ff425c2a05240e2f92408f94b35056dd

Sharing

Copy URL Twitter E-mail

General

Target

ff425c2a05240e2f92408f94b35056dd
Size

50KB
MD5

ff425c2a05240e2f92408f94b35056dd
SHA1

0fdae7d06fa5e5cc068e6710858fe7243896982f
SHA256

a9668dc351ace6443a323954b2786a0e32236c6eeee9c5f6f55a80ec60bfed80
SHA512

2604132eef14e244efbe18397d7549f8bc6b290bc51cb0477aa528e42b2ba5c0485e5e104bd859b0fd1459e3ffe6f2446ad5d182849e635f2b39b1ad574e8fba
SSDEEP

768:e19X0TAiWI6dW+qRhkLKso/Ez1a58piMH9aoy1io5qObnpubOALrwOva4/TH6wH6:eHgAfBlChsJzU8DX/4ctkOl5ppRSpYW

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
ff425c2a05240e2f92408f94b35056dd

Files

ff425c2a05240e2f92408f94b35056dd
.exe windows:5 windows x86 arch:x86

930ba2adaa97d9aaf4b9865d5caf4f87

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

mmcbase

?GetComObjectEventSource@@YGAAV?$CEventSource@VCComObjectObserver@@VCVoid@@V2@V2@V2@@@XZ
?IsLocked@CEventBuffer@@QAE_NXZ
??0SC@mmcerror@@QAE@J@Z
?FromWin32@SC@mmcerror@@QAEAAV12@J@Z
?FormatErrorShort@@YGXVSC@mmcerror@@IPAG@Z
?AddRef@CMMCStrongReferences@@SGKXZ
?s_dwMainThreadID@SC@mmcerror@@0KA
??9SC@mmcerror@@QBE_NABV01@@Z
??8SC@mmcerror@@QBE_NABV01@@Z
?Throw@SC@mmcerror@@QAEXXZ
?GetErrorMessage@SC@mmcerror@@QBEXIPAG@Z
?GetHelpID@SC@mmcerror@@QAEKXZ
?s_hWnd@SC@mmcerror@@0PAUHWND__@@A
?MMCErrorBox@@YGHPBGI@Z
?HrFromSc@@YGJABVSC@mmcerror@@@Z
?MMCUpdateRegistry@@YGJHPBVCObjectRegParams@@PBVCControlRegParams@@@Z
?s_pDispatcher@CConsoleEventDispatcherProvider@@0PAVCConsoleEventDispatcher@@A
?ScFlushPostponed@CEventBuffer@@AAE?AVSC@mmcerror@@XZ
?GetFacility@SC@mmcerror@@ABE?AW4facility_type@12@XZ
?MMCErrorBox@@YGHPBGVSC@mmcerror@@I@Z
??7SC@mmcerror@@QBEHXZ
?GetHelpFile@SC@mmcerror@@SGPBGXZ
?GetHWnd@SC@mmcerror@@SGPAUHWND__@@XZ
?SCODEFromSc@@YGJABVSC@mmcerror@@@Z
?FromMMC@SC@mmcerror@@QAEAAV12@J@Z
?Trace_@SC@mmcerror@@QBEXXZ
?LastRefReleased@CMMCStrongReferences@@SG_NXZ
?SetHinst@SC@mmcerror@@SGXPAUHINSTANCE__@@@Z
?InternalAddRef@CMMCStrongReferences@@AAEKXZ
?GetMainThreadID@SC@mmcerror@@SGKXZ
?FormatErrorIds@@YGXIVSC@mmcerror@@IPAG@Z
?GetEventBuffer@@YGAAVCEventBuffer@@XZ
?s_hInst@SC@mmcerror@@0PAUHINSTANCE__@@A
?ScEmitOrPostpone@CEventBuffer@@QAE?AVSC@mmcerror@@PAUIDispatch@@JPAVCComVariant@ATL@@H@Z
??4CMMCStrongReferences@@QAEAAV0@ABV0@@Z
?TraceAndClear@SC@mmcerror@@QAEXXZ
?Throw@SC@mmcerror@@QAEXJ@Z
??_FSC@mmcerror@@QAEXXZ
??0CEventBuffer@@QAE@XZ
?GetHinst@SC@mmcerror@@SGPAUHINSTANCE__@@XZ
?ToHr@SC@mmcerror@@QBEJXZ
?GetSingletonObject@CMMCStrongReferences@@CGAAV1@XZ

modemui

drvCommConfigDialogW
ModemPropPagesProvider
drvCommConfigDialogA
drvGetDefaultCommConfigA
QueryModemForCountrySettings
UnimodemDevConfigDialog
ModemCplDlgProc
UnimodemGetExtendedCaps
drvGetDefaultCommConfigW
CountryRunOnce
UnimodemGetDefaultCommConfig
drvSetDefaultCommConfigA
drvSetDefaultCommConfigW
InvokeControlPanel

