73f90b08f71f26e1c7944c6a910d08cc

Sharing

Copy URL Twitter E-mail

General

Target

73f90b08f71f26e1c7944c6a910d08cc
Size

187KB
MD5

73f90b08f71f26e1c7944c6a910d08cc
SHA1

64c134f6129c62b8e60a14d26450ef095bc2ff13
SHA256

c6ecfbc8aa5fa6fea96187b4d5cb026cd4173cc4a2e52fe6f756ea4ab319639b
SHA512

2a892294f928d014d89c061840957f3e36f2e9506415aa66494c65a3623cc50f9407fd174ada52c6fa12f0c4dd78934b6a49db40074bb2daf8fdc6cb82488d0d
SSDEEP

3072:CBDxaii4SuYyhQguUa1irVzioaUD1/yc1iXIBkggIZ8LBZW72wQ/oEd+WUGNoj9q:DpJuVTl5zioLxpOMZaBZzfoe/DNw0

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
73f90b08f71f26e1c7944c6a910d08cc

Files

73f90b08f71f26e1c7944c6a910d08cc
.exe windows:5 windows x86 arch:x86

536e0ca10e552515a60d967635156554

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

apphelp

SdbFindFirstNamedTag
SdbFindFirstTagRef
SdbReadQWORDTag
SdbReadStringTag
SdbReadBinaryTag
ApphelpCheckShellObject
SdbGetTagFromTagID
SdbInitDatabase
SdbFindFirstMsiPackage_Str
SdbReadWORDTag
SdbCreateMsiTransformFile
SdbGetStandardDatabaseGUID
SdbReadMsiTransformInfo
AllowPermLayer
SdbTagRefToTagID
ApphelpCheckMsiPackage
SdbDeletePermLayerKeys
SdbFindNextTagRef
ShimDumpCache
ApphelpGetFileAttributes
SdbFindFirstTag
SdbEnumMsiTransforms
SetPermLayers
SdbGetPermLayerKeys
SdbOpenApphelpDetailsDatabase
SdbFindNextMsiPackage
SdbFindNextTag
SdbReadBYTETagRef
SdbReadEntryInformation
ApphelpGetNTVDMInfo
SdbCloseApphelpInformation
SdbReadDWORDTag
SdbUnregisterDatabase
SdbGetBinaryTagData
SdbReadWORDTagRef
SdbGetMsiPackageInformation
SdbGrabMatchingInfoEx
SdbGetFirstChild
SdbReadBYTETag
ApphelpCheckExe
ApphelpFixMsiPackageExe
SdbSetPermLayerKeys
SdbQueryDataEx
ApphelpFixMsiPackage
SdbGetDatabaseMatch

dnsapi

DnsNameCompare_A
Dns_CreateSocket
Dns_PingAdapterServers
DnsUtf8ToUnicode
DnsValidateName_UTF8
DnsFindAuthoritativeZone
Dns_ResetNetworkInfo
DnsIsStringCountValidForTextType
Dns_WriteRecordStructureToPacketEx
DnsUnicodeToUtf8
DnsNameCopyAllocate
Dns_ReadPacketName
DnsWriteQuestionToBuffer_UTF8
DnsQueryConfigDword
Dns_OpenTcpConnectionAndSend
Dns_SendEx
DnsCreateStandardDnsNameCopy
DnsIpv6StringToAddress
DnsQuery_W
DnsApiAlloc
DnsRegisterClusterAddress
DnsGetDnsServerList
DnsRecordCopyEx
DnsGetPrimaryDomainName_A
DnsGetCacheDataTable
DnsReleaseContextHandle
Dns_ReadRecordStructureFromPacket
DnsApiSetDebugGlobals
DnsRecordSetCompare
DnsAsyncRegisterInit
Dns_SkipToRecord
Reg_ReadGlobalsEx
DnsCreateStringCopy
DnsGlobals
DnsStatusString
NetInfo_Build
DnsRecordBuild_UTF8
DnsMapRcodeToStatus
DnsUpdateTest_UTF8
DnsNameCompare_UTF8
DnsNameCompareEx_UTF8

