4e17e353fa784cc621582167e5962c1d

Sharing

Copy URL Twitter E-mail

General

Target

4e17e353fa784cc621582167e5962c1d
Size

47KB
MD5

4e17e353fa784cc621582167e5962c1d
SHA1

9a4eeb2e6b4deb91449376a0cf9c5f41237606b9
SHA256

55b5f98351a253b689c924eadeb6c4b70cd6d7d4594309706efb4fdc11edb85c
SHA512

7e67fd0cbcad2cb346dbeb39be2891b96b5fc4394ece8f5fba154fcc33484ab75bbbe7af3aa9d434aae1d51e9f9035b2314d37d4cdfaca71210da0ce9108b192
SSDEEP

768:fVfvOO+0MAQYjovV90o4O3vkrn4ibl774Q3GvSSp1MGlMcEEQYh4dbf4bBA9JT:d9+0kYM990onvo4i574IGFppMcrWmAb

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
4e17e353fa784cc621582167e5962c1d

Files

4e17e353fa784cc621582167e5962c1d
.exe windows:5 windows x86 arch:x86

87acbf9c46bcd9b2822e18a203147929

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

LoadLibraryW
GetLocaleInfoW
SetThreadIdealProcessor
GetConsoleProcessList
FreeConsole
FileTimeToDosDateTime
GetModuleHandleW
GetCurrentThread
DuplicateConsoleHandle
RegisterConsoleIME
RemoveLocalAlternateComputerNameW
QueryPerformanceCounter
GetTempPathW
GetLastError
GetUserDefaultUILanguage
GetExitCodeThread

netapi32

DsRoleCancel
NetLocalGroupAddMembers
NetMessageBufferSend
NetpAssertFailed
NetUserGetInfo
NetWkstaGetInfo
NetShareEnumSticky
NetEnumerateTrustedDomains
NetGetJoinInformation
NetServerTransportAdd
I_NetLogonSamLogonEx
I_NetServerSetServiceBitsEx
NetEnumerateComputerNames
NetpNetBiosStatusToApiStatus

msvcrt

_nextafter
_mktemp
__iob_func
_fstati64
_seterrormode
?set_terminate@@YAP6AXXZP6AXXZ@Z
fopen
_mbclen
__set_app_type
__p__wcmdln
wcsftime
_utime64
_putwch
_wrmdir
fabs
_cexit
_mbsnbcnt
__getmainargs
_winmajor
_setmaxstdio
wcsncat
exit
??3@YAXPAX@Z
__p__commode
_cwprintf
?terminate@@YAXXZ
_inp
_mbsncoll
_CIcos

sqlunirl

_CreateIC_@16
_ChangeMenu_@20
_DlgDirSelectEx_@16
_OpenSCManager_@12
_GetTimeFormat_@24
_ReplaceText_@4
_ExtractAssociatedIcon_@12
_SetComputerName_@4
_SetWindowLong@12
_CreateMDIWindow_@40

wintrust

CryptCATAdminReleaseContext
TrustFindIssuerCertificate
CryptCATVerifyMember
CryptCATAdminCalcHashFromFileHandle
DriverInitializePolicy
CryptSIPVerifyIndirectData
OfficeInitializePolicy
CryptCATAdminPauseServiceForBackup
WVTAsn1CatNameValueDecode
WintrustCertificateTrust
CryptCATAdminAcquireContext
WVTAsn1SpcSigInfoDecode

cmutil

?GPPI@CIniA@@QBEKPBD0K@Z
CmFmtMsgA
?GetPrimaryRegPath@CIniA@@QBEPBDXZ
SzToWz
?CIniA_DeleteEntryFromReg@CIniA@@IBEHPAUHKEY__@@PBD1@Z
??0CRandom@@QAE@I@Z
CmLoadImageW
?SetRegPath@CIniW@@QAEXPBG@Z
CmStrrchrA
?GPPI@CIniW@@QBEKPBG0K@Z
?Clear@CmLogFile@@QAEXH@Z
CmStrTrimW
CmStrCpyAllocA

ifsutil

?EnableVolumeCompression@IFS_SYSTEM@@SGEPBVWSTRING@@@Z
?AddEntry@AUTOREG@@SGEPBVWSTRING@@@Z
?Add@NUMBER_SET@@QAEEVBIG_INT@@0@Z
?IsEntryPresent@AUTOREG@@SGEPBVWSTRING@@0@Z
??0VOL_LIODPDRV@@IAE@XZ
??0NUMBER_SET@@QAE@XZ
?Verify@IO_DP_DRIVE@@QAEEVBIG_INT@@0@Z
?PushEntry@AUTOREG@@SGEPBVWSTRING@@@Z
?ChkDsk@VOL_LIODPDRV@@QAEEW4FIX_LEVEL@@PAVMESSAGE@@KKGPAKPBVWSTRING@@@Z
?IsArcSystemPartition@IFS_SYSTEM@@SGEPBVWSTRING@@PAE@Z

iphlpapi

_PfGetInterfaceStatistics@16
NotifyAddrChange
InternalSetIfEntry
DeleteIPAddress
GetBestInterface
GetIpErrorString
CreateProxyArpEntry
EnableRouter
IpRenewAddress
IcmpCreateFile
GetAdaptersInfo
_PfCreateInterface@24
_PfTestPacket@20

user32

EndDialog

Sections

.text
Size: 30KB - Virtual size: 30KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

87acbf9c46bcd9b2822e18a203147929

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

netapi32

msvcrt

sqlunirl

wintrust

cmutil

ifsutil

iphlpapi

user32

Sections

.text Size: 30KB - Virtual size: 30KB

.rdata Size: 2KB - Virtual size: 2KB

.data Size: 5KB - Virtual size: 4KB

.rsrc Size: 8KB - Virtual size: 8KB

.text
Size: 30KB - Virtual size: 30KB

.rdata
Size: 2KB - Virtual size: 2KB

.data
Size: 5KB - Virtual size: 4KB

.rsrc
Size: 8KB - Virtual size: 8KB