5eb88a7c9c935a9005cdf11dc27669c6

Sharing

Copy URL Twitter E-mail

General

Target

5eb88a7c9c935a9005cdf11dc27669c6
Size

873KB
MD5

5eb88a7c9c935a9005cdf11dc27669c6
SHA1

3a595a88c8e9f927b9c9d4d8900aba796f9e8399
SHA256

e29a16a18731967a6524d5975991ff407ea4c20da89e86b0e8177ffb7a055c0f
SHA512

f33649a0c20e989e7445378cd4b0566f9810ff2f45738647d46cda815200818fd78617493d0d6d58b732e783fc5fe74154fb64c6db4c3eb93b1d072d55327207
SSDEEP

24576:4tUJ3T8f/UEwIRM9TzQ1AP3BRK7PatLmYoe:zT8f/8IKTzDqPatLmY

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
5eb88a7c9c935a9005cdf11dc27669c6

Files

5eb88a7c9c935a9005cdf11dc27669c6
.exe windows:5 windows x86 arch:x86

b66e77407576a39799e71f5afa3a29fb

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

wininet

GopherOpenFileA
FindNextUrlCacheEntryA
FtpRenameFileW
InternetGetLastResponseInfoA
InternetCrackUrlW
FtpGetFileA
RetrieveUrlCacheEntryFileA
CommitUrlCacheEntryA
FtpSetCurrentDirectoryW
GopherGetLocatorTypeA
FtpPutFileA
InternetQueryOptionW
InternetGoOnlineA
FindNextUrlCacheEntryW
SetUrlCacheConfigInfoW
FtpPutFileW
InternetSetPerSiteCookieDecisionA
InternetAlgIdToStringW
GopherOpenFileW
InternetWriteFile
InternetDialA
InternetAttemptConnect
UnlockUrlCacheEntryFileW
FtpDeleteFileW
LoadUrlCacheContent
InternetGetPerSiteCookieDecisionA
HttpEndRequestA
InternetCheckConnectionA
RetrieveUrlCacheEntryStreamA
FindFirstUrlCacheContainerA
SetUrlCacheEntryInfoW
InternetQueryOptionA
UnlockUrlCacheEntryStream
CreateUrlCacheEntryA
InternetOpenUrlA
InternetSecurityProtocolToStringW
FtpGetFileSize
DetectAutoProxyUrl
PrivacyGetZonePreferenceW

kernel32

GlobalFree
EnumDateFormatsExW
FindNextChangeNotification
GetUserDefaultLangID
FindNextVolumeMountPointA
GetDriveTypeW
GetProcessId
SetConsoleCursor
SetCommTimeouts
GetExpandedNameA
GetStartupInfoW
VerLanguageNameA
lstrcpyW
SetConsoleCP
ScrollConsoleScreenBufferW
ReadConsoleOutputCharacterW
GetCurrentProcess
FormatMessageW
GetUserDefaultLCID
ChangeTimerQueueTimer
EnumSystemGeoID
GetConsoleKeyboardLayoutNameA
CreateWaitableTimerW
GetDateFormatW
FindActCtxSectionStringA
GetProcessAffinityMask
IsValidCodePage
GetConsoleMode
RegisterConsoleIME
GetNextVDMCommand
FindCloseChangeNotification
EnumLanguageGroupLocalesW
ClearCommError
TransactNamedPipe
WriteConsoleA
IsBadWritePtr
CreateDirectoryW
GetVolumeNameForVolumeMountPointW
GetFullPathNameW
EnumSystemLocalesA
GlobalFindAtomW
GetModuleHandleExW
CloseHandle
Heap32ListFirst
SetConsoleInputExeNameA
GetHandleInformation
LCMapStringA
CreateMailslotA
Thread32Next
GetLogicalDrives
EnumUILanguagesW
SetCommConfig
DnsHostnameToComputerNameW
SetThreadIdealProcessor
SetLastConsoleEventActive
GlobalMemoryStatus
LocalSize
VerifyVersionInfoA
TlsSetValue
GetConsoleCharType
WritePrivateProfileStructW
VerifyVersionInfoW
AddRefActCtx
ReleaseActCtx
FindNextVolumeMountPointW
GetFileTime
LockFileEx
WritePrivateProfileStructA
GetTempPathA
GetStringTypeW
SetConsoleCursorInfo
EnumResourceTypesW
SetProcessShutdownParameters
ReadDirectoryChangesW
LocalHandle
LZClose
WaitForMultipleObjectsEx
IsBadHugeReadPtr
GlobalAlloc
WriteConsoleInputVDMW
DeviceIoControl
GetSystemDefaultLCID
RemoveLocalAlternateComputerNameW
CreateEventA
GetOEMCP
GetNamedPipeHandleStateW
GetConsoleInputWaitHandle
GetPrivateProfileSectionNamesA
ExpandEnvironmentStringsA
SetConsoleDisplayMode
VirtualAlloc
GetVersion
ReadConsoleOutputA
DeleteVolumeMountPointW
SetCriticalSectionSpinCount
GetConsoleCommandHistoryA
GetVersionExW
ScrollConsoleScreenBufferA
CreateJobObjectW
AllocateUserPhysicalPages
ShowConsoleCursor
QueryDepthSList
GetCommProperties
LoadLibraryA
GetCPInfo
WaitNamedPipeA
EscapeCommFunction

