4897f26ca0240e5ccfc93b16e3a9c758

Sharing

Copy URL Twitter E-mail

General

Target

4897f26ca0240e5ccfc93b16e3a9c758
Size

334KB
MD5

4897f26ca0240e5ccfc93b16e3a9c758
SHA1

6a87e22bbcb7477e2a4fb32d4686c097ba1e48a6
SHA256

817738e29f1d562e56479e1ad0ed98b6405ba809ab4f024744eb8a9a94f7d8f5
SHA512

d6c67cab55174c91c79fea578841e54c0b9bad4283d7e497890a80b4faa43271de8c2f75c40094d59adbaac40968f36d7695da3039a8cac3bb7ba6e53dbdbc60
SSDEEP

6144:G9P3DSrxOsPLzl3XJHQG01lg7qBUU2tW8vmwylShXD+Ydkpgo2S0k7ab60Pb:8uxjjzl3X9GoquUGruAznkpTSbB

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
4897f26ca0240e5ccfc93b16e3a9c758

Files

4897f26ca0240e5ccfc93b16e3a9c758
.exe windows:5 windows x86 arch:x86

679dd96ed8f8c81e56eefc5828f9cfb5

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

ntdll

RtlSetSaclSecurityDescriptor
NtCreateSemaphore
NtOpenThreadToken
NtDeviceIoControlFile
strstr
mbstowcs
DbgPrint
strncpy
memmove
NtEnumerateValueKey
RtlUnwind
wcstoul
_alloca_probe
RtlNewSecurityObjectEx
NtQuerySystemTime
wcsncmp
RtlNewSecurityObjectWithMultipleInheritance
NtSaveKeyEx
NtPowerInformation
tolower
RtlSetSecurityDescriptorRMControl
NtCreateFile
RtlAddAce
RtlGetOwnerSecurityDescriptor
NtNotifyChangeKey
RtlAddAccessAllowedObjectAce
NtQueryValueKey
NtSetInformationFile
wcstombs
NtOpenProcess
NtPrivilegeCheck
RtlCreateQueryDebugBuffer
RtlCompareUnicodeString
RtlFreeHeap
RtlOpenCurrentUser
NtNotifyChangeMultipleKeys
NtQuerySecurityObject
RtlDestroyQueryDebugBuffer
NtSaveMergedKeys
RtlCopySid
NtCloseObjectAuditAlarm
RtlInitAnsiString
_ultow
RtlConvertToAutoInheritSecurityObject
_wcslwr
RtlxAnsiStringToUnicodeSize
RtlAddAccessDeniedObjectAce
_ftol
wcsncpy
RtlFreeSid
NtReleaseSemaphore
RtlAllocateHandle
RtlFirstFreeAce
RtlSetControlSecurityDescriptor
atol
NtSetInformationObject
RtlEqualUnicodeString
NtCompareTokens
RtlAddAccessAllowedAceEx
NtTerminateProcess
NtDeleteKey
RtlGetNtProductType
NtReplaceKey
RtlMakeSelfRelativeSD
wcstol
NtSetSecurityObject
RtlAdjustPrivilege
NtRestoreKey
RtlSelfRelativeToAbsoluteSD2
NtCreateDirectoryObject
RtlEqualPrefixSid
NtCreateEvent
RtlSubAuthorityCountSid
RtlQueryRegistryValues
RtlSetDaclSecurityDescriptor
RtlLengthRequiredSid
RtlInitializeGenericTable
RtlCopyUnicodeString
RtlOemStringToUnicodeString
RtlDeleteAce
RtlIsTextUnicode
NtOpenObjectAuditAlarm
NtAccessCheckByTypeResultListAndAuditAlarm
RtlSetSecurityObject
RtlStringFromGUID
RtlUpcaseUnicodeChar
RtlFreeUnicodeString
RtlAppendUnicodeStringToString
NtAllocateLocallyUniqueId
RtlAreAllAccessesGranted
NtReadFile
RtlUpcaseUnicodeStringToOemString
RtlIsGenericTableEmpty
NtAccessCheck
NtQueryInformationProcess
RtlIntegerToUnicodeString
RtlUnicodeToMultiByteN
RtlGetGroupSecurityDescriptor
strchr
NtOpenFile
RtlGUIDFromString
NtDuplicateToken
NtQueryVolumeInformationFile
RtlAddAccessDeniedAceEx
RtlValidRelativeSecurityDescriptor
RtlAbsoluteToSelfRelativeSD
RtlMultiByteToUnicodeN
RtlDosPathNameToNtPathName_U
RtlDeleteElementGenericTable
