10abc8ffab2c3cd96973f1c1d75edc13

Sharing

Copy URL Twitter E-mail

General

Target

10abc8ffab2c3cd96973f1c1d75edc13
Size

330KB
MD5

10abc8ffab2c3cd96973f1c1d75edc13
SHA1

5ff2fef173990bebfc762428305c680d08593f4b
SHA256

cf3b7c0383254ebb305f693fb301a742f917440d8d0e22425ff6bf8e582c5b96
SHA512

83614687f6d3b49928452163883ad92fe79a549d0fabe92b1b5f039b7be827ca3fdd2e1f5fabf9c37683502bfecb71b9f62f1e866d5a1f9ad7549d9132a411bb
SSDEEP

6144:11eYvWykkJobz4qu3RmFo/ARbM5TeFSzvXJK2AHTkw8EAcmrS5mhihGefEtXczj5:ZOyyb09IUARbMAFuf4kwxbet71MzjpK0

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
10abc8ffab2c3cd96973f1c1d75edc13

Files

10abc8ffab2c3cd96973f1c1d75edc13
.exe windows:5 windows x86 arch:x86

0fa2f2898fa4ea4f635a70b12043c790

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

secur32

CredMarshalTargetInfo
LsaFreeReturnBuffer
FreeContextBuffer
LsaGetLogonSessionData
CredUnmarshalTargetInfo

ntdll

RtlInitializeResource
RtlCreateTimer
RtlSystemTimeToLocalTime
RtlEqualSid
RtlCopyLuid
RtlInitializeGenericTable
NtWaitForSingleObject
RtlConvertSidToUnicodeString
RtlAcquireResourceShared
RtlInsertElementGenericTable
RtlInitAnsiString
RtlPrefixUnicodeString
RtlTimeFieldsToTime
RtlReleaseResource
RtlSubAuthoritySid
NtAllocateVirtualMemory
RtlLookupElementGenericTableAvl
RtlFreeSid
RtlEqualDomainName
RtlCopySid
NtOpenProcessToken
RtlFreeAnsiString
RtlDeregisterWait
RtlCompareUnicodeString
RtlInitializeSid
NtDuplicateObject
RtlUniform
NtSetSecurityObject
RtlInitializeCriticalSection
RtlLengthSid
RtlCreateTimerQueue
RtlInitUnicodeString
RtlDeleteTimerQueue
RtlOemStringToUnicodeString
RtlAnsiStringToUnicodeString
RtlEnterCriticalSection
NtClose
RtlCreateSecurityDescriptor
RtlLookupElementGenericTable
RtlConvertSharedToExclusive
RtlGetElementGenericTable
RtlSetDaclSecurityDescriptor
RtlCopyUnicodeString
RtlEraseUnicodeString
RtlNtStatusToDosError
RtlAppendUnicodeStringToString
RtlVerifyVersionInfo
RtlCompareMemory
RtlUpcaseUnicodeString
RtlEqualUnicodeString
RtlSubAuthorityCountSid
RtlAcquireResourceExclusive
NtAllocateLocallyUniqueId
RtlCreateAcl
RtlInsertElementGenericTableAvl
RtlLengthRequiredSid
RtlAddAccessAllowedAce
NtQuerySystemInformation
RtlIntegerToUnicodeString
NtQuerySystemTime
RtlFreeUnicodeString
RtlUnicodeStringToAnsiString
RtlDowncaseUnicodeString
RtlDeleteResource
NtQueryInformationToken
RtlTimeToTimeFields
NtOpenThreadToken
RtlDeleteCriticalSection
RtlRegisterWait
DbgPrint
RtlInitializeGenericTableAvl
NtCreateEvent
RtlLeaveCriticalSection
RtlRunDecodeUnicodeString
RtlValidSid
VerSetConditionMask
RtlDeleteElementGenericTable
RtlAllocateAndInitializeSid

msasn1

ASN1intxisuint32
ASN1BERDecSkip
ASN1_FreeDecoded
ASN1_Encode
ASN1BERDecGeneralizedTime
ASN1DecSetError
ASN1_CloseEncoder
ASN1BERDecBitString
ASN1BEREncEndOfContents
ASN1intx2uint32
ASN1DecAlloc
ASN1ztcharstring_free
ASN1BERDecZeroCharString
ASN1BERDecSXVal
ASN1octetstring_free
ASN1BERDecExplicitTag
ASN1BERDecOpenType2
ASN1BERDecS32Val
ASN1_CreateDecoder
ASN1BEREncOpenType
ASN1BERDecObjectIdentifier
ASN1_Decode
ASN1_FreeEncoded
ASN1BEREncBool
ASN1BERDecPeekTag
ASN1CEREncGeneralizedTime
ASN1objectidentifier_free
ASN1BEREncExplicitTag
ASN1BEREncBitString
ASN1BEREncSX
ASN1BERDecBool
ASN1intx_free
ASN1Free
ASN1BEREncOctetString
ASN1charstring_free
ASN1BEREncCharString
ASN1BERDecOctetString
ASN1BERDecCharString
ASN1BEREncU32
ASN1_CloseDecoder
ASN1_CreateEncoder
ASN1BEREncS32
ASN1bitstring_free
ASN1EncSetError
ASN1_CreateModule
ASN1intx2int32
ASN1BEREncObjectIdentifier
ASN1intx_setuint32
ASN1BERDecEndOfContents
ASN1BERDecNotEndOfContents
ASN1BERDecU32Val

