7bbba6269be872c9dfd711e88b54437d

Sharing

Copy URL

Twitter E-mail

General

Target

7bbba6269be872c9dfd711e88b54437d
Size

56KB
MD5

7bbba6269be872c9dfd711e88b54437d
SHA1

465d1eff0da7d87bd451da4e9e65765e3aff4b9b
SHA256

7822987738bb3870bcf8668ca9aba2885b5d55e71f914e4688f5eba7f06ae0b4
SHA512

19a40e3c1b40dcdbbd3d95ae01a7150424611ecb0bc63a17675396b421cabc9a2d38ff7386398c34768a46bbaf37506053cfa82cf2cc731c945ff4f11fabb13e
SSDEEP

768:gP0F38QjJf/nfDxSoBZ7cNbOX281HB9TAYGtD3Hbqdx025Z706kRVy:g2RnfVS8hTPABtjbqdx0mR0rV

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
7bbba6269be872c9dfd711e88b54437d

Files

7bbba6269be872c9dfd711e88b54437d
.exe windows:5 windows x86 arch:x86

7a6fe420c2e17c639100a29d0f411ccf

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

crtdll

fflush
_popen
_execvpe
__toascii
_scalb
_write
_execv
_ismbcalpha
scanf
_wcslwr
vwprintf
_cputs
_searchenv
fscanf
strspn
_tzset
iswlower
iscntrl
_mbbtype
_XcptFilter
tmpfile
_osmode_dll
_CIatan2
_mbsicmp
_local_unwind2
_osversion_dll
_cexit
_ismbbkpunct
wcschr
rename
_putenv
fputs
mblen
_putw
?_set_new_handler@@YAP6AHI@ZP6AHI@Z@Z
__fpecode
wcstoul
iswprint
_mbschr
strtok
_strtime
_endthread
remove
_environ_dll
_isctype
malloc
raise
swscanf
_iob
isdigit
??3@YAXPAX@Z
log
_setmode
_stricoll
_logb
_cabs
_filelength
sqrt
_strdup
_strdate
_ltow
_purecall
_splitpath
putc
putchar
localtime
_mbsdec
_mbsnbset
wcscoll
towupper
_findfirst
_itow
_mbctolower
strstr
_isatty
system

kernel32

InterlockedFlushSList
GetTempFileNameA
DelayLoadFailureHook
GetSystemTimeAsFileTime
EnumCalendarInfoExW
DisconnectNamedPipe
GetProcessWorkingSetSize
GetEnvironmentStringsW
AddAtomW
SetConsoleMaximumWindowSize
OpenSemaphoreA
InitializeSListHead
SuspendThread
EnumCalendarInfoA
RegisterWowExec
FindNextChangeNotification
OutputDebugStringA
ConnectNamedPipe
SetFileApisToOEM
SetConsoleLocalEUDC
DebugActiveProcess
GetConsoleScreenBufferInfo
SetConsoleCursor
SetDefaultCommConfigA
VerifyConsoleIoHandle
EnumResourceLanguagesW
UnregisterWait
GetSystemDirectoryW
lstrcatA
GlobalUnWire
OpenMutexW
LoadLibraryA
GetComputerNameExW
GetCommTimeouts
IsSystemResumeAutomatic
HeapCreate
GetCurrentProcessId
GetNamedPipeHandleStateW
GetConsoleCommandHistoryA
OpenProfileUserMapping
GetFileAttributesW
SetSystemTime
CreateHardLinkA
FindFirstFileExA
EnumSystemLocalesW
QueueUserWorkItem
EnumTimeFormatsW
RtlMoveMemory
RequestDeviceWakeup
CopyLZFile
ExitProcess
TlsAlloc
SetInformationJobObject
InterlockedPushEntrySList
GetOEMCP
GetACP
VirtualAlloc
VDMOperationStarted
SetHandleInformation
OpenJobObjectA
FindNextVolumeA
LocalFlags
HeapSetInformation
LZCreateFileW
BaseDumpAppcompatCache
SetFirmwareEnvironmentVariableA
CreateProcessInternalW
WriteFile
AllocConsole
InitAtomTable
GetCompressedFileSizeA

msv1_0

LsaApLogonUserEx2
SpInitialize
MsvGetLogonAttemptCount
SpUserModeInitialize
LsaApCallPackagePassthrough
LsaApCallPackage
SpInstanceInit
Msv1_0ExportSubAuthenticationRoutine
SpLsaModeInitialize
Msv1_0SubAuthenticationPresent
LsaApInitializePackage
MsvSamLogoff
MsvSamValidate
LsaApLogonTerminated
LsaApCallPackageUntrusted

