0d31b3e9dbe2d6e3b39392918b50dea6

Sharing

Copy URL Twitter E-mail

General

Target

0d31b3e9dbe2d6e3b39392918b50dea6
Size

98KB
MD5

0d31b3e9dbe2d6e3b39392918b50dea6
SHA1

537b9010220eb3f17b8bbf859a3d1ec639532078
SHA256

18bcdbcc0f001c0e73b62aed9847e94789d13dc206b46056ea04acd53278a3ba
SHA512

f5e88992aa3367abde3e8c4df12d87e9a7f645e06ea1e9ae41a94fcea538683db608419a2832b7ec14d66344cb76115db5d85dbc969b36144da4bac12680fa35
SSDEEP

1536:7AEW7Guv8IRiGZrpTwpRiF9nSCqhjgE/vKtd5i6yGFmXn90CylpM4cKayjrGGuTt:AYIRfJ6pRK9nsXOdAJGW9y3/tjt+r7

Score

3^/10

Malware Config

Signatures

Unsigned PE 2 IoCs

Checks for missing Authenticode signature.

resource
unpack001/net1.exe
unpack001/serivces.exe

Files

0d31b3e9dbe2d6e3b39392918b50dea6
.rar
net1.exe
.exe windows:5 windows x86 arch:x86

7330172e5e007f84561e5bcc59c305f5

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

msvcrt

wcsncat
wcsstr
swprintf
_wcsrev
_ultow
rand
srand
wcsrchr
calloc
iswctype
wcscspn
memmove
_c_exit
_exit
_XcptFilter
_cexit
__initenv
__getmainargs
_initterm
__setusermatherr
_adjust_fdiv
__p__commode
_wcsicmp
__p__fmode
__set_app_type
_controlfp
_except_handler3
malloc
realloc
free
wcschr
exit
sprintf
setlocale
_wcsnicmp
_iob
_setmode
qsort
wcsspn
wcsncpy
wcsncmp
wcscpy
_wcslwr
wcscat
wcslen
_wcsupr
wcscmp
_wfopen
wcstok
_wcsdup
ftell
fread
putchar
wcstod

advapi32

CopySid
CloseServiceHandle
GetServiceDisplayNameW
OpenSCManagerW
GetServiceKeyNameW
RegQueryValueExW
RegConnectRegistryW
RegOpenKeyExW
RegCloseKey
RegSetValueExW
RegDeleteValueW
LsaLookupNames
LsaLookupNames2
LsaOpenPolicy
LsaQueryInformationPolicy
GetLengthSid
LsaLookupSids
EqualSid
LsaFreeMemory
GetSidSubAuthorityCount
GetSidLengthRequired
GetSidSubAuthority
LsaClose
QueryServiceStatus
OpenServiceW
EnumDependentServicesW

kernel32

SetSystemTime
GetProfileStringW
GetThreadLocale
GetDateFormatW
GetTimeFormatW
GetDriveTypeW
GetComputerNameW
WideCharToMultiByte
GetSystemTime
GetConsoleOutputCP
SetLocalTime
GetSystemDefaultLangID
SetThreadLocale
GetStdHandle
GetLastError
GetCommandLineW
GetUserDefaultLCID
CompareStringW
Sleep
GetComputerNameExW
GetTickCount
LocalFree
GetProcAddress
LoadLibraryW
GetModuleHandleA
GetFileType
GetComputerNameA
GlobalAlloc
GlobalFree
LocalReAlloc
lstrlenW
GetTimeZoneInformation
WriteConsoleW
LocalAlloc
WriteFile
FreeLibrary
SetLastError
GetModuleFileNameW
FormatMessageW
PeekConsoleInputW
GetConsoleMode
SetConsoleMode
ReadConsoleW
GetCPInfo

