406f9fe6512ed855eefe09143dca6ee5

Sharing

Copy URL

Twitter E-mail

General

Target

406f9fe6512ed855eefe09143dca6ee5
Size

134KB
MD5

406f9fe6512ed855eefe09143dca6ee5
SHA1

39aeb58b48d56aa8534fae591caf614659363fd0
SHA256

47aea3ce0627b60a1c34c9f5f63bd25f9e2ce15b4286256df54cc12731d11e0d
SHA512

09efeb6f1cf39efef8e84e4f384000a6c3ed3c404dd75faeb8891ed03247cb5d189f636bf5af8701d2279b575cf524ce5666e872d42246f51a4b219ca588f61f
SSDEEP

3072:RoAwOyLRIkjtGmIQV5T/CF0SXe8/tGw2CC1Wm8pGcYGRz:1wRFIkBGIVR/CFzknCvgcYkz

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
406f9fe6512ed855eefe09143dca6ee5

Files

406f9fe6512ed855eefe09143dca6ee5
.exe windows:5 windows x86 arch:x86

9c06d31c25a58d9607a727866befdcd2

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

clbcatq

CheckMemoryGates
SetupSave
OpenComponentLibraryOnMemEx
GetCatalogObject
CLSIDFromStringByBitness
CoRegCleanup
ComPlusMigrate
SetSetupSave
DeleteAllActivatorsForClsid
UpdateFromComponentChange
CreateComponentLibraryEx
DowngradeAPL
DllRegisterServer
DllGetClassObject
ServerGetApplicationType
DllUnregisterServer
UpdateFromAppChange
SetSetupOpen
InprocServer32FromString
GetComputerObject
ActivatorUpdateForIsRouterChanges
DllCanUnloadNow
GetCatalogObject2
GetSimpleTableDispenser
SetupOpen
OpenComponentLibraryOnStreamEx
OpenComponentLibraryEx

winmm

midiInStop
waveInGetPosition
joySetCapture
mciSendStringW
waveOutBreakLoop
mmioSendMessage
WOWAppExit
SendDriverMessage
mmioStringToFOURCCW
DrvGetModuleHandle
sndPlaySoundW
midiOutUnprepareHeader
mciLoadCommandResource
midiInClose
mciGetYieldProc
mixerGetID
auxOutMessage
waveOutGetDevCapsW
mmioOpenW
mmioRead
joyGetPosEx
mciExecute
CloseDriver
waveOutGetPosition
joyGetDevCapsA

wldap32

ldap_parse_result
ldap_get_values
ldap_create_sort_controlW
ldap_get_values_lenA
ber_bvfree
ldap_delete_sA
ber_first_element
ldap_search_init_page
ldap_modify_sW
ldap_count_references
ldap_searchW
ldap_first_attributeW
ldap_search_stW
ldap_modrdn2A
ldap_extended_operation_sW
LdapUnicodeToUTF8
ldap_set_dbg_flags
ldap_count_valuesA
ldap_rename_ext_sA
ldap_err2stringA
ldap_modrdn
ldap_get_next_page_s
ldap_count_values
ldap_modifyA

mapistub

FPropExists@8
HrSetOmiProvidersFlagsInvalid
UlPropSize@4
OpenTnefStream
MAPIOpenLocalFormContainer
BMAPIResolveName
MAPIUninitialize@0
DeinitMapiUtil@0
ScCountNotifications@12
BMAPIGetReadMail
FixMAPI@0
ScCopyProps@16
MAPILogonEx@20
UNKOBJ_ScCOAllocate@12
OpenIMsgOnIStg@44
CchOfEncoding@4

mscat32

MsCatFreeHashTag
CryptCATGetMemberInfo
CryptCATOpen
CryptCATCDFEnumCatAttributes
CryptCATAdminAddCatalog
CryptCATCDFEnumMembersByCDFTag
MsCatConstructHashTag
CryptCATAdminEnumCatalogFromHash
CryptCATCDFEnumAttributes
CryptCATCDFEnumMembersByCDFTagEx
CryptCATClose
CryptCATEnumerateCatAttr
DllUnregisterServer
DllRegisterServer

kernel32

BackupRead
GetPrivateProfileSectionA
LZStart
lstrcmpi
CreateMutexA
LoadLibraryW
ReadProcessMemory
GetLastError
CreateFileMappingA
FlushFileBuffers
GetConsoleAliasesLengthW
FreeEnvironmentStringsA
SetCriticalSectionSpinCount
CreateDirectoryA
GlobalFindAtomW
GetCurrentThread
SetConsoleTitleW
GetLocaleInfoW
GlobalFlags
RegisterWaitForInputIdle
GetModuleHandleW

Sections

.text
Size: 44KB - Virtual size: 44KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 51KB - Virtual size: 50KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 30KB - Virtual size: 30KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 6KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

9c06d31c25a58d9607a727866befdcd2

Headers

File Characteristics

Imports

clbcatq

winmm

wldap32

mapistub

mscat32

kernel32

Sections

.text Size: 44KB - Virtual size: 44KB

.rdata Size: 51KB - Virtual size: 50KB

.data Size: 30KB - Virtual size: 30KB

.rsrc Size: 6KB - Virtual size: 5KB

.text
Size: 44KB - Virtual size: 44KB

.rdata
Size: 51KB - Virtual size: 50KB

.data
Size: 30KB - Virtual size: 30KB

.rsrc
Size: 6KB - Virtual size: 5KB