f6144d964bb1bafd862e8aeea9c13738

Sharing

Copy URL Twitter E-mail

General

Target

f6144d964bb1bafd862e8aeea9c13738
Size

329KB
MD5

f6144d964bb1bafd862e8aeea9c13738
SHA1

b2e6cefb9c2dbfd6df6fe0ae17d39ee406f4c1e0
SHA256

f0175ec722b46e8d3daefb7e180e7d84fad2e3a09d2b44c4e6640e3aeb352ef6
SHA512

a563f5a9ecd4ade80709e246a2596c87298e5d814e65df742e54b16632d2dbcae788bb2b6f7d9cc898b5465f31e112ed6fb1bfc0b9eb8a638899afc2bed764b9
SSDEEP

6144:hCpI1ohz8Rr0Djv2XY6gIzK/8oyF9L2OhZJ3JwElCG+xkzYqwuK1NV8irSakuVzo:gpLSRr0Djv2dgyKkjF9RBuWBNYjNCaku

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
f6144d964bb1bafd862e8aeea9c13738

Files

f6144d964bb1bafd862e8aeea9c13738
.exe windows:5 windows x86 arch:x86

1a7117eebe5147cacbee4728bbf4c5f5

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

ntdll

NtCreateEvent
RtlCopyLuid
RtlLeaveCriticalSection
RtlInsertElementGenericTable
RtlConvertSharedToExclusive
NtQuerySystemInformation
RtlCopyUnicodeString
RtlRegisterWait
RtlCopySid
RtlAnsiStringToUnicodeString
RtlCreateTimerQueue
RtlInitializeCriticalSection
RtlOemStringToUnicodeString
RtlEnterCriticalSection
RtlUniform
NtDuplicateObject
RtlSetDaclSecurityDescriptor
RtlValidSid
RtlGetElementGenericTable
RtlDeleteElementGenericTable
RtlReleaseResource
RtlDeleteTimerQueue
NtOpenProcessToken
RtlAcquireResourceShared
RtlInsertElementGenericTableAvl
NtQueryInformationToken
RtlCreateTimer
RtlUpcaseUnicodeString
RtlInitializeGenericTable
NtClose
RtlCompareUnicodeString
RtlUnicodeStringToAnsiString
RtlEraseUnicodeString
RtlCreateSecurityDescriptor
RtlAppendUnicodeStringToString
NtOpenEvent
RtlTimeToTimeFields
RtlInitAnsiString
RtlCreateAcl
RtlFreeSid
RtlLookupElementGenericTable
RtlFreeAnsiString
RtlDowncaseUnicodeString
RtlDeleteCriticalSection
RtlLengthSid
RtlFreeUnicodeString
RtlLengthRequiredSid
DbgPrint
RtlAddAccessAllowedAce
RtlInitializeGenericTableAvl
NtWaitForSingleObject
RtlEqualSid
RtlInitializeSid
RtlCompareMemory
RtlAcquireResourceExclusive
NtOpenThreadToken
RtlSystemTimeToLocalTime
RtlEqualDomainName
RtlEqualUnicodeString
RtlInitializeResource
RtlSubAuthoritySid
VerSetConditionMask
NtAllocateLocallyUniqueId
RtlVerifyVersionInfo
RtlLookupElementGenericTableAvl
NtSetSecurityObject
RtlDeleteResource
RtlInitUnicodeString
RtlDeregisterWait
RtlRunDecodeUnicodeString
RtlConvertSidToUnicodeString
RtlPrefixUnicodeString
NtQuerySystemTime
RtlIntegerToUnicodeString
RtlNtStatusToDosError
NtAllocateVirtualMemory
RtlAllocateAndInitializeSid
RtlTimeFieldsToTime

advapi32

OpenSCManagerW
AllocateAndInitializeSid
GetTraceLoggerHandle
CredUnmarshalCredentialW
RegisterEventSourceW
RegCloseKey
CryptGetHashParam
RevertToSelf
CryptDestroyHash
RegQueryValueExW
TraceEvent
OpenServiceW
RegOpenKeyW
RegDeleteValueW
ReportEventW
CryptCreateHash
SetThreadToken
SystemFunction006
RegQueryInfoKeyW
GetTokenInformation
CryptAcquireContextW
RegCreateKeyExW
RegOpenKeyExW
OpenProcessToken
FreeSid
CryptReleaseContext
OpenThreadToken
RegSetValueExW
CredFree
CryptSetProvParam
LookupAccountSidW
RegNotifyChangeKeyValue
CryptGetProvParam
CloseServiceHandle
QueryServiceConfigW
QueryServiceStatus
RegConnectRegistryW
RegisterTraceGuidsW
SystemFunction007
CryptHashData
DeregisterEventSource
RegEnumKeyExW

