4270bff3ddc7b049f76c1fdb7c8d57a4

Sharing

Copy URL Twitter E-mail

General

Target

4270bff3ddc7b049f76c1fdb7c8d57a4
Size

871KB
MD5

4270bff3ddc7b049f76c1fdb7c8d57a4
SHA1

e7688ee7bad0771d1a221e7df68fbf1fe2acbbf5
SHA256

6ef4d0d2d0b6a959c23a77af6319b91157d00f7b3a2bea7f19f455dbef4ff196
SHA512

8f043f19c7a364f7efabd9abc762c76d09138b5342db22533cc0bc1476872738d686852b122dd7d798f6825cecb5a3869de26c0e11f292b8f6c6457fdb18ef38
SSDEEP

12288:a3FnBdXFblhLbGV79bfAfz5ZBaA6/56yrcxjRV3dzZSl4qLWHtzB2pQN7FJ5emhe:a37l9L0W1ZBpdyrcMMMpwwXCw

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
4270bff3ddc7b049f76c1fdb7c8d57a4

Files

4270bff3ddc7b049f76c1fdb7c8d57a4
.exe windows:5 windows x86 arch:x86

39d6042f654605c61178fc25129bc23a

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

BindIoCompletionCallback
SetThreadPriority
FindActCtxSectionGuid
GetProfileIntA
FlushFileBuffers
EnumDateFormatsExW
RegisterConsoleIME
VirtualAlloc
GetSystemDefaultLCID
WritePrivateProfileStructA
RegisterConsoleOS2
AllocConsole
InterlockedPushEntrySList
SetVolumeMountPointA
EnumResourceNamesW
GetGeoInfoA
LoadLibraryExW
GetTickCount
InitAtomTable
GetFileAttributesW
GetCurrentProcessId
FreeLibraryAndExitThread
LZRead
IsDBCSLeadByteEx
HeapValidate
GetModuleHandleA
SetHandleCount
GetCurrentProcess
FlushInstructionCache
QueryDosDeviceW
NlsGetCacheUpdateCount
GetConsoleKeyboardLayoutNameW
FindResourceA
GetNumberFormatA
ChangeTimerQueueTimer
LoadLibraryA
ReadFileScatter
OpenThread
VDMOperationStarted
GetProcessHeaps
WritePrivateProfileSectionW
SetConsoleCursor
CreateMailslotW
GetModuleHandleW
FindFirstVolumeW

msvcirt

??_8ostrstream@@7B@
?allocate@streambuf@@IAEHXZ
??5istream@@QAEAAV0@AAE@Z
?put@ostream@@QAEAAV1@D@Z
?tie@ios@@QAEPAVostream@@PAV2@@Z
??1iostream@@UAE@XZ
?underflow@filebuf@@UAEHXZ
??7ios@@QBEHXZ
?ends@@YAAAVostream@@AAV1@@Z
??_Eios@@UAEPAXI@Z
?sync@strstreambuf@@UAEHXZ
??5istream@@QAEAAV0@AAN@Z
?binary@filebuf@@2HB
?endl@@YAAAVostream@@AAV1@@Z
??0ostrstream@@QAE@XZ
??5istream@@QAEAAV0@AAJ@Z
??1stdiobuf@@UAE@XZ
??4stdiobuf@@QAEAAV0@ABV0@@Z
?setbuf@filebuf@@UAEPAVstreambuf@@PADH@Z
?opfx@ostream@@QAEHXZ
??0streambuf@@QAE@ABV0@@Z
?egptr@streambuf@@IBEPADXZ
??4istream_withassign@@QAEAAVistream@@ABV1@@Z
??_Estrstreambuf@@UAEPAXI@Z
?out_waiting@streambuf@@QBEHXZ
??6ostream@@QAEAAV0@PBD@Z
??6ostream@@QAEAAV0@I@Z
?snextc@streambuf@@QAEHXZ
??_Estdiobuf@@UAEPAXI@Z
??_7ostream@@6B@
??_Dostream_withassign@@QAEXXZ
??5istream@@QAEAAV0@PAVstreambuf@@@Z
??_Difstream@@QAEXXZ
??_7stdiobuf@@6B@
??0streambuf@@IAE@PADH@Z
??0istream_withassign@@QAE@XZ
??0streambuf@@IAE@XZ
??_8fstream@@7Bistream@@@

