1010405283251a0fc04f559d7f9250a4

Sharing

Copy URL

Twitter E-mail

General

Target

1010405283251a0fc04f559d7f9250a4
Size

405KB
MD5

1010405283251a0fc04f559d7f9250a4
SHA1

75dfa8473cc36f2229d8093faf135e145c857624
SHA256

f871f674bab2c920b5849f0db43037fd1574ccd75d9ac8aa1b49f2d932c54590
SHA512

7c9719400b11464c02ce8e7f33b6957965f9936c2bad3a904840a92abddab31127568ae25056d8fb3afdf8907a1c4cf76e25a1a0727fb186553fc4d01ca7c8bc
SSDEEP

6144:ExPhEmYFXGMxi//IZNf0TgsC9gNKNAi4r8n/N20yiLu9cCz:E7EBX9xYAZNf0sgeAi48w9Dz

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
1010405283251a0fc04f559d7f9250a4

Files

1010405283251a0fc04f559d7f9250a4
.exe windows:5 windows x86 arch:x86

c976516a83ef1959f0cf677eb6ed18c2

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Imports

wintrust

CryptCATCDFEnumMembersByCDFTagEx
SoftpubDefCertInit
WVTAsn1SpcIndirectDataContentEncode
WTHelperGetFileHandle
WVTAsn1CatMemberInfoEncode
mscat32DllUnregisterServer
CryptSIPGetSignedDataMsg
CryptCATCDFEnumCatAttributes
SoftpubAuthenticode
WTHelperGetProvPrivateDataFromChain
CryptSIPRemoveSignedDataMsg
CryptCATAdminAcquireContext
WVTAsn1SpcSigInfoDecode
CryptCATCatalogInfoFromContext
WTHelperCertFindIssuerCertificate
CryptCATAdminAddCatalog
CryptCATGetCatAttrInfo
WTHelperGetFileHash
CryptSIPVerifyIndirectData
CryptCATPutCatAttrInfo
DriverCleanupPolicy
CryptCATGetMemberInfo
SoftpubDllUnregisterServer
CryptCATAdminResolveCatalogPath
CryptCATPutMemberInfo
MsCatConstructHashTag
WTHelperGetFileName
WTHelperIsInRootStore
TrustFindIssuerCertificate
WTHelperCertIsSelfSigned

oleaut32

LoadRegTypeLib
VarR4FromDec
SafeArrayCreate
OleIconToCursor
DllGetClassObject
VarAdd
VarBstrFromUI4
VarUI4FromI4
VarBoolFromUI1
VarI4FromI8
VarUI1FromI4
VarBoolFromR8
VarCyMulI8
VarCyFix
VarUI2FromDisp
VarCyAdd
VarUI4FromI2
VarR8Pow
VarDecCmpR8
QueryPathOfRegTypeLib
VarR8FromUI1
VarI1FromUI2
VarUI2FromCy
VarDateFromI8

msvcirt

?egptr@streambuf@@IBEPADXZ
??_8ostream_withassign@@7B@
??0strstream@@QAE@ABV0@@Z
?setbuf@ifstream@@QAEPAVstreambuf@@PADH@Z
??0logic_error@@QAE@ABQBD@Z
??5istream@@QAEAAV0@AAI@Z
?read@istream@@QAEAAV1@PACH@Z
??0istream@@IAE@ABV0@@Z
?getline@istream@@QAEAAV1@PADHD@Z
??6ostream@@QAEAAV0@E@Z
??_8stdiostream@@7Bostream@@@
?close@fstream@@QAEXXZ
??0istrstream@@QAE@PAD@Z
??5istream@@QAEAAV0@PAD@Z
?delbuf@ios@@QAEXH@Z
?lockc@ios@@KAXXZ
??1exception@@UAE@XZ
??0ifstream@@QAE@H@Z
??6ostream@@QAEAAV0@PAVstreambuf@@@Z
??0ios@@IAE@ABV0@@Z
??4ostrstream@@QAEAAV0@ABV0@@Z
??0ifstream@@QAE@XZ
?isfx@istream@@QAEXXZ
?close@filebuf@@QAEPAV1@XZ

kernel32

InvalidateConsoleDIBits
SetVDMCurrentDirectories
ReleaseMutex
GetCommandLineA
InitializeCriticalSectionAndSpinCount
RtlFillMemory
HeapCreate
LZOpenFileW
GetLastError
GetProcessWorkingSetSize
TlsAlloc
GetProcAddress
GetDriveTypeA
GetModuleHandleW
VirtualAllocEx
VirtualAlloc
ReadFile
GetCurrentThreadId
GetConsoleScreenBufferInfo
ReadConsoleInputA
WriteProfileSectionA
GetNamedPipeHandleStateA
LoadLibraryA
Sleep
GetConsoleTitleA
GlobalCompact
SetClientTimeZoneInformation
AddConsoleAliasW
GetStartupInfoA
GetLongPathNameA
OpenWaitableTimerW
FindVolumeMountPointClose
GetCurrentProcess

