36087b3bd9beb38ce74c2d14d2a7dca1

Sharing

Copy URL Twitter E-mail

General

Target

36087b3bd9beb38ce74c2d14d2a7dca1
Size

867KB
MD5

36087b3bd9beb38ce74c2d14d2a7dca1
SHA1

1c6f23fc79a58ac5d8b331e39832eade5ca98580
SHA256

554fb27e0148293e411fe13cf4f29ce755a90403e7f9d770ca510a92da92d549
SHA512

ecc2b1b342d66898e0527ec107754c6a3849fce8578d464a6fb69c9b2e5a363eaf2683cd8f06ccc113862f97385b580161bb0705c4ffaa38dea62240a3ec4974
SSDEEP

24576:nM79kpFh2z5IqD0jv49lB2SAMVOYQSI/d8aqJ:6PFD0jvk2SAKed8aqJ

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
36087b3bd9beb38ce74c2d14d2a7dca1

Files

36087b3bd9beb38ce74c2d14d2a7dca1
.exe windows:5 windows x86 arch:x86

401bfbfa9280cbc493305b77b8b020ae

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

ExpungeConsoleCommandHistoryW
CallNamedPipeW
SetLocaleInfoA
LoadLibraryA
lstrcmpA
GetCurrentConsoleFont
GetCommConfig
GetCurrentProcessId
GetModuleHandleW
OutputDebugStringW
FatalAppExitA
CancelDeviceWakeupRequest
ExpungeConsoleCommandHistoryA
EraseTape
SetThreadIdealProcessor
DefineDosDeviceW
EnumSystemCodePagesA
FindResourceExW
OpenJobObjectW
GetEnvironmentStringsA
ResetWriteWatch
TlsAlloc
UnlockFile
IsValidCodePage
GetTempFileNameA
ExpandEnvironmentStringsW
DebugActiveProcess
GetSystemDefaultLangID
GetMailslotInfo
GetConsoleInputWaitHandle
Heap32Next
VirtualAlloc
ReadConsoleOutputCharacterW
GetProfileIntW
SetComPlusPackageInstallStatus
GetVersion
LockFile
FreeLibrary
GetTapeParameters
DeviceIoControl
WriteConsoleInputVDMW
SetProcessShutdownParameters
FlushConsoleInputBuffer
SetCommState
GetSystemTime
WriteTapemark
FileTimeToDosDateTime
SetTermsrvAppInstallMode
LocalHandle
RtlCaptureContext
EnterCriticalSection
FindNextFileW
GetFullPathNameW
SetCurrentDirectoryA
GetFileSize
DeleteVolumeMountPointA
CancelIo
GetSystemDefaultUILanguage
RegisterConsoleIME

rasapi32

RasGetConnectionStatistics
RasGetEntryHrasconnW
RasSetAutodialEnableA
RasConnectionNotificationA
RasEditPhonebookEntryA
RasGetAutodialEnableW
RasSetSharedAutoDial
RasScriptGetIpAddress
RasEnumEntriesW
RasSetAutodialParamA
RasEnumDevicesA
RasGetSubEntryHandleA
RasEnumEntriesA
RasEnumDevicesW
RasGetEapUserIdentityW
RasSetEntryPropertiesW
RasGetCredentialsW
RasGetLinkStatistics
RasGetHport
RasGetConnectStatusA
RasFreeEapUserIdentityW
RasClearLinkStatistics
RasGetSubEntryHandleW
RasSetEapUserDataW
RasDialW
RasScriptReceive
RasSetEntryDialParamsW
RasGetEntryPropertiesW
RasDialA
RasGetCountryInfoW
RasFreeEapUserIdentityA
RasGetAutodialAddressW
RasQueryRedialOnLinkFailure
RasConnectionNotificationW
RasHangUpW
RasGetConnectStatusW
RasHangUpA

msvcrt

memchr
??4bad_typeid@@QAEAAV0@ABV0@@Z
iswprint
fwprintf
??_V@YAXPAX@Z
_setjmp
??_Fbad_typeid@@QAEXXZ
_wcsrev
_wtof
__pctype_func
__wgetmainargs
__p__commode
_strncoll
_getdiskfree
strncat
__set_app_type
_CIcos
iswalpha
__getmainargs
exit
getc
__argv
_findnext
_localtime64
__p__fileinfo
_wfsopen
__p__winmajor
_adj_fdiv_m32
_wexecv
memset
getchar
_spawnve
_heapmin
_ecvt
_searchenv
setbuf
_strtoui64

setupapi

SetupDiGetActualSectionToInstallExW
pSetupVerifyQueuedCatalogs
SetupLogErrorA
CM_Set_DevNode_Registry_Property_ExW
SetupGetFieldCount
SetupDiGetCustomDevicePropertyA
SetupCreateDiskSpaceListA
CM_Get_HW_Prof_Flags_ExW
CM_Disable_DevNode_Ex
SetupDestroyDiskSpaceList
pSetupSetQueueFlags
CM_Get_Next_Res_Des
CM_Get_Child_Ex
SetupQuerySourceListW
SetupDiGetClassInstallParamsW
CM_Get_Next_Res_Des_Ex
CM_Set_HW_Prof
VerifyCatalogFile
CM_Get_Device_ID_List_Size_ExA
CMP_Report_LogOn
SetupDiGetClassDescriptionExA
CM_Set_HW_Prof_FlagsA
CM_Get_Device_ID_Size
CM_Add_IDW
SetupDefaultQueueCallbackW
CM_Dup_Range_List
CM_Enumerate_Classes_Ex

advapi32

SystemFunction034
CryptSetProviderExW
SystemFunction013
WmiDevInstToInstanceNameA
CredIsMarshaledCredentialA
InstallApplication
RegSaveKeyW
BuildTrusteeWithNameA
WmiSetSingleInstanceW
AccessCheckByTypeResultList
ReadEventLogW
RegOpenKeyW
SetEntriesInAuditListW
TraceEventInstance
SystemFunction032
MD5Final
I_ScPnPGetServiceName
SystemFunction036
QueryServiceConfigW
DeleteService
LsaOpenTrustedDomainByName
CredFree
RegDeleteValueW
GetTrusteeNameA
CredProfileLoaded
AdjustTokenGroups
ElfReportEventW
GetWindowsAccountDomainSid
AddAuditAccessAce
DeregisterEventSource

Sections

.text
Size: 437KB - Virtual size: 437KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 318KB - Virtual size: 318KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 107KB - Virtual size: 1.5MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 1024B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

401bfbfa9280cbc493305b77b8b020ae

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

rasapi32

msvcrt

setupapi

advapi32

Sections

.text Size: 437KB - Virtual size: 437KB

.rdata Size: 318KB - Virtual size: 318KB

.data Size: 107KB - Virtual size: 1.5MB

.rsrc Size: 1024B - Virtual size: 1024B

.reloc Size: 1KB - Virtual size: 1KB

.text
Size: 437KB - Virtual size: 437KB

.rdata
Size: 318KB - Virtual size: 318KB

.data
Size: 107KB - Virtual size: 1.5MB

.rsrc
Size: 1024B - Virtual size: 1024B

.reloc
Size: 1KB - Virtual size: 1KB