comctl32

ImageList_SetBkColor
FlatSB_GetScrollProp
ImageList_SetOverlayImage
ImageList_SetImageCount
DrawStatusText
ImageList_LoadImageW
DllGetVersion
ImageList_LoadImage
FlatSB_GetScrollRange
InitCommonControls
ImageList_DragLeave
ImageList_BeginDrag
InitCommonControlsEx
PropertySheetA
ImageList_DragEnter
FlatSB_SetScrollRange
CreatePropertySheetPage
ImageList_Merge
CreateToolbar
ImageList_Duplicate
PropertySheet
ImageList_DrawEx
CreateMappedBitmap
CreateToolbarEx
ImageList_Copy

untfs

?CopyIterator@NTFS_INDEX_TREE@@QAEEPAV1@@Z
?QueryLcnFromVcn@NTFS_EXTENT_LIST@@QBEEVBIG_INT@@PAV2@1@Z
?IsFree@NTFS_BITMAP@@QBEEVBIG_INT@@0@Z
?Write@NTFS_FILE_RECORD_SEGMENT@@UAEEXZ
??1NTFS_BITMAP@@UAE@XZ
?SetVolumeFlag@NTFS_SA@@QAEEGPAE@Z
FormatEx
?Read@NTFS_ATTRIBUTE@@QAEEPAXVBIG_INT@@KPAK@Z
??1NTFS_FILE_RECORD_SEGMENT@@UAE@XZ
?IsAllocated@NTFS_BITMAP@@QBEEVBIG_INT@@0@Z
?Write@NTFS_FRS_STRUCTURE@@QAEEXZ
?Initialize@NTFS_EXTENT_LIST@@QAEEVBIG_INT@@0@Z
Format
?Flush@NTFS_FILE_RECORD_SEGMENT@@QAEEPAVNTFS_BITMAP@@PAVNTFS_INDEX_TREE@@E@Z
?Initialize@NTFS_SA@@QAEEPAVLOG_IO_DP_DRIVE@@PAVMESSAGE@@VBIG_INT@@2@Z
?Initialize@NTFS_BOOT_FILE@@QAEEPAVNTFS_MASTER_FILE_TABLE@@@Z
?QueryAttributeList@NTFS_FRS_STRUCTURE@@QAEEPAVNTFS_ATTRIBUTE_LIST@@@Z
?GetNextAttributeListEntry@NTFS_ATTRIBUTE_LIST@@QBEPBU_ATTRIBUTE_LIST_ENTRY@@PBU2@@Z
?AllocateFileRecordSegment@NTFS_MASTER_FILE_TABLE@@QAEEPAVBIG_INT@@E@Z
??0NTFS_MFT_FILE@@QAE@XZ
?Initialize@NTFS_FILE_RECORD_SEGMENT@@QAEEVBIG_INT@@PAVNTFS_MFT_FILE@@@Z
Chkdsk
??1NTFS_FRS_STRUCTURE@@UAE@XZ
??0NTFS_MFT_INFO@@QAE@XZ
?ResetIterator@NTFS_INDEX_TREE@@QAEXXZ
?Initialize@NTFS_ATTRIBUTE@@QAEEPAVLOG_IO_DP_DRIVE@@KPBXKKPBVWSTRING@@G@Z
??0NTFS_BITMAP@@QAE@XZ
??0NTFS_ATTRIBUTE_DEFINITION_TABLE@@QAE@XZ
?SafeQueryAttribute@NTFS_FRS_STRUCTURE@@QAEEKPAVNTFS_ATTRIBUTE@@0@Z
?QueryAttribute@NTFS_FILE_RECORD_SEGMENT@@QAEEPAVNTFS_ATTRIBUTE@@PAEKPBVWSTRING@@@Z
?CompareDupInfo@NTFS_MFT_INFO@@SGEPAXPAU_FILE_NAME@@@Z
?Initialize@NTFS_BAD_CLUSTER_FILE@@QAEEPAVNTFS_MASTER_FILE_TABLE@@@Z
?GetNextAttributeRecord@NTFS_FRS_STRUCTURE@@QAEPAXPBXPAVMESSAGE@@PAE@Z
??0NTFS_SA@@QAE@XZ
?Initialize@NTFS_ATTRIBUTE_DEFINITION_TABLE@@QAEEPAVNTFS_MASTER_FILE_TABLE@@E@Z
??1NTFS_SA@@UAE@XZ
?AddFileNameAttribute@NTFS_FILE_RECORD_SEGMENT@@QAEEPAU_FILE_NAME@@@Z
?Read@NTFS_MFT_FILE@@UAEEXZ
?ComputeFileNameSignature@NTFS_MFT_INFO@@CGXKPAU_FILE_NAME@@QAE@Z
?Initialize@NTFS_ATTRIBUTE_RECORD@@QAEEPAVIO_DP_DRIVE@@PAX@Z
?Read@NTFS_FRS_STRUCTURE@@UAEEXZ
?TakeCensus@NTFS_SA@@QAEEPAVNTFS_MASTER_FILE_TABLE@@KPAUNTFS_CENSUS_INFO@@@Z
?CompareFileName@NTFS_MFT_INFO@@SGEPAXKPAU_FILE_NAME@@PAG@Z
?Initialize@NTFS_FILE_RECORD_SEGMENT@@QAEEXZ

