667c63437c69b24699a6434f30b6b2fc

Sharing

Copy URL

Twitter E-mail

General

Target

667c63437c69b24699a6434f30b6b2fc
Size

119KB
MD5

667c63437c69b24699a6434f30b6b2fc
SHA1

ef72054342900fa734d3f40c2925d5292bc8fd9d
SHA256

b25684041f846e0d0e3b941838cd97b4559240afcf5d07e0302fab6b6fc1c0ef
SHA512

42210b4a43aff604f5b4cd63bc06f523ff9129420c6db112e74a114f61212b2e274480a3a9f60faafdb8bd6ab4e3508b6a6482eb1d2d3f94020d47cf6600fdce
SSDEEP

3072:fLYkZWTqRkZSo1SPfTQe6KrtHkvkDP8Gb2gG:fER+kSoc/6K5lJ2P

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
667c63437c69b24699a6434f30b6b2fc

Files

667c63437c69b24699a6434f30b6b2fc
.exe windows:5 windows x86 arch:x86

8c5ef2b499f7085fa59229a9b604534e

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

query

?Enum@CWin32RegAccess@@QAEHPAGK@Z
?EnableCI@CMachineAdmin@@QAEHXZ
?Add@CDbQueryResults@@QAEXPAGK@Z
??0CDefColumnRegEntry@@QAE@XZ
?RemoveCatalogFiles@CMachineAdmin@@QAEXPBG@Z
??1CDbContentBaseRestriction@@QAE@XZ
??0CRequestQueue@@QAE@IIIHIIABU_GUID@@@Z
?ReInit@CQueryUnknown@@QAEXKPAPAVCRowset@@@Z
?GetOffset@CKeyDeComp@@QAEXAAUBitOffset@@@Z
?TunePerformance@CMachineAdmin@@QAEXHGG@Z
SetupCacheEx
?GetScodeError@@YGJAAVCException@@@Z
?NumberOfColumns@CCatState@@QBEIXZ
?Release@CQueryUnknown@@UAGKXZ
??1CCatState@@QAE@XZ
?FastInit@CPropStoreManager@@QAEXPAVCiStorage@@@Z
?SetPath@CScopeAdmin@@QAEXPBG@Z
??1CWorkManager@@QAE@XZ
?QueryPidLookupTable@CiStorage@@QAEPAVPRcovStorageObj@@K@Z
?WriteProperty@CPropStoreManager@@QAEJAAVCCompositePropRecordForWrites@@KABVCStorageVariant@@@Z
?_ftFile@CGlobalPropFileRefresher@@0U_FILETIME@@A
LoadBinaryFilter
SetupCache
?IsValid@COccRestriction@@QBEHXZ
??0CPersDeComp@@QAE@AAVPDirectory@@KAAVCPhysIndex@@KHH@Z
?RefreshParams@CWorkQueue@@QAEXKK@Z
?Marshall@CDbParameter@@QBEXAAVPSerStream@@@Z
?IsWriteProtected@CDriveInfo@@QAEHXZ
?GetULong@CMemDeSerStream@@UAEKXZ
??1?$XPtr@VCDbColumnNode@@@@QAE@XZ
??0CDynStream@@QAE@PAVPMmStream@@@Z
?SetCD@CCatState@@QAEXPBG@Z
?Append@CEnumString@@QAEXPBG@Z
?AddArg@CFwEventItem@@QAEXPBG@Z
?SetBOOL@CStorageVariant@@QAEXFI@Z
CiSvcMain
?PropertyToPropId@CStandardPropMapper@@QAEKABVCFullPropSpec@@H@Z
?Marshall@CNotRestriction@@QBEXAAVPSerStream@@@Z
??0CPropertyRestriction@@QAE@KABVCFullPropSpec@@ABVCStorageVariant@@@Z

