fd3011843f4171caa09c2a9e4a031e87

Sharing

Copy URL

Twitter E-mail

General

Target

fd3011843f4171caa09c2a9e4a031e87
Size

182KB
MD5

fd3011843f4171caa09c2a9e4a031e87
SHA1

195263d67d40305b1cb7419533bd78ebf93e5b4e
SHA256

49bfe7cc1773ee7d84cc5534a8777e0e2d1d0ee9fdff4bffb0c7bd7c74e6774a
SHA512

e1db2dba5b72914a6c8db76c52663b3c74689061e08c4c19464eb221373dad122ef2561be843a69e6e1fe83daca4ad193fc6a3132f7b30ead6f3da874135522b
SSDEEP

3072:Ab1Z0Kk2dWCGWIl4xXALLFElfI9Holc3k1JzOboXbWM2+JEE/s/06HxC2yd1gtLr:AhCBYWyIl4xXAX8BZz7XybsUPyotZnii

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
fd3011843f4171caa09c2a9e4a031e87

Files

fd3011843f4171caa09c2a9e4a031e87
.exe windows:5 windows x86 arch:x86

554f36535884258ef3d7b234d3d7add0

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

rasapi32

RasAutoDialSharedConnection
RasClearLinkStatistics
RasFreeEapUserIdentityW
RasSetAutodialAddressW
RasGetEapUserIdentityA
RasQuerySharedConnection
RasEnumAutodialAddressesA
RasSetAutodialParamA
RasSetEntryDialParamsW
RasEnumEntriesA
RasSetAutodialEnableW
RasGetCustomAuthDataW
RasGetCustomAuthDataA
RasValidateEntryNameW
RasGetEntryPropertiesA
RasDeleteEntryA
DwCloneEntry
RasAutodialEntryToNetwork
RasDialA
DDMGetPhonebookInfo
RasGetEntryHrasconnW
RasConnectionNotificationA
RasAutodialAddressToNetwork
RasScriptTerm
RasGetCountryInfoA
RasGetSubEntryHandleW
RasHangUpW
RasGetEapUserDataA
RasGetEntryDialParamsA
RasEnumConnectionsW
RasSetOldPassword
RasGetConnectionStatistics
RasGetCountryInfoW
RasRenameEntryA
RasEnumDevicesA
RasSetEapUserDataA
RasEditPhonebookEntryA
RasGetEapUserIdentityW
RasGetSubEntryPropertiesA
RasSetSharedAutoDial
RasDeleteSubEntryA
RasCreatePhonebookEntryW
RasDeleteSubEntryW
RasGetCredentialsA
RasQueryRedialOnLinkFailure

ole32

OleSetContainedObject
CoGetStandardMarshal
HMETAFILEPICT_UserFree
CoSwitchCallContext
CoFreeAllLibraries
CoRegisterChannelHook
HICON_UserUnmarshal
CreateOleAdviseHolder
ComPs_NdrDllCanUnloadNow
CoFileTimeToDosDateTime
IsValidPtrOut
StgOpenAsyncDocfileOnIFillLockBytes
MonikerRelativePathTo
CoGetInstanceFromIStorage
OleCreateFromFileEx
CoTreatAsClass
OleDraw
HPALETTE_UserMarshal
HMETAFILE_UserMarshal
OleDestroyMenuDescriptor
HkOleRegisterObject
OleCreateLinkEx
CoGetInstanceFromFile
StgCreatePropStg
OleBuildVersion
CoCancelCall
OleCreateEmbeddingHelper
CoRetireServer
CoIsOle1Class
MonikerCommonPrefixWith
CoTestCancel
ComPs_NdrDllRegisterProxy
HPALETTE_UserFree
GetHookInterface
HACCEL_UserSize
OleInitialize
OleConvertIStorageToOLESTREAMEx
OleSetAutoConvert
CoRevokeClassObject
CLIPFORMAT_UserSize
WriteOleStg

