1f5e92a14f7a0b1dd13770ca7135ad01

Sharing

Copy URL Twitter E-mail

General

Target

1f5e92a14f7a0b1dd13770ca7135ad01
Size

65KB
MD5

1f5e92a14f7a0b1dd13770ca7135ad01
SHA1

8473b238c9ac9b1448fe5274d9975b58b44f9f40
SHA256

e6c82b861cd5899050e7be750c15831132b1a10df6c3cf05cd886ae96eca559b
SHA512

68669bc071a575f8417091a4f4dd14db2bbb473e60529e9f9bc3cfa7f88216d17366460c9f77ccaaf269426273fa5ae2ce3d1a9a26eb7a0d4a21a60eb80a6203
SSDEEP

1536:svka1NYftDCDkb93wBX/85iAPaNA1BmmpaNP8YlW6UeWmorOGQH:ekhftDakb9ABXYiLCXyPQ67GQH

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
1f5e92a14f7a0b1dd13770ca7135ad01

Files

1f5e92a14f7a0b1dd13770ca7135ad01
.exe windows:5 windows x86 arch:x86

5c7473d70501d30760b6d4d87d6da268

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

clbcatq

SetupOpen
DowngradeAPL
CreateComponentLibraryEx
SetSetupOpen
SetSetupSave
GetSimpleTableDispenser
CLSIDFromStringByBitness
ActivatorUpdateForIsRouterChanges
CoRegCleanup
OpenComponentLibraryEx
DllRegisterServer
GetCatalogObject2
InprocServer32FromString
ComPlusMigrate
DllGetClassObject
CheckMemoryGates
GetCatalogObject
DllUnregisterServer
SetupSave
ServerGetApplicationType
DllCanUnloadNow
UpdateFromAppChange
GetComputerObject
OpenComponentLibraryOnStreamEx
OpenComponentLibraryOnMemEx
DeleteAllActivatorsForClsid

ntdll

swprintf
LdrSetDllManifestProber
ZwReleaseSemaphore
RtlCopyLuidAndAttributesArray
ZwCreateMailslotFile
ZwAllocateUserPhysicalPages
DbgPrompt
RtlImageNtHeader
RtlRandomEx
NtQueryInformationToken
NtSetInformationThread
ZwSecureConnectPort
RtlAreAnyAccessesGranted
RtlMultiAppendUnicodeStringBuffer
KiRaiseUserExceptionDispatcher
NtSetSystemEnvironmentValueEx
RtlMapGenericMask
RtlDosApplyFileIsolationRedirection_Ustr
RtlUpperString
RtlUpperChar
NtFindAtom
RtlUnicodeToMultiByteSize
RtlDuplicateUnicodeString
NtQuerySecurityObject
RtlGetAce
RtlDestroyEnvironment
RtlNormalizeProcessParams
ZwOpenThread
RtlUnicodeStringToOemSize

rasapi32

RasGetEapUserIdentityW
RasDeleteEntryA
RasHangUpA
RasGetConnectStatusA
RasConnectionNotificationW
RasDeleteSubEntryW
RasSetEapUserDataW
RasGetEapUserDataW
RasEditPhonebookEntryA
RasGetConnectStatusW
RasGetAutodialAddressA
RasAutodialEntryToNetwork
RasSetSharedAutoDial
RasGetCountryInfoA
RasFreeEapUserIdentityA
RasEnumEntriesA
RasGetEapUserIdentityA
RasGetErrorStringW
RasClearConnectionStatistics
RasEnumAutodialAddressesW
RasEditPhonebookEntryW
RasEnumDevicesA
RasSetEntryDialParamsA
RasDialW
RasIsSharedConnection
RasGetAutodialEnableA

upnp

DllGetClassObject
DllCanUnloadNow
HrRehydratorInvokeServiceAction
HrRehydratorCreateServiceObject
DllUnregisterServer
DllRegisterServer

sqlsrv32

WizDatabaseDlgProc
SQLColumnsW
SQLGetStmtAttrW
SQLGetConnectAttrW
BCP_columns
SQLBrowseConnectW
BCP_writefmt
SQLColumnPrivilegesW
LibMain
SQLSetConnectOptionW
BCP_exec
SQLExecute
SQLSetEnvAttr
SQLGetInfoW
SQLDisconnect
SQLDescribeParam
SQLFetchScroll
FinishDlgProc
BCP_colptr
SQLExecDirectW
SQLGetDiagFieldW
SQLNumResultCols
BCP_getcolfmt

kernel32

VirtualAlloc
ReplaceFile
_lclose
Module32NextW
FindFirstFileExW
IsDBCSLeadByteEx
WritePrivateProfileStructW
GetVolumePathNamesForVolumeNameA
GetNumberOfConsoleMouseButtons
WaitForSingleObject
SetComputerNameW
LocalHandle
GetCurrentProcessId
IsBadStringPtrA
GetBinaryTypeA
CreateDirectoryW
GetConsoleAliasExesLengthA
LoadLibraryW
CreateMailslotW
AddLocalAlternateComputerNameW
WriteFileEx
VirtualAllocEx
OpenSemaphoreA
GetConsoleProcessList
OpenWaitableTimerW
PrivCopyFileExW
SetCommBreak
QueryPerformanceCounter
GetStartupInfoW
ReadConsoleOutputAttribute
IsBadHugeReadPtr
GetConsoleFontInfo
GetNumberOfConsoleFonts
FillConsoleOutputCharacterW
SetUserGeoID
EnumSystemLocalesW
GetProcAddress
GetCurrentThreadId
CreateWaitableTimerW
GetModuleHandleW
GetFullPathNameA
GetWindowsDirectoryA
GetComputerNameExA
CreateSocketHandle
PostQueuedCompletionStatus
LockResource
GetTickCount
LoadLibraryA
GlobalMemoryStatusEx
ClearCommError

ws2_32

setsockopt
WSAGetLastError
WSAInstallServiceClassA
WSASetServiceW
WSAAccept
WSARecvFrom
WSAAsyncGetProtoByNumber
ntohs
getnameinfo
WSARecvDisconnect
getprotobynumber
WSCUpdateProvider
recvfrom
WSAIoctl
WSASendDisconnect
ioctlsocket
inet_ntoa
WSAHtonl
WSACancelAsyncRequest
WSAEnumNameSpaceProvidersW
WSACloseEvent
htonl
WSAAddressToStringW
WSAStringToAddressA
__WSAFDIsSet
WSAJoinLeaf

Sections

.text
Size: 11KB - Virtual size: 11KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 18KB - Virtual size: 18KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 14KB - Virtual size: 37KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 19KB - Virtual size: 19KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 464B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

5c7473d70501d30760b6d4d87d6da268

Headers

DLL Characteristics

File Characteristics

Imports

clbcatq

ntdll

rasapi32

upnp

sqlsrv32

kernel32

ws2_32

Sections

.text Size: 11KB - Virtual size: 11KB

.rdata Size: 18KB - Virtual size: 18KB

.data Size: 14KB - Virtual size: 37KB

.rsrc Size: 19KB - Virtual size: 19KB

.reloc Size: 512B - Virtual size: 464B

.text
Size: 11KB - Virtual size: 11KB

.rdata
Size: 18KB - Virtual size: 18KB

.data
Size: 14KB - Virtual size: 37KB

.rsrc
Size: 19KB - Virtual size: 19KB

.reloc
Size: 512B - Virtual size: 464B