cryptui

CryptUIDlgViewSignerInfoW
CryptUIDlgSelectStoreW
CryptUIWizCertRequest
CryptUIFreeViewSignaturesPagesW
CryptUIFreeViewSignaturesPagesA
DllUnregisterServer
CryptUIFreeCertificatePropertiesPagesA
CryptUIDlgViewCTLA
CryptUIGetViewSignaturesPagesW
LocalEnrollNoDS
CryptUIDlgViewContext
CryptUIDlgViewCRLW
CryptUIDlgViewCertificateA
CryptUIWizFreeCertRequestNoDS
CryptUIDlgFreeCAContext
CryptUIDlgSelectStoreA
CryptUIWizQueryCertRequestNoDS
CryptUIDlgViewSignerInfoA
WizardFree
CryptUIDlgCertMgr
CryptUIDlgSelectCertificateW
EnrollmentCOMObjectFactory_getInstance
CryptUIDlgSelectCA
CryptUIStartCertMgr
CryptUIGetViewSignaturesPagesA
CryptUIWizCreateCertRequestNoDS
CryptUIWizSubmitCertRequestNoDS
CryptUIWizFreeDigitalSignContext
ACUIProviderInvokeUI
CryptUIDlgViewCertificatePropertiesW
CryptUIWizDigitalSign
DllRegisterServer
LocalEnroll
CryptUIDlgViewCertificateW

advapi32

LsaOpenTrustedDomain
SystemFunction013
GetTrusteeFormA
CryptSetProviderExW
GetMultipleTrusteeOperationA
LsaGetUserName
GetInheritanceSourceA
WmiSetSingleItemA
LookupSecurityDescriptorPartsA
SystemFunction019
DuplicateTokenEx
EnumServicesStatusW
CopySid
ElfDeregisterEventSource
BuildSecurityDescriptorA
ChangeServiceConfigA
GetPrivateObjectSecurity
GetSidLengthRequired
WmiSetSingleInstanceA
RegisterEventSourceW
ElfRegisterEventSourceA
AccessCheckByTypeResultListAndAuditAlarmW
ConvertSecurityDescriptorToAccessNamedW
CredDeleteW
AddAccessDeniedAceEx
RegSetValueA
SetEntriesInAuditListW
OpenEventLogA
SaferiRecordEventLogEntry
ConvertSDToStringSDRootDomainW
CryptContextAddRef
EnableTrace
UnregisterTraceGuids
RegLoadKeyW
AccessCheckByTypeResultListAndAuditAlarmByHandleW
GetOverlappedAccessResults
OpenProcessToken
FreeSid
WmiQueryAllDataMultipleW
I_ScSetServiceBitsW
GetSecurityDescriptorGroup
GetServiceDisplayNameA
CredIsMarshaledCredentialA

crypt32

CertAddCTLLinkToStore
I_CryptTouchLruEntry
I_CryptEnableLruOfEntries
CertFreeCRLContext
PFXImportCertStore
CertSerializeCTLStoreElement
CryptProtectData
CertGetNameStringW
I_CryptInstallAsn1Module
CertIsValidCRLForCertificate
CertUnregisterPhysicalStore
RegQueryValueExU
CertAddCTLContextToStore
CertGetValidUsages
CryptMsgCountersign
CertAddEncodedCertificateToStore
CryptSIPRemoveProvider
CertCreateContext
CryptSetAsyncParam
PFXVerifyPassword
CryptExportPublicKeyInfoEx
CryptMsgEncodeAndSignCTL
CryptMsgVerifyCountersignatureEncoded
CertEnumSystemStoreLocation
CertAddEncodedCRLToStore
I_CryptFreeTls
CryptMsgOpenToDecode
CryptRegisterOIDInfo
CertGetIntendedKeyUsage
CertRemoveEnhancedKeyUsageIdentifier
CertSetCRLContextProperty
CertVerifyCRLTimeValidity
RegDeleteValueU
CryptMsgCountersignEncoded
CryptVerifyMessageHash
CryptFreeOIDFunctionAddress
CertGetCertificateChain
CertUnregisterSystemStore
CertFindChainInStore
I_CryptCreateLruCache
CryptMsgSignCTL

