67f11f8fdd579836673eebb928b8ef25

Sharing

Copy URL Twitter E-mail

General

Target

67f11f8fdd579836673eebb928b8ef25
Size

67KB
MD5

67f11f8fdd579836673eebb928b8ef25
SHA1

b2e1f1812d81d1bcb218ee90d77be78e0cab664e
SHA256

ea14854ebf56b549ab9fdf863fa3acab08ea4a79ae15780382d4d194b97e0f9f
SHA512

cf05506838d3ba8b0b482a0c541e9bfb697a537dce390ef725058a50dbbeb5b98d8c7d4f9476be4cc3c2adf32061ad7037d0bd82cce3da09f9823e572dd85d67
SSDEEP

1536:T9gD2A2Gesa1/xPY2okq4Wn+R5vUO3En9mtTu7ZjRATjSgH414VHVHVHVTzb:OS7b1/RboH4l5tFTukDhVVVZz

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
67f11f8fdd579836673eebb928b8ef25

Files

67f11f8fdd579836673eebb928b8ef25
.exe windows:5 windows x86 arch:x86

b05442d2bab807fb72650261e719b270

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

query

?AcqWord@CQueryScanner@@QAEPAGXZ
?GetTotalSizeInKB@CPropertyStore@@QAEKXZ
_StartFWCiSvcWork@12
?GetStackTrace@@YGXPADK@Z
?Release@CQueryUnknown@@UAGKXZ
?AddRefWorkThreads@CWorkQueue@@QAEXXZ
?UpdateContentIndex@@YGKPBG00H@Z
?GetDiskSpace@CDriveInfo@@QAEXAA_J0@Z
??0CImpersonationTokenCache@@QAE@PBG@Z
??0CRegAccess@@QAE@KPBG@Z
??1CPerfMon@@QAE@XZ
?PeekULong@CMemDeSerStream@@UAEKXZ
?MakePath@CFullPath@@QAEXPBG@Z
??0CTimeLimit@@QAE@KK@Z
?CIShutdown@@YGXXZ
?Find@CPropertyList@@UAEPBVCPropEntry@@ABVCDbColId@@@Z
?Enum@CWin32RegAccess@@QAEHPAGK@Z
?SetCatalog@CCatState@@QAEXPBG@Z
?Rewind@CMmStreamConsecBuf@@QAEXXZ
?AddEntry@CPropertyList@@UAEXPAVCPropEntry@@H@Z
??1CMmStream@@UAE@XZ
?VT_VARIANT_LT@@YGHABUtagPROPVARIANT@@0@Z
?Shrink@CDynStream@@QAEXAAVPStorage@@K@Z

kernel32

LoadLibraryW
GetSystemDefaultLangID
GetTickCount
Module32NextW
WaitForMultipleObjects
InterlockedFlushSList
MoveFileWithProgressW
PeekConsoleInputW
FindNextFileW
SearchPathA
GetProcessAffinityMask
GetFileSizeEx
AddLocalAlternateComputerNameW
FreeConsole
CreateJobSet
GetModuleHandleW
SetProcessAffinityMask
InitializeCriticalSectionAndSpinCount
FindNextVolumeMountPointA
GetVersion
GlobalAddAtomA
GlobalFix
OpenFile
AddLocalAlternateComputerNameA
GetNumberFormatA
VirtualAlloc
LZRead
FatalExit
OpenWaitableTimerA
GetDiskFreeSpaceW
SetConsoleCursorPosition
GetProcAddress
ContinueDebugEvent
GetVolumePathNamesForVolumeNameW
DeleteFileA
UnmapViewOfFile
GetStdHandle
SetComPlusPackageInstallStatus
AssignProcessToJobObject
CreateToolhelp32Snapshot
CreateWaitableTimerA
OpenEventW
QueryPerformanceCounter
GetWriteWatch
GlobalWire
DefineDosDeviceW
GetCurrentThreadId
GetTimeFormatW
VirtualProtect
GetThreadSelectorEntry
GetCommProperties
FindNextVolumeW
SetThreadContext
GetStartupInfoW
LoadLibraryA
_lcreat
SetDefaultCommConfigW
InitializeSListHead
GetCurrentProcessId
GetLogicalDriveStringsA
GetLargestConsoleWindowSize

