189561df7b442215785b34d0612128fb98e7236b4e49d6ff07514bea9a4fdbfe

Sharing

Copy URL

Twitter E-mail

General

Target

189561df7b442215785b34d0612128fb98e7236b4e49d6ff07514bea9a4fdbfe
Size

333KB
MD5

ecb85ed4bb2061e4dfb5823995350857
SHA1

c860aa6380107df5ab13d06e1e51dcb2cd10a6ff
SHA256

189561df7b442215785b34d0612128fb98e7236b4e49d6ff07514bea9a4fdbfe
SHA512

48ff92a831d5287213e3a29aee4d5ab9c511cba2e468522797049309819300ae081f460014eeacf3673d289705f26fbc96d5817f29c4f2e46eaf151f13b39d2d
SSDEEP

6144:qFOmOLdHuFDqVfOTCCX5WWJpEhfzzUhmC:qFOZ2COTbX5WWJpEhfzzU

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
189561df7b442215785b34d0612128fb98e7236b4e49d6ff07514bea9a4fdbfe

Files

189561df7b442215785b34d0612128fb98e7236b4e49d6ff07514bea9a4fdbfe
.exe windows x86

850673e1a4980590e3efeca69ed3d9ba

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

version

VerQueryValueW

neci

dsc_EnumSearch
dsc_Attach
dsc_GetIfConfig
dsc_GetSerialInterface
dsc_GetSerialIOCtl
dsc_GetName
dsc_GetKernelInfo
dsc_GetMaxDIO
dsc_GetDIOMode
dsc_GetDIOState
dsc_GetUDPMode
dsc_Detach
dsc_GetIPLocation
dsc_GetDriverMode
dsc_GetCmdState
dsc_Login
dsc_SetCmdState
dsc_Logout
dsc_SaveAndRestart
dsc_SetSearchOpt

zlib1

crc32

mfc140u

ord12247
ord12239
ord5918
ord3852
ord6349
ord14668
ord6350
ord14669
ord6348
ord14667
ord8000
ord12531
ord14466
ord11983
ord11982
ord2034
ord7941
ord12947
ord4090
ord4152
ord9398
ord14595
ord7922
ord14589
ord6486
ord12541
ord2486
ord5357
ord8324
ord12865
ord8386
ord8470
ord13473
ord8464
ord2215
ord8754
ord3797
ord4885
ord890
ord1391
ord11038
ord9377
ord4477
ord2303
ord500
ord1142
ord12784
ord5514
ord5512
ord6555
ord494
ord11962
ord5886
ord12351
ord2885
ord14507
ord12586
ord14606
ord6531
ord8485
ord12763
ord460
ord8817
ord3359
ord3237
ord6801
ord1405
ord4485
ord2409
ord1108
ord450
ord5419
ord4886
ord3833
ord8773
ord6973
ord7654
ord1066
ord6490
ord9126
ord3145
ord4219
ord1440
ord963
ord3144
ord8360
ord8719
ord12131
ord9040
ord11396
ord4092
ord3404
ord3403
ord3164
ord6218
ord13752
ord2760
ord9139
ord12172
ord9210
ord11015
ord5422
ord14234
ord10472
ord7493
ord3697
ord1070
ord1002
ord6497
ord9209
ord10255
ord8219
ord5409
ord7712
ord7723
ord7722
ord2205
ord5228
ord5411
ord5252
ord5790
ord5525
ord9350
ord5760
ord5549
ord5249
ord12168
ord3265
ord3371
ord3372
ord3941
ord12124
ord2682
ord5935
ord13703
ord11717
ord6877
ord4589
ord7923
ord14590
ord3055
ord4494
ord9693
ord4502
ord4988
ord4927
ord4912
ord4974
ord5019
ord4942
ord4997
ord5013
ord4954
ord4960
ord4966
ord4948
ord5003
ord4936
ord1777
ord1756
ord1770
ord1744
ord1722
ord12258
ord12262
ord13878
ord3266
ord9256
ord11002
ord6978
ord12220
ord8965
ord14588
ord11936
ord3838
ord12089
ord9128
ord11726
ord11725
ord5652
ord10288
ord10284
ord10286
ord10287
ord10285
ord14785
ord2761
ord8210
ord3302
ord3305
ord13756
ord6220
ord3147
ord4222
ord8744
ord2993
ord3872
ord1111
ord458
ord7107
ord12921
ord12884
ord2990
ord5921
ord285
ord3009
ord14137
ord4815
ord1525
ord5882
ord4882
ord4881
ord4323
ord1526
ord3316
ord2307
ord1511
ord846
ord8757
ord4663
ord7997
ord1472
ord995
ord7653
ord10379
ord8123
ord5074
ord2304
ord266
ord265
ord280
ord290
ord1663
ord1045
ord296
ord1513
ord1703
ord8756
ord14411
ord8217
ord14417
ord1689
ord10433
ord12251
ord12219
ord12928
ord5763
ord10250
ord6860
ord4814
ord1692
ord12559
ord14131
ord2865
ord14547
ord5109
ord1523
ord4649
ord2029
ord1462
ord12027
ord985
ord6559
ord1446
ord6834
ord9135
ord1072
ord3257
ord4236
ord358
ord6489
ord7820
ord286
ord13087
ord13293
ord2522
ord2520
ord13028
ord2246
ord3864
ord366
ord13070
ord14596
ord13911
ord6566
ord6129
ord3882
ord12542