cryptdll

CDGenerateRandomBits
MD5Update
MD5Init
CDLocateCSystem
CDBuildIntegrityVect
CDFindCommonCSystemWithKey
CDLocateCheckSum
MD5Final

user32

wsprintfW
CharLowerBuffW

msvcrt

wcstoul
_strnicmp
_except_handler3
_wcsnicmp
malloc
_vsnprintf
wcscpy
wcsspn
_adjust_fdiv
sprintf
_ultoa
swprintf
strrchr
wcslen
_stricmp
_initterm
qsort
free
strchr
wcscat
sscanf
wcsrchr
_strcmpi
_wcsicmp
wcscmp

kernel32

FileTimeToSystemTime
UnmapViewOfFile
UnregisterWait
EnterCriticalSection
ExpandEnvironmentStringsW
InterlockedExchangeAdd
LocalAlloc
GetLastError
InterlockedIncrement
lstrcmpiA
LoadLibraryA
WriteFile
RaiseException
GetModuleFileNameA
GetACP
GetModuleHandleW
FreeLibrary
GetComputerNameW
LoadLibraryW
InterlockedDecrement
DeleteCriticalSection
GetSystemInfo
GetProfileStringA
SetUnhandledExceptionFilter
InterlockedExchange
SetEvent
GetSystemTimeAsFileTime
DisableThreadLibraryCalls
GetTickCount
GetComputerNameExW
OpenFileMappingW
GetProcAddress
LeaveCriticalSection
TerminateProcess
lstrlenA
lstrcpyW
CreateFileA
GetModuleFileNameW
GetLocalTime
Sleep
RegisterWaitForSingleObjectEx
GetEnvironmentVariableW
GetCurrentThread
UnhandledExceptionFilter
DebugBreak
lstrcmpW
CreateFileMappingW
WideCharToMultiByte
InitializeCriticalSection
CloseHandle
LocalFree
GetCurrentProcess
MultiByteToWideChar
VirtualAlloc
InterlockedCompareExchange
GetCurrentProcessId
QueryPerformanceCounter
lstrlenW
CreateFileW
GetCurrentThreadId
OutputDebugStringA
CreateEventW
OpenEventW
FormatMessageW
MapViewOfFileEx

advapi32

FreeSid
SystemFunction006
RevertToSelf
GetTraceLoggerHandle
OpenServiceW
CryptGetHashParam
QueryServiceConfigW
OpenThreadToken
OpenSCManagerW
CredUnmarshalCredentialW
OpenProcessToken
ReportEventW
AllocateAndInitializeSid
RegisterEventSourceW
RegConnectRegistryW
RegDeleteValueW
CredFree
RegCreateKeyExW
RegQueryValueExW
DeregisterEventSource
RegisterTraceGuidsW
CryptDestroyHash
RegQueryInfoKeyW
QueryServiceStatus
RegOpenKeyExW
RegSetValueExW
SystemFunction007
CryptCreateHash
RegEnumKeyExW
SetThreadToken
CryptGetProvParam
LookupAccountSidW
TraceEvent
CryptReleaseContext
GetTokenInformation
CryptHashData
CryptSetProvParam
CryptAcquireContextW
RegOpenKeyW
RegCloseKey
RegNotifyChangeKeyValue
CloseServiceHandle

Sections

.text
Size: 12KB - Virtual size: 11KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 21KB - Virtual size: 1.4MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 291KB - Virtual size: 291KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rdata
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

0fa2f2898fa4ea4f635a70b12043c790

Headers

DLL Characteristics

File Characteristics

Imports

secur32

ntdll

msasn1

cryptdll

user32

msvcrt

kernel32

advapi32

Sections

.text Size: 12KB - Virtual size: 11KB

.data Size: 21KB - Virtual size: 1.4MB

.tls Size: 512B - Virtual size: 4KB

.rsrc Size: 291KB - Virtual size: 291KB

.rdata Size: 3KB - Virtual size: 3KB

.text
Size: 12KB - Virtual size: 11KB

.data
Size: 21KB - Virtual size: 1.4MB

.tls
Size: 512B - Virtual size: 4KB

.rsrc
Size: 291KB - Virtual size: 291KB

.rdata
Size: 3KB - Virtual size: 3KB