70a8ae366630d18a4a18a60151d50e10

Sharing

Copy URL Twitter E-mail

General

Target

70a8ae366630d18a4a18a60151d50e10
Size

42KB
MD5

70a8ae366630d18a4a18a60151d50e10
SHA1

ef804514f29e3443b088fa17327133ea0318ef07
SHA256

3f09b5f7459cd1dbe271a64b16fc697438fdc5fd0875053a60f1a722f73f5151
SHA512

3205da15d80954724db324837c3d941e1da7f3a06cb187a8f6d5186bad17af07a8f87611906ed619ab0683de7052064b622c79f429732a5e689ffb212ef8f205
SSDEEP

768:TspjQ2oVxOQTAcKsyn0KyEqF3SPZl+uu5R8Cr2XmMqZoojz:gBQvyQTAyKyBiPZGRyXTs/jz

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
70a8ae366630d18a4a18a60151d50e10

Files

70a8ae366630d18a4a18a60151d50e10
.exe windows:5 windows x86 arch:x86

14805cc068e88dda38d2ee750fdfb6dd

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

msvcrt

_stat64
_vscwprintf
__set_app_type
malloc
_creat
exit
__uncaught_exception
_CIasin
__p__osver
_ltow
_endthread
__getmainargs
_makepath
strcat
_ismbbalnum
__p__commode
strcmp
_wspawnve
_lrotl
__winitenv
_mbscoll
_snprintf
_wfsopen
_gmtime64
_pipe
__crtGetLocaleInfoW
??4bad_cast@@QAEAAV0@ABV0@@Z
??2@YAPAXI@Z
__RTDynamicCast
__p___mb_cur_max
puts
sqrt
_mbspbrk
iswlower
__lc_codepage
_lseeki64
_putch
_getdiskfree

msvcrt40

__RTCastToVoid
_nextafter
?xalloc@ios@@SAHXZ
_mbsspnp
??6ostream@@QAEAAV0@PBX@Z
_findfirst
?unbuffered@streambuf@@IBEHXZ
setvbuf
swscanf
wcsncat
_strerror
?flush@ostream@@QAEAAV1@XZ
?width@ios@@QAEHH@Z
?x_curindex@ios@@0HA
_getcwd
??_7iostream@@6B@
_wputenv
_wopen
?pword@ios@@QBEAAPAXH@Z
_execlp
??1istream@@UAE@XZ
vwprintf
??_Dstrstream@@QAEXXZ
_fileno
??5istream@@QAEAAV0@AAJ@Z
_wstrdate
_outpd
_wrename
_ismbcgraph
??_7strstream@@6B@
??0logic_error@@QAE@ABQBD@Z
?str@istrstream@@QAEPADXZ
?cerr@@3Vostream_withassign@@A
??1__non_rtti_object@@UAE@XZ
?good@ios@@QBEHXZ
?setbuf@fstream@@QAEPAVstreambuf@@PADH@Z
_y0
_daylight
atoi

kernel32

GetLastError
FillConsoleOutputCharacterA
GetConsoleCP
CreateTapePartition
FillConsoleOutputCharacterW
OpenSemaphoreW
GetProfileIntW
LoadLibraryA
lstrcmpA
GetOverlappedResult
VirtualLock
EnumCalendarInfoExA
GetConsoleCommandHistoryLengthW
GetPrivateProfileSectionNamesW
SetFileAttributesW
WriteProfileSectionW
GetVersionExA
GetCommConfig
GetDefaultCommConfigA
RemoveLocalAlternateComputerNameW
VerifyVersionInfoW
VirtualAlloc
SetThreadAffinityMask
GetCommandLineW
GetExitCodeThread
SetFileApisToOEM
UnhandledExceptionFilter
GlobalFindAtomA
SetConsoleMaximumWindowSize
GetStdHandle
FlushConsoleInputBuffer
GetCompressedFileSizeA
GetConsoleAliasExesA
GetMailslotInfo
SetProcessWorkingSetSize
AddAtomA
GetNumberOfConsoleInputEvents
FindActCtxSectionStringA
BuildCommDCBW
GetProfileSectionA
InitializeCriticalSection
GetGeoInfoW
ZombifyActCtx
_hread
SetVolumeLabelW
SetComputerNameA
ReplaceFileW