ole32

IsValidPtrIn
EnableHookObject
CreateStreamOnHGlobal
CoGetComCatalog
HBRUSH_UserUnmarshal
PropVariantChangeType
OleConvertIStorageToOLESTREAMEx
HWND_UserMarshal
HMETAFILEPICT_UserMarshal
StgIsStorageFile
MonikerRelativePathTo
StgOpenStorageOnHandle
CoWaitForMultipleHandles
CLSIDFromString
OleQueryLinkFromData
CoFreeUnusedLibraries
WriteOleStg
CoRevokeClassObject
OleCreateLinkToFileEx
OleCreateLinkFromDataEx
CoRegisterSurrogate
CoCreateObjectInContext
HMENU_UserUnmarshal
ReadStringStream
CoQueryAuthenticationServices
GetErrorInfo
CoSwitchCallContext
CoPushServiceDomain
HGLOBAL_UserMarshal
CoTaskMemAlloc
PropSysAllocString
IsValidPtrOut
CoDosDateTimeToFileTime
HGLOBAL_UserSize
OleConvertIStorageToOLESTREAM

query

?SkipByte@CMemDeSerStream@@UAEXXZ
??1CPidLookupTable@@QAE@XZ
?AddRef@CQueryUnknown@@UAGKXZ
?ReInit@CQueryUnknown@@QAEXKPAPAVCRowset@@@Z
?GetBOOL@CAllocStorageVariant@@QBEFI@Z
?SetValue@CPropertyRestriction@@QAEXAAUtagBLOB@@@Z
?AppendListElement@CDbProjectListAnchor@@QAEHABUtagDBID@@PAG@Z
?AddCatalog@CMachineAdmin@@QAEXPBG0@Z
?ciDelete@@YGXPAX@Z
?Marshall@CNodeRestriction@@QBEXAAVPSerStream@@@Z
??3CDbContent@@SGXPAX@Z
?ParseExpression@CParseCommandTree@@QAEPAVCRestriction@@PAVCDbCmdTreeNode@@@Z
?StopCI@CMachineAdmin@@QAEHXZ
?Query@CQueryParser@@AAEPAVCDbRestriction@@PAVCDbNodeRestriction@@@Z
?Impersonate@CImpersonateClient@@AAEXXZ
?InsertChild@CDbCmdTreeNode@@IAEXPAV1@@Z
?Pause@CCatalogAdmin@@QAEHXZ
EndCacheTransaction
?RemoveFirstChild@CDbCmdTreeNode@@IAEPAV1@XZ
?NumberOfColumns@CCatState@@QBEIXZ
?SetI8@CStorageVariant@@QAEXT_LARGE_INTEGER@@I@Z
?MakeISearch@@YGJPAPAUISearchQueryHits@@PAVCDbRestriction@@PBG@Z
??0CDbContentRestriction@@QAE@PBGABVCDbColumnNode@@KK@Z
CIBuildQueryTree
?PutWString@CDbCmdTreeNode@@SGXAAVPSerStream@@PBG@Z
?Close@CPhysStorage@@QAEXXZ
?AddTable@CDbNestingNode@@QAEHPAVCDbCmdTreeNode@@@Z
??0CPathParser@@QAE@PBGK@Z
??1CImpersonateSystem@@QAE@XZ
?SetCatalog@CCatState@@QAEXPBG@Z
?SetDefaultProperty@CCatState@@QAEXPBG@Z
?Marshall@CPropertyRestriction@@QBEXAAVPSerStream@@@Z
LoadBinaryFilter
?Rewind@CMmStreamConsecBuf@@QAEXXZ
?ReadPrimaryProperty@CPropStoreManager@@QAEHKKAAUtagPROPVARIANT@@@Z
??1SStorageObject@@QAE@XZ
?Add@CDbColumns@@QAEHABVCDbColId@@I@Z

