0ca7dda0aeb8990370ccb804261a54c7

Sharing

Copy URL Twitter E-mail

General

Target

0ca7dda0aeb8990370ccb804261a54c7
Size

873KB
MD5

0ca7dda0aeb8990370ccb804261a54c7
SHA1

2d062039233125e7f759ee93afd0000e112a7e9d
SHA256

ec0cc1e0d746ad29f4762803fae762cf66df9c25c82816b274d0613eeffdcb87
SHA512

c32a003bf232a7de02138216969a63197ce228ec2a50a25a04962e6d7f67c79e8a21f9cda5e7755c75cc91a0f3119585933e5d8666c8e6fc7523c041477129d2
SSDEEP

24576:THVBHIodo7CzcsbLgo6KqPjx+pHBhPwqggXEOJMEl4/v7:rjHI8o1bTbxDqggpv6v

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
0ca7dda0aeb8990370ccb804261a54c7

Files

0ca7dda0aeb8990370ccb804261a54c7
.exe windows:5 windows x86 arch:x86

ff78305c5bc3cb17597a5d4760033f24

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

msasn1

ASN1BERDecZeroMultibyteString
ASN1EncSetError
ASN1open_free
ASN1uint32_uoctets
ASN1BEREoid2DotVal
ASN1intx_uoctets
ASN1intx2int32
ASN1BERDecCharString
ASN1CEREncBitString
ASN1BERDecU32Val
ASN1ztchar16string_free
ASN1BERDecNull
ASN1BEREncLength
ASN1BEREncChar32String
ASN1CEREncCharString
ASN1utctime_cmp
ASN1_SetDecoderOption
ASN1BEREncExplicitTag
ASN1BERDecEoid
ASN1BERDecDouble
ASN1BERDecS8Val
ASN1BEREncSX
ASN1BERDecBool
ASN1BEREncZeroMultibyteString
ASN1BEREncObjectIdentifier
ASN1BEREncDouble
ASN1ztcharstring_cmp
ASN1_CloseDecoder
ASN1BEREncCheck
ASN1BEREncU32
ASN1BERDecNotEndOfContents
ASN1BERDecOpenType2
ASN1BEREncNull
ASN1_CloseModule
ASN1BERDecZeroChar16String
ASN1_CloseEncoder
ASN1CEREncNewBlkElement
ASN1BERDecS16Val
ASN1ztchar16string_cmp
ASN1BERDecU16Val
ASN1_Decode
ASN1BEREncGeneralizedTime
ASN1CEREncFlushBlkElement
ASN1BEREncRemoveZeroBits

msdart

?_WriteLockSpin@CReaderWriterLock@@AAEXXZ
??4CSmallSpinLock@@QAEAAV0@ABV0@@Z
MpHeapValidate
?GetSpinCount@CSpinLock@@QBEGXZ
?sm_dblDfltSpinAdjFctr@CReaderWriterLock2@@1NA
?TryWriteLock@CReaderWriterLock@@QAE_NXZ
?IsReadLocked@CLKRHashTable@@QBE_NXZ
?IsReadLocked@CReaderWriterLock@@QBE_NXZ
?GetStatistics@CLKRHashTable@@QBE?AVCLKRHashTableStats@@XZ
?sm_wDefaultSpinCount@CReaderWriterLock@@1GA
mpMalloc
?_CurrentThreadId@CSpinLock@@CGJXZ
?ConvertExclusiveToShared@CFakeLock@@QAEXXZ
?_InsertThisIntoGlobalList@CLKRLinearHashTable@@AAEXXZ
?GetDefaultSpinAdjustmentFactor@CSpinLock@@SGNXZ
?_Contract@CLKRLinearHashTable@@AAE?AW4LK_RETCODE@@XZ
?sm_wDefaultSpinCount@CSpinLock@@1GA
?_TryReadLock@CReaderWriterLock2@@AAE_NXZ
FXMemAttach
?Apply@CLKRLinearHashTable@@QAEKP6G?AW4LK_ACTION@@PBXPAX@Z1W4LK_LOCKTYPE@@@Z
?SetDefaultSpinCount@CSmallSpinLock@@SGXG@Z
mpCalloc
?WriteUnlock@CFakeLock@@QAEXXZ
?IsWriteUnlocked@CLKRLinearHashTable@@QBE_NXZ
??1CSingleList@@QAE@XZ
?sm_dblDfltSpinAdjFctr@CCritSec@@1NA
?WriteLock@CCritSec@@QAEXXZ
?IsUsable@CLKRHashTable@@QBE_NXZ
MpHeapAlloc
?Size@CLKRLinearHashTable@@QBEKXZ
?MaxSize@CLKRLinearHashTable@@QBEKXZ
MpHeapDestroy
?ReadOrWriteLock@CFakeLock@@QAE_NXZ
?InsertHead@CDoubleList@@QAEXQAVCListEntry@@@Z
?sm_pfnTryEnterCriticalSection@CCriticalSection@@0P6GHPAU_RTL_CRITICAL_SECTION@@@ZA
??4CMdVersionInfo@@QAEAAV0@ABV0@@Z
?IsUnlocked@CLockedDoubleList@@QBE_NXZ
?IsWriteUnlocked@CSpinLock@@QBE_NXZ

