457155edbd589c421a9bccd9133ac630

Sharing

Copy URL Twitter E-mail

General

Target

457155edbd589c421a9bccd9133ac630
Size

169KB
MD5

457155edbd589c421a9bccd9133ac630
SHA1

ed510c4c80bc550ab552243d3daec7af777db324
SHA256

58acf8d53aac74252ca25f9fd27649a7d3a599ccec413cb0360bb87630316c75
SHA512

3e6ff1943de126c91c5c1baeeba115ef1a799709ec081348f24e62f61606eea4413565c2aa3dfd9b56756b7c3cf4f91970abf5b8b061bae4618c92ba844fa8cd
SSDEEP

3072:uqowBpDVJW7a1DnNbc7fisb7/Rm+/O/J+33LFtdu1RamhbK05++EMzcIe:ZZdVJOalnBSfis/Rml/cpby5++EMzcI

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
457155edbd589c421a9bccd9133ac630

Files

457155edbd589c421a9bccd9133ac630
.exe windows:5 windows x86 arch:x86

1fc116748147c7cd47f8a0ae4f5aaa54

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

oleaut32

LHashValOfNameSys
UnRegisterTypeLib
VarDateFromDisp
VarR4FromI8
VarCyFromI4
LPSAFEARRAY_Marshal
VarR4FromDisp
VariantClear
VectorFromBstr
VarBstrFromBool
VarDecNeg
VarUI4FromBool
VarDateFromR8
LHashValOfNameSysA
VarDateFromUI1
VarI4FromUI1
VarCyFromI2
VarDecAdd
SafeArrayCreateVectorEx
SafeArrayGetElement
VarBstrFromUI4
VarUI2FromDisp
VarDateFromUI4
VarR8FromUI2
SafeArrayRedim
VarCyAdd
VarR8FromI2
VarDecCmp
VarDateFromCy
VarI2FromUI2

kernel32

GetVolumePathNamesForVolumeNameA
FindFirstVolumeMountPointW
VirtualAlloc
GlobalFlags
GetTickCount
LoadLibraryA
FileTimeToSystemTime
_lopen
DeleteTimerQueueEx
FillConsoleOutputAttribute
GetFileTime
GetDiskFreeSpaceExA
ConvertThreadToFiber
SetEnvironmentVariableW
InitAtomTable
CreateProcessInternalA
GetExitCodeProcess
RequestWakeupLatency
EnterCriticalSection
PeekConsoleInputW
SetFilePointer
LocalAlloc
GetFirmwareEnvironmentVariableW
ReadConsoleInputW
GetProcessWorkingSetSize
BackupRead
QueueUserWorkItem
EnumLanguageGroupLocalesW
OpenMutexW
GetPrivateProfileStringA
ClearCommError
SetThreadIdealProcessor
SetVolumeMountPointW
GetComputerNameA
LZSeek
IsValidCodePage
GetTimeFormatW
WaitCommEvent
FindFirstVolumeMountPointA
RegisterConsoleVDM
CompareStringA
GetConsoleTitleA
SetTimeZoneInformation
OpenProfileUserMapping
GetModuleHandleExW
SetConsoleCursorPosition
GetNumberOfConsoleInputEvents
ReadConsoleInputExA
BeginUpdateResourceA
SetTermsrvAppInstallMode
LZRead
GetConsoleCommandHistoryW
GetConsoleProcessList
EnumResourceLanguagesA
DnsHostnameToComputerNameA
SetConsoleCursorInfo
GlobalLock
GetBinaryType
SetUnhandledExceptionFilter
GetUserDefaultLCID
GetConsoleAliasesA
ReadProcessMemory
IsValidLocale
IsDBCSLeadByte
WriteFileEx
SetLocalPrimaryComputerNameW
DeleteFiber
GetConsoleMode
CreateFiberEx
WriteConsoleOutputCharacterA
IsBadHugeReadPtr
WritePrivateProfileStringA
CloseConsoleHandle
GetVolumeNameForVolumeMountPointW
GetLocaleInfoW
AreFileApisANSI
SetThreadAffinityMask

