fe3e98e200f5001d4a6c48370fb1a6b2

Sharing

Copy URL Twitter E-mail

General

Target

fe3e98e200f5001d4a6c48370fb1a6b2
Size

141KB
MD5

fe3e98e200f5001d4a6c48370fb1a6b2
SHA1

75f4cb4ce19356d0ecbd3a827a682ca942142b08
SHA256

27b7d9a7697bbf0c244cb0cd4a0947d0e5a875c951ea248b9b2f06cf30ff3269
SHA512

579efde2a0534f4e8a8ef74bd8f8f43df942c292595495fd2b1e78f5cbb467f46496ace59f497847a3030ca2b9b9b21e5cd046f3d0954402f8249eb147e5a642
SSDEEP

3072:Ma5lQCzlu0u0maWzd7dgVUSHEbbtckL/P/jhoVssxT:Ma5lQ0lOd70UoEbbtcAXLsxT

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/info.scr

Files

fe3e98e200f5001d4a6c48370fb1a6b2
.zip
info.scr
.exe windows:5 windows x86 arch:x86

74fd642679c994967a288635b971444a

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

DeleteCriticalSection
GetConsoleInputWaitHandle
AddLocalAlternateComputerNameW
EnterCriticalSection
GetModuleHandleExW
GetHandleContext
QueryDosDeviceW
VirtualAlloc
AssignProcessToJobObject
HeapReAlloc
GetAtomNameA
GetTempFileNameW
GetConsoleAliasesW
BaseUpdateAppcompatCache
EnumResourceNamesA
DebugBreakProcess
RemoveLocalAlternateComputerNameA
CreateMailslotA
GlobalFindAtomA
SetPriorityClass
GetCommandLineW
CreateConsoleScreenBuffer
BaseDumpAppcompatCache
OpenJobObjectW
GetBinaryTypeW
WriteProfileStringA
SetConsoleTextAttribute
FindNextVolumeMountPointW
BuildCommDCBAndTimeoutsW
LZInit
LZRead
DeleteVolumeMountPointA
GetCurrentProcess
SuspendThread
CreateActCtxW
GetGeoInfoA
OpenMutexW
EnumerateLocalComputerNamesW
GlobalMemoryStatus
GetSystemWindowsDirectoryA
GetLogicalDriveStringsW
GetFirmwareEnvironmentVariableA
lstrcmpA
DefineDosDeviceW
FindAtomA
LZOpenFileW
GlobalCompact
GetConsoleAliasesA
LeaveCriticalSection
WritePrivateProfileStringA
LoadLibraryA
CreateFileMappingA
GetConsoleAliasA
HeapFree
GetStartupInfoW
GetConsoleAliasExesA
GetConsoleProcessList
SetThreadPriority
GetLocalTime

loadperf

BackupPerfRegistryToFileW
SetServiceAsTrustedA
UnloadPerfCounterTextStringsA
SetServiceAsTrustedW
InstallPerfDllW
LoadPerfCounterTextStringsW
UpdatePerfNameFilesW
LoadPerfCounterTextStringsA
InstallPerfDllA
UpdatePerfNameFilesA
UnloadPerfCounterTextStringsW
RestorePerfRegistryFromFileW

regapi

RegWinStationAccessCheck
RegDefaultUserConfigQueryW
RegGetMachinePolicy
RegWinStationEnumerateA
RegCdDeleteA
RegDenyTSConnectionsPolicy
RegCdCreateA
RegWinStationSetSecurityA
RegCdQueryW
RegUserConfigQuery
RegGetMachinePolicyEx
RegPdEnumerateA
RegWdQueryA
RegWinStationQueryW
RegWinStationCreateA
RegWinStationQueryEx
RegGetTServerVersion
RegFreeUtilityCommandList
RegWdDeleteW
RegOpenServerA
RegWinStationQueryValueW
RegUserConfigDelete
RegQueryOEMId
RegWinStationSetNumValueW
RegGetUserPolicy
WaitForTSConnectionsPolicyChanges
RegWinStationEnumerateW
RegGetUserConfigFromUserParameters
RegPdDeleteA
RegCdQueryA
RegWdQueryW
RegPdEnumerateW
RegWinStationCreateW
RegWdEnumerateW
RegConsoleShadowQueryW
RegConsoleShadowQueryA
RegCdEnumerateA
RegPdQueryW
RegSAMUserConfig
RegWinStationDeleteW
RegWdDeleteA
RegPdQueryA
RegCdEnumerateW
RegOpenServerW
RegWinStationDeleteA