winmm

midiStreamPause
mmioWrite
midiOutLongMsg
midiOutGetErrorTextA
mixerGetLineControlsA
mixerGetLineInfoA
joyConfigChanged
mciGetDeviceIDA
waveInGetErrorTextA
waveInGetErrorTextW
mmioGetInfo
midiInReset
mixerGetControlDetailsW
waveOutSetPitch
joyGetDevCapsW
wod32Message
mciExecute
mmioDescend
midiStreamRestart
midiInGetDevCapsA
waveInPrepareHeader
mixerOpen
midiOutCacheDrumPatches
timeGetDevCaps
midiInGetErrorTextW
mmGetCurrentTask
joyGetPosEx
waveOutWrite
waveInGetDevCapsA
joy32Message
mciGetErrorStringW
mmsystemGetVersion
auxGetDevCapsW
mciSetYieldProc
waveInMessage
midiOutOpen
mixerSetControlDetails
mixerClose
mciGetDriverData
mixerGetLineInfoW
waveOutGetDevCapsA
waveOutGetPitch
mciDriverYield

dsauth

StoreDeleteObject
DhcpDsEnumServers
StoreCollectAttributes
DhcpEnumServersDS
DhcpDsInitDS
StoreCleanupHandle
DhcpDsGetAttribs
StoreBeginSearch
DhcpDeleteServerDS
DhcpDsValidateService
DhcpDsSetLists
DhcpDsGetLists
DhcpAddServerDS
StoreSetSearchOneLevel
DhcpDsGetRoot
StoreGetHandle
StoreSearchGetNext
StoreInitHandle
DhcpDsCleanupDS
StoreCreateObjectVA
DhcpDsDelServer
DhcpDsAddServer
StoreSetSearchSubTree
StoreEndSearch

ntdll

ZwAccessCheckByTypeResultList
LdrUnloadDll
RtlExpandEnvironmentStrings_U
ZwCompareTokens
RtlAddRefActivationContext
NtReleaseSemaphore
ZwQuerySystemEnvironmentValue
ZwCreateNamedPipeFile
RtlpNtQueryValueKey
RtlIpv6StringToAddressW
ZwOpenThread
ZwSetEventBoostPriority
RtlRestoreLastWin32Error
ZwSetVolumeInformationFile
RtlVerifyVersionInfo
RtlCaptureContext
KiUserCallbackDispatcher
ZwRequestPort
RtlIsNameLegalDOS8Dot3
NtSaveKeyEx
RtlUpcaseUnicodeStringToOemString
NtSetSecurityObject
ZwWaitForSingleObject
sprintf
NtOpenSymbolicLinkObject
NtYieldExecution
RtlSetTimeZoneInformation
RtlInitializeRXact
ZwResetWriteWatch
NtTraceEvent
RtlCreateUnicodeStringFromAsciiz
RtlAddActionToRXact
_alldiv
isprint
RtlFindCharInUnicodeString
RtlInitializeResource
ZwFlushWriteBuffer
fabs
ZwLoadKey2
towupper
RtlCreateSystemVolumeInformationFolder
NtSetHighWaitLowEventPair
NtOpenThreadTokenEx
wcstoul
RtlLengthSid
RtlFormatMessage
RtlCreateUserProcess
NtGetWriteWatch
NtRaiseException
NtFindAtom
NtQueryBootEntryOrder
RtlSetUserFlagsHeap
ZwAccessCheck
NtDeleteAtom
ZwOpenThreadTokenEx
RtlSetUserValueHeap
ZwAccessCheckByTypeResultListAndAuditAlarm
RtlSetIoCompletionCallback
ZwReadFile
NtCreateJobSet
ZwWaitHighEventPair
ZwSetHighWaitLowEventPair
RtlUnicodeStringToInteger
LdrProcessRelocationBlock
RtlQueryRegistryValues
NtQueryInstallUILanguage
RtlFindClearRuns
RtlIsTextUnicode
ZwIsProcessInJob
ZwSetSystemTime
RtlTraceDatabaseCreate
ZwCreateJobSet

winipsec

SetMMPolicy
GetMMPolicyByID
MatchMMFilter
DeleteMMFilter
EnumMMFilters
GetTransportFilter
OpenMMFilterHandle
GetMMFilter
EnumTransportFilters
AddTunnelFilter
EnumQMSAs
SPDApiBufferFree
AddMMPolicy
QueryIPSecStatistics
GetQMPolicy
MatchTunnelFilter
SetMMAuthMethods
SetTunnelFilter
DeleteQMPolicy
GetMMPolicy
AddMMAuthMethods
AddQMPolicy
SPDApiBufferAllocate
OpenTransportFilterHandle
SetMMFilter
GetMMAuthMethods

Sections

.text
Size: 40KB - Virtual size: 40KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 31KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 1024B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

7a6fe420c2e17c639100a29d0f411ccf

Headers

DLL Characteristics

File Characteristics

Imports

crtdll

kernel32

msv1_0

winmm

dsauth

ntdll

winipsec

Sections

.text Size: 40KB - Virtual size: 40KB

.rdata Size: 8KB - Virtual size: 8KB

.data Size: 2KB - Virtual size: 31KB

.rsrc Size: 3KB - Virtual size: 3KB

.reloc Size: 1024B - Virtual size: 1024B

.text
Size: 40KB - Virtual size: 40KB

.rdata
Size: 8KB - Virtual size: 8KB

.data
Size: 2KB - Virtual size: 31KB

.rsrc
Size: 3KB - Virtual size: 3KB

.reloc
Size: 1024B - Virtual size: 1024B