faf5fa0290eadb93c4564f988087b8c4

Sharing

Copy URL Twitter E-mail

General

Target

faf5fa0290eadb93c4564f988087b8c4
Size

831KB
MD5

faf5fa0290eadb93c4564f988087b8c4
SHA1

94d1909c79bf9fe8c9dad3e87bcf51bf36fe3edd
SHA256

51d7a2c967e987594c6d9c2a1702fa1ed1ff568eb6401e7639a723311b9603ab
SHA512

fc458c866d90d6a6ebda52775019958ad0718d122d3930600d3355c7171f421fbdaadd90f3af8cd37dafe2272d70648b8bb609d0accd40d4e6371a6def8e13d3
SSDEEP

24576:+2MhPwd5XoQECO9HoZg4TnObZJ4GE8L3E3:ZMhPwd5XoQEx9HUgMG/L

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
faf5fa0290eadb93c4564f988087b8c4

Files

faf5fa0290eadb93c4564f988087b8c4
.exe windows:5 windows x86 arch:x86

d0cefc05bb2a1fcd2c57b4c7ae673497

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

rtm

MgmAddGroupMembershipEntry
MgmGetProtocolOnInterface
RtmWriteInstanceConfig
RtmGetEntityInfo
RtmDeregisterFromChangeNotification
RtmGetExactMatchDestination
RtmReadInstanceConfig
MgmRegisterMProtocol
RtmInvokeMethod
RtmIsMarkedForChangeNotification
MgmReleaseInterfaceOwnership
RtmGetNextHopInfo
RtmCreateEnumerationHandle
RtmReleaseChangedDests
DumpTable

security

EncryptMessage
AcquireCredentialsHandleW
InitSecurityInterfaceA
DeleteSecurityPackageA
ExportSecurityContext
InitSecurityInterfaceW
UnsealMessage
MakeSignature
CompleteAuthToken
FreeCredentialsHandle
AcquireCredentialsHandleA
InitializeSecurityContextA
QueryContextAttributesW
QueryContextAttributesA
ImpersonateSecurityContext
ImportSecurityContextA
DecryptMessage
QuerySecurityPackageInfoA
QuerySecurityContextToken
QueryCredentialsAttributesW
ApplyControlToken
EnumerateSecurityPackagesA

dnsapi

DnsQueryConfig
DnsRegisterClusterAddress
DnsGetLastFailedUpdateInfo
Dns_CreateSocket
DnsFlushResolverCache
Dns_InitializeMsgRemoteSockaddr
DnsNameCompare_UTF8
DnsGetDnsServerList
DnsDhcpSrvRegisterInitialize
Dns_SkipPacketName
DnsReplaceRecordSetUTF8
DnsQueryConfigAllocEx
Dns_UpdateLibEx
Dns_WriteQuestionToMessage
DnsReplaceRecordSetW
Dns_InitializeWinsock
Dns_CleanupWinsock
Dns_CreateMulticastSocket
DnsQuery_A
DnsNameCompareEx_UTF8

certcli

CACertTypeAccessCheckEx
CASetCAProperty
CAIsCertTypeCurrent
CAGetCACertificate
CAOIDFreeProperty
CAGetCertTypeExtensions
CAGetCertTypeProperty
CAFreeCertTypeExtensions
CAFindByCertType
CACreateLocalAutoEnrollmentObject
CAEnumCertTypes
DllRegisterServer
CACountCAs
CAUpdateCA
CACreateAutoEnrollmentObjectEx
CAOIDCreateNew
CAGetCertTypeFlagsEx
CACertTypeSetSecurity
CAFindByName
CAInstallDefaultCertType
CASetCertTypePropertyEx
CADeleteCertType

kernel32

RegisterWowBaseHandlers
SetComPlusPackageInstallStatus
LoadLibraryW
GetModuleHandleW
GetNumaHighestNodeNumber
VerifyVersionInfoA
CreateJobObjectW
SetCurrentDirectoryW
GlobalFindAtomW
CreateWaitableTimerW
BackupSeek
GetLocaleInfoW
GetConsoleAliasesLengthW
SystemTimeToTzSpecificLocalTime
Thread32Next
CreateToolhelp32Snapshot
GetCurrentActCtx
GetLargestConsoleWindowSize
FindFirstVolumeMountPointW
SetFilePointerEx
SetConsoleCtrlHandler
GetCurrentThread
CompareStringW
GetDateFormatA

atl

AtlAxGetHost
AtlAxDialogBoxW
AtlCreateTargetDC
AtlModuleRegisterClassObjects
AtlIPersistStreamInit_Load
AtlIPersistPropertyBag_Load
AtlComQIPtrAssign
AtlFreeMarshalStream
AtlSetErrorInfo
AtlUnmarshalPtr
AtlDevModeW2A

Sections

.text
Size: 362KB - Virtual size: 361KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 138KB - Virtual size: 137KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 189KB - Virtual size: 1.6MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 140KB - Virtual size: 139KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 892B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

d0cefc05bb2a1fcd2c57b4c7ae673497

Headers

DLL Characteristics

File Characteristics

Imports

rtm

security

dnsapi

certcli

kernel32

atl

Sections

.text Size: 362KB - Virtual size: 361KB

.rdata Size: 138KB - Virtual size: 137KB

.data Size: 189KB - Virtual size: 1.6MB

.rsrc Size: 140KB - Virtual size: 139KB

.reloc Size: 1024B - Virtual size: 892B

.text
Size: 362KB - Virtual size: 361KB

.rdata
Size: 138KB - Virtual size: 137KB

.data
Size: 189KB - Virtual size: 1.6MB

.rsrc
Size: 140KB - Virtual size: 139KB

.reloc
Size: 1024B - Virtual size: 892B