c9b34d7c4bdc95cd112ff9322f7a37eba8c47ae429920a643538b58877f75d6f[.]exe

Sharing

Copy URL

Twitter E-mail

General

Target

c9b34d7c4bdc95cd112ff9322f7a37eba8c47ae429920a643538b58877f75d6f.exe
Size

275KB
MD5

2be2bd1f8f05f5491bd06d61e2e27bbd
SHA1

3fbe84a0b8ea504fc6447fad858dd96311b55d29
SHA256

c9b34d7c4bdc95cd112ff9322f7a37eba8c47ae429920a643538b58877f75d6f
SHA512

ede979c4a033b1b05fffb66f1b60e628a2543805c4a1a6bd417aa49e98f09d6f5e3a7c6a21307003e5f6b1a56d9a3ac3153f17906859251ce87cabba309d5548
SSDEEP

6144:l2J9n/ekxcnYvkGc9plVQYsvkk2EOqpJjSsTSo:l2JUcX8LvVQY8kk2EO+d7

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
c9b34d7c4bdc95cd112ff9322f7a37eba8c47ae429920a643538b58877f75d6f.exe

Files

c9b34d7c4bdc95cd112ff9322f7a37eba8c47ae429920a643538b58877f75d6f.exe
.exe windows:4 windows x86 arch:x86

2c59df6083165220959cf80ab831c667

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

user32

wsprintfA
CharPrevExA
CharUpperBuffW
CharNextExA

advapi32

AddAccessDeniedAce
SetThreadToken
AddAccessAllowedAce
DeregisterEventSource
ReportEventW
ConvertStringSecurityDescriptorToSecurityDescriptorW
RegisterTraceGuidsA
RegCreateKeyExW
FreeSid
RegQueryValueExW
InitializeSecurityDescriptor
GetLengthSid
OpenSCManagerW
OpenServiceW
SetSecurityDescriptorDacl
RegisterServiceCtrlHandlerExW
GetTraceEnableFlags
DuplicateToken
LookupAccountSidA
GetTraceEnableLevel
InitializeAcl
RegSetValueExW
ConvertStringSecurityDescriptorToSecurityDescriptorA
UnregisterTraceGuids
GetTokenInformation
DuplicateTokenEx
RegisterEventSourceW
StartServiceCtrlDispatcherW
GetTraceLoggerHandle
TraceMessage
RegOpenKeyExW
RegCloseKey
CloseServiceHandle
AllocateAndInitializeSid
SetServiceStatus

rpcrt4

RpcServerUseProtseqEpA
NdrServerCall2
RpcMgmtStopServerListening
RpcServerListen
RpcServerUnregisterIf
RpcServerRegisterAuthInfoA
RpcServerRegisterIf

kernel32

CreateMutexW
UnregisterWaitEx
VirtualAlloc
HeapFree
GetVolumeInformationW
QueryPerformanceFrequency
LCMapStringA
CreateSemaphoreW
HeapDestroy
RaiseException
GetConsoleOutputCP
GlobalFree
ReleaseSemaphore
SetHandleCount
FreeEnvironmentStringsA
CreateEventW
ResetEvent
SystemTimeToFileTime
HeapAlloc
QueueUserWorkItem
GetVolumePathNamesForVolumeNameW
DeleteTimerQueueTimer
CreateFileMappingA
GetProcessHeap
UnlockFile
GetCurrentThreadId
CreateMutexA
RegisterWaitForSingleObject
CreateFileMappingW
UnhandledExceptionFilter
TlsFree
IsValidLocale
GetOEMCP
WideCharToMultiByte
MapViewOfFile
GetUserDefaultLCID
DeleteCriticalSection
GetTempFileNameW
CreateEventA
HeapReAlloc
OpenMutexA
IsValidCodePage
GetCommandLineA
GetPriorityClass
SetEndOfFile
CreateFileW
OpenProcess
CreateTimerQueueTimer
TlsAlloc
GetSystemTime
FreeEnvironmentStringsW
UnregisterWait
TlsGetValue
GetConsoleCP
EnumSystemLocalesA
CreateIoCompletionPort
MoveFileW
UnmapViewOfFile
DeleteTimerQueueEx
GetFileType
GetThreadPriority
GetShortPathNameA
ExpandEnvironmentStringsW
GetDriveTypeW
LoadLibraryExA
GetStdHandle
FlushFileBuffers
GetFileSizeEx
SetThreadPriority
GetSystemTimeAsFileTime
CreateProcessW
CreateFileA
FreeLibrary
GlobalMemoryStatusEx
DeleteFileW
LCMapStringW
GetComputerNameW
WriteConsoleA
GetConsoleMode
SetFilePointer
EnterCriticalSection
CloseHandle
ReleaseMutex
LeaveCriticalSection
IsDebuggerPresent
GetFileSize
HeapSize
VirtualFree
LocalFree
WaitForMultipleObjects
CompareStringW
CopyFileW
LockFileEx
GetModuleHandleA
CreateTimerQueue
GlobalAlloc
RtlUnwind
GetComputerNameA
SetFilePointerEx
CreateDirectoryW
WaitForSingleObject
GetACP
SetLastError
CreateThread
SetStdHandle
TlsSetValue
OpenEventA
GetLocalTime
WriteConsoleW
SetUnhandledExceptionFilter
GetQueuedCompletionStatus
GetSystemInfo
WriteFile
SetPriorityClass
PostQueuedCompletionStatus
SetErrorMode
ReadFile
CompareStringA
GetStartupInfoW
VirtualAllocEx

rtm

RtmCloseEnumerationHandle
RtmGetFirstRoute
RtmGetListEnumRoutes
RtmReleaseNextHopInfo
MgmGetMfe
RtmUpdateAndUnlockRoute
InsertIntoTable
RtmReleaseDests
RtmReadInstanceConfig
DumpTable
MgmReleaseInterfaceOwnership
MgmGetNextMfe
RtmReleaseRoutes

qedit

DllCanUnloadNow
DllGetClassObject

Sections

.text
Size: 24KB - Virtual size: 24KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 240KB - Virtual size: 558KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

2c59df6083165220959cf80ab831c667

Headers

File Characteristics

Imports

user32

advapi32

rpcrt4

kernel32

rtm

qedit

Sections

.text Size: 24KB - Virtual size: 24KB

.rdata Size: 5KB - Virtual size: 5KB

.data Size: 240KB - Virtual size: 558KB

.rsrc Size: 4KB - Virtual size: 16KB

.text
Size: 24KB - Virtual size: 24KB

.rdata
Size: 5KB - Virtual size: 5KB

.data
Size: 240KB - Virtual size: 558KB

.rsrc
Size: 4KB - Virtual size: 16KB