090bcffb2406550661f22a69155e3c5c

Sharing

Copy URL Twitter E-mail

General

Target

090bcffb2406550661f22a69155e3c5c
Size

39KB
MD5

090bcffb2406550661f22a69155e3c5c
SHA1

2d9be3ab2cee605969961e6d159ba4289deb2311
SHA256

39db5ec08b0b2a20d32a0dff7ce9acee288b85135c83c4de39ce0a32b88b7b1c
SHA512

3da4a9ccc6de63273eb020c1cbbb6d97de9b2b1e401a2cee6d20a48ce20180b4303e7d670afe6d5bf0e783a310adbeed1e31837e57eb8a360c3aff6d4d06db04
SSDEEP

768:z/u+vmq6zuAfZp74wJQmOydc3d+vSH1gVcNhkmEMnR88kTja6jd+bh:7Vvm/yAhpjJZdMMsCQ1R88kTu6jAb

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
090bcffb2406550661f22a69155e3c5c

Files

090bcffb2406550661f22a69155e3c5c
.exe windows:5 windows x86 arch:x86

76f76217c2e0ed28b2dce379a2fe3691

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

ureg

??0REGISTRY_VALUE_ENTRY@@QAE@XZ
?DeleteValueEntry@REGISTRY@@QAEEW4_PREDEFINED_KEY@@PAVREGISTRY_KEY_INFO@@PBVWSTRING@@PAK@Z
?EnableRootNotification@REGISTRY@@QAEEW4_PREDEFINED_KEY@@PAXKE@Z
?UpdateKeyInfo@REGISTRY@@QAEEW4_PREDEFINED_KEY@@PAVREGISTRY_KEY_INFO@@PAK@Z
?CreateKey@REGISTRY@@QAEEW4_PREDEFINED_KEY@@PAVREGISTRY_KEY_INFO@@1PAKE@Z
?Initialize@REGISTRY@@QAEEPBVWSTRING@@PAK@Z
??1REGISTRY@@UAE@XZ
?LoadHive@REGISTRY@@QAEEW4_PREDEFINED_KEY@@PAVREGISTRY_KEY_INFO@@PBVWSTRING@@PAK@Z
?UnLoadHive@REGISTRY@@QAEEW4_PREDEFINED_KEY@@PAVREGISTRY_KEY_INFO@@PAK@Z
?DoesKeyExist@REGISTRY@@QAEEW4_PREDEFINED_KEY@@PBVWSTRING@@1PAK@Z
?DeleteKey@REGISTRY@@QAEEW4_PREDEFINED_KEY@@PAVREGISTRY_KEY_INFO@@PBVWSTRING@@PAK@Z
?Initialize@REGISTRY_KEY_INFO@@QAEEPBVWSTRING@@0K0PAU_SECURITY_ATTRIBUTES@@@Z
?IsAccessAllowed@REGISTRY@@QAEEW4_PREDEFINED_KEY@@PAVREGISTRY_KEY_INFO@@KPAK@Z
?QuerySubKeysInfo@REGISTRY@@QAEEW4_PREDEFINED_KEY@@PBVWSTRING@@1PAVARRAY@@PAK@Z
??0REGISTRY@@QAE@XZ
?QueryKeySecurity@REGISTRY@@QAEEW4_PREDEFINED_KEY@@PBVREGISTRY_KEY_INFO@@KPAPAXPAK@Z
?QueryValues@REGISTRY@@QAEEW4_PREDEFINED_KEY@@PBVWSTRING@@1PAVARRAY@@PAK@Z
?Initialize@REGISTRY_VALUE_ENTRY@@QAEEPBVWSTRING@@KW4_REG_TYPE@@PBEK@Z
?QueryKeyInfo@REGISTRY@@QAEEW4_PREDEFINED_KEY@@PBVWSTRING@@1PAVREGISTRY_KEY_INFO@@PAK@Z