query

?Get@CWin32RegAccess@@QAEHPBGAAK@Z
??0CFullPropSpec@@QAE@AAVPDeSerStream@@@Z
?AcquireRead@CPropertyStore@@AAEXAAVCReadWriteLockRecord@@@Z
??1CPropertyStore@@QAE@XZ
?AppendListElement@CDbProjectListAnchor@@QAEHABUtagDBID@@PAG@Z
?Open@COLEPropManager@@QAEHABVCFunnyPath@@@Z
?IsCIEnabled@CMachineAdmin@@QAEHXZ
??0CCategorizationSet@@QAE@ABV0@@Z
?ResetBuffer@CQueryScanner@@QAEXPBG@Z
?OpenRecordForWrites@CPropStoreManager@@QAEPAVCCompositePropRecordForWrites@@KPAE@Z
?SkipChar@CMemDeSerStream@@UAEXK@Z
?ReadProperty@CPropertyStore@@QAEHAAVCPropRecordNoLock@@KPAUtagPROPVARIANT@@PAI@Z
?SetBSTR@CStorageVariant@@QAEXPAGI@Z
??0CDbNatLangRestriction@@QAE@PBGABVCDbColumnNode@@K@Z
??0CStandardPropMapper@@QAE@XZ
?ReadProperty@CPropStoreManager@@QAEHAAVCCompositePropRecord@@KPAUtagPROPVARIANT@@PAI@Z
?GetPropInfoFromName@CEmptyPropertyList@@UAGJPBGPAPAUtagDBID@@PAGPAI@Z
?GetScodeError@@YGJAAVCException@@@Z
??0CDriveInfo@@QAE@PBGK@Z
?RemoveFirstChild@CDbCmdTreeNode@@IAEPAV1@XZ
?InitIterator@CPropertyList@@UAEXXZ
?AddArg@CFwEventItem@@QAEXPBG@Z
??1CWordRestriction@@QAE@XZ
??0CNatLanguageRestriction@@QAE@PBGABVCFullPropSpec@@K@Z
?SetUI4@CStorageVariant@@QAEXKI@Z
??0CPerfMon@@QAE@PBG@Z
FsCiShutdown
?GetTotalSizeInKB@CPropertyStore@@QAEKXZ
??0CLocalGlobalPropertyList@@QAE@PAVCEmptyPropertyList@@HPBGK@Z
?Enum@CWin32RegAccess@@QAEHPAGK@Z
?Grow@CDynStream@@QAEXAAVPStorage@@K@Z
?SetLPSTR@CStorageVariant@@QAEXPBDI@Z

