7441bd2929e6097c2439f9c86bc751f6

Sharing

Copy URL

Twitter E-mail

General

Target

7441bd2929e6097c2439f9c86bc751f6
Size

864KB
MD5

7441bd2929e6097c2439f9c86bc751f6
SHA1

c13c42b0fc8c4259faa73850c6b0ecbaceb66aeb
SHA256

e18b5ffce9e41ec78021e9a94821ed3e9a6700607cb77a6c4322835f483c6907
SHA512

94a5ce1aa533a0c076589c2c1954977bd46aa6b3921dd13e64175aa23c6ed723804f90eb53d590629af700680213e00594fcddbb67abcbc9871c2288c6a62862
SSDEEP

24576:dfiwcLShDiVU6nrh8dirXjdmlFNB9KqUv:dBwS0U6ydugTNfKqU

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
7441bd2929e6097c2439f9c86bc751f6

Files

7441bd2929e6097c2439f9c86bc751f6
.exe windows:5 windows x86 arch:x86

1401de23168fe23c2fcc76a5a6dbc09b

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

duser

MapGadgetPoints
RegisterGadgetProperty
PeekMessageExA
FireGadgetMessages
DUserGetScalePRID
UtilSetBackground
GetStdColorPenF
SetGadgetFillI
SetGadgetCenterPoint
DUserRegisterGuts
DUserFindClass
GetMessageExA
SetActionTimeslice
InitGadgetComponent
SetGadgetBufferInfo
GetGadgetRgn
CreateGadget
DUserCastClass
DUserGetRectPRID
SetGadgetMessageFilter
GetGadgetTicket
GetGadgetStyle
DllMain
DUserRegisterSuper
PeekMessageExW
DUserSendMethod
SetGadgetRootInfo
RegisterGadgetMessage

msvcirt

??_Eiostream@@UAEPAXI@Z
??_Gistream@@UAEPAXI@Z
??5istream@@QAEAAV0@AAI@Z
??_8fstream@@7Bostream@@@
?pbackfail@stdiobuf@@UAEHH@Z
??5istream@@QAEAAV0@AAM@Z
?writepad@ostream@@AAEAAV1@PBD0@Z
??4stdiobuf@@QAEAAV0@ABV0@@Z
??4strstreambuf@@QAEAAV0@ABV0@@Z
?pptr@streambuf@@IBEPADXZ
??_Dofstream@@QAEXXZ
?cin@@3Vistream_withassign@@A
??6ostream@@QAEAAV0@J@Z
?hex@@YAAAVios@@AAV1@@Z
??_Dostream@@QAEXXZ
?fd@filebuf@@QBEHXZ
??1istream_withassign@@UAE@XZ
??_7ofstream@@6B@
?text@filebuf@@2HB
??0ios@@QAE@PAVstreambuf@@@Z
??4streambuf@@QAEAAV0@ABV0@@Z
??1fstream@@UAE@XZ
??5istream@@QAEAAV0@P6AAAV0@AAV0@@Z@Z
??_7stdiobuf@@6B@
??0ostream@@IAE@ABV0@@Z
??0strstream@@QAE@PADHH@Z
?rdbuf@ofstream@@QBEPAVfilebuf@@XZ
?rdbuf@strstream@@QBEPAVstrstreambuf@@XZ
??1exception@@UAE@XZ
??4ifstream@@QAEAAV0@ABV0@@Z
?seekoff@stdiobuf@@UAEJJW4seek_dir@ios@@H@Z
??4ios@@IAEAAV0@ABV0@@Z
?freeze@strstreambuf@@QAEXH@Z
??1iostream@@UAE@XZ
?setmode@ifstream@@QAEHH@Z
??_7stdiostream@@6B@
??_Estrstream@@UAEPAXI@Z
?get@istream@@QAEAAV1@PACHD@Z
?allocate@streambuf@@IAEHXZ
??_Eistrstream@@UAEPAXI@Z
?unlock@ios@@QAAXXZ
?write@ostream@@QAEAAV1@PBEH@Z
?x_curindex@ios@@0HA
??_7istrstream@@6B@
??_8strstream@@7Bostream@@@

lz32

LZInit
LZRead
LZOpenFileA
LZStart
CopyLZFile
LZClose
LZDone
LZCloseFile
LZSeek
LZOpenFileW

kernel32

DeactivateActCtx
VerLanguageNameA
IsSystemResumeAutomatic
CreateHardLinkW
SetVolumeLabelW
GetEnvironmentVariableA
VirtualAlloc
AreFileApisANSI
Module32First
CreateJobObjectA
EnumSystemCodePagesW
AllocConsole
LZStart
BindIoCompletionCallback
RequestWakeupLatency
LZInit
FreeResource
ReadConsoleA
GetConsoleCommandHistoryW
IsValidCodePage
FindAtomW
GetCalendarInfoW
IsValidLocale
HeapCompact
SetCommMask
UnregisterWait
GetConsoleNlsMode
ReplaceFileW
SetComputerNameW
Heap32First
SetFileApisToOEM
lstrcpyA
GetFileType
SetSystemTime
SetConsoleLocalEUDC
PostQueuedCompletionStatus
SwitchToFiber
CreateTimerQueueTimer
PrivMoveFileIdentityW
ConnectNamedPipe
SetThreadPriorityBoost
GetNumaProcessorNode
SetFileAttributesA
GetSystemPowerStatus
WaitNamedPipeA
EnterCriticalSection
WideCharToMultiByte
GetConsoleTitleA
AllocateUserPhysicalPages
DosPathToSessionPathW
ResumeThread
LoadLibraryA
SetLocalPrimaryComputerNameW
ConvertDefaultLocale
GetAtomNameW
GetGeoInfoW
GetSystemDefaultLCID
OpenFileMappingW
GetNamedPipeHandleStateW
GetCurrentProcessId
GetCPInfoExW
SetCommState
lstrcmpiW
GetModuleFileNameW
GetUserDefaultLCID
TlsFree
GetLongPathNameA
CompareStringA
lstrcpyn
SetConsoleInputExeNameW
FindFirstFileA
MoveFileWithProgressA
GetPrivateProfileIntW
LeaveCriticalSection
QueryMemoryResourceNotification
InvalidateConsoleDIBits
GetEnvironmentVariableW
GetConsoleKeyboardLayoutNameA
FatalAppExitA

