReport
WerpArchiveReport
WerpCancelResponseDownload
WerpCancelUpload
WerpCloseStore
WerpCreateIntegratorReportId
WerpCreateMachineStore
WerpDeleteReport
WerpDestroyWerString
WerpDownloadResponse
WerpDownloadResponseTemplate
WerpEnumerateStoreNext
WerpEnumerateStoreStart
WerpExtractReportFiles
WerpFreeString
WerpGetBucketId
WerpGetBucketString
WerpGetDynamicParameter
WerpGetEventType
WerpGetFileByIndex
WerpGetFilePathByIndex
WerpGetIntegratorReportId
WerpGetLoadedModuleByIndex
WerpGetNumFiles
WerpGetNumLoadedModules
WerpGetNumSecParams
WerpGetNumSigParams
WerpGetReportConsent
WerpGetReportFinalConsent
WerpGetReportFlags
WerpGetReportInformation
WerpGetReportSettings
WerpGetReportTime
WerpGetReportType
WerpGetResponseId
WerpGetResponseUrl
WerpGetSecParamByIndex
WerpGetSigParamByIndex
WerpGetStoreLocation
WerpGetStorePath
WerpGetStoreType
WerpGetTextFromReport
WerpGetUIParamByIndex
WerpGetUploadTime
WerpGetWerStringData
WerpGetWow64Process
WerpIsDisabled
WerpIsTransportAvailable
WerpLaunchResponse
WerpLoadReport
WerpOpenMachineArchive
WerpOpenMachineQueue
WerpOpenUserArchive
WerpOpenUserQueue
WerpPromtUser
WerpReportCancel
WerpRestartApplication
WerpSetCallBack
WerpSetDefaultUserConsent
WerpSetDynamicParameter
WerpSetEventName
WerpSetIntegratorReportId
WerpSetReportFlags
WerpSetReportInformation
WerpSetReportTime
WerpSetReportUploadContextToken
WerpShowUpsellUI
WerpSubmitReportFromStore
WerpSvcReportFromMachineQueue
WerpUpdateReportResponse

Sections

.text
Size: 20KB - Virtual size: 19KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 524KB - Virtual size: 520KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 68KB - Virtual size: 67KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 4KB - Virtual size: 312B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_READ

.rsrc
Size: 28KB - Virtual size: 26KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Size: 4KB - Virtual size: 905B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

6bd45a7f6736c7032f1cc8ae9fa751af

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

comdlg32

wininet

setupapi

advapi32

Exports

Exports

Sections

.text Size: 20KB - Virtual size: 19KB

.rdata Size: 524KB - Virtual size: 520KB

.data Size: 68KB - Virtual size: 67KB

.pdata Size: 4KB - Virtual size: 312B

.rsrc Size: 28KB - Virtual size: 26KB

.reloc Size: 4KB - Virtual size: 2KB

Size: 4KB - Virtual size: 905B

Size: 4KB - Virtual size: 1KB

Size: 4KB - Virtual size: 2KB

.text
Size: 20KB - Virtual size: 19KB

.rdata
Size: 524KB - Virtual size: 520KB

.data
Size: 68KB - Virtual size: 67KB

.pdata
Size: 4KB - Virtual size: 312B

.rsrc
Size: 28KB - Virtual size: 26KB

.reloc
Size: 4KB - Virtual size: 2KB