NtQuerySystemInformation
_stricmp
RtlAreAnyAccessesGranted
wcscmp
RtlInitUnicodeString
RtlSubAuthoritySid
RtlGetVersion
RtlInitString
RtlAddAuditAccessAceEx
NtOpenSymbolicLinkObject
NtClearEvent
RtlEnumerateGenericTableWithoutSplaying
NtPrivilegeObjectAuditAlarm
NtAccessCheckByType
RtlQueryProcessDebugInformation
RtlSetInformationAcl
RtlNtStatusToDosError
NtAdjustPrivilegesToken
RtlAddAccessAllowedAce
RtlSelfRelativeToAbsoluteSD
NtAccessCheckByTypeResultList
RtlCreateAcl
NtCreateKey
NtAccessCheckAndAuditAlarm
RtlGetFullPathName_U
NtPrivilegedServiceAuditAlarm
RtlGetSecurityDescriptorRMControl
RtlCreateSecurityDescriptor
NtDeleteValueKey
RtlDestroyHeap
RtlSetSecurityObjectEx
RtlSetGroupSecurityDescriptor
NtTraceEvent
RtlInitUnicodeStringEx
NtWaitForSingleObject
RtlImageNtHeader
RtlCreateUnicodeString
RtlEqualSid
RtlUnicodeStringToAnsiString
NlsMbCodePageTag
RtlValidSid
RtlCopyLuid
NtDuplicateObject
NtSetInformationToken
RtlLengthSecurityDescriptor
NtFilterToken
RtlGetAce
NtDeleteObjectAuditAlarm
RtlFreeAnsiString
RtlValidSecurityDescriptor
RtlQueryInformationAcl
NtQueryInformationToken
NtAllocateVirtualMemory
RtlInitializeSid
_wcsnicmp
RtlTimeToSecondsSince1970
RtlInitializeCriticalSection
RtlLookupElementGenericTable
_itow
NtLoadKey
RtlUnicodeToMultiByteSize
RtlAddAccessDeniedAce
wcsrchr
RtlQuerySecurityObject
NtFlushBuffersFile
NtSetValueKey
NtQueryVirtualMemory
RtlLengthSid
RtlSetOwnerSecurityDescriptor
RtlDuplicateUnicodeString
_snwprintf
RtlAppendUnicodeToString
NtFreeVirtualMemory
wcscpy
wcslen
RtlAnsiStringToUnicodeString
NtOpenKey
wcscat
RtlDestroyHandleTable
NtSetEvent
NtAccessCheckByTypeAndAuditAlarm
RtlDetermineDosPathNameType_U
NtWaitForMultipleObjects
RtlCreateUnicodeStringFromAsciiz
NtAccessCheckByTypeResultListAndAuditAlarmByHandle
NtOpenProcessToken
iswctype
RtlAddAuditAccessObjectAce
RtlConvertSidToUnicodeString
_chkstk
RtlExpandEnvironmentStrings_U
NtClose
RtlLeaveCriticalSection
wcschr
sprintf
RtlGetControlSecurityDescriptor
RtlDeleteSecurityObject
NtSaveKey
NtQueryInformationThread
RtlGetDaclSecurityDescriptor
RtlGetSaclSecurityDescriptor
RtlRandom
RtlCompareMemory
NtUnloadKey
RtlFlushSecureMemoryCache
NtFsControlFile
NtFlushKey
RtlInitializeHandleTable
RtlAllocateHeap
_wcsicmp
RtlCreateHeap
NtQueryKey
NtSetInformationProcess
RtlReAllocateHeap
RtlxUnicodeStringToAnsiSize
NtAdjustGroupsToken
RtlDeleteCriticalSection
_strnicmp
RtlIdentifierAuthoritySid
RtlMapGenericMask
NtQueryMultipleValueKey
NtImpersonateAnonymousToken
RtlFormatCurrentUserKeyPath
swprintf
RtlUnicodeStringToInteger
RtlIsValidIndexHandle
RtlEnterCriticalSection
RtlImpersonateSelf
wcsstr
RtlAddAuditAccessAce
RtlNumberGenericTableElements
NtQueryPerformanceCounter
NtQuerySymbolicLinkObject
RtlNewSecurityObject
RtlFreeHandle
RtlAllocateAndInitializeSid
NtEnumerateKey
RtlInsertElementGenericTable
NtSetInformationThread
RtlValidAcl
NtQueryInformationFile
RtlPrefixUnicodeString
NtWriteFile
_vsnwprintf

