5161d0d62cda60608d7e4bc0d55d115f

Sharing

Copy URL

Twitter E-mail

General

Target

5161d0d62cda60608d7e4bc0d55d115f
Size

500KB
MD5

5161d0d62cda60608d7e4bc0d55d115f
SHA1

8361f2535eddedecc4dd72c9408f4e6a05395496
SHA256

e055cb1b25f9160b716e79fca9c6069d67e9e41723bb3e167cad8fa436329c85
SHA512

49552d598a6c4fcdb38534941f259a31ded996d07071e0af42e9e3660e5ce4071fbc439ab83b413f2200785bdfeef26052a44ea88437171e39781f35f85c217e
SSDEEP

3072:jCHuGG59iz3oJQqPo8LNfQ7r9LARDLCrCQ6K6jZRK1R5H:G3eqyQqQ8LNqr92DLYoE5

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
5161d0d62cda60608d7e4bc0d55d115f

Files

5161d0d62cda60608d7e4bc0d55d115f
.exe windows:4 windows x86 arch:x86

394d0234a74b49c788bc4ce622df75dc

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

rpcrt4

RpcStringFreeA
UuidCreate
UuidToStringA

secur32

ApplyControlToken
QueryContextAttributesA
EncryptMessage

crypt32

CertAddEncodedCertificateToStore
CertOpenStore
CertFindCertificateInStore
CertFreeCertificateContext
CertSetCertificateContextProperty
CertCloseStore
CertOpenSystemStoreA
CertDeleteCertificateFromStore
CertStrToNameA
CryptExportPublicKeyInfo
CryptEncodeObject
CryptSignAndEncodeCertificate

iphlpapi

GetAdaptersInfo

ws2_32

bind
ntohs
shutdown
closesocket
socket
WSAGetLastError
setsockopt
select
htonl
htons
accept
getpeername
listen
connect
inet_ntoa
send
recv
WSAStartup
WSACleanup
inet_addr
WSASend

kernel32

GetProcessHeap
HeapAlloc
HeapFree
CloseHandle
lstrcatA
GetLastError
MultiByteToWideChar
CompareFileTime
SystemTimeToFileTime
GetSystemTime
GetModuleFileNameA
SetLastError
GetTickCount
QueryPerformanceCounter
GetPrivateProfileStructA
ReleaseMutex
WaitForSingleObject
GetComputerNameExA
Sleep
SetConsoleCtrlHandler
SetThreadExecutionState
SetEvent
CreateEventA
LocalFree
FormatMessageA
InitializeCriticalSection
DeleteCriticalSection
LeaveCriticalSection
EnterCriticalSection
SetThreadPriority
TerminateThread
WideCharToMultiByte
GetProcAddress
LoadLibraryA
GetVersionExA
FreeLibrary
CreateDirectoryA
WritePrivateProfileStructA
lstrcpyA
lstrcmpA
GetPrivateProfileSectionNamesA
lstrlenA
GetSystemDirectoryA
LocalAlloc
DeviceIoControl
lstrlenW
InterlockedDecrement
CreateMutexA
CreateFileA

user32

wsprintfA

advapi32

CryptGenKey
SetServiceStatus
StartServiceCtrlDispatcherA
RegisterServiceCtrlHandlerExA
OpenServiceA
ControlService
QueryServiceStatus
DeleteService
OpenSCManagerA
CreateServiceA
CloseServiceHandle
RegQueryValueExA
RegOpenKeyExA
RegisterEventSourceA
ReportEventA
DeregisterEventSource
RegSetValueExA
RegCloseKey
CryptGenRandom
CryptGetHashParam
CryptAcquireContextA
CryptDestroyKey
CryptReleaseContext
CryptCreateHash
CryptHashData
CryptDestroyHash
CryptEncrypt
CryptDeriveKey
CryptDecrypt
AllocateAndInitializeSid
GetLengthSid
InitializeAcl
AddAccessAllowedAce
InitializeSecurityDescriptor
SetSecurityDescriptorDacl
FreeSid

vmmdl

?RemoveInstance@VwcMakeDeviceList@@SAXXZ
?GetInstance@VwcMakeDeviceList@@SAPAV1@XZ
?GetLocalVenusDeviceList@VwcMakeDeviceList@@QAEHPADPAH@Z