authz

AuthzInitializeContextFromAuthzContext
AuthzInitializeContextFromToken
AuthzFreeAuditEvent
AuthzCachedAccessCheck
AuthzInitializeObjectAccessAuditEvent
AuthzFreeHandle
AuthziInitializeAuditParamsFromArray
AuthzFreeResourceManager
AuthziModifyAuditEventType
AuthzOpenObjectAudit
AuthziLogAuditEvent
AuthziInitializeAuditQueue
AuthziModifyAuditQueue
AuthziModifyAuditEvent
AuthzInitializeContextFromSid
AuthziFreeAuditEventType
AuthzAccessCheck
AuthzInitializeResourceManager
AuthziInitializeAuditEvent
AuthzAddSidsToContext
AuthziAllocateAuditParams
AuthzFreeContext
AuthzGetInformationFromContext
AuthziFreeAuditQueue
AuthziInitializeAuditParamsWithRM
AuthziInitializeAuditParams
AuthziFreeAuditParams
AuthziInitializeAuditEventType

vssapi

?OnBackupCompleteBegin@CVssJetWriter@@UAG_NPAVIVssWriterComponents@@@Z
?Subscribe@CVssWriter@@QAGJK@Z
IsVolumeSnapshotted
?OnPostRestoreBegin@CVssJetWriter@@UAG_NPAVIVssWriterComponents@@@Z
?OnBackupCompleteEnd@CVssJetWriter@@UAG_NPAVIVssWriterComponents@@_N@Z
?OnPreRestoreEnd@CVssJetWriter@@UAG_NPAVIVssWriterComponents@@_N@Z
?OnIdentify@CVssJetWriter@@UAG_NPAVIVssCreateWriterMetadata@@@Z
?IsPartialFileSupportEnabled@CVssWriter@@IBG_NXZ
?Unsubscribe@CVssWriter@@QAGJXZ
VssFreeSnapshotProperties
?OnPreRestore@CVssWriter@@UAG_NPAVIVssWriterComponents@@@Z
?OnBackupComplete@CVssWriter@@UAG_NPAVIVssWriterComponents@@@Z
?IsPathAffected@CVssWriter@@IBG_NPBG@Z
??1CVssWriter@@UAE@XZ
?OnContinueIOOnVolume@CVssWriter@@UAG_NPAGU_GUID@@1@Z
?OnFreezeBegin@CVssJetWriter@@UAG_NXZ
??1CVssJetWriter@@UAE@XZ
?GetCurrentSnapshotSetId@CVssWriter@@IBG?AU_GUID@@XZ
?OnPrepareSnapshotBegin@CVssJetWriter@@UAG_NXZ
?CreateVssExamineWriterMetadata@@YGJPAGPAPAVIVssExamineWriterMetadata@@@Z
?Uninitialize@CVssJetWriter@@QAGXXZ
?SetWriterFailure@CVssWriter@@IAGJJ@Z
?OnPostRestore@CVssWriter@@UAG_NPAVIVssWriterComponents@@@Z
?OnVSSShutdown@CVssWriter@@UAG_NXZ
?OnPostSnapshot@CVssJetWriter@@UAG_NPAVIVssWriterComponents@@@Z
?OnBackOffIOOnVolume@CVssWriter@@UAG_NPAGU_GUID@@1@Z
??0CVssWriter@@QAE@XZ
?OnPreRestoreBegin@CVssJetWriter@@UAG_NPAVIVssWriterComponents@@@Z
?CreateVssSnapshotSetDescription@@YGJU_GUID@@JPAPAVIVssSnapshotSetDescription@@@Z

Sections

.text
Size: 449KB - Virtual size: 449KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 329KB - Virtual size: 329KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 82KB - Virtual size: 1.5MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 1024B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 1024B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

1401de23168fe23c2fcc76a5a6dbc09b

Headers

DLL Characteristics

File Characteristics

Imports

duser

msvcirt

lz32

kernel32

authz

vssapi

Sections

.text Size: 449KB - Virtual size: 449KB

.rdata Size: 329KB - Virtual size: 329KB

.data Size: 82KB - Virtual size: 1.5MB

.rsrc Size: 1024B - Virtual size: 1024B

.reloc Size: 1024B - Virtual size: 1024B

.text
Size: 449KB - Virtual size: 449KB

.rdata
Size: 329KB - Virtual size: 329KB

.data
Size: 82KB - Virtual size: 1.5MB

.rsrc
Size: 1024B - Virtual size: 1024B

.reloc
Size: 1024B - Virtual size: 1024B