095388b07c2bf4108096c039bc92fb1eb4f1281fa96f4c68554b67fa60dd5ef5

Sharing

Copy URL Twitter E-mail

General

Target

095388b07c2bf4108096c039bc92fb1eb4f1281fa96f4c68554b67fa60dd5ef5
Size

144KB
MD5

31362fd6662de01e6e15a3fe1f2b4be4
SHA1

16fd9f6802b9fa215cf8492d6e9cc22ca0050796
SHA256

095388b07c2bf4108096c039bc92fb1eb4f1281fa96f4c68554b67fa60dd5ef5
SHA512

08b85abe1ad448b5d038ba5fa52948f92d21dafe67c061cfbd9d4cb051230949eb0e024d480bf27260f03e2c6056c68c0977509397bd89a17099a7da91f70377
SSDEEP

3072:++pnE6zlhpWLwvl2tJFqJhVpHtyZ1z0duvroS:++pHliLwvPJbi1EuvMS

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
095388b07c2bf4108096c039bc92fb1eb4f1281fa96f4c68554b67fa60dd5ef5

Files

095388b07c2bf4108096c039bc92fb1eb4f1281fa96f4c68554b67fa60dd5ef5
.exe windows x86

81cbbc6ec3dbb7a06c9b60575f61b0d4

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

msvcrt

__p__commode
__p__fmode
__set_app_type
_controlfp
_adjust_fdiv
_initterm
_itoa
toupper
towlower
wcsncat
wcschr
_wcsnicmp
free
strncpy
strtoul
strchr
__getmainargs
__initenv
exit
_cexit
_XcptFilter
_exit
??3@YAXPAX@Z
__setusermatherr
sprintf
_strnicmp
_c_exit
malloc
wcscmp
strrchr
memmove
_stricmp
wcsrchr
isdigit
_except_handler3
?_set_new_handler@@YAP6AHI@ZP6AHI@Z@Z
wcscat
memchr
_strcmpi
wcsncpy
_wcsicmp
wcscpy
wcslen
_snwprintf
??2@YAPAXI@Z
_snprintf
calloc

advapi32

DuplicateTokenEx
LookupAccountSidW
CryptAcquireContextW
CreateProcessAsUserW
CryptReleaseContext
LsaOpenPolicy
LsaQueryInformationPolicy
LsaClose
LsaFreeMemory
ImpersonateLoggedOnUser
RevertToSelf
IsValidSid
GetSidIdentifierAuthority
GetSidSubAuthorityCount
RegOpenKeyW
OpenProcessToken
LookupPrivilegeValueW
GetAce
CryptGenRandom
RegCreateKeyExW
RegSetKeySecurity
GetSecurityDescriptorLength
MakeSelfRelativeSD
ReportEventW
GetSidSubAuthority
RegOpenKeyExA
RegQueryValueExA
RegLoadKeyA
RegSetValueExW
RegCreateKeyA
AdjustTokenPrivileges
GetLengthSid
InitializeAcl
AddAccessAllowedAce
InitializeSecurityDescriptor
SetSecurityDescriptorDacl
LogonUserW
RegOpenKeyExW
RegQueryValueExW
RegisterEventSourceW
DeregisterEventSource
AllocateAndInitializeSid
OpenThreadToken
LookupAccountNameW
GetTokenInformation
EqualSid
RegCloseKey
FreeSid

kernel32

GetConsoleMode
CreateFileA
AllocConsole
FreeConsole
GetModuleFileNameA
lstrcpyW
TerminateProcess
SetEnvironmentVariableA
SetEnvironmentVariableW
GetExitCodeProcess
SetConsoleCtrlHandler
DuplicateHandle
GetCurrentProcess
GetCurrentThread
GetComputerNameExA
QueryPerformanceCounter
GetCurrentThreadId
GetCurrentProcessId
GetSystemTimeAsFileTime
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetModuleHandleA
FormatMessageW
CreateEventW
WaitForSingleObject
ReleaseMutex
CloseHandle
CreateNamedPipeW
HeapFree
HeapAlloc
GetProcessHeap
VirtualFree
VirtualAlloc
OpenProcess
ExpandEnvironmentStringsA
CreateFileW
FreeLibrary
GetProcAddress
LoadLibraryA
GetSystemDirectoryA
WaitForMultipleObjects
GetLastError
GetTickCount
GlobalFree
GlobalAlloc
SetLastError
SetHandleInformation
GetStdHandle
WideCharToMultiByte
GetConsoleCP
LoadLibraryW
GetSystemDirectoryW
lstrlenW
ReadFile
WriteFile
GetComputerNameW
GetLocalTime
CancelIo
lstrcpyA
lstrcatA
LocalFree
LocalAlloc
FormatMessageA
GetACP
GetOverlappedResult
ExitProcess
SetErrorMode
MultiByteToWideChar
GenerateConsoleCtrlEvent
SetConsoleScreenBufferSize
SetConsoleWindowInfo
GetConsoleScreenBufferInfo
LoadLibraryExW
IsDBCSLeadByte
WriteConsoleInputA
ExpandEnvironmentStringsW
WriteConsoleW
ReadConsoleOutputA
ReadConsoleOutputW
WriteConsoleInputW

ntdll

RtlEqualUnicodeString
DbgPrint
RtlSubAuthorityCountSid
RtlSubAuthoritySid
RtlInitUnicodeString

user32

VkKeyScanW
GetProcessWindowStation
wsprintfW
CharToOemA
LoadStringW
MapVirtualKeyW
CloseDesktop
OpenDesktopW
CloseWindowStation
SetUserObjectSecurity

oleaut32

VarBstrFromDate
VarDateFromUdate
SysFreeString

psapi

EnumProcesses

security

AcceptSecurityContext
QueryContextAttributesW
ImpersonateSecurityContext
RevertSecurityContext
AcquireCredentialsHandleW
QuerySecurityPackageInfoW
DeleteSecurityContext
FreeCredentialsHandle
FreeContextBuffer

netapi32

NetGetAnyDCName
NetUserGetInfo
NetApiBufferFree

mpr

WNetOpenEnumW
WNetEnumResourceW
WNetCancelConnection2W
WNetCloseEnum
WNetAddConnection2W

ws2_32

WSAStringToAddressA
shutdown
WSASocketW
ioctlsocket
setsockopt
WSAStartup
closesocket
WSACleanup
getpeername
WSASetLastError
getservbyport
ntohs
gethostbyaddr
htons
getservbyname
htonl
inet_ntoa
gethostbyname
gethostname
WSAGetLastError
inet_addr

shell32

SHGetFolderPathW

Sections

.text
Size: 59KB - Virtual size: 58KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 1024B - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 83KB - Virtual size: 84KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

81cbbc6ec3dbb7a06c9b60575f61b0d4

Headers

DLL Characteristics

File Characteristics

Imports

msvcrt

advapi32

kernel32

ntdll

user32

oleaut32

psapi

security

netapi32

mpr

ws2_32

shell32

Sections

.text Size: 59KB - Virtual size: 58KB

.data Size: 1024B - Virtual size: 1KB

.rsrc Size: 83KB - Virtual size: 84KB

.text
Size: 59KB - Virtual size: 58KB

.data
Size: 1024B - Virtual size: 1KB

.rsrc
Size: 83KB - Virtual size: 84KB