msvcirt

??0Iostream_init@@QAE@XZ
??_7ostream@@6B@
?setbuf@streambuf@@UAEPAV1@PADH@Z
??0stdiobuf@@QAE@ABV0@@Z
??_7streambuf@@6B@
?putback@istream@@QAEAAV1@D@Z
?seekg@istream@@QAEAAV1@JW4seek_dir@ios@@@Z
??_8stdiostream@@7Bistream@@@
??_Gstrstreambuf@@UAEPAXI@Z
?seekoff@strstreambuf@@UAEJJW4seek_dir@ios@@H@Z
?sunk_with_stdio@ios@@0HA
?sh_write@filebuf@@2HB
??1Iostream_init@@QAE@XZ
??0fstream@@QAE@HPADH@Z
??4ifstream@@QAEAAV0@ABV0@@Z
??_8iostream@@7Bostream@@@
??_Estrstream@@UAEPAXI@Z
??0streambuf@@QAE@ABV0@@Z
?setmode@fstream@@QAEHH@Z
??0strstreambuf@@QAE@XZ
??0stdiobuf@@QAE@PAU_iobuf@@@Z
?openprot@filebuf@@2HB
?flush@@YAAAVostream@@AAV1@@Z
??_Elogic_error@@UAEPAXI@Z
??0fstream@@QAE@H@Z
?dbp@streambuf@@QAEXXZ
??_7iostream@@6B@
??0strstream@@QAE@PADHH@Z
??_8stdiostream@@7Bostream@@@
?setrwbuf@stdiobuf@@QAEHHH@Z
?attach@ofstream@@QAEXH@Z
?unbuffered@streambuf@@IAEXH@Z

winscard

SCardGetAttrib
SCardForgetReaderGroupW
SCardBeginTransaction
SCardConnectA
SCardReleaseNewReaderEvent
SCardListInterfacesA
SCardIntroduceReaderGroupW
SCardReleaseContext
SCardListCardsW
SCardListReadersW
SCardSetCardTypeProviderNameA
SCardIntroduceReaderW
SCardAddReaderToGroupW
SCardIntroduceCardTypeW
g_rgSCardT0Pci
SCardForgetReaderGroupA
SCardEstablishContext
SCardReconnect
SCardLocateCardsW
SCardListCardsA
SCardCancel
SCardIsValidContext
SCardListReadersA
SCardLocateCardsA
g_rgSCardRawPci
SCardForgetReaderA
SCardListReaderGroupsW
SCardControl
SCardRemoveReaderFromGroupW
SCardSetCardTypeProviderNameW
SCardGetCardTypeProviderNameA
SCardForgetReaderW
SCardGetProviderIdW
SCardState
SCardAddReaderToGroupA
SCardDisconnect
SCardSetAttrib
SCardIntroduceReaderGroupA
SCardIntroduceCardTypeA
SCardAccessStartedEvent
SCardReleaseAllEvents
SCardForgetCardTypeW
SCardListReaderGroupsA
SCardIntroduceReaderA

atl

AtlModuleRegisterServer
AtlUnadvise
AtlModuleRegisterClassObjects
AtlModuleLoadTypeLib
AtlHiMetricToPixel
AtlIPersistPropertyBag_Load
AtlModuleRevokeClassObjects
AtlGetObjectSourceInterface
AtlFreeMarshalStream
AtlWaitWithMessageLoop
AtlInternalQueryInterface
AtlCreateTargetDC
AtlMarshalPtrInProc
AtlModuleUnRegisterTypeLib
AtlModuleAddTermFunc
AtlRegisterClassCategoriesHelper
AtlAxGetControl
AtlSetErrorInfo
AtlAxCreateControlEx
AtlModuleRegisterTypeLib
AtlModuleRegisterWndClassInfoW
AtlAxAttachControl
AtlModuleExtractCreateWndData
AtlModuleUnregisterServerEx
AtlAxDialogBoxW
AtlDevModeW2A
AtlAxWinInit
AtlModuleTerm
AtlModuleInit
AtlModuleRegisterWndClassInfoA
AtlIPersistStreamInit_Load
AtlModuleGetClassObject
AtlIPersistPropertyBag_Save

