72e2d39fda52b10036d2be402489e807

Sharing

Copy URL

Twitter E-mail

General

Target

72e2d39fda52b10036d2be402489e807
Size

114KB
MD5

72e2d39fda52b10036d2be402489e807
SHA1

bc190af499dd928c526a2e0d3a83e4d929abbfaf
SHA256

32c294023c0621bf97422c767fe92eff95135614203ab8660a0ea3a6b8ee820e
SHA512

0fd16251895cfef728f225fa78a26c34aed659d70909beb4451a55eefb3093b4582d45154ca3baf965c873ee63b13a2c03529bf12fe9b42f7c747e7924248268
SSDEEP

3072:JEVU4KLazhD508hEcw9M3mJnmlVPN+jNbyNP3VErH2qn3lvieGTCle:JBLazt508KceU2K+uW1Vvie+se

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
72e2d39fda52b10036d2be402489e807

Files

72e2d39fda52b10036d2be402489e807
.exe windows:6 windows x86 arch:x86

a6b89158b581eb88c91713204935b7fe

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

advapi32

RegCloseKey
RegQueryValueExW
RegOpenKeyExW
RegSetValueExW
LookupAccountNameW
CloseEventLog
LookupAccountSidW
ReadEventLogW
OpenEventLogW
DecryptFileW
RegEnumKeyExW
RegEnumValueW
LsaOpenPolicy
LsaFreeMemory
LsaLookupSids
AdjustTokenPrivileges
OpenProcessToken
LookupPrivilegeValueW
FreeSid
CheckTokenMembership
AllocateAndInitializeSid

kernel32

CloseHandle
DeviceIoControl
CreateFileW
GetLastError
GetWindowsDirectoryW
SetLastError
GetProcAddress
GetModuleHandleW
DeleteFileW
SetEndOfFile
SetFilePointerEx
GetFinalPathNameByHandleW
OpenFileById
GetLogicalDriveStringsW
GetDriveTypeW
GetVolumeInformationW
GetSystemInfo
CreateHardLinkW
FindClose
FindNextFileNameW
FindFirstFileNameW
GetVersionExW
SetThreadUILanguage
HeapSetInformation
GetDateFormatW
GetTimeFormatW
FileTimeToSystemTime
CreateDirectoryW
GetVolumePathNameW
GetFullPathNameW
WaitForSingleObject
SetConsoleCtrlHandler
CreateProcessW
GetSystemDirectoryW
GetFileAttributesW
GetCurrentDirectoryW
GetVolumeNameForVolumeMountPointW
QueryDosDeviceW
GetComputerNameW
LocalFree
WriteFile
FormatMessageW
ExpandEnvironmentStringsW
FindNextFileW
FindFirstFileW
GetTempFileNameW
GetTempPathW
GetFileSizeEx
GetCurrentProcess
WideCharToMultiByte
GetConsoleOutputCP
WriteConsoleW
GetConsoleMode
GetFileType
GetStdHandle
GetDiskFreeSpaceExW
TerminateProcess
GetSystemTimeAsFileTime
GetCurrentProcessId
GetCurrentThreadId
GetTickCount
QueryPerformanceCounter
GetModuleHandleA
UnhandledExceptionFilter
SetUnhandledExceptionFilter
InterlockedCompareExchange
Sleep
InterlockedExchange

msvcrt

realloc
wcsncpy_s
_wcsdup
exit
iswspace
iswalpha
iswdigit
wprintf
__wgetmainargs
_cexit
_exit
_XcptFilter
_initterm
_amsg_exit
__setusermatherr
__p__commode
__p__fmode
__set_app_type
towupper
?terminate@@YAXXZ
_controlfp
_wcsnicmp
_errno
wcscat_s
wcscpy_s
_wcsicmp
free
malloc
memset
calloc
isalpha
_local_unwind4
setlocale
_wtoi
wcsrchr
_vsnwprintf
memcpy
toupper
isdigit
_except_handler4_common
swprintf_s

ntdll

RtlAllocateHeap
NtQuerySecurityObject
RtlTimeToTimeFields
RtlGetOwnerSecurityDescriptor
NtEnumerateTransactionObject
RtlStringFromGUID
RtlConvertSidToUnicodeString
RtlFreeUnicodeString
RtlNtStatusToDosError
NtQueryInformationFile
NtOpenFile
RtlInitUnicodeString
NtSetInformationFile
NtCreateFile
RtlDosPathNameToNtPathName_U
RtlFreeHeap
RtlGetCurrentTransaction
RtlSetCurrentTransaction
NtSetQuotaInformationFile
RtlLengthSid
NtQueryVolumeInformationFile
NtSetVolumeInformationFile
NtQueryQuotaInformationFile

ktmw32

GetTransactionInformation
CommitTransaction
RollbackTransaction
OpenTransaction

ole32

StringFromIID
CoTaskMemFree
IIDFromString

netapi32

NetShareEnum
NetApiBufferFree

Sections

.text
Size: 64KB - Virtual size: 64KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 1KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 30KB - Virtual size: 31KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

fvejpfd
Size: - Virtual size: 4KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

a6b89158b581eb88c91713204935b7fe

Headers

DLL Characteristics

File Characteristics

Imports

advapi32

kernel32

msvcrt

ntdll

ktmw32

ole32

netapi32

Sections

.text Size: 64KB - Virtual size: 64KB

.data Size: 1KB - Virtual size: 2KB

.rsrc Size: 2KB - Virtual size: 1KB

.reloc Size: 30KB - Virtual size: 31KB

fvejpfd Size: - Virtual size: 4KB

.text
Size: 64KB - Virtual size: 64KB

.data
Size: 1KB - Virtual size: 2KB

.rsrc
Size: 2KB - Virtual size: 1KB

.reloc
Size: 30KB - Virtual size: 31KB

fvejpfd
Size: - Virtual size: 4KB