jsproxy

InternetGetProxyInfo
InternetInitializeAutoProxyDll
InternetDeInitializeAutoProxyDll

msvcp60

??0?$num_put@GV?$ostreambuf_iterator@GU?$char_traits@G@std@@@std@@@std@@QAE@ABV_Locinfo@1@I@Z
?_Refcnt@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AAEAAEPBD@Z
?pow@std@@YA?AV?$complex@N@1@ABV21@ABN@Z
?capacity@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QBEIXZ
?_C@?1??_Nullstr@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@CAPBGXZ@4GB
??_7?$moneypunct@D$0A@@std@@6B@
??Kstd@@YA?AV?$complex@N@0@ABNABV10@@Z
?_Init_cnt@Init@ios_base@std@@0HA
?at@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAADI@Z
??Z?$_Complex_base@M@std@@QAEAAV01@ABM@Z
?xsgetn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAEHPADH@Z
?osfx@?$basic_ostream@GU?$char_traits@G@std@@@std@@QAEXXZ
?is@?$ctype@D@std@@QBE_NFD@Z
?negative_sign@?$_Mpunct@G@std@@QBE?AV?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@2@XZ
??1bad_cast@std@@UAE@XZ
??1?$moneypunct@D$00@std@@UAE@XZ
?infinity@?$numeric_limits@O@std@@SAOXZ
??0?$basic_ofstream@DU?$char_traits@D@std@@@std@@QAE@ABV01@@Z
?max@?$numeric_limits@H@std@@SAHXZ
?empty@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBE_NXZ
?getline@?$basic_istream@DU?$char_traits@D@std@@@std@@QAEAAV12@PADH@Z
??Z?$_Complex_base@O@std@@QAEAAV01@ABO@Z
?_Init@?$codecvt@DDH@std@@IAEXABV_Locinfo@2@@Z
?flush@?$basic_ostream@GU?$char_traits@G@std@@@std@@QAEAAV12@XZ
?is@?$ctype@D@std@@QBEPBDPBD0PAF@Z
??Hstd@@YA?AV?$complex@N@0@ABV10@0@Z
??_F_Timevec@std@@QAEXXZ

ntdll

ZwUnmapViewOfSection
NtImpersonateAnonymousToken
RtlNtStatusToDosErrorNoTeb
RtlSetHeapInformation
isupper
VerSetConditionMask
_strupr
NtTestAlert
RtlInitString
NtSetDefaultLocale
RtlLookupElementGenericTableAvl
NtReleaseKeyedEvent
ZwSetLdtEntries
ZwQueryVirtualMemory
ZwSetInformationKey
qsort
ZwQueryInstallUILanguage
NtCreateThread
RtlDeleteResource
NtClose
ZwClose
ZwAlertResumeThread
ZwSetEvent
NtRestoreKey
RtlMultiByteToUnicodeN
DbgQueryDebugFilterState
RtlQueryTagHeap
NtQueryInformationThread
ZwCancelIoFile
ZwMakeTemporaryObject
ZwOpenFile
RtlFreeAnsiString
RtlUnicodeStringToOemSize
NtSaveKeyEx
NtFreeVirtualMemory

Sections

.text
Size: 45KB - Virtual size: 44KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 54KB - Virtual size: 53KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 50KB - Virtual size: 227KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

74fd642679c994967a288635b971444a

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

loadperf

regapi

jsproxy

msvcp60

ntdll

Sections

.text Size: 45KB - Virtual size: 44KB

.rdata Size: 54KB - Virtual size: 53KB

.data Size: 50KB - Virtual size: 227KB

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 1KB - Virtual size: 1KB

.text
Size: 45KB - Virtual size: 44KB

.rdata
Size: 54KB - Virtual size: 53KB

.data
Size: 50KB - Virtual size: 227KB

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 1KB - Virtual size: 1KB