07fe6382262efc662ac7f7004bb8319f

Sharing

Copy URL

Twitter E-mail

General

Target

07fe6382262efc662ac7f7004bb8319f
Size

856KB
MD5

07fe6382262efc662ac7f7004bb8319f
SHA1

4a81d6a75555d1f8f4b0f3f3529d8c02a2009c5c
SHA256

47aa8a82ba03b260c18ac799d750801248799cc9cdd57cecc3191c0f32796d42
SHA512

17e36c65b6b376506a4bf817c41da2803bd7c403aa216340453724f8b38f0ab487baa7d57b41dda325d628fae72cb45d6f90aac57dd283a11f537b819fb7f043
SSDEEP

12288:XfoO1b/lRttO4gpFLgr1jKyrENZdB2dmCS/kBQo0v2TBWhQGl/3e1c7lH2X:Xfosb/7tlYixr2dBfCCZoIwcZH6

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
07fe6382262efc662ac7f7004bb8319f

Files

07fe6382262efc662ac7f7004bb8319f
.exe windows:5 windows x86 arch:x86

7eb0c265a00195a4fb6bebcff8dff6df

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

ntdll

RtlRandomEx
NtLoadKey
RtlCopySecurityDescriptor
RtlGetCallersAddress
swprintf
NtUnmapViewOfSection
NtSetSystemInformation
ZwSetLdtEntries
RtlValidSecurityDescriptor
RtlFindClearBits
RtlInitializeCriticalSection
DbgQueryDebugFilterState
__iscsym
RtlTraceDatabaseDestroy
ZwReleaseKeyedEvent
RtlUpcaseUnicodeStringToAnsiString
ZwImpersonateClientOfPort
RtlActivateActivationContextUnsafeFast
NtFlushVirtualMemory

ifsutil

?Read@SECRUN@@UAEEXZ
?Initialize@VOL_LIODPDRV@@IAEEPBVWSTRING@@0PAVSUPERAREA@@PAVMESSAGE@@E@Z
?EnableVolumeCompression@IFS_SYSTEM@@SGEPBVWSTRING@@@Z
?QueryContainingRange@NUMBER_SET@@QBEEVBIG_INT@@PAV2@1@Z
?QueryMediaByte@DP_DRIVE@@QBEEXZ
??1SECRUN@@UAE@XZ
??1SUPERAREA@@UAE@XZ
??0CANNED_SECURITY@@QAE@XZ
?QueryVolumeName@MOUNT_POINT_MAP@@QAEEPAVWSTRING@@0@Z
?Initialize@DIGRAPH@@QAEEK@Z
?QueryNtfsSupportInfo@DP_DRIVE@@SGJPAXPAE@Z
?DosDriveNameToNtDriveName@IFS_SYSTEM@@SGEPBVWSTRING@@PAV2@@Z
?AddEdge@DIGRAPH@@QAEEKK@Z
??1NUMBER_SET@@UAE@XZ
?QueryNtfsTime@IFS_SYSTEM@@SGXPAT_LARGE_INTEGER@@@Z

psapi

GetModuleInformation
GetModuleBaseNameA
EnumPageFilesW
GetDeviceDriverBaseNameW
GetModuleBaseNameW
GetMappedFileNameW
GetProcessMemoryInfo
GetProcessImageFileNameA
EnumPageFilesA
GetDeviceDriverBaseNameA
EmptyWorkingSet
EnumDeviceDrivers
GetDeviceDriverFileNameA
GetMappedFileNameA
GetModuleFileNameExA
GetDeviceDriverFileNameW
InitializeProcessForWsWatch
EnumProcessModules
GetModuleFileNameExW
QueryWorkingSet

kernel32

GlobalFindAtomA
GetDateFormatA
VirtualAlloc
SetLocaleInfoA
CreateMemoryResourceNotification
lstrcmpiW
IsValidCodePage
GetConsoleKeyboardLayoutNameW
GetShortPathNameW
SetConsolePalette
SetConsoleMenuClose
IsBadHugeReadPtr
GenerateConsoleCtrlEvent
BaseDumpAppcompatCache
CancelIo
LoadLibraryA
Thread32Next
GlobalUnlock

msdart

?IsEmpty@CLockedSingleList@@QBE_NXZ
?BucketSizes@CLKRHashTableStats@@SGPBJXZ
?TryWriteLock@CReaderWriterLock3@@QAE_NXZ
?s_aBucketSizes@?1??BucketSizes@CLKRHashTableStats@@SGPBJXZ@4QBJB
?IsWriteUnlocked@CSpinLock@@QBE_NXZ
?_LockSpin@CReaderWriterLock@@AAEX_N@Z
?ReadLock@CLKRHashTable@@QBEXXZ
?WriteUnlock@CLKRHashTable@@QBEXXZ
?RemoveHead@CLockedDoubleList@@QAEQAVCListEntry@@XZ
MpHeapSize
??4CSingleList@@QAEAAV0@ABV0@@Z
?IsReadLocked@CLKRLinearHashTable@@QBE_NXZ
?Pop@CSingleList@@QAEQAVCSingleListEntry@@XZ
?SetBucketLockSpinCount@CLKRLinearHashTable@@QAEXG@Z
?_TryLock@CSmallSpinLock@@AAE_NXZ

Sections

.text
Size: 740KB - Virtual size: 739KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 107KB - Virtual size: 107KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 1.5MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

7eb0c265a00195a4fb6bebcff8dff6df

Headers

DLL Characteristics

File Characteristics

Imports

ntdll

ifsutil

psapi

kernel32

msdart

Sections

.text Size: 740KB - Virtual size: 739KB

.rdata Size: 107KB - Virtual size: 107KB

.data Size: 4KB - Virtual size: 1.5MB

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 1KB - Virtual size: 1KB

.text
Size: 740KB - Virtual size: 739KB

.rdata
Size: 107KB - Virtual size: 107KB

.data
Size: 4KB - Virtual size: 1.5MB

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 1KB - Virtual size: 1KB