cdae806ef2c07a9b818d93f802a56f58ce2f725e77a67f904ca473b72b17f529

Sharing

Copy URL

Twitter E-mail

General

Target

cdae806ef2c07a9b818d93f802a56f58ce2f725e77a67f904ca473b72b17f529
Size

304KB
MD5

9b6b559fa7c7bfddd6b6b98c4a297207
SHA1

9c718b58377404c8d1c38d08bd5a91591d58f4da
SHA256

cdae806ef2c07a9b818d93f802a56f58ce2f725e77a67f904ca473b72b17f529
SHA512

0a8ccc2aec2999ce7622837885817b9fc7e316174af331d33da9e8f6a654f212fdc05fe467fe7543e25540b02cfe5fee651c578eb6be9141571c9b110fd17f86
SSDEEP

6144:LtxDF4g+xZbJLrAR1bd3HozgsFrfsTZsy64x1V9ukYwTYQeB:JxDeg+9coHsTSy6Suvexe

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs
Checks for missing Authenticode signature.

Processes:

resource

cdae806ef2c07a9b818d93f802a56f58ce2f725e77a67f904ca473b72b17f529

resource
cdae806ef2c07a9b818d93f802a56f58ce2f725e77a67f904ca473b72b17f529

Files

cdae806ef2c07a9b818d93f802a56f58ce2f725e77a67f904ca473b72b17f529
.exe windows:4 windows x86 arch:x86

1e0f30223d7e025d07167bd3adb5ec00

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_AGGRESIVE_WS_TRIM
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

InterlockedCompareExchange
GetFileSize
CreateFileW
HeapReAlloc
GetTickCount
GetCommandLineA
InterlockedDecrement
GetCurrentProcessId
GetVersionExA
GetOEMCP
GetCurrentThread
WriteConsoleW
SetFilePointerEx
GetProcessHeap
GetACP
GetEnvironmentStrings
GetCommandLineW
GetEnvironmentStringsW
SetStdHandle
GetConsoleMode
GetProcAddress
LoadLibraryA
GetLastError
SetLastError
GetCurrentThreadId
EncodePointer
DecodePointer
ExitProcess
GetModuleHandleExW
MultiByteToWideChar
WideCharToMultiByte
GetStdHandle
GetFileType
DeleteCriticalSection
GetStartupInfoW
GetModuleFileNameA
WriteFile
GetModuleFileNameW
QueryPerformanceCounter
GetSystemTimeAsFileTime
FreeEnvironmentStringsW
UnhandledExceptionFilter
SetUnhandledExceptionFilter
InitializeCriticalSectionAndSpinCount
Sleep
GetCurrentProcess
TerminateProcess
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
GetModuleHandleW
EnterCriticalSection
LeaveCriticalSection
HeapFree
IsValidCodePage
GetCPInfo
IsDebuggerPresent
IsProcessorFeaturePresent
LoadLibraryExW
RtlUnwind
OutputDebugStringW
HeapAlloc
GetStringTypeW
HeapSize
LCMapStringW
FlushFileBuffers
GetConsoleCP
CloseHandle

gdi32

GetObjectA
MoveToEx
SaveDC
LineTo
SelectObject
CreateBitmap
ExtCreatePen

advapi32

RegSetValueExA
RegEnumKeyExA

ole32

OleSaveToStream

imm32

ImmSetCompositionFontA
ImmGetDefaultIMEWnd
ImmReleaseContext
ImmAssociateContext

scarddlg

ord1

Sections

.text
Size: 48KB - Virtual size: 47KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 252KB - Virtual size: 251KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

1e0f30223d7e025d07167bd3adb5ec00

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

gdi32

advapi32

ole32

imm32

scarddlg

Sections

.text Size: 48KB - Virtual size: 47KB

.data Size: 252KB - Virtual size: 251KB

.text
Size: 48KB - Virtual size: 47KB

.data
Size: 252KB - Virtual size: 251KB