9d30ebe63e8804a6c8fc7204a1f052db9d897e11a72d3bea10be8f5dd050f01b

General

Target

9d30ebe63e8804a6c8fc7204a1f052db9d897e11a72d3bea10be8f5dd050f01b
Size

72KB
MD5

0788c9293d28654ff66077b8740b5d28
SHA1

5e974d3a9ed8f9c9fb3ed1ed750936bcc2422013
SHA256

9d30ebe63e8804a6c8fc7204a1f052db9d897e11a72d3bea10be8f5dd050f01b
SHA512

d8dbafc28d50d1557686c9e21f91d260f8ac5fc14b73bc8363bcdc52168fa09a635a262838f87af3f394372bc4820f4bcca7aa909be4435eb414137de99abda4
SSDEEP

1536:XylGfZejzaUyzTl5satTdwTVXiWJ8NWAUMvGtZc3H:XrszaPzTlmaJyxyG8NWAU23H

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
9d30ebe63e8804a6c8fc7204a1f052db9d897e11a72d3bea10be8f5dd050f01b

Files

9d30ebe63e8804a6c8fc7204a1f052db9d897e11a72d3bea10be8f5dd050f01b
.exe windows:4 windows x86

3a38625e2e7094f892311fa17027b512

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

wtsapi32

WTSVirtualChannelPurgeInput
WTSSendMessageA
WTSEnumerateProcessesA
WTSLogoffSession
WTSVirtualChannelOpen
WTSWaitSystemEvent
WTSCloseServer
WTSUnRegisterSessionNotification
WTSEnumerateServersA
WTSEnumerateSessionsA
WTSSetUserConfigA
WTSQueryUserToken
WTSVirtualChannelWrite
WTSFreeMemory
WTSQuerySessionInformationA
WTSRegisterSessionNotification

user32

LoadBitmapA
InsertMenuA
DispatchMessageW
IsCharUpperA
GetKeyNameTextA
DefDlgProcA
DialogBoxParamW
DrawEdge
DrawTextW
wsprintfA
FindWindowExA
PeekMessageA
SetFocus
PostMessageW
GetMessageA
IsDialogMessageA
LoadStringA
GetClassInfoA

dhcpsapi

DhcpCreateSubnet
DhcpCreateClass
DhcpCreateOption
DhcpDeleteClass

kernel32

LoadLibraryA
SetEnvironmentVariableA
GetDateFormatA
FormatMessageA
InitializeCriticalSection
WaitForSingleObjectEx
WriteConsoleW
lstrcmpW
CompareStringA
DeviceIoControl
GetLogicalDriveStringsA
MoveFileA
GetShortPathNameA
HeapFree
CreateEventA
FindFirstFileA
CreateMutexA
ReplaceFileW
GetFileSize
GetProcAddress
GetLastError
GetSystemTime
GetACP
GetTickCount
lstrcpyA

Sections

.text
Size: 32KB - Virtual size: 30KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 24KB - Virtual size: 23KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

3a38625e2e7094f892311fa17027b512

Headers

File Characteristics

Imports

wtsapi32

user32

dhcpsapi

kernel32

Sections

.text Size: 32KB - Virtual size: 30KB

.rdata Size: 4KB - Virtual size: 4KB

.data Size: 8KB - Virtual size: 8KB

.rsrc Size: 24KB - Virtual size: 23KB

.text
Size: 32KB - Virtual size: 30KB

.rdata
Size: 4KB - Virtual size: 4KB

.data
Size: 8KB - Virtual size: 8KB

.rsrc
Size: 24KB - Virtual size: 23KB