79d42b8d3c5e93270c5e3dfe2f87c217

Sharing

Copy URL Twitter E-mail

General

Target

79d42b8d3c5e93270c5e3dfe2f87c217
Size

38KB
MD5

79d42b8d3c5e93270c5e3dfe2f87c217
SHA1

5ef2e0198ac734d6e767e3c4cb06bc9b2cbcff39
SHA256

19dd7644b6f7fe4a1049a3f8c612365dce968499fdca713bee3f8db1dfa7dd51
SHA512

76916ee139bde01a31fb9e0ec28866a5a9bcde67330fdf2e85e9bf58d0730f0fb49f60477baa5189bd2abe40968abb75c38e498c3864ceda40860eefbfeb9269
SSDEEP

768:Nl+oWjxrm59bW7pijvYu+1qjvFDbeRGWCvQXFXHst4cgG4XI8BOCA:NRWjM5VyijAHq5H4nF24vI8BPA

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
79d42b8d3c5e93270c5e3dfe2f87c217

Files

79d42b8d3c5e93270c5e3dfe2f87c217
.exe windows:5 windows x86 arch:x86

56776c19b6ae5fa1e5a83f4ab715f51a

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

activeds

ADsDecodeBinaryData
AllocADsMem
ADsBuildVarArrayStr
ADsBuildEnumerator
ADsFreeEnumerator
ConvertSecDescriptorToVariant
FreeADsStr
ADsGetObject
ADsEncodeBinaryData
DllGetClassObject
ADsEnumerateNext
PropVariantToAdsType2
ADsGetLastError
FreeADsMem
SecurityDescriptorToBinarySD
ConvertSecurityDescriptorToSecDes
AdsTypeToPropVariant2

duser

AutoTrace
LookupGadgetTicket
DUserDeleteGadget
PeekMessageExA
GetStdColorPenI
DUserCastClass
GetStdColorF
SetGadgetFillF
SetGadgetScale
GetGadgetProperty
EnumGadgets
DeleteHandle
DrawGadgetTree
DUserCastHandle
FindStdColor
DUserRegisterStub
RegisterGadgetMessage
InitGadgetComponent
GetGadgetScale
AddGadgetMessageHandler
GetStdColorName
DUserBuildGadget
DUserPostMethod
DUserPostEvent
GetMessageExA
GetGadgetBufferInfo
GetStdColorPenF

mpr

MultinetGetConnectionPerformanceW
WNetClearConnections
WNetGetProviderTypeW
WNetUseConnectionA
WNetFormatNetworkNameA
WNetLogonNotify
WNetSetConnectionW
WNetGetResourceInformationW
WNetGetNetworkInformationW
WNetGetHomeDirectoryW
WNetConnectionDialog1A
WNetPropertyDialogW
WNetDisconnectDialog1A
WNetGetResourceParentW
WNetGetSearchDialog
WNetDirectoryNotifyW

kernel32

PrivMoveFileIdentityW
SetStdHandle
QueryPerformanceCounter
LoadLibraryW
GlobalGetAtomNameW
SetFirmwareEnvironmentVariableW
RemoveDirectoryA
_lcreat
GetModuleHandleA
GetLocaleInfoA
ReleaseMutex
_hwrite
GetCurrencyFormatW
FreeResource
GetCurrentThread
WriteConsoleW

sqlunirl

_GetCommandLine_@0
_lstrcpy_@8
_Shell_NotifyIcon_@8
_GetClipboardFormatName_@12
_RegSetValueEx_@24
_GetShortPathName_@12
_GetDlgItemText@16
AbortSystemShutdown_
_CommDlg_OpenSave_GetFilePath@12

mapistub

cmc_list
ScMAPIXFromCMC
MAPIOpenFormMgr
OpenStreamOnFile
FBadRow@4
FPropContainsProp@12
MAPIAllocateBuffer
FtNegFt@8
HrSetOneProp@8
MAPIFindNext
DllGetClassObject
LpValFindProp@12

Sections

.text
Size: 26KB - Virtual size: 26KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 310B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

56776c19b6ae5fa1e5a83f4ab715f51a

Headers

DLL Characteristics

File Characteristics

Imports

activeds

duser

mpr

kernel32

sqlunirl

mapistub

Sections

.text Size: 26KB - Virtual size: 26KB

.rdata Size: 5KB - Virtual size: 4KB

.data Size: 512B - Virtual size: 310B

.rsrc Size: 5KB - Virtual size: 4KB

.text
Size: 26KB - Virtual size: 26KB

.rdata
Size: 5KB - Virtual size: 4KB

.data
Size: 512B - Virtual size: 310B

.rsrc
Size: 5KB - Virtual size: 4KB