7d8ebdcab56fbb5a08766059d34213e5

General

Target

7d8ebdcab56fbb5a08766059d34213e5
Size

435KB
MD5

7d8ebdcab56fbb5a08766059d34213e5
SHA1

55cecc5d6e8564bd4176c8d4187855d83560fb92
SHA256

46d6f9ff4ed26259a0c9c869a763d02dafe3dc4c72655e4df68b221fd3945586
SHA512

e547a4af551fc7fa8ef46303819b5fe2021eb785987c213146be597486fe7c6333fa707633abc69f00b9059ac5435b9a6960d39fac5bc2ffd3175b35733943a0
SSDEEP

6144:QTPkVaSFclYEecqjdETn/7JCGkWNIWwz4xYDU+6KDbxvC0M5GzPCix5O7bVJXN:Q4VzFwYEqM6Wwz4MXI3ezo7bVRN

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
7d8ebdcab56fbb5a08766059d34213e5

Files

7d8ebdcab56fbb5a08766059d34213e5
.exe windows:5 windows x86 arch:x86

b008ce3159b19551819ab9cd3151b9cd

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

ifsutil

?Initialize@MOUNT_POINT_MAP@@QAEEXZ
?ReverseCopy@INTSTACK@@QAEEPAV1@@Z
?Initialize@SUPERAREA@@IAEEPAVMEM@@PAVLOG_IO_DP_DRIVE@@KPAVMESSAGE@@@Z
?FlushCache@IO_DP_DRIVE@@QAEEXZ
??0SUPERAREA@@IAE@XZ
?ForceAutochk@VOL_LIODPDRV@@QAEEEKKGPBVWSTRING@@@Z
??0VOL_LIODPDRV@@IAE@XZ
?RemoveAll@SPARSE_SET@@QAEEXZ

d3d8thk

OsThunkDdGetMoCompGuids
OsThunkDdDestroyMoComp
OsThunkDdDestroySurface
OsThunkDdCanCreateSurface
OsThunkDdEndMoCompFrame
OsThunkDdAddAttachedSurface
OsThunkDdGetDriverInfo
OsThunkDdCanCreateD3DBuffer
OsThunkDdGetScanLine
OsThunkDdQueryDirectDrawObject
OsThunkDdBeginMoCompFrame
OsThunkDdLock
OsThunkD3dContextCreate

wintrust

mscat32DllRegisterServer
CryptCATEnumerateCatAttr
CryptCATCDFEnumMembers
CatalogCompactHashDatabase
WTHelperProvDataFromStateData
CryptCATCDFEnumMembersByCDFTagEx
mscat32DllUnregisterServer
OpenPersonalTrustDBDialogEx
WintrustCertificateTrust
CryptCATAdminPauseServiceForBackup
CryptCATCDFEnumAttributes
WVTAsn1SpcLinkEncode
CryptCATPersistStore
SoftpubLoadSignature
WVTAsn1CatMemberInfoDecode
CryptCATAdminAcquireContext
WTHelperGetAgencyInfo
DriverInitializePolicy

kernel32

LocalAlloc
GetSystemTimeAsFileTime
OpenJobObjectW
FindActCtxSectionGuid
GetStartupInfoW
SetThreadUILanguage
CreateFileW
GetNamedPipeHandleStateA
GetPrivateProfileStringA
LZRead
GetCPInfoExW
CreatePipe
BackupSeek
_lcreat
LoadLibraryA

Sections

.text
Size: 118KB - Virtual size: 117KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 142KB - Virtual size: 142KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 102KB - Virtual size: 101KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 70KB - Virtual size: 70KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

b008ce3159b19551819ab9cd3151b9cd

Headers

File Characteristics

Imports

ifsutil

d3d8thk

wintrust

kernel32

Sections

.text Size: 118KB - Virtual size: 117KB

.rdata Size: 142KB - Virtual size: 142KB

.data Size: 102KB - Virtual size: 101KB

.rsrc Size: 70KB - Virtual size: 70KB

.text
Size: 118KB - Virtual size: 117KB

.rdata
Size: 142KB - Virtual size: 142KB

.data
Size: 102KB - Virtual size: 101KB

.rsrc
Size: 70KB - Virtual size: 70KB