kernel32

GetSystemTimeAsFileTime
OutputDebugStringA
GetSystemWow64DirectoryW
CompareStringW
EnumDateFormatsExW
LoadLibraryA
GetSystemDefaultLangID
GetStdHandle
GetConsoleAliasW
ShowConsoleCursor
ReleaseSemaphore
GetShortPathNameA
GetTickCount
GetProcessPriorityBoost
UnregisterConsoleIME
GetVolumeInformationA
GetConsoleHardwareState
LocalFileTimeToFileTime
SetCommBreak
GetFileAttributesExA
GetConsoleKeyboardLayoutNameW
VirtualAlloc
GetProfileStringA
ConvertDefaultLocale
GlobalLock
SetEnvironmentVariableA
GlobalMemoryStatusEx
GetDiskFreeSpaceW
OpenProcess
GetFileAttributesA
GlobalGetAtomNameA
FreeConsole
GetDateFormatW
ReadConsoleOutputW
SetFileApisToOEM
ScrollConsoleScreenBufferW
GetConsoleCommandHistoryW
GetConsoleAliasExesW
GetMailslotInfo
GetDefaultCommConfigW
GetShortPathNameW
CancelDeviceWakeupRequest
PeekConsoleInputA
WritePrivateProfileStringA
GlobalAlloc

mfcsubs

?MakeUpper@CString@@QAEXXZ
?Mid@CString@@QBE?AV1@H@Z
?Format@CString@@QAAXIZZ
??H@YG?AVCString@@ABV0@G@Z
??ACMapStringToPtr@@QAEAAPAXPBG@Z
?LockBuffer@CString@@QAEPAGXZ
?Mid@CString@@QBE?AV1@HH@Z
??9@YG_NABVCString@@PBG@Z
??BCSyncObject@@QBEPAXXZ
?Find@CString@@QBEHPBG@Z
??O@YG_NABVCString@@PBG@Z
?Lookup@CMapStringToPtr@@QBEHPBGAAPAX@Z
?ElementAt@CStringArray@@QAEAAVCString@@H@Z
?GetLength@CString@@QBEHXZ
?AssignCopy@CString@@IAEXHPBG@Z
??M@YG_NABVCString@@0@Z
??ACString@@QBEGH@Z
?LookupKey@CMapStringToPtr@@QBEHPBGAAPBG@Z
?GetStartPosition@CMapStringToPtr@@QBEPAU__POSITION@@XZ
?InitHashTable@CMapStringToPtr@@QAEXIH@Z
?Lock@CSyncObject@@UAEHK@Z
?SpanIncluding@CString@@QBE?AV1@PBG@Z
??4CPlex@@QAEAAU0@ABU0@@Z
?AllocBuffer@CString@@IAEXH@Z
??4CString@@QAEABV0@PBE@Z
?Copy@CStringArray@@QAEXABV1@@Z
?GetAllocLength@CString@@QBEHXZ
?FormatMessageW@CString@@QAAXIZZ
??0CString@@QAE@GH@Z
?Append@CStringArray@@QAEHABV1@@Z
?ReverseFind@CString@@QBEHG@Z
?Collate@CString@@QBEHPBG@Z
?GetData@CStringArray@@QAEPAVCString@@XZ
??P@YG_NABVCString@@PBG@Z
??4CString@@QAEABV0@G@Z
?MakeLower@CString@@QAEXXZ
?NewAssoc@CMapStringToPtr@@IAEPAUCAssoc@1@XZ
??1CString@@QAE@XZ
?RemoveAll@CStringArray@@QAEXXZ
?SetAt@CStringArray@@QAEXHPBG@Z
?GetData@CStringArray@@QBEPBVCString@@XZ
??0CString@@QAE@PBG@Z
?Lock@CCriticalSection@@QAEHXZ
?CompareNoCase@CString@@QBEHPBG@Z
??H@YG?AVCString@@PBGABV0@@Z

Sections

.text
Size: 56KB - Virtual size: 56KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 41KB - Virtual size: 41KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 17KB - Virtual size: 96KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 1024B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

8c5ef2b499f7085fa59229a9b604534e

Headers

DLL Characteristics

File Characteristics

Imports

query

msvcirt

winscard

atl

kernel32

mfcsubs

Sections

.text Size: 56KB - Virtual size: 56KB

.rdata Size: 41KB - Virtual size: 41KB

.data Size: 17KB - Virtual size: 96KB

.rsrc Size: 1024B - Virtual size: 1024B

.reloc Size: 1KB - Virtual size: 1KB

.text
Size: 56KB - Virtual size: 56KB

.rdata
Size: 41KB - Virtual size: 41KB

.data
Size: 17KB - Virtual size: 96KB

.rsrc
Size: 1024B - Virtual size: 1024B

.reloc
Size: 1KB - Virtual size: 1KB