kernel32

LocalFree
FormatMessageW
LocalAlloc
GetLastError
MultiByteToWideChar
CloseHandle
CreateFileW
CreateEventW
GetUserDefaultLangID
PurgeComm
GetCommTimeouts
SetCommTimeouts
WriteFile
GetOverlappedResult
InitializeCriticalSectionAndSpinCount
LockResource
LoadResource
FindResourceW
WinExec
lstrlenW
lstrcatW
lstrcpyW
GetWindowsDirectoryW
FreeLibrary
GetProcAddress
LoadLibraryW
GlobalFree
GlobalAlloc
ResetEvent
WaitForSingleObject
FlushFileBuffers
SetCommState
GetCommState
Sleep
ClearCommError
WideCharToMultiByte
ReadFile
DeleteCriticalSection
ResumeThread
FindFirstFileW
FindNextFileW
FindClose
SuspendThread
CreateThread
OutputDebugStringW
CreateDirectoryW
ExitProcess
GetModuleHandleW
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
SetupComm
IsProcessorFeaturePresent
EnterCriticalSection
LeaveCriticalSection
SetEvent
WaitForSingleObjectEx
QueryPerformanceCounter
GetCurrentProcessId
GetCurrentThreadId
GetSystemTimeAsFileTime
InitializeSListHead
IsDebuggerPresent
GetStartupInfoW

user32

ClientToScreen
PtInRect
KillTimer
SetWindowLongW
GetClientRect
MessageBeep
SetTimer
GetMessagePos
ScreenToClient
GetWindowDC
DrawFocusRect
CopyIcon
LoadIconW
GetSystemMenu
AppendMenuW
IsIconic
DrawIcon
LoadBitmapW
MessageBoxW
DrawEdge
InflateRect
FillRect
GetSysColor
LoadCursorW
DrawStateW
UpdateWindow
InvalidateRect
GetWindowRect
OffsetRect
CopyRect
LoadImageW
DestroyIcon
RegisterDeviceNotificationW
GetDC
SendMessageW
ReleaseDC
GetSystemMetrics
EnableWindow
GetParent
IsWindow
RedrawWindow
GetIconInfo
SetCursor
CreateIconIndirect
FrameRect

gdi32

CreateSolidBrush
CreateFontIndirectW
GetObjectW
BitBlt
CreateCompatibleDC
DeleteObject
SetDIBits
CreateCompatibleBitmap
GetDIBits
GetStockObject
GetTextMetricsW
GetTextExtentPoint32W

advapi32

RegEnumValueW
RegEnumKeyExW
RegCloseKey
RegQueryValueW
RegOpenKeyExW

shell32

ShellExecuteW
SHGetFolderPathW

comctl32

_TrackMouseEvent
InitCommonControlsEx

ws2_32

inet_addr
WSAStartup
shutdown
htons
inet_ntoa

vcruntime140

__CxxFrameHandler3
__std_terminate
wcsstr
wcsrchr
strstr
strrchr
strchr
memset
__current_exception
__current_exception_context
_except_handler4_common
memcpy

api-ms-win-crt-stdio-l1-1-0

__stdio_common_vswprintf_s
__p__commode
_set_fmode
__stdio_common_vswprintf

api-ms-win-crt-convert-l1-1-0

atoi
_wtoi

api-ms-win-crt-string-l1-1-0

wcsncpy

api-ms-win-crt-heap-l1-1-0

free
malloc
_set_new_mode

api-ms-win-crt-runtime-l1-1-0

_c_exit
_cexit
_register_thread_local_exe_atexit_callback
exit
_initterm_e
_initterm
_get_wide_winmain_command_line
_initialize_wide_environment
_configure_wide_argv
_set_app_type
_seh_filter_exe
_initialize_onexit_table
_register_onexit_function
_crt_atexit
terminate
_controlfp_s
_exit

api-ms-win-crt-math-l1-1-0

__setusermatherr

api-ms-win-crt-locale-l1-1-0

_configthreadlocale

Sections

.text
Size: 62KB - Virtual size: 62KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 28KB - Virtual size: 28KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 38KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 231KB - Virtual size: 230KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 9KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

850673e1a4980590e3efeca69ed3d9ba

Headers

DLL Characteristics

File Characteristics

Imports

version

neci

zlib1

mfc140u

kernel32

user32

gdi32

advapi32

shell32

comctl32

ws2_32

vcruntime140

api-ms-win-crt-stdio-l1-1-0

api-ms-win-crt-convert-l1-1-0

api-ms-win-crt-string-l1-1-0

api-ms-win-crt-heap-l1-1-0

api-ms-win-crt-runtime-l1-1-0

api-ms-win-crt-math-l1-1-0

api-ms-win-crt-locale-l1-1-0

Sections

.text Size: 62KB - Virtual size: 62KB

.rdata Size: 28KB - Virtual size: 28KB

.data Size: 1024B - Virtual size: 38KB

.rsrc Size: 231KB - Virtual size: 230KB

.reloc Size: 9KB - Virtual size: 8KB

.text
Size: 62KB - Virtual size: 62KB

.rdata
Size: 28KB - Virtual size: 28KB

.data
Size: 1024B - Virtual size: 38KB

.rsrc
Size: 231KB - Virtual size: 230KB

.reloc
Size: 9KB - Virtual size: 8KB