1488bf50ed1647787ce17fc5be15ca0b

Sharing

Copy URL

Twitter E-mail

General

Target

1488bf50ed1647787ce17fc5be15ca0b
Size

44KB
MD5

1488bf50ed1647787ce17fc5be15ca0b
SHA1

742337065ee9a54e4e90e149e6dcc128eb5291b2
SHA256

7d6cbdead1c373e15dad289bb02f193d53bc81efc07e7133d7948f21654945bd
SHA512

9c305d35803c1979d4d82e8b2ceb0d6cb81e795f540d7863c4ef05d8d45f0b37c640caae07ad564f83ca6a34656a0cb9febea1b911f5ef18b71c960bb0d40e73
SSDEEP

768:G8HfNWbzAb8kK9F4W8wmO1iaPeYJI+nNNzLvYJd/c3HGDYsH9t09/:tfxu9F4W8wmO11eE9LvgZJBd

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
1488bf50ed1647787ce17fc5be15ca0b

Files

1488bf50ed1647787ce17fc5be15ca0b
.exe windows:5 windows x86 arch:x86

3e7351ab7f080037ef7246613858ef64

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

iphlpapi

GetIcmpStatistics
NTTimeToNTPTime
GetTcpStatistics
NhGetGuidFromInterfaceName
GetTcpStatisticsEx
_PfSetLogBuffer@28
SetIpTTL
DeleteIpNetEntry
_PfRemoveGlobalFilterFromInterface@8
_PfCreateInterface@24
DisableMediaSense
GetIpAddrTable
AddIPAddress
_PfRemoveFilterHandles@12
InternalDeleteIpNetEntry
GetIpNetTable
do_echo_req
_PfRemoveFiltersFromInterface@20
SetIpNetEntry
GetTcpTable
InternalGetIfTable
_PfDeleteLog@0
GetIpStatisticsEx
IpReleaseAddress
GetUniDirectionalAdapterInfo
GetBestRoute
_PfRebindFilters@8
GetUdpTable
GetInterfaceInfo

kernel32

GetCommProperties
LoadLibraryW
GetFileSizeEx
WriteProcessMemory
SetCommTimeouts
CreateWaitableTimerA
EnumerateLocalComputerNamesA
GetLocaleInfoA
CreateJobObjectA
SetConsoleOutputCP
SetSystemTimeAdjustment
CompareStringW
GetStdHandle
SetStdHandle
WaitCommEvent
GetCurrentThread
lstrcmpiW
DebugBreak
SetComputerNameExW
GetConsoleCursorInfo
GetModuleHandleW
SearchPathW
GlobalFindAtomW

wininet

UnlockUrlCacheEntryFile
FindFirstUrlCacheEntryW
InternetOpenUrlW
FtpDeleteFileA
InternetSetOptionExW
FtpSetCurrentDirectoryA
GopherGetAttributeA
DeleteUrlCacheContainerW
InternetUnlockRequestFile
InternetSetStatusCallbackW
HttpQueryInfoA
InternetGetConnectedState
InternetCheckConnectionW
FtpGetFileA
FreeUrlCacheSpaceA
InternetSetDialStateW
InternetGoOnline
InternetGetLastResponseInfoA
InternetReadFileExW
FtpOpenFileW
IsHostInProxyBypassList
GetUrlCacheHeaderData
RetrieveUrlCacheEntryStreamW
CreateUrlCacheContainerW
InternetCheckConnectionA
InternetOpenW
FtpRemoveDirectoryW
InternetAutodial
InternetInitializeAutoProxyDll

cfgmgr32

CM_Locate_DevNodeA
CM_Delete_DevNode_Key
CM_Set_HW_Prof_Flags_ExA
CM_Enable_DevNode_Ex
CM_Test_Range_Available
CM_Get_Res_Des_Data
CM_Create_Range_List
CM_First_Range
CM_Get_DevNode_Registry_Property_ExW
CM_Get_Hardware_Profile_Info_ExA
CM_Query_Remove_SubTree
CM_Add_Range
CM_Get_Device_Interface_List_SizeA
CM_Set_Class_Registry_PropertyW
CM_Delete_Class_Key_Ex
CM_Set_Class_Registry_PropertyA
CM_Get_Device_Interface_AliasW
CM_Get_Class_Name_ExW
CMP_WaitServicesAvailable
CM_Get_Device_ID_Size
CM_Get_Device_ID_Size_Ex
CM_Query_Remove_SubTree_Ex
CM_Get_Resource_Conflict_DetailsA
CM_Enable_DevNode
CM_Query_And_Remove_SubTree_ExA
CM_Open_Class_KeyA
CM_Get_Device_Interface_List_ExW

wldap32

ldap_bind_s
ldap_parse_vlv_controlA
ldap_modrdn_s
ldap_modrdn_sW
ldap_set_dbg_routine
ldap_controls_free
ldap_next_attributeA
ldap_count_values
ldap_memfree
ldap_rename_ext
ldap_init
ldap_perror
ldap_count_references
ldap_modify_ext_sW

modemui

drvCommConfigDialogW
CountryRunOnce
drvSetDefaultCommConfigA
QueryModemForCountrySettings
ModemPropPagesProvider
UnimodemDevConfigDialog
UnimodemGetDefaultCommConfig
drvSetDefaultCommConfigW
drvGetDefaultCommConfigW
InvokeControlPanel
ModemCplDlgProc
drvGetDefaultCommConfigA
UnimodemGetExtendedCaps
drvCommConfigDialogA

shlwapi

SHRegOpenUSKeyW
UrlCompareW
PathMakeSystemFolderW
PathMatchSpecA
DelayLoadFailureHook
StrRetToStrW
SHQueryInfoKeyW
PathIsRootW
StrToIntExW
StrStrIA
PathRelativePathToW
SHCreateStreamOnFileEx

Sections

.text
Size: 31KB - Virtual size: 31KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

3e7351ab7f080037ef7246613858ef64

Headers

DLL Characteristics

File Characteristics

Imports

iphlpapi

kernel32

wininet

cfgmgr32

wldap32

modemui

shlwapi

Sections

.text Size: 31KB - Virtual size: 31KB

.rdata Size: 2KB - Virtual size: 1KB

.data Size: 5KB - Virtual size: 5KB

.rsrc Size: 4KB - Virtual size: 3KB

.text
Size: 31KB - Virtual size: 31KB

.rdata
Size: 2KB - Virtual size: 1KB

.data
Size: 5KB - Virtual size: 5KB

.rsrc
Size: 4KB - Virtual size: 3KB