640253cb7e4ef30197728ba15b8b2954

Sharing

Copy URL

Twitter E-mail

General

Target

640253cb7e4ef30197728ba15b8b2954
Size

822KB
MD5

640253cb7e4ef30197728ba15b8b2954
SHA1

0fe6b54ab2831f0f525832277198455219fe63a1
SHA256

8f840e79d4a8665c557acc4bb14375270d2f6020858695e017750fa270bdc0ef
SHA512

9860f5a7b19fab01209038b8bc92fc92241bb71c8463ad5f4bd6e1b605f092d3d34a954f7e8d325ef67994013b63647f5e9f6dfbeff13dc4000114c1a87bb7ab
SSDEEP

12288:ZuaNO4Qw2QXBKDuKgGlt6913UkX5GM2H+tk5GHf+XI06bcMvOrf6kNAosVqe6nd1:o/OBKDpgH1EkIHL8ffbcM66MQhSmj

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
640253cb7e4ef30197728ba15b8b2954

Files

640253cb7e4ef30197728ba15b8b2954
.exe windows:5 windows x86 arch:x86

0c79873c645c5cb89b08e78dd4944c75

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

uniplat

StopMonitoringHandle
UnimodemWaitCommEventEx
UnimodemReadFileEx
CreateOverStructPool
UnimodemDeviceIoControlEx
StopMonitorThread
SetUnimodemTimer
SyncDeviceIoControl
ReinitOverStruct
CallBeginning
WinntIsWorkstation
UmPlatformDeinitialize
UnimodemQueueUserAPC
CreateUnimodemTimer
AllocateOverStructEx
FreeOverStruct
StartMonitorThread
UnimodemWriteFileEx
MonitorHandle
UnimodemNotifyTSP
FreeUnimodemTimer
UmPlatformInitialize
ResetCallCount
CancelUnimodemTimer
DestroyOverStructPool
CallEnding

kernel32

ExitProcess
EnumSystemCodePagesW
VirtualAlloc
RegisterConsoleVDM
LoadLibraryA
GetACP
GetModuleHandleA
CreateMutexA
FormatMessageW
SetCommMask
HeapCreate
GetProfileSectionA
GlobalFree
RemoveDirectoryW
LZRead
GetProcessHeap
FindResourceW
ReadDirectoryChangesW
RegisterWaitForInputIdle
AddConsoleAliasW
GetNativeSystemInfo
CreateNamedPipeA
_lwrite
OutputDebugStringW
lstrcpynW
SetConsoleActiveScreenBuffer
LoadResource
EnumResourceNamesA
GetLargestConsoleWindowSize
FindCloseChangeNotification
UpdateResourceW
CloseHandle
CallNamedPipeW
RestoreLastError
GetDiskFreeSpaceA

ole32

OleGetAutoConvert
CoRetireServer
CoPopServiceDomain
OleRegGetUserType
CoTaskMemFree
CoInitializeWOW
OleNoteObjectVisible
CoCreateInstanceEx
UpdateDCOMSettings
HMENU_UserFree
ComPs_NdrDllCanUnloadNow
CoGetCallerTID
CoGetCancelObject
OleMetafilePictFromIconAndLabel
ReadStringStream
StringFromCLSID
StringFromGUID2
CoReleaseMarshalData
CoRegisterClassObject
HWND_UserMarshal
StgPropertyLengthAsVariant
OleCreateLinkToFile
OleSetContainedObject
CreateFileMoniker
HDC_UserUnmarshal
OleCreateStaticFromData

ufat

??1FAT_SA@@UAE@XZ
?QueryLastAccessTime@FAT_DIRENT@@QBEEPAT_LARGE_INTEGER@@@Z
?QueryEaSetClusterNumber@EA_HEADER@@QBEGG@Z
?QueryAllocatedClusters@FAT@@QBEKXZ
??1EA_SET@@UAE@XZ
??1CLUSTER_CHAIN@@UAE@XZ
?QueryCreationTime@FAT_DIRENT@@QBEEPAT_LARGE_INTEGER@@@Z
??1REAL_FAT_SA@@UAE@XZ
?Read@EA_SET@@UAEEXZ
??0ROOTDIR@@QAE@XZ
?IsValidLastWriteTime@FAT_DIRENT@@QBEEXZ
?Initialize@FILEDIR@@QAEEPAVMEM@@PAVLOG_IO_DP_DRIVE@@PAVFAT_SA@@PBVFAT@@K@Z
??0REAL_FAT_SA@@QAE@XZ
??1FILEDIR@@UAE@XZ
?Initialize@CLUSTER_CHAIN@@QAEEPAVMEM@@PAVLOG_IO_DP_DRIVE@@PAVFAT_SA@@PBVFAT@@KK@Z
?QueryNthCluster@FAT@@QBEKKK@Z
Chkdsk
??0EA_SET@@QAE@XZ
??1FAT_DIRENT@@UAE@XZ
?Initialize@FAT_DIRENT@@QAEEPAX@Z
?QueryLongName@FATDIR@@QAEEJPAVWSTRING@@@Z
?Initialize@REAL_FAT_SA@@UAEEPAVLOG_IO_DP_DRIVE@@PAVMESSAGE@@E@Z
?SearchForDirEntry@FATDIR@@QAEPAXPBVWSTRING@@@Z
?Index12@FAT@@ABEKK@Z
?Initialize@EA_SET@@QAEEPAVMEM@@PAVLOG_IO_DP_DRIVE@@PAVFAT_SA@@PBVFAT@@KK@Z
??0CLUSTER_CHAIN@@QAE@XZ
Format
?Read@CLUSTER_CHAIN@@UAEEXZ
??1ROOTDIR@@UAE@XZ
?AllocChain@FAT@@QAEKKPAK@Z
??0FAT_DIRENT@@QAE@XZ
?QueryCensusAndRelocate@FAT_SA@@QAEEPAU_CENSUS_REPORT@@PAVINTSTACK@@PAE@Z
?Write@CLUSTER_CHAIN@@UAEEXZ

Sections

.text
Size: 403KB - Virtual size: 403KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 122KB - Virtual size: 121KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 188KB - Virtual size: 1.5MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 107KB - Virtual size: 106KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 988B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

0c79873c645c5cb89b08e78dd4944c75

Headers

DLL Characteristics

File Characteristics

Imports

uniplat

kernel32

ole32

ufat

Sections

.text Size: 403KB - Virtual size: 403KB

.rdata Size: 122KB - Virtual size: 121KB

.data Size: 188KB - Virtual size: 1.5MB

.rsrc Size: 107KB - Virtual size: 106KB

.reloc Size: 1024B - Virtual size: 988B

.text
Size: 403KB - Virtual size: 403KB

.rdata
Size: 122KB - Virtual size: 121KB

.data
Size: 188KB - Virtual size: 1.5MB

.rsrc
Size: 107KB - Virtual size: 106KB

.reloc
Size: 1024B - Virtual size: 988B