54a00be3e902abd188f421a384f24c55

Sharing

Copy URL

Twitter E-mail

General

Target

54a00be3e902abd188f421a384f24c55
Size

822KB
MD5

54a00be3e902abd188f421a384f24c55
SHA1

9dd6266c8f40eaa8affb31b4cc1d80f717dadb56
SHA256

6c1b08bb4c088b5daf220525195326b13deaa80f8e7226e735b241ab57879295
SHA512

84825e5efd24bb52bb59a03799f5e60cc2e08a56a8a27995a333f8f2e7debf33f20693d5741c881cec35ec8c9f84abc66d734afd279e8a95ddf0f2ce24c59717
SSDEEP

24576:Ql1iKjQOeT2lPjq0eQ7w680ZPA1ibobmJo+pYgy:QlF6T2l6IdAgGmBy

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
54a00be3e902abd188f421a384f24c55

Files

54a00be3e902abd188f421a384f24c55
.exe windows:5 windows x86 arch:x86

1cdd69fff676e1b4e615aca7914a38e6

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

userenv

RsopResetPolicySettingStatus
EnterCriticalPolicySection
RefreshPolicy
DeleteProfileW
LoadUserProfileW
GetAppliedGPOListW
GetUserProfileDirectoryW
WaitForMachinePolicyForegroundProcessing
ProcessGroupPolicyCompleted
CreateEnvironmentBlock
RefreshPolicyEx
GetUserProfileDirectoryA
RegisterGPNotification
RsopSetPolicySettingStatus
ExpandEnvironmentStringsForUserA
ForceSyncFgPolicy
FreeGPOListW
DllGetClassObject
LoadUserProfileA

adsldpc

ADsDeleteClassDefinition
LdapCacheAddRef
LdapNextEntry
ADSIGetColumn
ADsDeleteAttributeDefinition
LdapIsClassNameValidOnServer
ADsSetObjectAttributes
LdapOpenObject
ADsCreateAttributeDefinition
LdapRenameExtS
LdapAttributeFree
ReadPagingSupportedAttr
ADSICloseSearchHandle
LdapGetValues
FindEntryInSearchTable
BuildADsParentPathFromObjectInfo2
MapLDAPTypeToADSType
LdapGetSubSchemaSubEntryPath
ADSIOpenDSObject
LdapCountEntries
LdapTypeFreeLdapObjects
SchemaOpen

w32topl

ToplVertexNumberOfInEdges
ToplEdgeSetFromVertex
ToplHeapDestroy
ToplVertexGetOutEdge
ToplEdgeSetWeight
ToplMakeGraphState
ToplEdgeSetVtx
ToplGetAlwaysSchedule
ToplListSetIter
ToplIterCreate
ToplSTHeapExtractMin
ToplScheduleValid
ToplEdgeSetToVertex
ToplListNumberOfElements
ToplIsToplException
ToplSTHeapInit
ToplGraphRemoveVertex
ToplGraphMakeRing
ToplGraphCreate
ToplListAddElem
ToplAddEdgeToGraph
ToplEdgeDestroy
ToplScheduleIsEqual
ToplHeapCreate
ToplVertexSetId
ToplGraphDestroy

kernel32

Heap32ListFirst
GetLocaleInfoW
GetBinaryType
FormatMessageA
NlsGetCacheUpdateCount
UnmapViewOfFile
DeactivateActCtx
CreateMailslotA
SetLocalTime
WaitForMultipleObjects
GlobalAddAtomA
CreateHardLinkW
GetEnvironmentVariableW
GetNumberOfConsoleFonts
ReadConsoleOutputCharacterA
LoadLibraryW
RegisterConsoleOS2
ReadConsoleOutputW
SetTermsrvAppInstallMode
GetTapePosition
GetDiskFreeSpaceA
ProcessIdToSessionId
GlobalGetAtomNameW
PeekConsoleInputA
OpenProfileUserMapping
DebugBreakProcess
SetThreadPriorityBoost
FindNextVolumeW
GetFileAttributesExW
OpenThread
EnumDateFormatsA
GetProcessAffinityMask
GetConsoleAliasesLengthA
GetComPlusPackageInstallStatus
BaseDumpAppcompatCache
GetTimeFormatA
IsProcessInJob
GetCurrentThread
GetModuleHandleW
PrepareTape
DuplicateHandle
GetTimeFormatW
GetLogicalDriveStringsA
GetWindowsDirectoryA
CreateEventW
GetQueuedCompletionStatus
LockFileEx
GetLongPathNameW
MoveFileExA
VerSetConditionMask
InterlockedExchange

advapi32

IdentifyCodeAuthzLevelW
I_ScSetServiceBitsW
AccessCheckAndAuditAlarmA
ElfRegisterEventSourceW
ConvertSecurityDescriptorToAccessNamedW
GetLocalManagedApplications
SystemFunction015
RemoveTraceCallback
OpenEncryptedFileRawA
CredEnumerateW
GetMultipleTrusteeA
LookupAccountSidA
IsValidSecurityDescriptor
LsaLookupPrivilegeName
SetNamedSecurityInfoA
FreeEncryptionCertificateHashList
SetUserFileEncryptionKey
GetSidLengthRequired
OpenSCManagerA
SetEntriesInAuditListW
LsaICLookupSidsWithCreds
IsWellKnownSid
MakeAbsoluteSD2
EnumDependentServicesW
OpenEncryptedFileRawW
LsaICLookupNamesWithCreds
ElfCloseEventLog
ElfChangeNotify
SetKernelObjectSecurity
WmiQueryAllDataA

odbcconf

AppRegEnum

Sections

.text
Size: 370KB - Virtual size: 370KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 99KB - Virtual size: 99KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 157KB - Virtual size: 1.6MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 193KB - Virtual size: 192KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 816B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

1cdd69fff676e1b4e615aca7914a38e6

Headers

DLL Characteristics

File Characteristics

Imports

userenv

adsldpc

w32topl

kernel32

advapi32

odbcconf

Sections

.text Size: 370KB - Virtual size: 370KB

.rdata Size: 99KB - Virtual size: 99KB

.data Size: 157KB - Virtual size: 1.6MB

.rsrc Size: 193KB - Virtual size: 192KB

.reloc Size: 1024B - Virtual size: 816B

.text
Size: 370KB - Virtual size: 370KB

.rdata
Size: 99KB - Virtual size: 99KB

.data
Size: 157KB - Virtual size: 1.6MB

.rsrc
Size: 193KB - Virtual size: 192KB

.reloc
Size: 1024B - Virtual size: 816B