upnpctrl

?closePort@CSTUNSA_UPNP_CTRL@@QAEHH_N@Z
?isExist@CSTUNSA_UPNP_CTRL@@QAEHAA_N@Z
??1CSTUNSA_UPNP_CTRL@@UAE@XZ
??0CSTUNSA_UPNP_CTRL@@QAE@XZ
?isExistPort@CSTUNSA_UPNP_CTRL@@QAEHAA_N0AAPADAAH1H_N@Z
?openPort@CSTUNSA_ICF_CTRL@@QAEHHPBD_N1@Z
?isExistPort@CSTUNSA_ICF_CTRL@@QAEHAA_N0AAPAD1H_N@Z
??1CSTUNSA_ICF_CTRL@@UAE@XZ
??0CSTUNSA_ICF_CTRL@@QAE@XZ
?closePort@CSTUNSA_ICF_CTRL@@QAEHH_N@Z
?init@CSTUNSA_ICF_CTRL@@QAEHPBD@Z
?init@CSTUNSA_UPNP_CTRL@@QAEHXZ
?isExist@CSTUNSA_ICF_CTRL@@QAEHAA_N@Z
?openPort@CSTUNSA_UPNP_CTRL@@QAEHHHPBD_N1@Z

vmpsec

ord811
ord801
ord802

setupapi

SetupDiGetClassDevsA
SetupDiEnumDeviceInfo
SetupDiGetDeviceRegistryPropertyA
SetupDiDestroyDeviceInfoList

msvcrt

_beginthreadex
_stricmp
_itoa
_controlfp
__set_app_type
__p__fmode
__p__commode
_adjust_fdiv
__setusermatherr
_initterm
sprintf
printf
strchr
??2@YAPAXI@Z
??3@YAXPAX@Z
__CxxFrameHandler
_CxxThrowException
atoi
_purecall
strncmp
strpbrk
strcspn
_vsnprintf
gmtime
time
strtol
rand
srand
strncpy
_mbsnbcpy
_strnicmp
_endthreadex
??0exception@@QAE@ABV0@@Z
strstr
_strupr
??1exception@@UAE@XZ
??0exception@@QAE@ABQBD@Z
??1type_info@@UAE@XZ
__dllonexit
_onexit
_except_handler3
?terminate@@YAXXZ
_exit
_XcptFilter
exit
__p___initenv
__getmainargs

msvcp60

??0_Winit@std@@QAE@XZ
??1Init@ios_base@std@@QAE@XZ
??0Init@ios_base@std@@QAE@XZ
?assign@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@PBDI@Z
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBDABV?$allocator@D@1@@Z
?_C@?1??_Nullstr@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@CAPBDXZ@4DB
?find@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIPBDII@Z
?find@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIABV12@I@Z
?npos@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@2IB
?substr@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBE?AV12@II@Z
??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ
??_D?$basic_stringstream@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEXXZ
?_Tidy@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AAEX_N@Z
?replace@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@IIABV12@@Z
?str@?$basic_stringstream@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBE?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@2@XZ
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@H@Z
??0?$basic_stringstream@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@H@Z
??Hstd@@YA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@ABV10@0@Z
?append@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@ABV12@II@Z
?max_size@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIXZ
?_Xlen@std@@YAXXZ
?_Copy@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AAEXI@Z
?append@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@PBDI@Z
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@@Z
??_7runtime_error@std@@6B@
?_Grow@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AAE_NI_N@Z
?_Eos@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AAEXI@Z
?assign@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@ABV12@II@Z
?_Freeze@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AAEXXZ
??0runtime_error@std@@QAE@ABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@1@@Z
??1_Winit@std@@QAE@XZ
??1runtime_error@std@@UAE@XZ
??0runtime_error@std@@QAE@ABV01@@Z

ole32

CoInitialize
CoUninitialize
CoCreateGuid
CoSetProxyBlanket
CoCreateInstance

oleaut32

SysAllocStringLen
SysAllocString
SysStringLen
SysFreeString
VariantClear

Sections

.text
Size: 92KB - Virtual size: 88KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 20KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 364KB - Virtual size: 363KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.text
Size: 12KB - Virtual size: 9KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

394d0234a74b49c788bc4ce622df75dc

Headers

File Characteristics

Imports

rpcrt4

secur32

crypt32

iphlpapi

ws2_32

kernel32

user32

advapi32

vmmdl

upnpctrl

vmpsec

setupapi

msvcrt

msvcp60

ole32

oleaut32

Sections

.text Size: 92KB - Virtual size: 88KB

.rdata Size: 20KB - Virtual size: 16KB

.data Size: 8KB - Virtual size: 16KB

.rsrc Size: 364KB - Virtual size: 363KB

.text Size: 12KB - Virtual size: 9KB

.text
Size: 92KB - Virtual size: 88KB

.rdata
Size: 20KB - Virtual size: 16KB

.data
Size: 8KB - Virtual size: 16KB

.rsrc
Size: 364KB - Virtual size: 363KB

.text
Size: 12KB - Virtual size: 9KB