ntdll

NtDeleteBootEntry
isalpha
LdrLoadAlternateResourceModule
NtCompactKeys
iswctype
strpbrk
RtlImageNtHeader
ZwSetInformationThread
ZwAccessCheckByTypeResultListAndAuditAlarmByHandle
NtMapUserPhysicalPagesScatter
RtlUnicodeStringToAnsiSize
RtlSetAllBits
ZwTerminateProcess
RtlQueryDepthSList
NtSetDebugFilterState
ZwSaveKey
RtlInitializeCriticalSectionAndSpinCount
RtlpNtMakeTemporaryKey
isgraph
RtlSetProcessIsCritical
RtlAddAccessDeniedAceEx
RtlUniform
RtlValidateProcessHeaps
RtlIpv6StringToAddressW
wcsncpy
NtStopProfile
RtlGetLongestNtPathLength
NtOpenEvent
ZwGetPlugPlayEvent
RtlAreAnyAccessesGranted
RtlFindMostSignificantBit
ZwWaitForDebugEvent
RtlDumpResource
ZwQueryIoCompletion
ZwGetDevicePowerState
CsrCaptureMessageString

winsta

WinStationSetInformationW
WinStationGetTermSrvCountersValue
_WinStationNotifyDisconnectPipe
ServerLicensingSetPolicy
_WinStationNotifyLogon
WinStationEnumerate_IndexedA
WinStationQueryLicense
WinStationEnumerateProcesses
WinStationCloseServer
_WinStationAnnoyancePopup
WinStationEnumerate_IndexedW
_WinStationShadowTarget
WinStationGetMachinePolicy
_WinStationNotifyLogoff
WinStationShadow
ServerLicensingOpenA
WinStationSetInformationA
WinStationNtsdDebug
WinStationQueryLogonCredentialsW
ServerLicensingGetAvailablePolicyIds
LogonIdFromWinStationNameA
ServerQueryInetConnectorInformationA
WinStationActivateLicense
WinStationGetLanAdapterNameA
_WinStationWaitForConnect
ServerLicensingOpenW
WinStationTerminateProcess
_WinStationCallback
_WinStationUpdateSettings
_WinStationGetApplicationInfo
_WinStationShadowTargetSetup
WinStationRenameA
WinStationFreeGAPMemory

authz

AuthziFreeAuditEventType
AuthzInitializeContextFromSid
AuthzInitializeObjectAccessAuditEvent
AuthzFreeAuditEvent
AuthziModifyAuditQueue
AuthzOpenObjectAudit
AuthziModifyAuditEventType
AuthziFreeAuditQueue
AuthzAccessCheck
AuthziFreeAuditParams
AuthzFreeHandle
AuthziModifyAuditEvent
AuthzFreeContext
AuthzInitializeResourceManager
AuthzCachedAccessCheck
AuthzGetInformationFromContext
AuthziInitializeAuditQueue
AuthziInitializeAuditEvent
AuthziInitializeAuditParams
AuthzInitializeContextFromAuthzContext
AuthziInitializeAuditParamsWithRM
AuthzFreeResourceManager
AuthziInitializeAuditEventType
AuthziAllocateAuditParams
AuthziLogAuditEvent
AuthziInitializeAuditParamsFromArray

user32

EndDialog

Sections

.text
Size: 29KB - Virtual size: 29KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 1024B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 1024B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

14805cc068e88dda38d2ee750fdfb6dd

Headers

DLL Characteristics

File Characteristics

Imports

msvcrt

msvcrt40

kernel32

ntdll

winsta

authz

user32

Sections

.text Size: 29KB - Virtual size: 29KB

.rdata Size: 8KB - Virtual size: 8KB

.data Size: 2KB - Virtual size: 8KB

.rsrc Size: 1024B - Virtual size: 1024B

.reloc Size: 1024B - Virtual size: 1024B

.text
Size: 29KB - Virtual size: 29KB

.rdata
Size: 8KB - Virtual size: 8KB

.data
Size: 2KB - Virtual size: 8KB

.rsrc
Size: 1024B - Virtual size: 1024B

.reloc
Size: 1024B - Virtual size: 1024B