kernel32

CloseHandle
MoveFileWithProgressW
DeleteTimerQueueTimer
GetDevicePowerState
EnumUILanguagesW
RtlZeroMemory
GetCurrencyFormatW
HeapUnlock
GlobalAddAtomW
GetNumberFormatA
GetStartupInfoW
GetFirmwareEnvironmentVariableA
FindActCtxSectionStringW
EnumResourceTypesA
GetNumaAvailableMemoryNode
LoadLibraryA
CreateTimerQueueTimer
OutputDebugStringA
VirtualAlloc
HeapReAlloc
CreateMutexA
GetThreadPriority
GetDiskFreeSpaceExA
EnumResourceTypesW
HeapCreate
GetSystemDirectoryW
GetProfileIntA
SetVolumeLabelA
CmdBatNotification
CopyFileExW
TerminateThread
EnumSystemLanguageGroupsW
VerifyConsoleIoHandle
GetOverlappedResult
QueryPerformanceCounter
WriteProfileStringW

msvcrt

_adj_fdivr_m64
??0bad_cast@@QAE@PBD@Z
_wspawnv
_getch
_adj_fpatan
_cexit
wcspbrk
mblen
__wargv
_filbuf
cos
_kbhit
_amsg_exit
_scalb
_ismbbgraph
_wtoi64
_umask
_timezone
_pwctype
_cgetws
__threadhandle
_ismbbtrail
??1bad_cast@@UAE@XZ
_wspawnvpe
strtok
islower
_mbsicmp
wscanf
??0exception@@QAE@ABQBD@Z
_hypot
_wpopen
_adj_fptan
_getcwd
__p__winminor
_HUGE
_mbscspn
_ismbclegal
_Gettnames
__p__iob

user32

RedrawWindow
SetMenu
DisableProcessWindowsGhosting
SetWindowTextA
MessageBoxA
DispatchMessageW
CreateIconIndirect
IsCharAlphaNumericW
SetMenuItemInfoW
SetLayeredWindowAttributes
EnumWindowStationsA
LoadBitmapA
SendDlgItemMessageA
DrawTextA
UpdateWindow
DestroyIcon
GetTaskmanWindow
IsCharAlphaW
wsprintfW
DdeImpersonateClient
ReplyMessage
CreateMenu
BuildReasonArray
UnlockWindowStation
GetWindowTextLengthA
GetClassNameW
RealGetWindowClassW
DdeDisconnectList
SetShellWindow
GetThreadDesktop
GetClipboardData
GetWindowRgn
DdeGetLastError
GetCaretBlinkTime
AlignRects
IsCharLowerW
LoadBitmapW
SetFocus
GetDialogBaseUnits
CallMsgFilterA
IsMenu
ActivateKeyboardLayout
GetClipboardOwner
DdeQueryStringW
BroadcastSystemMessage
EnumPropsExA
keybd_event
EndDialog
IsGUIThread
DdeCreateStringHandleW
BroadcastSystemMessageExW
GetNextDlgGroupItem
DeregisterShellHookWindow
DdeAddData
GetDlgItem
EnableWindow
GetKeyNameTextA
DrawMenuBarTemp
DrawCaptionTempA
GetUpdateRgn
RealChildWindowFromPoint
SetWindowStationUser

msvcirt

??_8istream_withassign@@7B@
??0stdiobuf@@QAE@PAU_iobuf@@@Z
??0ifstream@@QAE@PBDHH@Z
?clog@@3Vostream_withassign@@A
??1istrstream@@UAE@XZ
?hex@@YAAAVios@@AAV1@@Z
??0istream@@QAE@PAVstreambuf@@@Z
?open@fstream@@QAEXPBDHH@Z
??_Eexception@@UAEPAXI@Z
??_Gistrstream@@UAEPAXI@Z
?xsputn@streambuf@@UAEHPBDH@Z
??1istream@@UAE@XZ
?bad@ios@@QBEHXZ
?cerr@@3Vostream_withassign@@A
??_Eostream@@UAEPAXI@Z
?put@ostream@@QAEAAV1@D@Z
?get@istream@@QAEAAV1@AAE@Z
??5istream@@QAEAAV0@AAH@Z
??1iostream@@UAE@XZ
??1ifstream@@UAE@XZ
??_7stdiostream@@6B@
??_Gostrstream@@UAEPAXI@Z
??0ifstream@@QAE@ABV0@@Z
??_Estreambuf@@UAEPAXI@Z
??_Eostrstream@@UAEPAXI@Z
??0strstreambuf@@QAE@XZ
??4istream_withassign@@QAEAAV0@ABV0@@Z
??1ios@@UAE@XZ
?delbuf@ios@@QAEXH@Z

shell32

SHGetMalloc

Sections

.text
Size: 43KB - Virtual size: 43KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 56KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 1024B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 1024B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

930ba2adaa97d9aaf4b9865d5caf4f87

Headers

DLL Characteristics

File Characteristics

Imports

mmcbase

modemui

kernel32

msvcrt

user32

msvcirt

shell32

Sections

.text Size: 43KB - Virtual size: 43KB

.rdata Size: 1KB - Virtual size: 1KB

.data Size: 2KB - Virtual size: 56KB

.rsrc Size: 1024B - Virtual size: 1024B

.reloc Size: 1024B - Virtual size: 1024B

.text
Size: 43KB - Virtual size: 43KB

.rdata
Size: 1KB - Virtual size: 1KB

.data
Size: 2KB - Virtual size: 56KB

.rsrc
Size: 1024B - Virtual size: 1024B

.reloc
Size: 1024B - Virtual size: 1024B