70b0dfc8dbc304128f26f3f283f9d145

Sharing

Copy URL Twitter E-mail

General

Target

70b0dfc8dbc304128f26f3f283f9d145
Size

836KB
MD5

70b0dfc8dbc304128f26f3f283f9d145
SHA1

3a9f2e06dd035d429a9bc701675365de4c28fe81
SHA256

39bd6d412921bd425858ffecbe1c0cd56fb1d69f99e4b09b455a8caca4335fe3
SHA512

48178bf601f19ecad85f8af42ee50a520e8e7e48215a1d07541e77b54431e41c6c5d250d972e4676d502fa55aec8049b3a60bb8ac4e32ff8c0b6cec5e4511baf
SSDEEP

24576:mYAEB9BJdhLcCuEVJS5cQwg5AQUEqqZLZI4:9DBbyCucVgDUULZI4

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
70b0dfc8dbc304128f26f3f283f9d145

Files

70b0dfc8dbc304128f26f3f283f9d145
.exe windows:5 windows x86 arch:x86

ef5723fc882c07d61969a1fa96dc25e1

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

CreateConsoleScreenBuffer
DnsHostnameToComputerNameW
FindActCtxSectionStringW
IsProcessorFeaturePresent
IsValidCodePage
TlsGetValue
GetConsoleScreenBufferInfo
RegisterWaitForSingleObject
LocalAlloc
TermsrvAppInstallMode
GetSystemTimeAsFileTime
GetTimeZoneInformation
OpenEventW
DeleteTimerQueue
GetDateFormatW
GetComputerNameExW
GetStartupInfoA
FlushConsoleInputBuffer
SetStdHandle
EnumCalendarInfoA
FindVolumeMountPointClose
FileTimeToDosDateTime
GetProcessAffinityMask
LoadLibraryA

rasapi32

RasSetEapUserDataA
RasEnumConnectionsW
RasDeleteSubEntryW
RasConnectionNotificationA
RasSetCustomAuthDataW
RasAutoDialSharedConnection

sqlwoa

_GetTextMetrics@8
newWideCharFromMultiByte
newMultiByteFromWideChar
_tsystem
_TranslateAccelerator@12
_DefWindowProc@16
_FindResource@12
_GetObject@12
_GetWindowTextLength@4
_PostMessage@16
_GetTextExtentPoint32@16
newMultiByteFromWideCharEx
_MessageBox@16
_GetWindowLong@8
_CommDlg_OpenSave_GetFilePath@12
_LoadString@16
_CreateFile@28
_CreateFontIndirect@4
_LoadCursor@8

ntdll

RtlAddAuditAccessObjectAce
NtQueryInformationToken
RtlCreateUnicodeString
log
PfxInsertPrefix

wmadmod

CreateInstance

winipsec

OpenTransportFilterHandle
CloseMMFilterHandle
CloseTunnelFilterHandle
EnumTransportFilters
EnumIPSecInterfaces

Sections

.text
Size: 414KB - Virtual size: 414KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 104KB - Virtual size: 104KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 173KB - Virtual size: 1.5MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 142KB - Virtual size: 141KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 908B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

ef5723fc882c07d61969a1fa96dc25e1

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

rasapi32

sqlwoa

ntdll

wmadmod

winipsec

Sections

.text Size: 414KB - Virtual size: 414KB

.rdata Size: 104KB - Virtual size: 104KB

.data Size: 173KB - Virtual size: 1.5MB

.rsrc Size: 142KB - Virtual size: 141KB

.reloc Size: 1024B - Virtual size: 908B

.text
Size: 414KB - Virtual size: 414KB

.rdata
Size: 104KB - Virtual size: 104KB

.data
Size: 173KB - Virtual size: 1.5MB

.rsrc
Size: 142KB - Virtual size: 141KB

.reloc
Size: 1024B - Virtual size: 908B