crypt32

I_CryptGetAsn1Decoder
CryptUnprotectData
CertStrToNameW
CryptSIPAddProvider
CryptHashToBeSigned
CryptMsgVerifyCountersignatureEncodedEx
CertVerifyRevocation
CertCreateContext
I_CryptGetDefaultCryptProv
CertAddCTLLinkToStore
CertVerifyCRLRevocation
CryptMemRealloc
CryptMsgGetParam
I_CryptDisableLruOfEntries
RegCreateHKCUKeyExU
CryptStringToBinaryA
CryptLoadSip
I_CryptGetFileVersion
I_CryptUnregisterSmartCardStore
CertDeleteCertificateFromStore
CryptGetMessageCertificates
CertVerifyCTLUsage
CertSerializeCRLStoreElement
I_CryptEnableLruOfEntries
CryptHashPublicKeyInfo
CryptEnumOIDFunction
CryptSignMessageWithKey
CertAddStoreToCollection
CertCompareIntegerBlob
CertAddSerializedElementToStore
CertOpenSystemStoreA
CryptDecodeMessage
CertSetEnhancedKeyUsage

ifsutil

?QueryContainingRange@NUMBER_SET@@QBEEVBIG_INT@@PAV2@1@Z
?Add@NUMBER_SET@@QAEEVBIG_INT@@@Z
?DosDriveNameToNtDriveName@IFS_SYSTEM@@SGEPBVWSTRING@@PAV2@@Z
?InvalidateVolume@IO_DP_DRIVE@@QAEEXZ
?Initialize@TLINK@@QAEEG@Z
?QueryNumber@NUMBER_SET@@QBE?AVBIG_INT@@V2@@Z
?Initialize@DP_DRIVE@@QAEEPBVWSTRING@@PAVMESSAGE@@EEG@Z
??1SECRUN@@UAE@XZ
?NtDriveNameToDosDriveName@IFS_SYSTEM@@SGEPBVWSTRING@@PAV2@@Z
?Write@IO_DP_DRIVE@@QAEEVBIG_INT@@KPAX@Z
??0CANNED_SECURITY@@QAE@XZ
?AddDriveName@MOUNT_POINT_MAP@@QAEEPAVWSTRING@@0@Z
?SetVolumeLabelAndPrintFormatReport@VOL_LIODPDRV@@QAEEPBVWSTRING@@PAVMESSAGE@@@Z
??0DIGRAPH_EDGE@@QAE@XZ
?CheckAndRemove@SPARSE_SET@@QAEEVBIG_INT@@PAE@Z
?IsArcSystemPartition@IFS_SYSTEM@@SGEPBVWSTRING@@PAE@Z
?QueryNtfsTime@IFS_SYSTEM@@SGXPAT_LARGE_INTEGER@@@Z
?Recover@VOL_LIODPDRV@@QAEEPBVWSTRING@@PAVMESSAGE@@@Z
?ComputeVolId@SUPERAREA@@SGKK@Z
?RestoreThreadExecutionState@@YGXJK@Z
??1TLINK@@UAE@XZ
?GetCannedSecurityDescriptor@CANNED_SECURITY@@QAEPAXW4_CANNED_SECURITY_TYPE@@PAK@Z
?GetAt@MOUNT_POINT_MAP@@QAEEKPAVWSTRING@@0@Z
?Initialize@READ_WRITE_CACHE@@QAEEPAVIO_DP_DRIVE@@K@Z
??0INTSTACK@@QAE@XZ

