79c69956c654ee21bff0660527942010

Sharing

Copy URL Twitter E-mail

General

Target

79c69956c654ee21bff0660527942010
Size

868KB
MD5

79c69956c654ee21bff0660527942010
SHA1

35158e37edd0ae14824cb701e82489fcb1ff36e7
SHA256

ea83dae67ab21ec52e8726768005f238e0328cdd0f9a7869c3e765bff298c80f
SHA512

4b2a407c3104292cd55d0b7e652966f6169e8c4e70ff462a6713b8e582a398a6adce70183ff89291ddd619db889401ab7b8c386f4673211c22a632c0652dd3b6
SSDEEP

24576:PjCG3ijjdQn29STHtBYAtnhUATxOeKDQ2Yj5dh9YUGB:Pj2jw29EHtWG9xOhVQYUG

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
79c69956c654ee21bff0660527942010

Files

79c69956c654ee21bff0660527942010
.exe windows:5 windows x86 arch:x86

d0bdd1585dc79a3d5e48e3648070c0b5

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

msvcrt40

_wpgmptr
_ismbbprint
_cgets
_purecall
??1istream_withassign@@UAE@XZ
_ismbcsymbol
??1ostrstream@@UAE@XZ
_errno
?precision@ios@@QAEHH@Z
??_7bad_typeid@@6B@
??1ifstream@@UAE@XZ
?getint@istream@@AAEHPAD@Z
?width@ios@@QBEHXZ
??0ifstream@@QAE@XZ
??0exception@@QAE@XZ
_ismbbalpha
_wspawnle
_open_osfhandle
__p__fmode
_spawnvpe
strlen
?pword@ios@@QBEAAPAXH@Z
??1filebuf@@UAE@XZ
?str@ostrstream@@QAEPADXZ
strtod
_ismbckata
??_G__non_rtti_object@@UAEPAXI@Z
??_7logic_error@@6B@
_itow
??_Gostrstream@@UAEPAXI@Z
?unlockbuf@ios@@QAAXXZ
fgetwc
??_Dostream_withassign@@QAEXXZ
_spawnvp
cos
_initterm
setvbuf

advapi32

LookupSecurityDescriptorPartsW
LsaICLookupNamesWithCreds
OpenThreadToken
CryptEnumProviderTypesA
OpenBackupEventLogA
InitializeSid
SetInformationCodeAuthzPolicyW
SetTraceCallback
RegReplaceKeyA
EqualDomainSid
RegEnumValueW
TreeResetNamedSecurityInfoA
LsaEnumerateAccountsWithUserRight
MD4Init
CryptSignHashW
EnumServicesStatusA
SystemFunction029
IsTokenUntrusted
CredpConvertTargetInfo
OpenEncryptedFileRawA
CreateProcessWithLogonW
RegOpenKeyA
RegEnumValueA
AllocateLocallyUniqueId
CreatePrivateObjectSecurityWithMultipleInheritance
QueryServiceLockStatusA
ObjectOpenAuditAlarmA
ConvertStringSecurityDescriptorToSecurityDescriptorA
AddUsersToEncryptedFile
I_ScSetServiceBitsW
SetEntriesInAuditListW
CredpEncodeCredential
SystemFunction026
IsTextUnicode
SystemFunction003
QueryTraceW
CredIsMarshaledCredentialA
AddAce
EqualSid
LsaLookupPrivilegeDisplayName
LsaOpenAccount
EnableTrace
SaferGetPolicyInformation

snmpapi

SnmpUtilPrintOid
SnmpUtilOidFree
SnmpSvcGetUptimeFromTime
SnmpUtilAsnAnyFree
SnmpUtilAsnAnyCpy
SnmpTfxQuery
SnmpSvcGetUptime
SnmpTfxClose
SnmpSvcAddrToSocket
SnmpUtilOctetsCpy
SnmpUtilVarBindListCpy
SnmpSvcSetLogLevel
SnmpUtilOidToA
SnmpUtilOidNCmp
SnmpUtilOidCmp
SnmpSvcAddrIsIpx
SnmpUtilVarBindCpy
SnmpUtilMemFree
SnmpUtilOidAppend
SnmpSvcSetLogType
SnmpUtilMemAlloc
SnmpSvcGetEnterpriseOID
SnmpUtilVarBindListFree
SnmpUtilIdsToA
SnmpUtilPrintAsnAny
SnmpUtilUnicodeToAnsi
SnmpUtilOctetsFree
SnmpUtilMemReAlloc
SnmpUtilDbgPrint
SnmpTfxOpen
SnmpUtilUnicodeToUTF8
SnmpUtilAnsiToUnicode
SnmpUtilOctetsNCmp
SnmpUtilUTF8ToUnicode
SnmpUtilVarBindFree
SnmpSvcInitUptime
SnmpUtilOidCpy