wldap32

LdapUnicodeToUTF8
ldap_simple_bindW
ldap_get_paged_count
ldap_search_ext_sW
ldap_delete_s
ldap_control_freeW
ldap_msgfree
ldap_get_next_page_s
ldap_modify_sW
ldap_memfreeA
ldap_create_page_controlW
ldap_abandon
ldap_free_controls
ldap_explode_dnW
ldap_count_values
ldap_close_extended_op
ber_next_element
cldap_open
ldap_extended_operation_sW
ldap_set_dbg_flags
ldap_delete_sW
ldap_set_dbg_routine
ldap_escape_filter_elementA
ldap_encode_sort_controlW
ldap_parse_extended_resultA
ldap_compareW
ldap_escape_filter_element
ldap_compare_ext_sW
ldap_compare_extA
ldap_search_sA
ldap_delete_extA
cldap_openA
ldap_delete_sA

inetcomm

CreateRangeList
MimeEditCreateMimeDocument
MimeOleParseRfc822Address
HrGetDisplayNameWithSizeForFile
HrAttachDataFromFile
MimeOleSMimeCapGetHashAlg
MimeOleGetBodyPropA
MimeOleSMimeCapsFull
EssContentHintDecodeEx
CreateIMAPTransport2
MimeOleGenerateFileName
MimeOleGetPropertySchema
MimeOleCreateSecurity
MimeOleGetFileInfoW
MimeOleGetDefaultCharset
MimeOleSetPropA
CreateNNTPTransport
EssKeyExchPreferenceDecodeEx
HrAthGetFileNameW
MimeOleGetBodyPropW
MimeOleParseRfc822AddressW
HrDoAttachmentVerb
MimeOleOpenFileStream
GetDllMajorVersion
MimeOleAlgNameFromSMimeCap
MimeOleCreateBody
EssSignCertificateDecodeEx
HrGetLastOpenFileDirectoryW
MimeOleUnEscapeStringInPlace
MimeOleSMimeCapGetEncAlg
EssMLHistoryDecodeEx

scrobj

GenerateTypeLib
GenerateTypeLibW
DllRegisterServerEx
DllUnregisterServerEx
DllRegisterServerExA
DllInstall
DllRegisterServerExW
DllGetClassObject

clusapi

ClusterRegOpenKey
CanResourceBeDependent
GetClusterNetworkId
CloseClusterNetInterface
OpenCluster
DeleteClusterResource
ClusterResourceEnum
OpenClusterGroup
ClusterGroupControl
ClusterNetworkCloseEnum
GetClusterNodeId
CloseClusterGroup
ClusterNodeCloseEnum
SetClusterQuorumResource
ClusterNetworkControl
OnlineClusterGroup
CreateClusterResourceType
ChangeClusterResourceGroup
ClusterEnum
OfflineClusterGroup
GetClusterNetInterfaceState
ClusterResourceTypeOpenEnum
GetNodeClusterState
RemoveClusterResourceDependency
ClusterRegDeleteKey
ClusterResourceControl
ClusterResourceTypeGetEnumCount
ClusterRegEnumValue
GetClusterResourceTypeKey
OpenClusterNode

Sections

.tixt
Size: 550KB - Virtual size: 550KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 13KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 306KB - Virtual size: 1.7MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 1024B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

b66e77407576a39799e71f5afa3a29fb

Headers

DLL Characteristics

File Characteristics

Imports

wininet

kernel32

comctl32

untfs

ole32

query

wldap32

inetcomm

scrobj

clusapi

Sections

.tixt Size: 550KB - Virtual size: 550KB

.rdata Size: 13KB - Virtual size: 13KB

.data Size: 306KB - Virtual size: 1.7MB

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 1024B - Virtual size: 1024B

.tixt
Size: 550KB - Virtual size: 550KB

.rdata
Size: 13KB - Virtual size: 13KB

.data
Size: 306KB - Virtual size: 1.7MB

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 1024B - Virtual size: 1024B