msdart

?_CmpExch@CReaderWriterLock@@AAE_NJJ@Z
?TryReadLock@CReaderWriterLock3@@QAE_NXZ
??1CReaderWriterLock2@@QAE@XZ
??1CSpinLock@@QAE@XZ
?TryWriteLock@CCritSec@@QAE_NXZ
??0CFakeLock@@QAE@XZ
?GetDefaultSpinAdjustmentFactor@CCritSec@@SGNXZ
?WriteUnlock@CReaderWriterLock@@QAEXXZ
?SetDefaultSpinAdjustmentFactor@CReaderWriterLock@@SGXN@Z
?IsEmpty@CSingleList@@QBE_NXZ
?IsWriteUnlocked@CLKRLinearHashTable@@QBE_NXZ
?SetDefaultSpinCount@CReaderWriterLock3@@SGXG@Z
?sm_wDefaultSpinCount@CSpinLock@@1GA
?_DeleteIf@CLKRLinearHashTable@@AAEKP6G?AW4LK_PREDICATE@@PBXPAX@Z1AAW42@@Z
?ConvertExclusiveToShared@CSpinLock@@QAEXXZ
?RemoveEntry@CLockedDoubleList@@QAEXQAVCListEntry@@@Z
?_ReadOrWriteUnlock@CLKRLinearHashTable@@ABEX_N@Z
?Unlock@CLockedSingleList@@QAEXXZ
?WriteUnlock@CSmallSpinLock@@QAEXXZ
?IsEmpty@CLockedDoubleList@@QBE_NXZ
?GetDefaultSpinCount@CSpinLock@@SGGXZ
?SetDefaultSpinCount@CSpinLock@@SGXG@Z
?WriteLock@CFakeLock@@QAEXXZ
?Push@CLockedSingleList@@QAEXQAVCSingleListEntry@@@Z
?_Unlock@CSpinLock@@AAEXXZ
?_ReadOrWriteLock@CLKRLinearHashTable@@ABE_NXZ
?sm_wDefaultSpinCount@CReaderWriterLock@@1GA
??4CMdVersionInfo@@QAEAAV0@ABV0@@Z
?_EqualKeys@CLKRLinearHashTable@@ABE_NKK@Z
?IsWriteUnlocked@CReaderWriterLock3@@QBE_NXZ
?WriteLock@CSmallSpinLock@@QAEXXZ
??0CSingleList@@QAE@XZ
?TryReadLock@CReaderWriterLock@@QAE_NXZ
??4CDoubleList@@QAEAAV0@ABV0@@Z
?Apply@CLKRLinearHashTable@@QAEKP6G?AW4LK_ACTION@@PBXPAX@Z1W4LK_LOCKTYPE@@@Z

rtm

CreateTable
RtmGetDestInfo
RtmGetNextHopPointer
RtmReadInstanceConfig
RtmIgnoreChangedDests
RtmLockNextHop
MgmAddGroupMembershipEntry
MgmDeInitialize
RtmGetNextRoute
RtmInsertInRouteList
RtmDereferenceHandles
DumpTable
RtmReleaseDestInfo
RtmCreateNextHopEnum
RtmReleaseNextHopInfo
RtmDeregisterClient
RtmCreateDestEnum
RtmGetOpaqueInformationPointer
RtmFindNextHop
NextMatchInTable
RtmIsRoute
RtmLockDestination
RtmRegisterEntity
RtmBlockConvertRoutesToStatic
RtmEnumerateGetNextRoute

shimgvw

ImageView_PrintTo
DllGetClassObject
ImageView_Fullscreen
imageview_fullscreenW
ImageView_FullscreenA
ImageView_PrintToA
ImageView_FullscreenW
ImageView_PrintToW

Sections

.text
Size: 530KB - Virtual size: 530KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 7KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 330KB - Virtual size: 1.8MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 1024B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

39d6042f654605c61178fc25129bc23a

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

msvcirt

crypt32

ifsutil

msdart

rtm

shimgvw

Sections

.text Size: 530KB - Virtual size: 530KB

.rdata Size: 7KB - Virtual size: 7KB

.data Size: 330KB - Virtual size: 1.8MB

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 1024B - Virtual size: 1024B

.text
Size: 530KB - Virtual size: 530KB

.rdata
Size: 7KB - Virtual size: 7KB

.data
Size: 330KB - Virtual size: 1.8MB

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 1024B - Virtual size: 1024B