ntdll

ZwSetHighWaitLowEventPair
ZwResumeProcess
NtInitiatePowerAction
RtlLookupElementGenericTable
RtlInsertElementGenericTableAvl
_aulldiv
wcschr
wcsncmp
RtlExitUserThread
RtlpNtCreateKey
RtlLengthSid
NtSetInformationObject
RtlLargeIntegerNegate
_itoa
RtlAddAttributeActionToRXact
NtSetInformationThread
sqrt
RtlEqualSid
iswlower
ZwAllocateLocallyUniqueId
RtlInitializeCriticalSection
RtlActivateActivationContextUnsafeFast
RtlxUnicodeStringToAnsiSize
ZwSetDefaultUILanguage
RtlInitializeHandleTable
ZwEnumerateSystemEnvironmentValuesEx
NtCompressKey
ZwYieldExecution
NtSetEaFile
_strcmpi
NtPulseEvent
RtlDosSearchPath_U
RtlAnsiStringToUnicodeString
NtWriteFileGather
RtlClearAllBits
DbgUiConnectToDbg
wcstol
RtlAppendStringToString

kernel32

GetCPInfoExA
FindActCtxSectionStringA
GetModuleHandleW
UpdateResourceA
InterlockedPopEntrySList
SetComputerNameExA
LoadLibraryW
CreateConsoleScreenBuffer
GetGeoInfoW
lstrlenW
GetTempPathA
GetSystemDirectoryW
Heap32Next
ReadProcessMemory
GetDefaultCommConfigW
GetLocaleInfoA
GetFileInformationByHandle
GetExitCodeProcess
GetNumberOfConsoleFonts
SetNamedPipeHandleState
AttachConsole
GetCurrentThread
BuildCommDCBAndTimeoutsA
FreeEnvironmentStringsA
GetDiskFreeSpaceExW

cmutil

MakeBold
CmLoadStringW
IsFarEastNonOSR2Win95
CmStripFileNameW
?DeInit@CmLogFile@@QAEJXZ
CmMoveMemory
??4CmLogFile@@QAEAAV0@ABV0@@Z
CmStrchrW
CmStrtokW
CmFree
?CIni_SetFile@CIniA@@KGXPAPADPBD@Z
?Clear@CIniA@@QAEXXZ
?SetParams@CmLogFile@@QAEJHKPBG@Z
?GetHInst@CIniW@@QBEPAUHINSTANCE__@@XZ
??4CIniW@@QAEAAV0@ABV0@@Z
GetOSVersion
?GPPB@CIniA@@QBEHPBD0H@Z
?SetSection@CIniW@@QAEXPBG@Z
?CIniW_GetEntryFromReg@CIniW@@IBEPAEPAUHKEY__@@PBG1KK@Z

sqlsrv32

SQLParamOptions
SQLFreeStmt
SQLTablesW
ConfigDSNW
SQLProceduresW
SQLColumnsW
SQLCopyDesc
SQLGetDescFieldW
BCP_sendrow
SQLSetConnectAttrW
FinishDlgProc
WizDatabaseDlgProc
SQLFetch
SQLBindParameter
SQLColAttributeW
SQLBulkOperations
BCP_done
SQLGetConnectOptionW
BCP_exec
SQLStatisticsW
SQLGetStmtAttrW
SQLSetStmtAttrW
SQLCloseCursor
BCP_colptr
SQLRowCount
SQLProcedureColumnsW
BCP_setcolfmt
SQLSetCursorNameW
SQLPrimaryKeysW
SQLFetchScroll
BCP_getcolfmt
SQLExecute
SQLDescribeColW
SQLSetDescFieldW
SQLExecDirectW
BCP_bind
SQLGetCursorNameW
SQLSetEnvAttr
SQLGetDiagFieldW

hid

HidP_GetUsageValue
HidD_GetNumInputBuffers
HidP_TranslateUsagesToI8042ScanCodes
HidD_SetFeature
HidP_GetUsagesEx
HidD_GetFeature
HidP_GetData
HidP_UsageListDifference
HidP_UnsetUsages
HidD_GetSerialNumberString
HidD_GetConfiguration
HidP_GetValueCaps

Sections

.text
Size: 28KB - Virtual size: 27KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 6KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

76f76217c2e0ed28b2dce379a2fe3691

Headers

DLL Characteristics

File Characteristics

Imports

ureg

ntdll

kernel32

cmutil

sqlsrv32

hid

Sections

.text Size: 28KB - Virtual size: 27KB

.rdata Size: 2KB - Virtual size: 1KB

.data Size: 6KB - Virtual size: 5KB

.rsrc Size: 2KB - Virtual size: 2KB

.text
Size: 28KB - Virtual size: 27KB

.rdata
Size: 2KB - Virtual size: 1KB

.data
Size: 6KB - Virtual size: 5KB

.rsrc
Size: 2KB - Virtual size: 2KB