13ef0758223175321cc388f14550f3d2

Sharing

Copy URL

Twitter E-mail

General

Target

13ef0758223175321cc388f14550f3d2
Size

322KB
MD5

13ef0758223175321cc388f14550f3d2
SHA1

6317e14f8097649f5a92e409ff08bf091e5c59d6
SHA256

e1e50ada96d9d34fa3922c9da0d1f2b7750a1588d917e09698a8cedadd8db7de
SHA512

6411bed4023a616f4f3c4239c080aee91d64c589dcf75a02511342960ef8ddc24e2f46f3c2b99e0295d7ff552ac2047f49922f124a1db3dc8dd7c4c7a5dcefc3
SSDEEP

6144:MZiHI2zl5gui5T5vuheUA2fLED1LSnFuKI4+Tij:ho2Juui9VuhegYLYuKIf+j

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
13ef0758223175321cc388f14550f3d2

Files

13ef0758223175321cc388f14550f3d2
.exe windows:0 windows x86 arch:x86

717b6ab88998c2a0c4fd2d65fd918764

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED

Imports

rtutils

RouterLogDeregisterA
RouterGetErrorStringW
RouterLogRegisterW
RouterLogEventValistExW
TraceDeregisterW
RouterLogEventDataW
RouterLogEventExA
RouterLogEventExW
RouterLogEventStringW
RouterAssert
TracePrintfExW

kernel32

HeapQueryInformation
VirtualFree
IsBadWritePtr
IsBadStringPtrW
CreateDirectoryW
VirtualAlloc
GlobalFree
GetFileSize
VirtualAlloc
GetCommandLineW
OutputDebugStringA
DeleteFileW
FindFirstFileW
CloseHandle
HeapFree
HeapCreate
HeapAlloc
lstrcmpiW
lstrcmpW

gdi32

GetDeviceCaps
CreateBitmap

glu32

gluNewTess
gluTessCallback
gluEndPolygon
gluPerspective
gluBeginPolygon
gluTessVertex
gluTessEndContour
gluDeleteQuadric
gluNewNurbsRenderer
gluBeginTrim
gluQuadricOrientation
gluNewQuadric
gluBeginCurve
gluDeleteNurbsRenderer
gluErrorString
gluQuadricTexture
gluGetTessProperty

shell32

SHGetSpecialFolderPathW
SHGetDiskFreeSpaceA
SHGetUnreadMailCountW
SHGetPathFromIDListA
SHGetIconOverlayIndexW
SHSetLocalizedName
SHMultiFileProperties
SHGetDataFromIDListW
SHPropStgCreate
SHObjectProperties
SHGetFolderLocation
SHGetFileInfoW
SHReplaceFromPropSheetExtArray
SHHelpShortcuts_RunDLLW
SHGetMalloc
SHGetAttributesFromDataObject
SHGetNewLinkInfoA
SHGetPathFromIDListW
SHPropStgReadMultiple
SHQueryRecycleBinA
SHLoadInProc
SHGetFolderPathAndSubDirW

msvcrt

__RTDynamicCast
tolower
_adjust_fdiv
_exit
__p__commode
swprintf
swscanf
wcsstr
_onexit
wcslen
_initterm
??1exception@@UAE@XZ

user32

GetDlgCtrlID
IsChild
TrackPopupMenuEx
LoadCursorW
PtInRect
GetDC
WinHelpW
GetWindowThreadProcessId
IsMenu
ModifyMenuW
SendMessageTimeoutW
IsRectEmpty
NotifyWinEvent
GetMessagePos
SetRectEmpty
LoadIconW
KillTimer
BeginPaint
GetClassInfoW
FillRect
SetForegroundWindow
LoadMenuW
SetWindowPos
PeekMessageW
MoveWindow
ReleaseDC
SetClipboardViewer
EndPaint
SendMessageW
EnableWindow
DeleteMenu
GetSysColorBrush

apphelp

SdbUnregisterDatabase
ApphelpUpdateCacheEntry
SdbGetDatabaseID
SdbGetPermLayerKeys
SdbGetDatabaseVersion
SdbReadStringTagRef
ApphelpCheckExe
SdbGrabMatchingInfo
SdbCreateMsiTransformFile
SdbCloseApphelpInformation
SdbOpenApphelpDetailsDatabase
SdbEnumMsiTransforms
SdbGetTagDataSize
SdbOpenApphelpInformation
SdbReadBYTETag
SdbGetStandardDatabaseGUID
SdbQueryData
SdbTagRefToTagID
SdbFindFirstMsiPackage_Str
ShimDumpCache
SdbFindFirstMsiPackage
AllowPermLayer

Sections

.text
Size: 187KB - Virtual size: 187KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 6KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 128KB - Virtual size: 808KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

717b6ab88998c2a0c4fd2d65fd918764

Headers

DLL Characteristics

File Characteristics

Imports

rtutils

kernel32

gdi32

glu32

shell32

msvcrt

user32

apphelp

Sections

.text Size: 187KB - Virtual size: 187KB

.data Size: 6KB - Virtual size: 5KB

.rsrc Size: 128KB - Virtual size: 808KB

.text
Size: 187KB - Virtual size: 187KB

.data
Size: 6KB - Virtual size: 5KB

.rsrc
Size: 128KB - Virtual size: 808KB