untfs

?Read@NTFS_MFT_FILE@@UAEEXZ
?QueryName@NTFS_ATTRIBUTE_RECORD@@QBEEPAVWSTRING@@@Z
??1NTFS_ATTRIBUTE_RECORD@@UAE@XZ
??0NTFS_ATTRIBUTE@@QAE@XZ
?Extend@NTFS_MASTER_FILE_TABLE@@QAEEK@Z
Chkdsk
?WriteRemainingBootCode@NTFS_SA@@QAEEXZ
?Initialize@NTFS_BAD_CLUSTER_FILE@@QAEEPAVNTFS_MASTER_FILE_TABLE@@@Z
?AllocateFileRecordSegment@NTFS_MASTER_FILE_TABLE@@QAEEPAVBIG_INT@@E@Z
??1NTFS_ATTRIBUTE_LIST@@UAE@XZ
?IsAllocated@NTFS_BITMAP@@QBEEVBIG_INT@@0@Z
?QueryFileReference@NTFS_INDEX_TREE@@QAEEKPAXKPAU_MFT_SEGMENT_REFERENCE@@PAE@Z
??0NTFS_BAD_CLUSTER_FILE@@QAE@XZ
?Initialize@NTFS_FILE_RECORD_SEGMENT@@QAEEVBIG_INT@@PAVNTFS_MFT_FILE@@@Z
??0NTFS_EXTENT_LIST@@QAE@XZ
??1NTFS_BITMAP_FILE@@UAE@XZ
?AddFileNameAttribute@NTFS_FILE_RECORD_SEGMENT@@QAEEPAU_FILE_NAME@@@Z
??0NTFS_UPCASE_TABLE@@QAE@XZ
?Initialize@NTFS_UPCASE_FILE@@QAEEPAVNTFS_MASTER_FILE_TABLE@@@Z
?ReadNext@NTFS_FRS_STRUCTURE@@QAEEVBIG_INT@@@Z
?ReadList@NTFS_ATTRIBUTE_LIST@@QAEEXZ
?QueryFlags@NTFS_MFT_INFO@@SGEPAXG@Z
?Relocate@NTFS_CLUSTER_RUN@@QAEXVBIG_INT@@@Z
?Read@NTFS_FRS_STRUCTURE@@UAEEXZ
?QueryFileSizes@NTFS_FILE_RECORD_SEGMENT@@QAEEPAVBIG_INT@@0PAE@Z
?CompareDupInfo@NTFS_MFT_INFO@@SGEPAXPAU_FILE_NAME@@@Z
?QuerySegmentReference@NTFS_MFT_INFO@@SG?AU_MFT_SEGMENT_REFERENCE@@PAX@Z
??1NTFS_BAD_CLUSTER_FILE@@UAE@XZ
??1NTFS_UPCASE_TABLE@@UAE@XZ
?Initialize@NTFS_BOOT_FILE@@QAEEPAVNTFS_MASTER_FILE_TABLE@@@Z
??0NTFS_LOG_FILE@@QAE@XZ

kernel32

GetNumaNodeProcessorMask
FoldStringW
IsSystemResumeAutomatic
QueryDosDeviceA
FindFirstVolumeMountPointA
GetEnvironmentVariableA
CancelTimerQueueTimer
CreateWaitableTimerA
RequestWakeupLatency
HeapAlloc
GetBinaryType
AddLocalAlternateComputerNameW
GetModuleHandleExA
SetComPlusPackageInstallStatus
SetEvent
lstrcmpiA
GetLongPathNameW
BackupRead
TransmitCommChar
GetSystemDefaultUILanguage
WritePrivateProfileStringW
CreateFileMappingW
TerminateJobObject
GetTimeFormatA
SetComputerNameW
LZCreateFileW
WideCharToMultiByte
SetSystemPowerState
UnlockFile
GetCurrentThreadId
LoadLibraryA
VirtualFree
SetThreadIdealProcessor
GlobalAlloc
FillConsoleOutputCharacterA
SetConsoleWindowInfo
HeapCreate
OpenFile
MoveFileExW
GetCurrentThread
GetCommTimeouts
WaitCommEvent
GetCurrentDirectoryW
SetTapeParameters
OpenSemaphoreA
GetVolumePathNameA
GetThreadSelectorEntry
AddConsoleAliasA
SetConsoleInputExeNameA
GlobalFree
GetPrivateProfileStringW
GetPrivateProfileStructW
FatalAppExitW
WaitForSingleObject
SetLastConsoleEventActive
SetTermsrvAppInstallMode
CreateProcessInternalW
ReadFileEx
GetEnvironmentStringsA
OpenEventA
LockResource
VirtualAlloc
MapViewOfFileEx
LZCopy
ProcessIdToSessionId
GetCommandLineA
ResumeThread
GetFileSizeEx
LCMapStringW
LZDone
GetHandleContext
ReadConsoleW
GetFirmwareEnvironmentVariableW
VDMOperationStarted

msvcrt40

??4strstreambuf@@QAEAAV0@ABV0@@Z
__mb_cur_max
?_set_new_handler@@YAP6AHI@ZP6AHI@Z@Z
_CIsinh
?setmode@fstream@@QAEHH@Z
?gptr@streambuf@@IBEPADXZ
??0ifstream@@QAE@XZ
ispunct
_putenv
??0bad_typeid@@QAE@ABV0@@Z
_mbsnbcat
_mktemp
_wtol
_close
_wstati64
_searchenv
??4ios@@IAEAAV0@ABV0@@Z
?put@ostream@@QAEAAV1@D@Z
_wpopen
??0__non_rtti_object@@QAE@PBD@Z
??8type_info@@QBEHABV0@@Z
??_7ofstream@@6B@
rename
?name@type_info@@QBEPBDXZ
?get@istream@@QAEAAV1@AAD@Z
strchr

dmime

DllGetClassObject

Sections

.text
Size: 74KB - Virtual size: 76KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 54KB - Virtual size: 56KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 52KB - Virtual size: 260KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

554f36535884258ef3d7b234d3d7add0

Headers

DLL Characteristics

File Characteristics

Imports

rasapi32

ole32

untfs

kernel32

msvcrt40

dmime

Sections

.text Size: 74KB - Virtual size: 76KB

.rdata Size: 54KB - Virtual size: 56KB

.data Size: 52KB - Virtual size: 260KB

.rsrc Size: 1KB - Virtual size: 4KB

.reloc Size: 1024B - Virtual size: 4KB

.text
Size: 74KB - Virtual size: 76KB

.rdata
Size: 54KB - Virtual size: 56KB

.data
Size: 52KB - Virtual size: 260KB

.rsrc
Size: 1KB - Virtual size: 4KB

.reloc
Size: 1024B - Virtual size: 4KB