netapi32

NetShareEnum
NetShareSetInfo
NetShareAdd
I_NetPathType
NetShareCheck
NetShareDelSticky
NetStatisticsGet
NetApiBufferReallocate
NetApiBufferAllocate
DsGetDcNameW
NetRemoteTOD
NetUserGetInfo
I_NetListTraverse
I_NetNameCompare
I_NetListCanonicalize
NetUserEnum
NetUserGetGroups
NetUserSetInfo
NetUseDel
NetUseEnum
NetapipBufferAllocate
NetWkstaUserGetInfo
NetWkstaGetInfo
NetServerEnum
NetServerGetInfo
NetServerSetInfo
I_NetNameValidate
NetShareGetInfo
NetApiBufferFree
NetUserModalsGet
NetUserModalsSet
NetServiceEnum
DsRoleFreeMemory
DsRoleGetPrimaryDomainInformation
NetServiceControl
NetSessionEnum
NetUserAdd
NetUserDel
NetFileClose
NetFileGetInfo
NetFileEnum
NetGroupAdd
NetGroupSetInfo
NetGroupDel
NetGroupAddUser
NetGroupDelUser
NetGroupEnum
NetGroupGetUsers
I_NetNameCanonicalize
NetGroupGetInfo
NetMessageNameEnum
NetMessageNameAdd
NetMessageNameDel
NetMessageBufferSend
NetWkstaTransportEnum
NetServerTransportEnum
NetSessionDel
NetSessionGetInfo
NetConnectionEnum
NetShareDel
NetServiceInstall

samlib

SamDeleteAlias
SamRemoveMemberFromAlias
SamAddMemberToAlias
SamCreateAliasInDomain
SamGetAliasMembership
SamSetInformationAlias
SamGetMembersInAlias
SamEnumerateAliasesInDomain
SamConnect
SamOpenDomain
SamLookupNamesInDomain
SamCloseHandle
SamOpenAlias
SamFreeMemory
SamQueryInformationAlias
SamLookupIdsInDomain

ntdsapi

DsBindW
DsCrackNamesW
DsFreeNameResultW
DsUnBindW

ntdll

RtlUnicodeToOemN
RtlInitAnsiString
RtlxOemStringToUnicodeSize
RtlInitString
strrchr
strchr
_strnicmp
_stricmp
isdigit
RtlUnwind
NlsMbOemCodePageTag
RtlxUnicodeStringToOemSize
strncpy
RtlOemStringToUnicodeString
RtlInitUnicodeString
_ultoa
RtlCompareMemory
RtlQueryTimeZoneInformation
NtDuplicateToken
NtAdjustPrivilegesToken
NtSetInformationThread
RtlTimeFieldsToTime
RtlNtStatusToDosError
NtOpenProcessToken
NtClose
RtlSubAuthorityCountSid
RtlCopySid
RtlSubAuthoritySid
RtlLengthRequiredSid
RtlInitializeSid
wcspbrk
RtlAllocateHeap
_snwprintf
_vsnwprintf
_ftol
NtQuerySystemTime
RtlTimeToSecondsSince1970
RtlLengthSid
RtlGetNtProductType
NtFsControlFile
NtCreateFile
NtImpersonateAnonymousToken
NtOpenThreadToken

netrap

RapGetFieldSize
RapParmNumDescriptor
RapConvertSingleEntry
RapAsciiToDecimal
RapArrayLength
RapAuxDataCount
RapTotalSize
RapStructureSize
RapAuxDataCountOffset
RapConvertSingleEntryEx
RapStructureAlignment

Sections

.text
Size: 95KB - Virtual size: 94KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 15KB - Virtual size: 53KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 968B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
serivces.exe
.exe windows:4 windows x86 arch:x86

09d0478591d4f788cb3e5ea416c25237

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

LoadLibraryA
GetProcAddress
VirtualAlloc
VirtualFree

Sections

.text
Size: 42KB - Virtual size: 476KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 3KB - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

7330172e5e007f84561e5bcc59c305f5

Headers

DLL Characteristics

File Characteristics

Imports

msvcrt

advapi32

kernel32

netapi32

samlib

ntdsapi

ntdll

netrap

Sections

.text Size: 95KB - Virtual size: 94KB

.data Size: 15KB - Virtual size: 53KB

.rsrc Size: 1024B - Virtual size: 968B

09d0478591d4f788cb3e5ea416c25237

Headers

File Characteristics

Imports

kernel32

Sections

.text Size: 42KB - Virtual size: 476KB

.rsrc Size: 3KB - Virtual size: 4KB

.text
Size: 95KB - Virtual size: 94KB

.data
Size: 15KB - Virtual size: 53KB

.rsrc
Size: 1024B - Virtual size: 968B

.text
Size: 42KB - Virtual size: 476KB

.rsrc
Size: 3KB - Virtual size: 4KB