66a738a1e8368ad94a8057ab61c4511e

Sharing

Copy URL Twitter E-mail

General

Target

66a738a1e8368ad94a8057ab61c4511e
Size

356KB
MD5

66a738a1e8368ad94a8057ab61c4511e
SHA1

2f7ebd65975b5880969bb1961c201ec33de9a85a
SHA256

37b1002bea2d28c93707fb55b29496fd0347b7476785da4e8bef8eefb4afd667
SHA512

cb24a15358cfb4e590e19dd2bfe13da68d1f86135d699339aae04bb096d78d96040fd3dd3e73228f8711298bf2fd9c1196a2dba9909259ed683a52dacd30a4fb
SSDEEP

6144:sKgDKluPFwbKkwXXz6AWPlsmnsALXqo1jmUZxL6xQGQm9UmM7I+6cw:sLQuPFwbK9Xz6AWWmJLXqs76ve7I+L

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
66a738a1e8368ad94a8057ab61c4511e

Files

66a738a1e8368ad94a8057ab61c4511e
.exe windows:4 windows x86 arch:x86

0f74eaffa4924d33561366788e6ab936

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

oranl9

snlfprh
nlpaseq
nlershow
nlergmfi
nlerbem
nlstdini
nlersec
nlstdtrm
nlpassp
nlerrse
nlstdgg
nlepeget
nlbamsg
nlemfireg
snlpcgpid
nldtshget
nldsfprintf
nldsflush
snlfohd
snlflch
nlfncons
nlercrs
snlftmp
nlercss
nldatxt
nlerfic
nlfninit
snlfchd
snlfrnm
snlfdel
nlerrec
nlerric
nlerasi
nlspfile
nlfndstry
nldtlvlalter
nlstdstp
nldtotrc

oran9

nngsdei_deinit_streams
nngtdei_deinit_msg
nngpdei_deinit_perf
nlnvszs
nncidei
nngptvr_timer_var_req
nngmpgb_get_bool
nmpigetssp
nplio2t_oid2text
nmpidei_deinit
nsevrgs
nngsgts_get_stream_cache
nlnvdeb
nngrfrd_free_rr
nngxidn_init_dname
nngmnvi_nv_iterate
nlnvgin
nlnvnnv
nlnvgtn
nlnvcrb
nngxnmb_dname_belowp
nsimport
nngxvad_validate_addr
nngdwdl_write_discovery_list
nngsrhd_register_handler
nngscls_close_stream
nngtpma_put_msg_asn
nngtrms_release_msg
nngtnty_new_type
nngtnms_new_msg
nngrcprr_copy_rr
nngtgma_get_msg_asn
snngscv_client_event_wait
nngsget_get_stream
nngsmad_my_addr
nngrard_add_rr
nngrnrd_new_rr
nngrt2n_rrtype2name
nngrfma_find_match
nngrfrm_free_list_mems
nngrtn2c_type_name2code
nngrxty_iter_next
nngtnrd_new_rr
nngtnob_next_obj
nngsnad_new_stream_addr
nlnvcrs
nlnvgap
nngtmeq_msg_equalp
nngxndb_new_datbuf
nngshdi_init_ncro
nngsxch_extend_cache
nngmpgs_get_string
nlpuiterate
nlpugck
nngrolf_output_to_domain_file
nngxqdn_qualify_dname
nlpuszs
nlpucar
nlpugtyp
nlpunth
nlpunvl
nlpufvp
nngxt2n_stx_code2name
nngxitx_init_text
nngxihx_init_hex
nngximt_init_meta
nngxmt2f_meta_text2flag
nngxn2t_stx_name2code
nngxian_init_any
nlpucrs
nngrc2n_code2name
nngrmrg_merge_rrlists
nngrorl_output_list_trace
nngmotm_output_time_trace
nngtfoa_free_objarr
nngtfmt_free_msg_type
nngturcp_copy_moddir
nngxcmp_compare_datbuf
nngrdty_del_by_type
nngrdma_del_match_rr
nngtcpta_typarr_copy
nplicmo_compare_oid
nmpido_proc_request
nsgblini
nsinherit
nsrefuse
nngmpga_get_addr
nsaccept
nsdisc
nngmlog
nngxodn_dname_text
snngssv_server_event_loop
nsgetaddr
nngslis_listen_stream
nlnvfbp
nngmisb_init_snmp_buf
nngsfad_free_stream_addr
nngmlsv_log_stat_value
nngmp2e
nmpiscm_set_community
nngsrhk_register_housekeeper
nngtini_init_msg
nngmpgu_get_unsigned
nngsini_init_streams
nngxiad_init_addr
nngpini_init_perf
nngxidb_init_dname_datbuf
nlnvgta
nngdrdl_read_discovery_list
nmpiptb_process_table_var

oranms

nmsghdl_GetHandle
nmsxgs_GetString
nmsg1x_GetOneIndex
nmsrgm_RegisterMIB
nmsrgr_RegisterMIBRow
nmsgmcap_GetMasterCapabilities
nmssctx_SetClientCtxt
nmsut_GetSysUpTime
nmsdrgm_DeregisterMIB
nmsson2_SignOnWithPathAndBool
nmssoff_SignOff
nmsdrgr_DeregisterMIBRow
nmsgctx_GetClientCtxt

oracore9

ltmftm
ltmstm
ltmini
ltmntm
lstmclo
sltrusleep
lstclo
ss_mem_cal
ss_mem_fre
sscoreserverflag
ss_mem_alc
ltmtxp
slzgetevar
ss_mem_ral
lstmup
ltmdei
ltmctm

kernel32

OpenEventA
SetEvent
CreateEventA
CreateThread
WaitForSingleObject
CloseHandle
GetVersionExA
GetLastError
GetCurrentProcessId
MapViewOfFile
OpenFileMappingA
GetCurrentThreadId
UnmapViewOfFile

advapi32

StartServiceCtrlDispatcherA
RegisterServiceCtrlHandlerA
SetServiceStatus
DeregisterEventSource
ReportEventA
RegisterEventSourceA

msvcrt

_setjmp3
malloc
qsort
free
strtol
realloc
_ftime
__set_app_type
_except_handler3
_controlfp
__dllonexit
_onexit
_stricmp
_exit
_XcptFilter
__p___initenv
__getmainargs
_initterm
__setusermatherr
_adjust_fdiv
__p__commode
__p__fmode
exit
sprintf
atoi
calloc

Sections

.text
Size: 80KB - Virtual size: 79KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 8KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 16KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tc
Size: 248KB - Virtual size: 248KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

0f74eaffa4924d33561366788e6ab936

Headers

File Characteristics

Imports

oranl9

oran9

oranms

oracore9

kernel32

advapi32

msvcrt

Sections

.text Size: 80KB - Virtual size: 79KB

.rdata Size: 8KB - Virtual size: 5KB

.data Size: 16KB - Virtual size: 15KB

.tc Size: 248KB - Virtual size: 248KB

.text
Size: 80KB - Virtual size: 79KB

.rdata
Size: 8KB - Virtual size: 5KB

.data
Size: 16KB - Virtual size: 15KB

.tc
Size: 248KB - Virtual size: 248KB