19ff6156c47f81f2560e92f4c8b1ce8b

Sharing

Copy URL Twitter E-mail

General

Target

19ff6156c47f81f2560e92f4c8b1ce8b
Size

69KB
MD5

19ff6156c47f81f2560e92f4c8b1ce8b
SHA1

a3bf2347e80ed38aaf03810fac9e22c4e760e4d0
SHA256

58f6716c5aa8b18c445603d69356293da76e866b03fe73c4d8d22e664a9b88dd
SHA512

d824e05ac5291990405b785c9627ddfa1c66da00c8698c937e27744831d0610c09bd974c10a483d51b29f6f0f5a9c1346f8cbc0d0acc46caedb5f366f8836917
SSDEEP

1536:M7qh9N7xLmGn5/BCkYT3y8r5Ad7YOmwvZwk8ijh:M7C91pNxwkYT3y8r5Adxd8ijh

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
19ff6156c47f81f2560e92f4c8b1ce8b

Files

19ff6156c47f81f2560e92f4c8b1ce8b
.exe windows:1 windows x86 arch:x86

fdd1b792ab5ca1aeaf72b534e829c471

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetStartupInfoA
_hread
VirtualAlloc
ExpungeConsoleCommandHistoryW
GetFileAttributesExW
GetVolumeInformationW
GetCurrentDirectoryW
GetTempPathW
GetCurrentThread
WideCharToMultiByte
LoadLibraryA
GetCurrencyFormatA
OutputDebugStringA
TlsFree
ClearCommBreak
HeapCreate
TlsAlloc
GetFileSizeEx
CreateMemoryResourceNotification
SetConsoleCursorMode
HeapSetInformation
DeleteVolumeMountPointW
WriteProfileSectionW
ExitProcess
SetStdHandle
lstrcatA
ClearCommError
BackupRead
ReadConsoleW
OpenWaitableTimerA

iphlpapi

GetInterfaceInfo
GetIpForwardTable
_PfBindInterfaceToIPAddress@12
InternalCreateIpNetEntry
AddIPAddress
_PfUnBindInterface@4
GetBestRoute
RestoreMediaSense
DeleteProxyArpEntry
GetPerAdapterInfo
NhGetInterfaceNameFromDeviceGuid
GetUdpTable
GetIpStatisticsEx
Icmp6ParseReplies
IcmpSendEcho2
GetAdaptersAddresses
SetIpForwardEntry

wldap32

ldap_value_free_len
ldap_modrdn2
ldap_rename_ext
ldap_create_page_controlA
ldap_ufn2dnW
ldap_value_freeW
ldap_modify_s
ldap_get_valuesW
ldap_add_sA
ldap_parse_sort_controlW
ldap_dn2ufnA
ldap_value_free
ldap_bindW
ldap_get_values
ldap_compareA
ldap_bind_sA
ldap_parse_page_control
ldap_parse_vlv_controlA
ldap_add_ext
ldap_get_next_page
ldap_initA
ldap_set_dbg_flags
ldap_rename_ext_sW
ldap_count_entries

user32

ShowWindowAsync
EnumDisplaySettingsA
CascadeChildWindows
FlashWindowEx
DdeUninitialize
GetDCEx
InitializeLpkHooks
LoadKeyboardLayoutW
SubtractRect
PrintWindow
ArrangeIconicWindows
MessageBoxTimeoutW
RegisterClipboardFormatW
GetScrollBarInfo
SwitchToThisWindow
ToUnicodeEx

advapi32

WmiFileHandleToInstanceNameA
GetSidLengthRequired
GetManagedApplications
SetEntriesInAclA
BuildTrusteeWithObjectsAndSidA
GetLocalManagedApplicationData
CryptDestroyHash
CreateWellKnownSid
LsaLookupPrivilegeValue
CryptEnumProviderTypesA
RegDeleteValueA
InstallApplication
RegEnumKeyW
RegCreateKeyExA
GetTrusteeFormA
GetNamedSecurityInfoExA
SystemFunction036

rastapi

PortSetInfo
PortInit
AddPorts
DeviceConnect
DeviceWork
DeviceEnum
PortCompressionSetInfo
PortSetIoCompletionPort
PortGetStatistics
RastapiSetCalledID
SetCommSettings
GetConnectInfo
RastapiGetCalledID
PortChangeCallback
DeviceSetDevConfig

Sections

.text
Size: 61KB - Virtual size: 60KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1KB - Virtual size: 155KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

fdd1b792ab5ca1aeaf72b534e829c471

Headers

File Characteristics

Imports

kernel32

iphlpapi

wldap32

user32

advapi32

rastapi

Sections

.text Size: 61KB - Virtual size: 60KB

.rdata Size: 4KB - Virtual size: 3KB

.data Size: 1KB - Virtual size: 155KB

.rsrc Size: 1KB - Virtual size: 1KB

.text
Size: 61KB - Virtual size: 60KB

.rdata
Size: 4KB - Virtual size: 3KB

.data
Size: 1KB - Virtual size: 155KB

.rsrc
Size: 1KB - Virtual size: 1KB