ifsutil

?GetData@TLINK@@QAEAAVBIG_INT@@PAX@Z
?QuerySectorSize@DP_DRIVE@@UBEKXZ
?Initialize@LOG_IO_DP_DRIVE@@QAEEPBVWSTRING@@PAVMESSAGE@@EG@Z
?Initialize@READ_CACHE@@QAEEPAVIO_DP_DRIVE@@K@Z
??1VOL_LIODPDRV@@UAE@XZ
?IsArcSystemPartition@IFS_SYSTEM@@SGEPBVWSTRING@@PAE@Z
?Initialize@DIGRAPH@@QAEEK@Z
?Initialize@READ_WRITE_CACHE@@QAEEPAVIO_DP_DRIVE@@K@Z
?SetVolumeLabelAndPrintFormatReport@VOL_LIODPDRV@@QAEEPBVWSTRING@@PAVMESSAGE@@@Z
?DismountVolume@IFS_SYSTEM@@SGEPBVWSTRING@@@Z
?Initialize@NUMBER_SET@@QAEEXZ
?FileSetAttributes@IFS_SYSTEM@@SGEPBVWSTRING@@KPAK@Z
?Read@LOG_IO_DP_DRIVE@@QAEEVBIG_INT@@KPAX@Z
?Write@LOG_IO_DP_DRIVE@@QAEEVBIG_INT@@KPAX@Z
?QueryNtfsVersion@IFS_SYSTEM@@SGEPAE0PAVLOG_IO_DP_DRIVE@@PAX@Z
??1SUPERAREA@@UAE@XZ
?Initialize@SUPERAREA@@IAEEPAVMEM@@PAVLOG_IO_DP_DRIVE@@KPAVMESSAGE@@@Z
?ShellSort@TLINK@@QAEXXZ
?AddEdge@DIGRAPH@@QAEEKK@Z
?GetNext@TLINK@@QAEPAXPAX@Z
?SetAutochkTimeOut@VOL_LIODPDRV@@SGEK@Z
?CheckAndRemove@SPARSE_SET@@QAEEVBIG_INT@@PAE@Z
?RemoveAll@SPARSE_SET@@QAEEXZ
?IsEntryPresent@AUTOREG@@SGEPBVWSTRING@@@Z
??0DP_DRIVE@@QAE@XZ
?Remove@NUMBER_SET@@QAEEPBV1@@Z
?QueryChildren@DIGRAPH@@QBEEKPAVNUMBER_SET@@@Z
?CloseDriveHandle@DP_DRIVE@@QAEXXZ
?Push@INTSTACK@@QAEEVBIG_INT@@@Z
?Look@INTSTACK@@QBE?AVBIG_INT@@K@Z
?AddStart@NUMBER_SET@@QAEEVBIG_INT@@@Z
?QueryPageSize@IFS_SYSTEM@@SGKXZ
?AddNext@NUMBER_SET@@QAEEVBIG_INT@@@Z
?QueryParents@DIGRAPH@@QBEEKPAVNUMBER_SET@@@Z
?SendSonyMSRequestSenseCmd@DP_DRIVE@@QAEEPAU_SENSE_DATA@@@Z
?DosDriveNameToNtDriveName@IFS_SYSTEM@@SGEPBVWSTRING@@PAV2@@Z
??1NUMBER_SET@@UAE@XZ

mapi32

FBadRglpNameID@8
ScCountProps@12
MAPIFreeBuffer
HrSetOmiProvidersFlagsInvalid
MNLS_IsBadStringPtrW@8
HrDecomposeMsgID@24
HrSzFromEntryID@12
OpenTnefStreamEx@32
FBadSortOrderSet@4
IsBadBoundedStringPtr@8
MNLS_WideCharToMultiByte@32
HrGetOneProp@12
ScMAPIXFromCMC
UNKOBJ_ScCOAllocate@12
ScGenerateMuid@4
BMAPISaveMail
MAPIAllocateMore@12
DeregisterIdleRoutine@4
WrapStoreEntryID@24
UNKOBJ_COFree@8
HrAddColumns@16
ScBinFromHexBounded@12
MAPIOpenLocalFormContainer
DllGetClassObject
ScCopyProps@16
ScCopyNotifications@16
UlFromSzHex@4
CchOfEncoding@4
HrGetOmiProvidersFlags@8
BuildDisplayTable@40

Sections

.text
Size: 98KB - Virtual size: 98KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 56KB - Virtual size: 56KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 11KB - Virtual size: 166KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 1024B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

1fc116748147c7cd47f8a0ae4f5aaa54

Headers

DLL Characteristics

File Characteristics

Imports

oleaut32

kernel32

ifsutil

mapi32

Sections

.text Size: 98KB - Virtual size: 98KB

.rdata Size: 56KB - Virtual size: 56KB

.data Size: 11KB - Virtual size: 166KB

.rsrc Size: 1024B - Virtual size: 1024B

.reloc Size: 1KB - Virtual size: 1KB

.text
Size: 98KB - Virtual size: 98KB

.rdata
Size: 56KB - Virtual size: 56KB

.data
Size: 11KB - Virtual size: 166KB

.rsrc
Size: 1024B - Virtual size: 1024B

.reloc
Size: 1KB - Virtual size: 1KB