kernel32

CompareStringA
VirtualAllocEx
OpenMutexA
GetModuleHandleW
GlobalFindAtomW
SetTapePosition
GetFileAttributesExW
QueryPerformanceCounter
GetStartupInfoA
QueueUserWorkItem
FindNextVolumeMountPointW
VirtualAlloc
CreateMutexW
GetStartupInfoW
lstrcat
GlobalGetAtomNameA
OutputDebugStringA
NlsGetCacheUpdateCount
ResetEvent
SetHandleCount
Module32FirstW
GetSystemTimeAdjustment
MapUserPhysicalPages
SetFileShortNameW
IsBadWritePtr
SetCriticalSectionSpinCount
HeapUnlock
AllocConsole
CreateFileW
CreateTimerQueue
GetCurrentDirectoryA
SetConsoleCursorMode
Module32Next
LoadLibraryA
EscapeCommFunction
EndUpdateResourceA

msi

MsiEvaluateConditionA
MsiEnumComponentCostsA
MsiRecordIsNull
MsiViewExecute
MsiDatabaseGenerateTransformA
MsiVerifyDiskSpace
MsiGetProductInfoW
MsiGetComponentStateW
MsiOpenPackageExW
MsiCloseHandle
MsiGetFeatureCostW
MsiDatabaseIsTablePersistentA
MsiAdvertiseScriptA
MsiLoadStringA
MsiLocateComponentW
MsiSummaryInfoSetPropertyA
MsiGetProductCodeA
MsiConfigureFeatureFromDescriptorW
MsiSummaryInfoGetPropertyCount
MsiGetUserInfoA
MsiReinstallFeatureA
MsiDatabaseGenerateTransformW
MsiViewGetErrorA
MsiDatabaseImportW
MsiConfigureProductExA
MsiProvideQualifiedComponentExA
MsiQueryFeatureStateA
MsiGetTargetPathA
MsiGetFeatureStateW
MsiVerifyPackageW

mprddm

RasAuthProviderAuthenticateUser
DDMServicePostListens
DDMSendUserMessage
DDMAdminPortReset
DDMAdminInterfaceDisconnect
IfObjectLoadPhonebookInfo
DDMAdminServerGetInfo
DDMAdminPortClearStats
DDMGetIdentityAttributes
DDMAdminPortEnum
DDMTransportCreate
RasAuthProviderInitialize
RasAuthConfigChangeNotification
DDMServiceInitialize
IfObjectInitiatePersistentConnections
RasAuthProviderFreeAttributes
RasAcctProviderTerminate
RasAcctProviderInitialize
RasAcctProviderStopAccounting
DDMAdminConnectionClearStats
DDMAdminPortDisconnect
DDMRegisterConnectionNotification
DDMAdminConnectionGetInfo
RasAcctProviderInterimAccounting
DDMAdminInterfaceConnect
DDMAdminPortGetInfo
RasAcctConfigChangeNotification
IfObjectSetDialoutHoursRestriction
RasAuthProviderTerminate
DDMDisconnectInterface
DDMAdminConnectionEnum
IfObjectNotifyOfReachabilityChange
DDMConnectInterface
RasAcctProviderFreeAttributes
RasAcctProviderStartAccounting

pstorsvc

Start
PSTOREServiceMain
ServiceEntry

Sections

.text
Size: 177KB - Virtual size: 177KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 322KB - Virtual size: 322KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 371KB - Virtual size: 1.8MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 1024B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 1024B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

ff78305c5bc3cb17597a5d4760033f24

Headers

DLL Characteristics

File Characteristics

Imports

msasn1

msdart

query

kernel32

msi

mprddm

pstorsvc

Sections

.text Size: 177KB - Virtual size: 177KB

.rdata Size: 322KB - Virtual size: 322KB

.data Size: 371KB - Virtual size: 1.8MB

.rsrc Size: 1024B - Virtual size: 1024B

.reloc Size: 1024B - Virtual size: 1024B

.text
Size: 177KB - Virtual size: 177KB

.rdata
Size: 322KB - Virtual size: 322KB

.data
Size: 371KB - Virtual size: 1.8MB

.rsrc
Size: 1024B - Virtual size: 1024B

.reloc
Size: 1024B - Virtual size: 1024B