feff9cdfe4ce4b7f152dd396818f81ea

Sharing

Copy URL Twitter E-mail

General

Target

feff9cdfe4ce4b7f152dd396818f81ea
Size

130KB
MD5

feff9cdfe4ce4b7f152dd396818f81ea
SHA1

b7ce09ff58aeec102655a7bd3d59c5921e791163
SHA256

c250ef88d1f9c922f4008988f487c12ffaecc47a3a10a6e833eabc2c95ec70c1
SHA512

4b9b6799084964ee24d0d875e15d190aa168b40ce285117432cbf611da011e5062b6a323883535ef139e2e437d416d5384322236d2f3fcc2d309806abf807d0b
SSDEEP

3072:Q0BwdRPyZNd0x9CMkYpyKCwnAVIVfe+XWL9k2TSBpc:SPg/MdpyKC7O9vXWlSBp

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
feff9cdfe4ce4b7f152dd396818f81ea

Files

feff9cdfe4ce4b7f152dd396818f81ea
.exe windows:1 windows x86 arch:x86

e72f3d6b34ca111250038d883bbc2b96

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

user32

InvalidateRect
FlashWindow
SetActiveWindow
InflateRect
GetWindowRect
DrawFocusRect
RemoveMenu
PostQuitMessage

advapi32

QueryServiceStatus
SetSecurityDescriptorDacl
CheckTokenMembership
InitializeAcl
GetSecurityDescriptorDacl
ReadEncryptedFileRaw

acluhelp

DllRegisterServer
ILGetNext
ShimDumpCache
SdbInitDatabase
SdbGetDatabaseID
ImmIsIME
SdbGetDatabaseVersion
ILCombine
ImmSetCompositionStringA
SdbGetEntryFlags
ImmPenAuxInput
DAD_SetDragImage
SdbTagIDToTagRef
GetFileNameFromBrowse
ImmEscapeA
RealShellExecuteExA
DllUnregisterServer
SdbTagRefToTagID
SdbReadDWORDTagRef
SdbReadDWORDTag
PifMgr_OpenProperties
DAD_ShowDragImage
PathQualify
PathYetAnotherMakeUniqueName
ILRemoveLastID
PifMgr_CloseProperties
ImmReSizeIMCC
ExtractIconResInfoA
RealDriveType
SdbOpenDatabase
ImmDestroyIMCC
SdbSetPermLayerKeys
Control_RunDLL
SdbFindFirstNamedTag
ImmGetVirtualKey
ImmGetRegisterWordStyleA
ImmUnlockIMCC
ImmIMPGetIMEA
ILClone

kernel32

CreateFileMappingA
SetFileTime
GetFileSize
MultiByteToWideChar
VirtualQueryEx
ReadFile
LocalAlloc
UnmapViewOfFile
GetTapeStatus
GetModuleHandleA
QueryPerformanceCounter
HeapFree
MapViewOfFile
GetFileInformationByHandle
WaitForMultipleObjects
GetSystemTime
GetCurrentThreadId

ole32

CoCreateGuid
CoUninitialize

ntdll

wcscspn
NtQueryQuotaInformationFile

Sections

.text
Size: 120KB - Virtual size: 120KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 2KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

e72f3d6b34ca111250038d883bbc2b96

Headers

DLL Characteristics

File Characteristics

Imports

user32

advapi32

acluhelp

kernel32

ole32

ntdll

Sections

.text Size: 120KB - Virtual size: 120KB

.rdata Size: 2KB - Virtual size: 4KB

.data Size: 4KB - Virtual size: 4KB

.rsrc Size: 2KB - Virtual size: 4KB

.text
Size: 120KB - Virtual size: 120KB

.rdata
Size: 2KB - Virtual size: 4KB

.data
Size: 4KB - Virtual size: 4KB

.rsrc
Size: 2KB - Virtual size: 4KB