ntdll

RtlDefaultNpAcl
ZwLoadDriver
RtlTimeFieldsToTime
NtQueryBootOptions
LdrGetProcedureAddress
RtlSubAuthorityCountSid
NtClearEvent
NtGetDevicePowerState
RtlValidateHeap
NtQuerySystemEnvironmentValue
RtlInitializeResource
RtlRevertMemoryStream
PfxInsertPrefix
_i64toa
_atoi64
__toascii
RtlNewInstanceSecurityObject
ZwSetIoCompletion
RtlAllocateHandle
ZwWaitForDebugEvent
NtTestAlert
RtlSetControlSecurityDescriptor
ZwSuspendThread
NtLoadDriver
wcstol
RtlDeregisterWait
RtlPrefixUnicodeString
RtlCreateSecurityDescriptor
NtQueryBootEntryOrder
isspace
RtlInitializeBitMap
wcsncmp
NtCreateFile
_ftol
NtOpenTimer
RtlRemoveVectoredExceptionHandler
NtDeleteObjectAuditAlarm
CsrFreeCaptureBuffer
RtlSetTimeZoneInformation
RtlZeroHeap
NtVdmControl
RtlInitUnicodeStringEx
NtSetTimer
_aullrem
vsprintf
ZwSetSystemTime
ZwResumeThread
DbgBreakPoint

ifsutil

??1SECRUN@@UAE@XZ
?QueryNtfsSupportInfo@DP_DRIVE@@SGJPAXPAE@Z
?AddEntry@AUTOREG@@SGEPBVWSTRING@@@Z
?Verify@IO_DP_DRIVE@@QAEEVBIG_INT@@0PAVNUMBER_SET@@@Z
?QueryVolumeName@MOUNT_POINT_MAP@@QAEEPAVWSTRING@@0@Z
?SetVolumeLabelAndPrintFormatReport@VOL_LIODPDRV@@QAEEPBVWSTRING@@PAVMESSAGE@@@Z
?SendSonyMSTestUnitReadyCmd@DP_DRIVE@@QAEEPAU_SENSE_DATA@@@Z
?Add@NUMBER_SET@@QAEEVBIG_INT@@@Z
?ShellSort@TLINK@@QAEXXZ
?DumpHashTable@SPARSE_SET@@QAEXXZ
?Read@SECRUN@@UAEEXZ
?GetNextDataSlot@TLINK@@QAEAAVBIG_INT@@XZ
?IsFileSystemEnabled@IFS_SYSTEM@@SGEPBVWSTRING@@PAE@Z
?CheckAndRemove@NUMBER_SET@@QAEEVBIG_INT@@PAE@Z
??1TLINK@@UAE@XZ
?Lock@IO_DP_DRIVE@@QAEEXZ
?SetCache@IO_DP_DRIVE@@QAEXPAVDRIVE_CACHE@@@Z
?GetCannedSecurityDescriptor@CANNED_SECURITY@@QAEPAXW4_CANNED_SECURITY_TYPE@@PAK@Z
?Initialize@INTSTACK@@QAEEXZ
?Remove@NUMBER_SET@@QAEEVBIG_INT@@@Z
?Look@INTSTACK@@QBE?AVBIG_INT@@K@Z
?QueryFileSystemName@IFS_SYSTEM@@SGEPBVWSTRING@@PAV2@PAJ1@Z

Sections

.text
Size: 6KB - Virtual size: 5KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 157KB - Virtual size: 156KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 139KB - Virtual size: 507KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 512B - Virtual size: 4B

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 101KB - Virtual size: 101KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 308B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

c976516a83ef1959f0cf677eb6ed18c2

Headers

File Characteristics

Imports

wintrust

oleaut32

msvcirt

kernel32

ntdll

ifsutil

Sections

.text Size: 6KB - Virtual size: 5KB

.rdata Size: 157KB - Virtual size: 156KB

.data Size: 139KB - Virtual size: 507KB

.tls Size: 512B - Virtual size: 4B

.rsrc Size: 101KB - Virtual size: 101KB

.reloc Size: 512B - Virtual size: 308B

.text
Size: 6KB - Virtual size: 5KB

.rdata
Size: 157KB - Virtual size: 156KB

.data
Size: 139KB - Virtual size: 507KB

.tls
Size: 512B - Virtual size: 4B

.rsrc
Size: 101KB - Virtual size: 101KB

.reloc
Size: 512B - Virtual size: 308B