4e0f25b44c4e6a0124cce141a5e59d9b

Sharing

Copy URL Twitter E-mail

General

Target

4e0f25b44c4e6a0124cce141a5e59d9b
Size

65KB
MD5

4e0f25b44c4e6a0124cce141a5e59d9b
SHA1

c5275797124b140fc417167f4319c6e0b5297b51
SHA256

692d0a3bd887e543e67a9a83480a0cff6f36d5a491d633ada23a1f4ab5404c7e
SHA512

27849fe5f632e950fbc9d232feb1b0361704cef6d892b517f9f0ec78adb19445c29fe4a5a1c3734a0c09578302ad42e7d707f90d3a37080dfcb2c8491937b5e7
SSDEEP

1536:5yOfMYvOmJBACFO6ACnVfk0FPhjvNC3Mo2rnxxbbn9J5G/Pw6W:5r/mqhhjwj2zrY/Pw6W

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
4e0f25b44c4e6a0124cce141a5e59d9b

Files

4e0f25b44c4e6a0124cce141a5e59d9b
.exe windows:1 windows x86 arch:x86

8757ea5c9a1c5648d8d931b2270e26a2

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

UTRegister
WriteConsoleInputVDMW
FindActCtxSectionStringW
LocalSize
LoadLibraryA
GetStartupInfoA
SetConsoleWindowInfo
GetCurrentProcessId
SetLocalPrimaryComputerNameA
EnumDateFormatsExA
WaitForDebugEvent
SetLastError
GetVolumeNameForVolumeMountPointA
VirtualAlloc
GlobalAlloc
GetFileAttributesA
lstrcat
GetWindowsDirectoryW
GetConsoleAliasExesLengthA
GetProcessHeap
RequestWakeupLatency
CreateEventA

d3d8thk

OsThunkDdDeleteDirectDrawObject
OsThunkDdDeleteSurfaceObject
OsThunkDdSetGammaRamp
OsThunkDdResetVisrgn
OsThunkDdSetExclusiveMode
OsThunkDdGetFlipStatus
OsThunkDdGetDxHandle
OsThunkDdLock
OsThunkDdCanCreateSurface
OsThunkDdGetMoCompBuffInfo
OsThunkDdEndMoCompFrame
OsThunkDdAddAttachedSurface
OsThunkDdColorControl
OsThunkDdGetBltStatus
OsThunkDdQueryDirectDrawObject
OsThunkDdCreateMoComp
OsThunkDdAttachSurface
OsThunkD3dContextDestroy
OsThunkD3dValidateTextureStageState
OsThunkDdSetColorKey
OsThunkDdBeginMoCompFrame
OsThunkDdGetMoCompFormats
OsThunkDdUnlock

rasapi32

DwEnumEntryDetails
RasGetEntryHrasconnW
RasSetAutodialAddressW
RasSetCredentialsW
RasDeleteEntryA
RasGetAutodialAddressW
DwCloneEntry
RasSetEntryDialParamsW
RasGetProjectionInfoW
RasScriptSend
RasGetCredentialsA
RasScriptGetIpAddress
RasQuerySharedConnection
RasDeleteSubEntryW
RasEditPhonebookEntryW
RasSetCredentialsA
DDMGetPhonebookInfo
RasDeleteSubEntryA
RasAutodialAddressToNetwork
RasAutodialEntryToNetwork
RasGetCountryInfoW
RasGetEntryDialParamsW
RasValidateEntryNameA
RasClearLinkStatistics

modemui

drvGetDefaultCommConfigW
drvSetDefaultCommConfigA
CountryRunOnce
UnimodemGetDefaultCommConfig
drvGetDefaultCommConfigA
UnimodemGetExtendedCaps
drvSetDefaultCommConfigW
QueryModemForCountrySettings
ModemPropPagesProvider
drvCommConfigDialogW
ModemCplDlgProc
drvCommConfigDialogA
InvokeControlPanel
UnimodemDevConfigDialog

ntdll

_fltused
ZwLoadDriver
RtlFindLastBackwardRunClear
RtlGetVersion
LdrInitializeThunk
NtEnumerateBootEntries
RtlDoesFileExists_U
NtLoadKey
ZwCompleteConnectPort
RtlInterlockedPopEntrySList
NtGetContextThread
NlsMbCodePageTag
ZwLockProductActivationKeys
NtQueryAttributesFile
RtlInterlockedFlushSList
ZwInitializeRegistry
NtSetLowEventPair
LdrShutdownThread

mapi32

MNLS_IsBadStringPtrW@8
cmc_free
LaunchWizard@20
cmc_read
SzFindSz@8
ScRelocNotifications@20
MAPIAdminProfiles
MAPIGetDefaultMalloc@0
CbOfEncoded@4
MAPIResolveName
FPropCompareProp@12
SzFindLastCh@8
FtgRegisterIdleRoutine@20
FtAdcFt@20
CchOfEncoding@4
MAPISendDocuments
LPropCompareProp@8
MNLS_WideCharToMultiByte@32
BMAPIFindNext
ScCountNotifications@12

Sections

.text
Size: 18KB - Virtual size: 17KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

Size: 21KB - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 24KB - Virtual size: 189KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

8757ea5c9a1c5648d8d931b2270e26a2

Headers

File Characteristics

Imports

kernel32

d3d8thk

rasapi32

modemui

ntdll

mapi32

Sections

.text Size: 18KB - Virtual size: 17KB

Size: 21KB - Virtual size: 20KB

.data Size: 24KB - Virtual size: 189KB

.rsrc Size: 1KB - Virtual size: 1KB

.text
Size: 18KB - Virtual size: 17KB

.data
Size: 24KB - Virtual size: 189KB

.rsrc
Size: 1KB - Virtual size: 1KB