gdi32

DdEntry52
EngCreateClip
CreateICW
DdEntry9
EnumFontsA
EngAcquireSemaphore
SetICMProfileW
DdEntry32
GdiReleaseLocalDC
CloseEnhMetaFile
SetWindowOrgEx
GdiGetLocalDC
GetCharacterPlacementW
GetBrushOrgEx
EngWideCharToMultiByte
GdiStartDocEMF
AbortDoc
GetCurrentObject
StartPage
SetICMProfileA
GetMetaFileBitsEx
ColorCorrectPalette
GdiConvertRegion
GetCharWidthA
RestoreDC
DdEntry22
GdiAddGlsRecord
GdiConvertBrush
SetICMMode
SetLayoutWidth
GetPath
DdEntry47
GetCharABCWidthsI
XLATEOBJ_cGetPalette
GetSystemPaletteUse
GetROP2
GetRegionData
CreateDCW
Polygon
FixBrushOrgEx
Rectangle
GetTextExtentExPointI
GdiInitSpool
ClearBitmapAttributes
GetICMProfileW
DdEntry8
CLIPOBJ_ppoGetPath
GetBrushAttributes
CheckColorsInGamut
FONTOBJ_cGetGlyphs
EngBitBlt
GetViewportExtEx
EngCheckAbort
FONTOBJ_pQueryGlyphAttrs
CreatePolygonRgn
SelectPalette
GdiSwapBuffers
MoveToEx
GetNearestColor

winmm

mmTaskYield
midiStreamOut
auxGetVolume
mmioStringToFOURCCW
midiOutMessage
mciGetYieldProc
midiConnect
mmioInstallIOProcA
mmioSendMessage
midiOutSetVolume
PlaySoundW
mmioClose
mciLoadCommandResource
waveOutGetPitch
mciDriverYield
midiStreamStop
mixerGetLineControlsW
mod32Message
mixerMessage
waveOutGetErrorTextW
mmioAdvance
midiInReset
waveOutReset
WOW32ResolveMultiMediaHandle
mciGetDriverData
auxGetDevCapsA
mixerGetLineControlsA
waveInOpen
joy32Message
mciFreeCommandResource
joyGetThreshold
timeGetDevCaps
mid32Message
waveOutSetPitch
mixerClose

msvcrt20

?setmode@fstream@@QAEHH@Z
__p__daylight
_mbctoupper
atoi
wcscpy
_mbctombb
??_7ios@@6B@
gets
??0strstream@@QAE@XZ
_getsystime
??_7fstream@@6B@
_wfopen
??1Iostream_init@@QAE@XZ
iswspace
_ismbcalpha
_setmode
??5istream@@QAEAAV0@AAE@Z
_CIpow
_mbsnicoll
?write@ostream@@QAEAAV1@PBDH@Z
??7ios@@QBEHXZ
??0istrstream@@QAE@PAD@Z
?blen@streambuf@@IBEHXZ
_mbsncmp
?freeze@strstreambuf@@QAEXH@Z
_wexeclpe
_mbsnbicmp
??_8ostrstream@@7B@
_global_unwind2
is_wctype
?overflow@stdiobuf@@UAEHH@Z
?epptr@streambuf@@IBEPADXZ
iswascii

w32topl

ToplEdgeAssociate
ToplGraphFindEdgesForMST
ToplGraphDestroy
ToplFree
ToplScheduleExportReadonly
ToplScheduleIsEqual
ToplHeapExtractMin
ToplAddEdgeToGraph
ToplIterAdvance
ToplVertexFree
ToplGraphNumberOfVertices
ToplVertexGetParent
ToplIterFree
ToplGraphFree
ToplSTHeapInit
ToplGetAlwaysSchedule
ToplVertexNumberOfOutEdges
ToplScheduleValid
ToplHeapIsEmpty
ToplListCreate
ToplListFree
ToplVertexSetId
ToplVertexInit
ToplHeapDestroy
ToplScheduleNumEntries
ToplGraphRemoveVertex
ToplVertexSetParent
ToplScheduleCacheDestroy

opengl32

glGetMaterialfv
glIsEnabled
glRectf
glEnableClientState
glVertex2d
glFogf
glMaterialiv
glTexCoord3sv
glBegin
glColor3usv
glPopAttrib
glEvalCoord2fv
glFlush
glRotated
glVertex4fv
glTexCoord3fv
glPolygonMode
glMaterialfv
glRasterPos3i
glIndexf
glEdgeFlag
glTexGend
wglMakeCurrent
glIndexi
glClearStencil
glNormalPointer
glGetString
glLineStipple
glPixelTransferf
glTexCoord3dv
glCullFace
glBlendFunc
glTexImage1D
glLightiv
glGenLists
glMap2f