kernel32

WriteConsoleInputVDMA
GetDriveTypeW
EnumUILanguagesA
SetCalendarInfoA
AllocateUserPhysicalPages
LZRead
VirtualLock
GetEnvironmentVariableW
SetConsoleTextAttribute
WriteFileGather
HeapCreate
EnumSystemLanguageGroupsW
SetProcessPriorityBoost
LZInit
SetThreadLocale
VerifyConsoleIoHandle
GlobalFindAtomA
VirtualAlloc
MultiByteToWideChar
GetSystemWow64DirectoryW
GetTempPathA
HeapSetInformation
WTSGetActiveConsoleSessionId
MulDiv
FlushInstructionCache
GlobalGetAtomNameW
GetLogicalDriveStringsW
QueryPerformanceCounter
GetMailslotInfo
DuplicateHandle
LocalReAlloc
Thread32First
FormatMessageW
GetNumberOfConsoleMouseButtons
GetProcessHeap
GetNumberFormatW
LoadLibraryA
lstrlenW
SetConsoleKeyShortcuts
CancelWaitableTimer
VirtualUnlock
SetLocalPrimaryComputerNameA
ReadConsoleInputA
GetStartupInfoA
GetConsoleAliasesLengthA
GetFileAttributesExW

opengl32

glPixelMapfv
glMaterialiv
glVertex4s
glTexSubImage2D
glEvalPoint1
glTexParameteri
wglSwapLayerBuffers
glColorMask
wglSwapMultipleBuffers
glRasterPos4sv
glRasterPos2fv
glEvalCoord2fv
glLightModeliv
glVertex2sv
glMaterialf
glVertex2s
glArrayElement
glAreTexturesResident
glTexCoord3s
glTexCoord4f
glGetTexGeniv
glColor4ui
glBindTexture
wglUseFontOutlinesA
glDrawArrays
glRasterPos2dv
glVertex2dv
glClearAccum
glFlush
glColor3iv
glEdgeFlagPointer
glEvalPoint2
glPointSize
wglGetPixelFormat
glTexGeniv
glGetTexGendv

crtdll

tan
vfprintf
wcsncpy
_ismbclower
_sys_nerr_dll
fgetwc
_global_unwind2
_memicmp
_mbsninc
_osversion_dll
setvbuf
_basemajor_dll
__GetMainArgs
_mbclen
wcschr
_heapchk
_ismbcspace
wcscmp
_ecvt
ungetwc
fsetpos
_strninc
_initterm
_fullpath
sqrt
_getdrives
_fcloseall
_cpumode_dll
_isctype
_mbstok

keymgr

PRShowSaveFromMsginaW
PRShowSaveWizardExW
CPlApplet
KRShowKeyMgr
PRShowRestoreWizardW
PRShowRestoreFromMsginaW
DllMain
PRShowRestoreWizardExW

Sections

.text
Size: 218KB - Virtual size: 218KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 593KB - Virtual size: 593KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 50KB - Virtual size: 1.5MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

d0bdd1585dc79a3d5e48e3648070c0b5

Headers

DLL Characteristics

File Characteristics

Imports

msvcrt40

advapi32

snmpapi

kernel32

opengl32

crtdll

keymgr

Sections

.text Size: 218KB - Virtual size: 218KB

.rdata Size: 593KB - Virtual size: 593KB

.data Size: 50KB - Virtual size: 1.5MB

.rsrc Size: 4KB - Virtual size: 4KB

.reloc Size: 1KB - Virtual size: 1KB

.text
Size: 218KB - Virtual size: 218KB

.rdata
Size: 593KB - Virtual size: 593KB

.data
Size: 50KB - Virtual size: 1.5MB

.rsrc
Size: 4KB - Virtual size: 4KB

.reloc
Size: 1KB - Virtual size: 1KB