10d3637e13a69ed45ba267342cef3fac

Sharing

Copy URL Twitter E-mail

General

Target

10d3637e13a69ed45ba267342cef3fac
Size

67KB
MD5

10d3637e13a69ed45ba267342cef3fac
SHA1

9bfe69add906923705629dc1b85f921e3a591c69
SHA256

6da84c059251d4751c3bb718edcf8aeb7f9019c8eff9e28a6abeced5791405a7
SHA512

fa4cc70a7e975e3c258d67a65c7018e50584b0142a0b7f83b94be5336be075df0de5adfd080633a3946647abc72b65dbcfa6b4560922c88cbe1422ae205de776
SSDEEP

1536:T4uyyQYqo4/K+t6uFDl8kh/5pTtODh4/LXb7:OBS+tFDfh/5RtODh47b

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
10d3637e13a69ed45ba267342cef3fac

Files

10d3637e13a69ed45ba267342cef3fac
.exe windows:5 windows x86 arch:x86

2821778056f67c13275b79ecd437ee9d

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

user32

DeferWindowPos
PrivateExtractIconExA
DialogBoxIndirectParamA
MonitorFromWindow
DdeDisconnectList
EnumPropsExW
CharToOemA
DdeUnaccessData
DdeFreeDataHandle
RemovePropW
TileWindows
FlashWindowEx
UserLpkTabbedTextOut
ChangeClipboardChain
PrivateExtractIconsW
GetNextDlgGroupItem
SetMenuItemInfoW
GetCursorFrameInfo
GetTaskmanWindow
DdeQueryConvInfo
ToUnicode
GetRegisteredRawInputDevices
InternalGetWindowText
CheckDlgButton
IsHungAppWindow
CharNextExA
RegisterWindowMessageW
TrackPopupMenuEx

msdart

MpHeapAlloc
?Size@CLKRHashTable@@QBEKXZ
?WriteUnlock@CFakeLock@@QAEXXZ
?IsLocked@CLockedSingleList@@QBE_NXZ
??4CLKRHashTableStats@@QAEAAV0@ABV0@@Z
?SetDefaultSpinCount@CReaderWriterLock@@SGXG@Z
?Apply@CLKRLinearHashTable@@QAEKP6G?AW4LK_ACTION@@PBXPAX@Z1W4LK_LOCKTYPE@@@Z
?ReadOrWriteUnlock@CReaderWriterLock3@@QAEX_N@Z
?ConvertExclusiveToShared@CLKRLinearHashTable@@QBEXXZ
_DllMain@12
?ReadLock@CLKRHashTable@@QBEXXZ
??4CSmallSpinLock@@QAEAAV0@ABV0@@Z
?ReadOrWriteUnlock@CCritSec@@QAEX_N@Z
??1CLKRHashTable@@QAE@XZ
?SetDefaultSpinAdjustmentFactor@CReaderWriterLock2@@SGXN@Z
?TryWriteLock@CSpinLock@@QAE_NXZ
?CreateHolder@@YGJPAUIGPDispenser@@HIPAPAUIGPHolder@@@Z
?WriteLock@CLKRLinearHashTable@@QAEXXZ
?IsReadLocked@CLKRHashTable@@QBE_NXZ
?WriteUnlock@CReaderWriterLock@@QAEXXZ
FXMemDetach
?IsUnlocked@CLockedDoubleList@@QBE_NXZ
??0CDoubleList@@QAE@XZ
?GetDefaultSpinCount@CReaderWriterLock2@@SGGXZ
??0CSmallSpinLock@@QAE@XZ
?IsWin2k@CMdVersionInfo@@SAHXZ
?DeleteKey@CLKRLinearHashTable@@QAE?AW4LK_RETCODE@@K@Z
?ConvertSharedToExclusive@CCritSec@@QAEXXZ
?IsReadUnlocked@CReaderWriterLock3@@QBE_NXZ
?TryWriteLock@CSmallSpinLock@@QAE_NXZ
mpCalloc
??0CReaderWriterLock3@@QAE@XZ
?SetSpinCount@CReaderWriterLock@@QAE_NG@Z
?ReadOrWriteLock@CSpinLock@@QAE_NXZ
?GetSpinCount@CReaderWriterLock@@QBEGXZ
?IsValid@CLKRLinearHashTable@@QBE_NXZ
?sm_dblDfltSpinAdjFctr@CReaderWriterLock2@@1NA
MpHeapSize
?SetSpinCount@CReaderWriterLock3@@QAE_NG@Z
?SetDefaultSpinCount@CSmallSpinLock@@SGXG@Z
?IsEmpty@CLockedSingleList@@QBE_NXZ
?_TryReadLock@CReaderWriterLock2@@AAE_NXZ
??1CSpinLock@@QAE@XZ
?Pop@CSingleList@@QAEQAVCSingleListEntry@@XZ
?NumSubTables@CLKRLinearHashTable@@QBEHXZ
?SetBucketLockSpinCount@CLKRHashTable@@QAEXG@Z
?IsReadLocked@CReaderWriterLock2@@QBE_NXZ
?GetStatistics@CLKRHashTable@@QBE?AVCLKRHashTableStats@@XZ
?_TryReadLockRecursive@CReaderWriterLock3@@AAE_NXZ
?_DeleteIf@CLKRLinearHashTable@@AAEKP6G?AW4LK_PREDICATE@@PBXPAX@Z1AAW42@@Z
?_CalcKeyHash@CLKRLinearHashTable@@ABEKK@Z
?IsReadUnlocked@CCritSec@@QBE_NXZ
??1CReaderWriterLock3@@QAE@XZ
?GetDefaultSpinAdjustmentFactor@CCritSec@@SGNXZ
?WriteUnlock@CReaderWriterLock2@@QAEXXZ
??0CLockedDoubleList@@QAE@XZ