kernel32

CloseConsoleHandle
GetCurrentThread
SetConsoleCursorInfo
GetVersion
EndUpdateResourceW
LZOpenFileA
CopyFileExW
LZStart
InterlockedCompareExchange
GetConsoleAliasExesA
VirtualAlloc
SetProcessPriorityBoost
TlsSetValue
HeapCompact
Sleep
EnumSystemCodePagesA
SetCommMask
SetFirmwareEnvironmentVariableA
FindFirstChangeNotificationW
lstrcmpA
BindIoCompletionCallback
ExpandEnvironmentStringsW
DelayLoadFailureHook
OpenFile
GetConsoleCursorMode
SetComputerNameExA
QueryDepthSList
PrepareTape
ResetEvent
EnumResourceLanguagesW
GetVolumePathNamesForVolumeNameA
GetProcessShutdownParameters
LZSeek
FindClose
GetConsoleAliasExesW
GetBinaryTypeW
WaitCommEvent
RestoreLastError
GetCPInfo
Beep
GetSystemPowerStatus
lstrcmp
InterlockedPushEntrySList
SetEndOfFile

expsrv

__vbaLineInputVar
__vbaVarSetUnk
rtcErrObj
rtcArray
__vbaRedimPreserve
__vbaVargVarMove
_adj_fdivr_m64
rtcFileLocation
rtcVarDateFromVar
rtcRemoveDir
__vbaOnError
EVENT_SINK_AddRef
__vbaFpCDblR4
__vbaCyAbs
__vbaCopyBytes
rtcLowerCaseVar
EbLibraryUnload
VarPtr
__vbaMidStmtBstrB
Zombie_AddRef
BASIC_DISPINTERFACE_GetTypeInfo
__vbaVarTextLike
__vbaLenBstrB
rtcLeftVar
rtcInputCharCountVar
__vbaForEachCollObj
__vbaVarForNext
__vbaPrintFile
__vbaI4Sgn
rtcCVErrFromVar
__vbaRedimVar2
rtcGetSetting
__vbaVarCmpGt
rtcVarFromError
__vbaVarTstLt
__vbaExitEachColl
__vbaRsetFixstrFree
__vbaAryDestruct
__vbaRedimVar
rtcIsNull
__vbaFileClose
__vbaAryCopy

spoolss

AddPrinterExW
SpoolerInit
SetFormW
EnumPerMachineConnectionsW
AlignKMPtr
RouterFreePrinterNotifyInfo
EnumPrintProcessorDatatypesW
ConfigurePortW
bSetDevModePerUser
SpoolerFreePrinterNotifyInfo
EnumMonitorsW
AppendPrinterNotifyInfoData
SplGetSpoolFileInfo
SetPrinterDataW
DeletePrinterKeyW
DeletePrintProvidorW
MarshallDownStructuresArray
GetJobAttributes
MarshallUpStructuresArray
MIDL_user_allocate1
bGetDevModePerUser
ReplyClosePrinter
RouterRefreshPrinterChangeNotification
AddJobW
MarshallUpStructure
RevertToPrinterSelf
UpdatePrinterRegAll
CallDrvDevModeConversion
RouterAllocBidiResponseContainer
AdjustPointers
SpoolerFindFirstPrinterChangeNotification
DeletePrintProcessorW
EnumPrintersW
ImpersonatePrinterClient
EnumJobsW
SetPrinterW
AllocSplStr
UndoAlignKMPtr
ReplyPrinterChangeNotification
GetPrinterW
WaitForPrinterChange
AddPrinterConnectionW
DeleteMonitorW

user32

SetFocus

Sections

.text
Size: 120KB - Virtual size: 120KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 59KB - Virtual size: 58KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 5KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 514B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

536e0ca10e552515a60d967635156554

Headers

DLL Characteristics

File Characteristics

Imports

apphelp

dnsapi

cryptui

advapi32

crypt32

gdi32

winmm

msvcrt20

w32topl

opengl32

kernel32

expsrv

spoolss

user32

Sections

.text Size: 120KB - Virtual size: 120KB

.rdata Size: 59KB - Virtual size: 58KB

.data Size: 5KB - Virtual size: 6KB

.rsrc Size: 1024B - Virtual size: 514B

.text
Size: 120KB - Virtual size: 120KB

.rdata
Size: 59KB - Virtual size: 58KB

.data
Size: 5KB - Virtual size: 6KB

.rsrc
Size: 1024B - Virtual size: 514B