rpcrt4

RpcBindingToStringBindingW
UuidCreate
RpcBindingFromStringBindingW
I_RpcMapWin32Status
RpcImpersonateClient
RpcBindingSetAuthInfoW
RpcBindingSetAuthInfoA
I_RpcBindingIsClientLocal
RpcStringFreeW
UuidToStringW
RpcBindingSetAuthInfoExW
RpcRaiseException
NDRCContextBinding
RpcBindingFree
RpcRevertToSelf
RpcBindingSetAuthInfoExA
RpcStringBindingParseW
RpcSsDestroyClientContext
UuidFromStringW
I_RpcExceptionFilter
NdrClientCall2
RpcStringBindingComposeW
RpcEpResolveBinding

kernel32

GlobalMemoryStatus
OpenMutexW
GetLogicalDriveStringsW
GetPrivateProfileStringW
LocalReAlloc
GetCurrentProcessId
GetPrivateProfileIntW
CompareFileTime
SearchPathW
TerminateProcess
GetPriorityClass
GetWindowsDirectoryW
CreateThread
EnumUILanguagesW
DeleteFileW
SetUnhandledExceptionFilter
FindResourceExW
WriteFile
CancelIo
GetProcAddress
GetSystemTimeAsFileTime
GetProfileStringA
HeapAlloc
GetCurrentThreadId
OpenEventW
WaitForSingleObject
lstrlenW
LoadLibraryExW
MoveFileW
GetCommandLineW
SetErrorMode
FindNextFileW
DelayLoadFailureHook
CreateFileMappingW
SizeofResource
InterlockedExchange
GetUserDefaultUILanguage
UnhandledExceptionFilter
InterlockedIncrement
GetDriveTypeW
GetVersionExA
InterlockedDecrement
FindFirstFileExW
OpenFile
LoadLibraryW
GetComputerNameExW
lstrcpyW
GetCurrentProcess
SetFilePointer
GetSystemInfo
lstrcpynW
FindFirstFileW
GetSystemWindowsDirectoryW
lstrcpyA
CloseHandle
GetComputerNameA
GetComputerNameW
GetTickCount
CreateProcessInternalA
GetProcessHeap
GetFullPathNameA
GetLocalTime
DeleteCriticalSection
UnmapViewOfFile
FreeLibrary
CreateFileW
GetFileAttributesW
MultiByteToWideChar
ResetEvent
CopyFileW
lstrlenA
AreFileApisANSI
GetFullPathNameW
GetModuleHandleW
ResumeThread
InitializeCriticalSection
SetEvent
WaitNamedPipeW
DuplicateHandle
MapViewOfFile
GetDiskFreeSpaceExW
ExitThread
IsBadWritePtr
GetSystemTime
GetFileAttributesExW
LoadResource
LoadLibraryA
SleepEx
GetFileSizeEx
FormatMessageW
OpenProcess
InterlockedCompareExchange
GetModuleHandleA
ReleaseMutex
GetSystemDirectoryW
lstrcmpW
SetLastError
VirtualAlloc
GetFileTime
EnterCriticalSection
GetVolumeInformationW
CreateMutexW
GetFileSize
LocalFree
lstrcmpiW
CreateEventW
GetLongPathNameW
WideCharToMultiByte
CreateFileMappingA
FindClose
WaitForMultipleObjectsEx
GetCurrentThread
SetNamedPipeHandleState
lstrcatW
GetProfileIntA
CreateEventA
HeapFree
VirtualFree
FindResourceA
GetOverlappedResult
_lclose
ExpandEnvironmentStringsW
GetLastError
LeaveCriticalSection
QueryPerformanceCounter
GetTimeZoneInformation
LocalAlloc
WritePrivateProfileStringW
CreateFileA
GetModuleFileNameW
GetDiskFreeSpaceW
ReadFile
ReadProcessMemory
RaiseException
Sleep
CreateProcessInternalW
GetModuleHandleExW
ExpandEnvironmentStringsA
OutputDebugStringW
SetThreadPriority
InterlockedExchangeAdd
DeviceIoControl

Sections

.text
Size: 261KB - Virtual size: 261KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 15KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 7.1MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 52KB - Virtual size: 52KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

679dd96ed8f8c81e56eefc5828f9cfb5

Headers

DLL Characteristics

File Characteristics

Imports

ntdll

rpcrt4

kernel32

Sections

.text Size: 261KB - Virtual size: 261KB

.rsrc Size: 15KB - Virtual size: 14KB

.data Size: 3KB - Virtual size: 7.1MB

.rdata Size: 52KB - Virtual size: 52KB

.tls Size: 512B - Virtual size: 4KB

.text
Size: 261KB - Virtual size: 261KB

.rsrc
Size: 15KB - Virtual size: 14KB

.data
Size: 3KB - Virtual size: 7.1MB

.rdata
Size: 52KB - Virtual size: 52KB

.tls
Size: 512B - Virtual size: 4KB