msasn1

ASN1BEREncGeneralizedTime
ASN1ztchar16string_free
ASN1_CloseDecoder
ASN1BEREncEndOfContents
ASN1BERDecZeroCharString
ASN1BERDecTag
ASN1CEREncEndBlk
ASN1_CreateDecoder
ASN1BEREncU32
ASN1CEREncBeginBlk
ASN1BERDecBitString
ASN1BERDecS16Val
ASN1char16string_cmp
ASN1CEREncMultibyteString
ASN1_SetDecoderOption
ASN1ztcharstring_cmp
ASN1BEREncExplicitTag
ASN1BEREncFlush
ASN1open_cmp
ASN1_CreateEncoder
ASN1BERDecEoid
ASN1_GetDecoderOption
ASN1_SetEncoderOption
ASN1_GetEncoderOption
ASN1octetstring_cmp
ASN1BEREncOpenType
ASN1BERDecUTF8String
ASN1intx2int32

kernel32

GlobalAddAtomA
GetProcessHeaps
InitializeCriticalSection
ReleaseSemaphore
VirtualAlloc
LCMapStringA
CancelTimerQueueTimer
LoadLibraryA
SetLastError
LZCloseFile
FindVolumeMountPointClose
BuildCommDCBAndTimeoutsA
SearchPathA
UnregisterWait
GetStartupInfoW
SwitchToFiber
DnsHostnameToComputerNameA
CreateProcessInternalA
GetACP
VDMOperationStarted
GetSystemTimeAsFileTime
LZDone
BaseUpdateAppcompatCache
GetWriteWatch
WriteConsoleW
EnumDateFormatsA
ZombifyActCtx
WriteConsoleInputA
SetTapeParameters
DeactivateActCtx
DebugBreak
PostQueuedCompletionStatus
SetTimerQueueTimer
DuplicateConsoleHandle
GetDevicePowerState
NlsGetCacheUpdateCount
BackupRead
AreFileApisANSI
UTUnRegister
CreateWaitableTimerA
VerLanguageNameA

Sections

.text
Size: 49KB - Virtual size: 49KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 876B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 9KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

2821778056f67c13275b79ecd437ee9d

Headers

DLL Characteristics

File Characteristics

Imports

user32

msdart

msasn1

kernel32

Sections

.text Size: 49KB - Virtual size: 49KB

.rdata Size: 6KB - Virtual size: 6KB

.data Size: 1024B - Virtual size: 876B

.rsrc Size: 9KB - Virtual size: 8KB

.text
Size: 49KB - Virtual size: 49KB

.rdata
Size: 6KB - Virtual size: 6KB

.data
Size: 1024B - Virtual size: 876B

.rsrc
Size: 9KB - Virtual size: 8KB