427f94bb1e4bcab425a637e31ba06cd8

Sharing

Copy URL

Twitter E-mail

General

Target

427f94bb1e4bcab425a637e31ba06cd8
Size

106KB
MD5

427f94bb1e4bcab425a637e31ba06cd8
SHA1

b354acc48de4094eb576f34ee82bd4388b218ec5
SHA256

4508751251f71301ad27604a65de0dc67ca8c284701de7e7ed1e204e9a60a8de
SHA512

71a092242d0e6b69b64963c72d7c388ae137e51f8bbf45eb5bbccfef0c08d299a3d3336cab9792d9cdd4e9413300c4485a730c9a7c8d3035d8c584515ebbe4f9
SSDEEP

1536:0C2NGAbBo+DCsu0+KmggRz1c+ablzW+dOU7rQczHq3H8wx423WklV9ncobUfsxDe:V2NGAq+5SpfEdDxwbxlVr1Ri+h

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
427f94bb1e4bcab425a637e31ba06cd8

Files

427f94bb1e4bcab425a637e31ba06cd8
.dll windows:6 windows x86 arch:x86

084602180417fa01201b34e3cb6c237b

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

rtm

MgmGetFirstMfe
MgmReleaseInterfaceOwnership
RtmDeleteRoute
RtmGetFirstRoute
RtmGetNetworkCount

odbc32

CloseODBCPerfData
CollectODBCPerfData
ord127

wsnmp32

ord500
ord402
ord904
ord103

msacm32

acmDriverDetailsW
acmDriverPriority
acmDriverRemove
acmFilterChooseA
acmFilterEnumW
acmFilterTagDetailsW
acmStreamClose
acmStreamMessage
acmStreamReset

rtutils

LogEventA
MprSetupProtocolFree
TraceDeregisterExW
TraceDeregisterW

mswsock

EnumProtocolsA
GetAcceptExSockaddrs
MigrateWinsockConfiguration
NPLoadNameSpaces
rresvport

loadperf

LoadPerfCounterTextStringsA
LoadPerfCounterTextStringsW
UnloadPerfCounterTextStringsW

mpr

MultinetGetConnectionPerformanceW
WNetGetLastErrorA
WNetGetProviderNameA
WNetGetUserA

rpcrt4

I_RpcBindingInqDynamicEndpoint
I_RpcReallocPipeBuffer
MesIncrementalHandleReset
NdrMesSimpleTypeEncode
NdrServerCall
RpcEpRegisterNoReplaceA
RpcEpResolveBinding
RpcRaiseException
RpcServerUseProtseqEpExW

kernel32

CloseHandle
CreateFileMappingW
CreateFileW
DecodePointer
DeleteCriticalSection
DeleteFileW
EncodePointer
EnterCriticalSection
EnumSystemCodePagesW
ExitProcess
FlushFileBuffers
FreeEnvironmentStringsW
GetACP
GetCPInfo
GetCommandLineA
GetConsoleCP
GetConsoleMode
GetCurrentProcess
GetCurrentProcessId
GetCurrentThreadId
GetEnvironmentStringsW
GetFileSizeEx
GetFileType
GetLastError
GetModuleFileNameA
GetModuleFileNameW
GetModuleHandleExW
GetModuleHandleW
GetOEMCP
GetProcAddress
GetProcessHeap
GetStartupInfoW
GetStdHandle
GetStringTypeW
GetSystemTimeAsFileTime
HeapAlloc
HeapFree
HeapReAlloc
HeapSize
InitializeCriticalSectionAndSpinCount
IsDebuggerPresent
IsProcessorFeaturePresent
IsValidCodePage
LCMapStringW
LeaveCriticalSection
LoadLibraryExW
MapViewOfFile
MultiByteToWideChar
OutputDebugStringW
QueryPerformanceCounter
RtlUnwind
SetEndOfFile
SetFilePointer
SetFilePointerEx
SetFileTime
SetLastError
SetStdHandle
SetUnhandledExceptionFilter
Sleep
TerminateProcess
TlsAlloc
TlsFree
TlsGetValue
TlsSetValue
UnhandledExceptionFilter
UnmapViewOfFile
VirtualAlloc
VirtualFree
WideCharToMultiByte
WriteConsoleW
WriteFile

Exports

Exports

zxsrhictft

Sections

.text
Size: 72KB - Virtual size: 72KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 22KB - Virtual size: 21KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 10KB - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 424B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

084602180417fa01201b34e3cb6c237b

Headers

File Characteristics

Imports

rtm

odbc32

wsnmp32

msacm32

rtutils

mswsock

loadperf

mpr

rpcrt4

kernel32

Exports

Exports

Sections

.text Size: 72KB - Virtual size: 72KB

.rdata Size: 22KB - Virtual size: 21KB

.data Size: 10KB - Virtual size: 17KB

.rsrc Size: 512B - Virtual size: 424B

.text
Size: 72KB - Virtual size: 72KB

.rdata
Size: 22KB - Virtual size: 21KB

.data
Size: 10KB - Virtual size: 17KB

.rsrc
Size: 512B - Virtual size: 424B