0b95ab8641d3e3c2dc1f2271805841b4

Sharing

Copy URL Twitter E-mail

General

Target

0b95ab8641d3e3c2dc1f2271805841b4
Size

58KB
MD5

0b95ab8641d3e3c2dc1f2271805841b4
SHA1

ab365338b4c254513f8e16179ce8eb45d2aaa2c8
SHA256

97104e6bab9e48783713f5563d796b7508a6eb632081ecbfb9f6ba1e7bd44b07
SHA512

a817bd82b70cf3d79ddb56d2b3c89be084794bf7b145a093a0267ad54a2103a3b8503f36277558b3b61a16943f6886c7222a14dc408b742e1ec0a80deed0bc6f
SSDEEP

1536:w/Wl81pLeZqdKNk/ZOOfO8mTsVqolOwcpwQsN:Vl8jLeZTkx/O8YlGWa

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
0b95ab8641d3e3c2dc1f2271805841b4

Files

0b95ab8641d3e3c2dc1f2271805841b4
.exe windows:5 windows x86 arch:x86

6f763a86a71d82e7b83890844bbf5c65

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

rasman

RasAddNotification
RasRpcDeviceEnum
RasSetCommSettings
RasDeviceSetInfo
RasGetDeviceName
RasSecurityDialogSend
RasBundleClearStatisticsEx
RasRequestNotification
RasGetConnectionParams
RasGetInfoEx
RasGetProtocolInfo
RasGetTimeSinceLastActivity
RasRpcGetUserPreferences
RasRpcGetInstalledProtocolsEx
RasEnumConnectionPorts
RasPortOpenEx
RasRpcConnectServer
RasRpcDisconnectServer
RasBundleGetPort
RasAddConnectionPort
RasReferenceCustomCount
RasInitializeNoWait
RasPortCancelReceive
RasRpcRemoteGetSystemDirectory
RasRpcRemoteGetUserPreferences
RasSetDialParams
RasActivateRoute
RasBundleGetStatistics
RasPortGetStatistics
RasConnectionEnum
RasSignalNewConnection
RasStartRasAutoIfRequired
RasRpcGetVersion

msdart

?GetDefaultSpinAdjustmentFactor@CFakeLock@@SGNXZ
??4CReaderWriterLock2@@QAEAAV0@ABV0@@Z
IrtlTrace
?_ReadLockSpin@CReaderWriterLock@@AAEXXZ
?IsReadLocked@CReaderWriterLock2@@QBE_NXZ
MpHeapCreate
?ReadOrWriteLock@CReaderWriterLock3@@QAE_NXZ
?IsWriteUnlocked@CLKRLinearHashTable@@QBE_NXZ
?SetDefaultSpinAdjustmentFactor@CReaderWriterLock3@@SGXN@Z
?WriteUnlock@CLKRHashTable@@QBEXXZ
?IsReadUnlocked@CFakeLock@@QBE_NXZ
?IsWriteLocked@CReaderWriterLock3@@QBE_NXZ
?SetSpinCount@CSpinLock@@QAE_NG@Z
?ConvertSharedToExclusive@CFakeLock@@QAEXXZ
?_CalcKeyHash@CLKRLinearHashTable@@ABEKK@Z
?_RemoveThisFromGlobalList@CLKRHashTable@@AAEXXZ
??0CDoubleList@@QAE@XZ
?ReadLock@CLKRLinearHashTable@@QBEXXZ
??4CReaderWriterLock@@QAEAAV0@ABV0@@Z
?IsWriteLocked@CReaderWriterLock2@@QBE_NXZ
?_Expand@CLKRLinearHashTable@@AAE?AW4LK_RETCODE@@XZ
?_IsLocked@CSpinLock@@ABE_NXZ
?_LockSpin@CReaderWriterLock@@AAEX_N@Z
?WriteUnlock@CSmallSpinLock@@QAEXXZ
?MpHeapCompact@@YAKPAX@Z
?DeleteRecord@CLKRLinearHashTable@@QAE?AW4LK_RETCODE@@PBX@Z
?ReadOrWriteUnlock@CFakeLock@@QAEX_N@Z
?SetDefaultSpinCount@CReaderWriterLock3@@SGXG@Z

kernel32

ResetWriteWatch
RegisterConsoleIME
GetStartupInfoW
GetNumberOfConsoleFonts
lstrcpyW
GetSystemDirectoryA
GetBinaryTypeW
_hread
FindFirstFileA
GetCurrentThread
LZInit
SetFileShortNameW
IsValidLocale
FindNextFileW
LCMapStringW
GetFileInformationByHandle
ClearCommError
BuildCommDCBAndTimeoutsA
LocalLock
GetDiskFreeSpaceExA
LoadLibraryA
GetMailslotInfo
GetACP
GlobalUnfix
VirtualAlloc
BindIoCompletionCallback
PeekConsoleInputA
DeleteVolumeMountPointA
InitializeCriticalSection
DeleteFileW
GetThreadSelectorEntry
FlushViewOfFile

imagehlp

GetTimestampForLoadedLibrary
SymUnloadModule64
MapAndLoad
SymEnumSym
StackWalk64
ImageEnumerateCertificates
RemovePrivateCvSymbolicEx
UpdateDebugInfoFileEx
MapFileAndCheckSumA
SymEnumerateSymbols
SymSetContext
UnmapDebugInformation
SymGetSymNext64
ImageGetCertificateData
SymLoadModule64
UnMapAndLoad
SymMatchString
SymRegisterFunctionEntryCallback
SearchTreeForFile
SymGetLinePrev
SymEnumerateSymbolsW
ReBaseImage
StackWalk
ImageDirectoryEntryToData
SymEnumerateModules64
ImageUnload
SymGetOptions
SymFromAddr

Sections

.text
Size: 43KB - Virtual size: 43KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 852B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 7KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

6f763a86a71d82e7b83890844bbf5c65

Headers

DLL Characteristics

File Characteristics

Imports

rasman

msdart

kernel32

imagehlp

Sections

.text Size: 43KB - Virtual size: 43KB

.rdata Size: 5KB - Virtual size: 5KB

.data Size: 1024B - Virtual size: 852B

.rsrc Size: 7KB - Virtual size: 7KB

.text
Size: 43KB - Virtual size: 43KB

.rdata
Size: 5KB - Virtual size: 5KB

.data
Size: 1024B - Virtual size: 852B

.rsrc
Size: 7KB - Virtual size: 7KB