17dac575ddf691b8d76da734ad2b05b8

Sharing

Copy URL

Twitter E-mail

General

Target

17dac575ddf691b8d76da734ad2b05b8
Size

752KB
MD5

17dac575ddf691b8d76da734ad2b05b8
SHA1

47d73852d02c6c98c0d7906c30300448456c1b52
SHA256

35b6b9374295d75b866bbccbdd5efe0d69e2f371e807550b50c8891edfe9f328
SHA512

f079b814c46074e2d42cb7c6c0eb170ab2825c17527e94a2707971fb1a924e609917d66a0a5d11253167e17d6e2a3f2299a44492908e75d80e24f8529626d552
SSDEEP

12288:ExxN55bA579PLVuSEGJHItwW+2w4e4hTa:A55b0QGJHItzzw4eGa

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
17dac575ddf691b8d76da734ad2b05b8

Files

17dac575ddf691b8d76da734ad2b05b8
.exe windows:4 windows x86 arch:x86

9a6b2c2a82caa22661daa9cc243c9a2a

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

ntdll

_wcsnicmp
strncmp
memcpy
RtlInitUnicodeString
RtlInitString
memset

kernel32

HeapDestroy
GetSystemTimeAsFileTime
HeapAlloc
HeapReAlloc
HeapSize
GetProcessHeap
Sleep
GetVersionExW
GetCurrentProcess
OutputDebugStringW
IsDebuggerPresent
DebugBreak
FatalExit
LoadLibraryW
GetProcAddress
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
InitializeCriticalSection
InterlockedCompareExchange
SetLastError
AssignProcessToJobObject
IsProcessorFeaturePresent
CreateJobObjectW
GetSystemDirectoryW
ResumeThread
TerminateProcess
WaitForMultipleObjects
ProcessIdToSessionId
OpenProcess
LocalFree
LocalAlloc
FreeLibrary
CreateFileW
GetFileType
CloseHandle
GetCurrentThreadId
GetTickCount
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetLastError
GetCurrentProcessId
InterlockedExchange
HeapFree
QueryPerformanceCounter

rpcrt4

NdrServerCall2
RpcStringFreeW
RpcBindingFree
I_RpcBindingInqLocalClientPID
RpcStringBindingParseW
RpcRevertToSelf
RpcImpersonateClient
RpcStringBindingComposeW
RpcBindingFromStringBindingW
RpcBindingSetAuthInfoW
RpcBindingToStringBindingW
RpcBindingServerFromClient
RpcServerListen
RpcServerRegisterAuthInfoW
RpcServerRegisterIf2
NdrClientCall2
RpcMgmtStopServerListening
RpcServerUseProtseqEpW

advapi32

LsaNtStatusToWinError
InitializeAcl
ConvertSidToStringSidW
GetSecurityInfo
SetEntriesInAclW
GetAclInformation
GetSecurityDescriptorControl
MakeAbsoluteSD
LookupPrivilegeValueW
GetTokenInformation
AdjustTokenPrivileges
SystemFunction036
GetSidLengthRequired
InitializeSid
GetSidSubAuthority
OpenProcessToken
DuplicateTokenEx
CreateProcessAsUserW
ImpersonateLoggedOnUser
RevertToSelf
SetTokenInformation
SetSecurityDescriptorDacl
SetSecurityDescriptorOwner
CopySid
IsValidSid
GetLengthSid
AllocateLocallyUniqueId
AllocateAndInitializeSid
FreeSid
GetSecurityDescriptorLength
MakeSelfRelativeSD
InitializeSecurityDescriptor
GetSecurityDescriptorOwner
GetSecurityDescriptorGroup
GetSecurityDescriptorDacl
SetSecurityInfo
CreateWellKnownSid
EqualSid
CheckTokenMembership
ConvertStringSidToSidW
GetSecurityDescriptorSacl
AddAce

user32

MessageBoxW

msvcr80

??0exception@std@@QAE@XZ
??2@YAPAXI@Z
??0exception@std@@QAE@ABV01@@Z
calloc
_except_handler4_common
_amsg_exit
__wgetmainargs
_cexit
_exit
_XcptFilter
exit
__winitenv
_initterm
_initterm_e
_configthreadlocale
__setusermatherr
memcpy_s
__p__commode
__p__fmode
_encode_pointer
__set_app_type
_crt_debugger_hook
_unlock
__dllonexit
_lock
_onexit
_decode_pointer
_invoke_watson
_controlfp_s
_CxxThrowException
_vsnwprintf_s
??3@YAXPAX@Z
__CxxFrameHandler3
?what@exception@std@@UBEPBDXZ
??0exception@std@@QAE@ABQBD@Z
_purecall
_adjust_fdiv
memmove_s
malloc
free
?_type_info_dtor_internal_method@type_info@@QAEXXZ
?terminate@@YAXXZ
??1exception@std@@UAE@XZ
__FrameUnwindFilter

crypt32

CryptFindOIDInfo
CryptDecodeObject
CertVerifyCertificateChainPolicy
CertGetCertificateContextProperty

msvcp80

??1?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@XZ
??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@@Z
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBD@Z

userenv

UnloadUserProfile
DestroyEnvironmentBlock
CreateEnvironmentBlock
LoadUserProfileW

secur32

LsaLogonUser
LsaLookupAuthenticationPackage
LsaConnectUntrusted
LsaDeregisterLogonProcess
LsaGetLogonSessionData
LsaFreeReturnBuffer

shlwapi

PathCombineW

msvcm80

?RegisterModuleUninitializer@<CrtImplementationDetails>@@YAXP$AAVEventHandler@System@@@Z
?DoDllLanguageSupportValidation@<CrtImplementationDetails>@@YAXXZ
?ThrowModuleLoadException@<CrtImplementationDetails>@@YAXP$AAVString@System@@P$AAVException@3@@Z
?ThrowNestedModuleLoadException@<CrtImplementationDetails>@@YAXP$AAVException@System@@0@Z
?DoCallBackInDefaultDomain@<CrtImplementationDetails>@@YAXP6GJPAX@Z0@Z
?ThrowModuleLoadException@<CrtImplementationDetails>@@YAXP$AAVString@System@@@Z

shell32

SHGetFolderPathW

mscoree

_CorExeMain

Sections

.text
Size: 224KB - Virtual size: 223KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 416KB - Virtual size: 413KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 104KB - Virtual size: 104KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

jrnuwtn
Size: - Virtual size: 4KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

9a6b2c2a82caa22661daa9cc243c9a2a

Headers

File Characteristics

Imports

ntdll

kernel32

rpcrt4

advapi32

user32

msvcr80

crypt32

msvcp80

userenv

secur32

shlwapi

msvcm80

shell32

mscoree

Sections

.text Size: 224KB - Virtual size: 223KB

.rdata Size: 416KB - Virtual size: 413KB

.data Size: 4KB - Virtual size: 3KB

.rsrc Size: 104KB - Virtual size: 104KB

jrnuwtn Size: - Virtual size: 4KB

.text
Size: 224KB - Virtual size: 223KB

.rdata
Size: 416KB - Virtual size: 413KB

.data
Size: 4KB - Virtual size: 3KB

.rsrc
Size: 104KB - Virtual size: 104KB

jrnuwtn
Size: - Virtual size: 4KB