67b77b2c2c1ae9f3d7e562a2ed13bec7

Sharing

Copy URL Twitter E-mail

General

Target

67b77b2c2c1ae9f3d7e562a2ed13bec7
Size

858KB
MD5

67b77b2c2c1ae9f3d7e562a2ed13bec7
SHA1

f5d2dc70b11e54f37e54efbbef2bd59102afdeaf
SHA256

6b3ce0b9798243f38109124f5e9c7b70e4dedf00e83463f1bda51cafb010d9e9
SHA512

9219ec3b95a8fbcdc1a27fd7e4684a3ebee79cb2ff3bd36ade685e6c2b47914e234eede7d62916f887b1ce783d63ffecf6ae80e0a839ac8f4b4b68c31677468a
SSDEEP

24576:5aDml3M5yGMvAmq3zgjwqhNvn3RgDtrATthvlLM5:i+3M5/MIm2QwYvn3GtYXvRM5

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
67b77b2c2c1ae9f3d7e562a2ed13bec7

Files

67b77b2c2c1ae9f3d7e562a2ed13bec7
.exe windows:5 windows x86 arch:x86

c59a38eefaa1c953467848c622bfd72a

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

ntdll

RtlEnlargedUnsignedMultiply
RtlInitCodePageTable
LdrUnlockLoaderLock
NtUnlockVirtualMemory
NtAddAtom
RtlFormatCurrentUserKeyPath
RtlIntegerToChar
RtlImpersonateSelf
_CIcos
LdrFindResourceEx_U
ZwCompleteConnectPort
RtlPinAtomInAtomTable
ZwAllocateUuids
NtQueryDefaultLocale
RtlDeleteNoSplay
_CIsqrt
RtlEnumerateGenericTableWithoutSplaying
RtlUnicodeToCustomCPN
LdrGetDllHandleEx
wcstoul
RtlGetFrame
LdrSetAppCompatDllRedirectionCallback
ZwAlertResumeThread
NtQueryInformationAtom
RtlClearAllBits
RtlQueryInformationActiveActivationContext
NtSetEvent
RtlCreateTagHeap
RtlExtendedIntegerMultiply

kernel32

HeapReAlloc
LoadLibraryA
lstrcatA
GetLogicalDriveStringsW
NlsGetCacheUpdateCount
GetTapeStatus
GetLocaleInfoW
FindFirstFileW
FreeConsole
VirtualAllocEx
FindNextVolumeA
VirtualAlloc
EnumDateFormatsExA
InterlockedExchangeAdd
RegisterConsoleOS2
DeactivateActCtx
WriteConsoleInputW
SetConsoleCursorPosition
GetCurrentDirectoryA
BindIoCompletionCallback
SetThreadContext
SetLastConsoleEventActive
CreateTimerQueue
lstrcmpiW
FindFirstChangeNotificationW
SizeofResource
GetThreadPriority
RemoveVectoredExceptionHandler
InitializeCriticalSection
lstrcpyA
GetProfileSectionA
QueryDepthSList
SetProcessPriorityBoost
SetCurrentDirectoryW
RemoveLocalAlternateComputerNameA
SetFileApisToANSI
lstrcpyn
ActivateActCtx
LZInit
QueryPerformanceFrequency

msvcrt

_wstrdate
_nextafter
_inpw
_mbsnbcat
_unlink
_itow
__p__mbctype
exit
strerror
_mbsnbicoll
_safe_fdivr
fputwc
__set_app_type
fabs
_purecall
_mbsnbset
_mbclen
_setmaxstdio
_ismbclegal
tanh
_ismbcl1
_scalb
_mbstrlen
_pgmptr
_statusfp
__initenv
_mbsnbicmp
_ui64tow
?raw_name@type_info@@QBEPBDXZ
_telli64
__getmainargs
_write
??0__non_rtti_object@@QAE@ABV0@@Z
_mbscpy
_sys_nerr
wcschr
_wcsdup
__p__commode
exp
__lconv_init
strrchr
_fcloseall
_wcreat
__dllonexit
??3@YAXPAX@Z
printf
_stricmp

