32a9feb050376e8ab1de6da0020e9f28

Sharing

Copy URL Twitter E-mail

General

Target

32a9feb050376e8ab1de6da0020e9f28
Size

822KB
MD5

32a9feb050376e8ab1de6da0020e9f28
SHA1

d281d3e94e538db88ea075d9ce13ca5922038bae
SHA256

12af7b3708fd7733ba448b15909f1e1e691cf2418b42a243b93641c4bd019edf
SHA512

a3dbec440c52257493984e9ef8d1c6ba7b1dda2a8d8f3834cb7b17d03bf287579caf8bfb95f986d2ae6e2e21fa76792af77a860fdf6ad61cf42b054b3b722e53
SSDEEP

24576:/Y+PxPSUVvMHcmp1CZ+bCueFYtyvaCq2nMHGf5rfM0T:nSwQZz4+bCpFYyvNqbitT

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
32a9feb050376e8ab1de6da0020e9f28

Files

32a9feb050376e8ab1de6da0020e9f28
.exe windows:5 windows x86 arch:x86

2613bb8972e7f56c8779cc72b617e59f

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetDiskFreeSpaceExW
GetNativeSystemInfo
MoveFileExW
SetWaitableTimer
GetCurrentProcessId
DeleteVolumeMountPointA
GetConsoleAliasesW
GetStartupInfoA
SetCriticalSectionSpinCount
SetConsoleTextAttribute
SetConsoleCursorPosition
FlushViewOfFile
DeleteFileW
BuildCommDCBW
FindClose
TerminateThread
FindAtomW
OpenSemaphoreA
QueueUserAPC
FindResourceExA
ProcessIdToSessionId
LoadLibraryW
UnlockFile
GetCurrentDirectoryW
HeapUnlock
SetTapePosition
ExitVDM
GetLargestConsoleWindowSize
UnregisterWaitEx
BackupSeek
EnumSystemLocalesW
MapViewOfFileEx
lstrcat
GetVersionExW
CompareFileTime
VirtualLock
CreateHardLinkA
RemoveDirectoryA
AddConsoleAliasA
FlushInstructionCache
SetCalendarInfoA
VirtualFree
BackupWrite
SetHandleCount
GetOEMCP
GetModuleFileNameW
OpenEventW
GetModuleHandleA
CancelDeviceWakeupRequest
GetVolumeNameForVolumeMountPointA
OpenFileMappingA
SetConsoleTitleW
Beep
EnumerateLocalComputerNamesW
SetFileTime

adsldpc

ADsSetLastError
BuildADsParentPathFromObjectInfo2
LdapGetSubSchemaSubEntryPath
LdapOpenObject2
LdapReadAttributeFast
SchemaOpen
LdapAddExtS
BerBvFree
ADSIOpenDSObject
ADsGetPreviousRow
ADsEnumAttributes
?GetNextToken@CLexer@@QAEJPAGPAK@Z
BuildADsPathFromLDAPPath2
LdapSearchExtS
ADsGetColumn
LdapReadAttribute
LdapAttributeFree

gdi32

SetWorldTransform
GetFontResourceInfoW
GetTextCharsetInfo
DdEntry52
ColorCorrectPalette
SetStretchBltMode
BitBlt
PolyTextOutW
GdiEntry7
EngComputeGlyphSet
BeginPath
SetDCBrushColor
GdiCreateLocalMetaFilePict
CreateFontW
EnumICMProfilesA
LPtoDP
SetBkColor
GdiFixUpHandle

rasapi32

RasGetAutodialEnableA
RasScriptReceive
RasValidateEntryNameA
RasGetCustomAuthDataW
RasGetEapUserDataA
RasDeleteSubEntryW
RasGetSubEntryHandleA
RasGetProjectionInfoW
RasClearConnectionStatistics
RasGetAutodialParamW
RasDeleteEntryW
DwEnumEntryDetails
RasDialW
RasGetCredentialsW
RasEnumEntriesA
RasGetSubEntryPropertiesW
RasSetEntryPropertiesA
RasSetSubEntryPropertiesA
RasSetCustomAuthDataW

apphelp

ApphelpCheckInstallShieldPackage
SdbFindFirstNamedTag
SdbUnregisterDatabase
ApphelpFreeFileAttributes
SdbReadBYTETagRef
ApphelpFixMsiPackageExe
SdbSetPermLayerKeys
SetPermLayers
SdbGrabMatchingInfo
SdbResolveDatabase
SdbQueryDataEx
SdbQueryApphelpInformation
SdbReadEntryInformation
SdbGetStringTagPtr
ApphelpCheckShellObject
ApphelpCheckMsiPackage
ApphelpCheckIME
ApphelpCheckExe
SdbFindFirstMsiPackage_Str
SdbReadWORDTagRef
SdbGetStandardDatabaseGUID
SdbReadQWORDTagRef
SdbGetPermLayerKeys

advapi32

CredProfileLoaded
SetSecurityDescriptorRMControl
QueryUsersOnEncryptedFile
QueryRecoveryAgentsOnEncryptedFile
LockServiceDatabase
ElfRegisterEventSourceA
RegEnumKeyW
LsaQueryInfoTrustedDomain
GetWindowsAccountDomainSid
GetMultipleTrusteeW
BuildImpersonateExplicitAccessWithNameA
WmiFileHandleToInstanceNameA
PrivilegedServiceAuditAlarmW
GetMultipleTrusteeOperationA
CryptSetProviderExA
A_SHAUpdate

Sections

.text
Size: 395KB - Virtual size: 395KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 107KB - Virtual size: 106KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 157KB - Virtual size: 1.5MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 160KB - Virtual size: 159KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 836B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

2613bb8972e7f56c8779cc72b617e59f

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

adsldpc

gdi32

rasapi32

apphelp

advapi32

Sections

.text Size: 395KB - Virtual size: 395KB

.rdata Size: 107KB - Virtual size: 106KB

.data Size: 157KB - Virtual size: 1.5MB

.rsrc Size: 160KB - Virtual size: 159KB

.reloc Size: 1024B - Virtual size: 836B

.text
Size: 395KB - Virtual size: 395KB

.rdata
Size: 107KB - Virtual size: 106KB

.data
Size: 157KB - Virtual size: 1.5MB

.rsrc
Size: 160KB - Virtual size: 159KB

.reloc
Size: 1024B - Virtual size: 836B