30698021defad9da3bbe8b2dcbf26ab2

Sharing

Copy URL

Twitter E-mail

General

Target

30698021defad9da3bbe8b2dcbf26ab2
Size

861KB
MD5

30698021defad9da3bbe8b2dcbf26ab2
SHA1

d5bf2d3a670cfeea4268d9fd00747f185eca8d6d
SHA256

466e5a6ef8726175199f8a97e9bf8aaef1deefbee13230db1e7f347ff53ea892
SHA512

91df9ac850fefafc75cb8cb04cae4aac09051e696d009a2fd05b808e2869f3ac8ee2f9f2233ea66a258c072114b1542f935c69cb52db87a1e8a3755521fdc1af
SSDEEP

24576:TQmXpD4c3lW+BPC1xN8UOz9Gn2pveCUCKO:nXpD4XuPC1x+z9G+/d

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
30698021defad9da3bbe8b2dcbf26ab2

Files

30698021defad9da3bbe8b2dcbf26ab2
.exe windows:5 windows x86 arch:x86

9615bbbd3e62f3727fff8e2761f688b3

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

EnumLanguageGroupLocalesA
GlobalSize
SetCommConfig
GetExpandedNameA
ReleaseSemaphore
InitializeCriticalSectionAndSpinCount
GlobalDeleteAtom
CreateFiberEx
GetModuleHandleW
RaiseException
SetConsoleKeyShortcuts
UnregisterWaitEx
FreeLibrary
GetComputerNameW
MoveFileExA
OpenSemaphoreW
IsValidLanguageGroup
LoadLibraryA
WriteProfileStringW
FindAtomW
GetShortPathNameA
ReadProcessMemory
GetEnvironmentStringsA
SetCommMask
VirtualFreeEx
VirtualAlloc
GetConsoleInputExeNameA
GetModuleHandleExA
GetCommProperties
GetStartupInfoW
SetConsoleCP
SwitchToThread
EnumSystemGeoID
SetFirmwareEnvironmentVariableW
Module32Next
_lclose
LocalShrink
WriteFile
SetCommBreak
WritePrivateProfileStructW
GetUserDefaultLCID
GetPrivateProfileSectionNamesW
HeapCreate
SetLocaleInfoA

wldap32

ldap_parse_referenceA
ldap_first_entry
ldap_modify_ext_s
ldap_sasl_bind_sW
ldap_modify_ext_sW
ldap_compareW
ldap_simple_bindA
ldap_extended_operationA
ldap_add
ldap_parse_extended_resultA
ldap_add_extA
ldap_sslinitW
ldap_controls_free
ber_free
ldap_free_controlsA
ldap_deleteA
ldap_modify_sA
ldap_extended_operation
ldap_control_free
ldap_modifyA
ldap_value_freeA
ldap_explode_dn
ldap_delete_s
ldap_get_dn
ber_printf
ldap_parse_sort_control
ldap_ufn2dnW
ldap_modify_ext
ldap_simple_bind_sA
ldap_rename_ext_sA
ldap_rename_ext
ldap_encode_sort_controlA
ldap_search_init_pageW
ldap_addW
ber_skip_tag
ldap_delete_ext_s
ldap_compare_ext_s
ldap_search_abandon_page
ldap_modrdn_sW
ldap_parse_vlv_controlA

shlwapi

UrlHashW
PathSearchAndQualifyA
AssocQueryStringA
PathAddExtensionA
UrlCompareA
wvnsprintfW
UrlEscapeW
PathIsRelativeA
SHEnumValueW
PathFindExtensionA
DelayLoadFailureHook
SHDeleteKeyA
PathGetCharTypeA
PathRemoveExtensionW
StrCmpNW
PathCanonicalizeA
PathIsUNCServerW
SHStrDupA
UrlUnescapeA
PathIsDirectoryA
PathUnmakeSystemFolderW
SHSetValueW
PathSetDlgItemPathW
StrChrW
AssocQueryStringByKeyA
SHCreateStreamOnFileA
PathParseIconLocationA
PathGetDriveNumberA
StrToIntExW
SHDeleteValueA

msvcirt

??1istrstream@@UAE@XZ
?flags@ios@@QAEJJ@Z
??0fstream@@QAE@HPADH@Z
?get@istream@@QAEAAV1@AAD@Z
??6ostream@@QAEAAV0@O@Z
?setbuf@ofstream@@QAEPAVstreambuf@@PADH@Z
?setg@streambuf@@IAEXPAD00@Z
?ignore@istream@@QAEAAV1@HH@Z
??6ostream@@QAEAAV0@P6AAAVios@@AAV1@@Z@Z
??1ostream_withassign@@UAE@XZ
??6ostream@@QAEAAV0@D@Z
??0exception@@QAE@XZ
?gcount@istream@@QBEHXZ
??_7ostrstream@@6B@
?lockc@ios@@KAXXZ
?out_waiting@streambuf@@QBEHXZ
?unlock@streambuf@@QAEXXZ
??0streambuf@@IAE@XZ
??0strstream@@QAE@PADHH@Z
??_Giostream@@UAEPAXI@Z
??_8ostream_withassign@@7B@
?sync_with_stdio@ios@@SAXXZ
?cerr@@3Vostream_withassign@@A
??0strstream@@QAE@ABV0@@Z
?clrlock@streambuf@@QAEXXZ

Sections

.text
Size: 376KB - Virtual size: 376KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 357KB - Virtual size: 357KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 124KB - Virtual size: 1.5MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 1024B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 1024B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

9615bbbd3e62f3727fff8e2761f688b3

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

wldap32

shlwapi

msvcirt

Sections

.text Size: 376KB - Virtual size: 376KB

.rdata Size: 357KB - Virtual size: 357KB

.data Size: 124KB - Virtual size: 1.5MB

.rsrc Size: 1024B - Virtual size: 1024B

.reloc Size: 1024B - Virtual size: 1024B

.text
Size: 376KB - Virtual size: 376KB

.rdata
Size: 357KB - Virtual size: 357KB

.data
Size: 124KB - Virtual size: 1.5MB

.rsrc
Size: 1024B - Virtual size: 1024B

.reloc
Size: 1024B - Virtual size: 1024B