imagehlp

ImageNtHeader
UpdateDebugInfoFile
SymGetOptions
SymInitialize
SymGetLineFromAddr
EnumerateLoadedModules
SymGetLineNext
SymGetTypeInfo
SymGetModuleInfo
SymRegisterCallback64
SymSetOptions
SymUnloadModule64
StackWalk64
SymGetLineFromName
SymGetSymNext64
SymEnumerateSymbols64
ImageDirectoryEntryToData
SymRegisterFunctionEntryCallback
SymSetContext
SymGetSearchPath
SymGetSymFromAddr64
MapDebugInformation
ImagehlpApiVersion
SymGetLineNext64
SymRegisterCallback
BindImageEx
SymEnumerateSymbolsW
SplitSymbols
SymUnloadModule
RemoveRelocations
FindFileInSearchPath
GetImageUnusedHeaderBytes
SymMatchFileName
SymEnumerateModules
StackWalk

msasn1

ASN1objectidentifier_free
ASN1BEREncDouble
ASN1CEREncEndBlk
ASN1BEREncOctetString
ASN1_CreateDecoder
ASN1intx_uoctets
ASN1BERDecU16Val
ASN1objectidentifier2_cmp
ASN1BEREncSX
ASN1bitstring_cmp
ASN1CEREncBeginBlk
ASN1BERDecOctetString2
ASN1BERDecOpenType
ASN1charstring_cmp
ASN1BEREncChar16String
ASN1BERDecEndOfContents
ASN1bitstring_free
ASN1BEREncChar32String
ASN1BERDotVal2Eoid
ASN1BERDecUTF8String
ASN1intx_setuint32
ASN1octetstring_cmp
ASN1octetstring_free
ASN1BEREncTag
ASN1BEREoid2DotVal
ASN1BEREncBool

pdh

PdhListLogFileHeaderA
PdhGetLogFileTypeW
PdhAdd009CounterA
PdhGetFormattedCounterArrayW
PdhVbUpdateLog
PdhVbOpenQuery
PdhCloseLog
PdhSetCounterScaleFactor
PdhGetFormattedCounterValue
PdhConnectMachineW
PdhEnumObjectsA
PdhEnumObjectsHW
PdhGetDataSourceTimeRangeA
PdhCollectQueryDataEx
PdhCollectQueryData
PdhExpandWildCardPathHA
PdhEnumLogSetNamesW
PdhMakeCounterPathA
PdhExpandWildCardPathW
PdhUpdateLogA
PdhComputeCounterStatistics
PdhTranslate009CounterW
PdhEnumObjectsW
PdhSelectDataSourceW
PdhGetDefaultPerfCounterHW

perfctrs

CloseIPXPerformanceData
CollectSPXPerformanceData
OpenNWNBPerformanceData
OpenSPXPerformanceData
OpenNbfPerformanceData
OpenIPXPerformanceData
CloseTcpIpPerformanceData
CollectTcpIpPerformanceData
CloseDhcpPerformanceData
CollectIPXPerformanceData
CollectNWNBPerformanceData
OpenDhcpPerformanceData
CloseNbfPerformanceData
CollectNbfPerformanceData
CloseNWNBPerformanceData
OpenTcpIpPerformanceData
CloseSPXPerformanceData
CollectDhcpPerformanceData

user32

PostQuitMessage
RegisterClassA
DefWindowProcA

Sections

.text
Size: 362KB - Virtual size: 362KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 188KB - Virtual size: 188KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 305KB - Virtual size: 1.8MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 1024B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 1024B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

c59a38eefaa1c953467848c622bfd72a

Headers

DLL Characteristics

File Characteristics

Imports

ntdll

kernel32

msvcrt

imagehlp

msasn1

pdh

perfctrs

user32

Sections

.text Size: 362KB - Virtual size: 362KB

.rdata Size: 188KB - Virtual size: 188KB

.data Size: 305KB - Virtual size: 1.8MB

.rsrc Size: 1024B - Virtual size: 1024B

.reloc Size: 1024B - Virtual size: 1024B

.text
Size: 362KB - Virtual size: 362KB

.rdata
Size: 188KB - Virtual size: 188KB

.data
Size: 305KB - Virtual size: 1.8MB

.rsrc
Size: 1024B - Virtual size: 1024B

.reloc
Size: 1024B - Virtual size: 1024B