adsldpc

MapLDAPTypeToADSType
LdapTypeToAdsTypeDNWithBinary
LdapCompareExt
BuildADsParentPath
LdapGetValues
LdapOpenObject
AdsTypeToLdapTypeCopyDNWithBinary
LdapModifyS
SchemaClose
LdapDeleteS
LdapCrackUserDNtoNTLMUser2
LdapCacheAddRef
FindEntryInSearchTable
GetDomainDNSNameForDomain
LdapModDnS
AdsTypeToLdapTypeCopyTime
SchemaIsClassAContainer
LdapGetDn
ReallocADsStr
SchemaGetStringsFromStringTable
ADsEncodeBinaryData
LdapTypeCopyConstruct

msls31

LsdnSkipCurTab
LsDestroyContext
LsDisplayLine
LsAppendRunToCurrentSubline
LsDestroyLine
LsCreateLine
LsdnModifyParaEnding
LsModifyLineHeight
LsSqueezeSubline
LssbGetObjDimSubline
LsPointXYFromPointUV
LssbGetDurTrailInSubline
LssbFDonePresSubline
LsQueryLinePointPcp
LssbGetDurTrailWithPensInSubline
LsMatchPresSubline
LsSetModWidthPairs
LsdnFinishDeleteAll
LsdnGetDup
LsQueryFLineEmpty
LssbGetNumberDnodesInSubline
LsExpandSubline
LsFetchAppendToCurrentSublineResume
LsFetchAppendToCurrentSubline
LsResetRMInCurrentSubline
LssbGetVisibleDcpInSubline

odbcbcp

bcp_columns
bcp_writefmtW
SQLInitEnumServers
bcp_readfmtA
bcp_getcolfmt
SQLLinkedServers
dbprtypeW
bcp_done
SQLLinkedCatalogsA
bcp_exec
bcp_initW
bcp_collen
SQLGetNextEnumeration
bcp_colfmt
SQLCloseEnumServers
bcp_writefmtA
bcp_readfmtW
bcp_initA
bcp_bind
LibMain
bcp_batch
bcp_moretext
bcp_sendrow
SQLLinkedCatalogsW
bcp_colptr
bcp_control
bcp_setcolfmt
dbprtypeA

ntdll

ZwOpenFile
iswdigit
ZwQueryVolumeInformationFile
NtWriteFileGather
RtlUnlockBootStatusData
RtlRealSuccessor
NtNotifyChangeMultipleKeys
ZwCancelIoFile
ZwWaitForMultipleObjects
RtlDoesFileExists_U
RtlpNtOpenKey
_strlwr
RtlDeleteResource
ZwSetContextThread
atoi
ZwTerminateProcess
RtlSizeHeap
RtlLengthRequiredSid
NtTraceEvent
RtlInitMemoryStream
NtAddAtom
NtEnumerateBootEntries
RtlpUnWaitCriticalSection
wcstombs
_chkstk

iassam

DllGetClassObject
DllRegisterServer
DllUnregisterServer
DllCanUnloadNow

Sections

.text
Size: 11KB - Virtual size: 10KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 19KB - Virtual size: 18KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 14KB - Virtual size: 89KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 22KB - Virtual size: 21KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 432B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

b05442d2bab807fb72650261e719b270

Headers

DLL Characteristics

File Characteristics

Imports

query

kernel32

adsldpc

msls31

odbcbcp

ntdll

iassam

Sections

.text Size: 11KB - Virtual size: 10KB

.rdata Size: 19KB - Virtual size: 18KB

.data Size: 14KB - Virtual size: 89KB

.rsrc Size: 22KB - Virtual size: 21KB

.reloc Size: 512B - Virtual size: 432B

.text
Size: 11KB - Virtual size: 10KB

.rdata
Size: 19KB - Virtual size: 18KB

.data
Size: 14KB - Virtual size: 89KB

.rsrc
Size: 22KB - Virtual size: 21KB

.reloc
Size: 512B - Virtual size: 432B