user32

wsprintfW
CharLowerBuffW

msasn1

ASN1BEREncU32
ASN1octetstring_free
ASN1_Decode
ASN1BERDecOpenType2
ASN1BERDecBitString
ASN1ztcharstring_free
ASN1BEREncObjectIdentifier
ASN1BERDecObjectIdentifier
ASN1BEREncOpenType
ASN1_CloseEncoder
ASN1DecAlloc
ASN1BERDecBool
ASN1BERDecS32Val
ASN1BERDecGeneralizedTime
ASN1intx2int32
ASN1DecSetError
ASN1intxisuint32
ASN1EncSetError
ASN1BERDecEndOfContents
ASN1BERDecPeekTag
ASN1BERDecCharString
ASN1BERDecSkip
ASN1Free
ASN1charstring_free
ASN1_CreateDecoder
ASN1BEREncExplicitTag
ASN1BERDecU32Val
ASN1BEREncBool
ASN1BERDecSXVal
ASN1BEREncSX
ASN1intx_setuint32
ASN1_CreateModule
ASN1_CloseDecoder
ASN1_FreeEncoded
ASN1BEREncS32
ASN1CEREncGeneralizedTime
ASN1BERDecNotEndOfContents
ASN1BEREncEndOfContents
ASN1BEREncOctetString
ASN1BEREncBitString
ASN1BERDecZeroCharString
ASN1intx_free
ASN1objectidentifier_free
ASN1bitstring_free
ASN1BERDecExplicitTag
ASN1intx2uint32
ASN1BERDecOctetString
ASN1_FreeDecoded
ASN1_CreateEncoder
ASN1_Encode
ASN1BEREncCharString

secur32

LsaGetLogonSessionData
CredMarshalTargetInfo
LsaFreeReturnBuffer
FreeContextBuffer
CredUnmarshalTargetInfo

kernel32

GetLastError
lstrcpyW
InterlockedExchange
GetModuleFileNameW
lstrlenW
GetModuleFileNameA
GetTickCount
LoadLibraryA
GetProfileStringA
FreeLibrary
LoadLibraryW
InitializeCriticalSection
QueryPerformanceCounter
GetSystemInfo
MultiByteToWideChar
GetEnvironmentVariableW
InterlockedDecrement
DisableThreadLibraryCalls
GetSystemTimeAsFileTime
LocalFree
CloseHandle
GetLocalTime
GetCurrentThreadId
GetCurrentThread
CreateFileW
VirtualAlloc
GetCurrentProcess
RaiseException
OpenFileMappingW
SetEvent
GetProcAddress
LeaveCriticalSection
LocalAlloc
DebugBreak
GetCurrentProcessId
WriteFile
CreateFileMappingW
InterlockedExchangeAdd
lstrlenA
UnregisterWait
GetComputerNameW
Sleep
TerminateProcess
FormatMessageW
CreateEventW
InterlockedCompareExchange
UnhandledExceptionFilter
GetComputerNameExW
GetACP
MapViewOfFileEx
WideCharToMultiByte
GetModuleHandleW
lstrcmpiA
InterlockedIncrement
EnterCriticalSection
RegisterWaitForSingleObjectEx
SetUnhandledExceptionFilter
lstrcmpW
CreateFileA
OutputDebugStringA
DeleteCriticalSection
FileTimeToSystemTime
UnmapViewOfFile
ExpandEnvironmentStringsW
OpenEventW

msvcrt

strchr
wcscmp
sprintf
qsort
strrchr
wcscpy
wcsrchr
sscanf
wcstoul
wcscat
swprintf
_wcsnicmp
_adjust_fdiv
wcslen
_vsnprintf
_strnicmp
_stricmp
_ultoa
free
_strcmpi
wcsspn
malloc
_initterm
_wcsicmp
_except_handler3

cryptdll

MD5Init
MD5Update
MD5Final
CDBuildIntegrityVect
CDLocateCheckSum
CDLocateCSystem
CDGenerateRandomBits
CDFindCommonCSystemWithKey

Sections

.text
Size: 18KB - Virtual size: 17KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 9KB - Virtual size: 1.4MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 36KB - Virtual size: 36KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rdata
Size: 264KB - Virtual size: 263KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

1a7117eebe5147cacbee4728bbf4c5f5

Headers

DLL Characteristics

File Characteristics

Imports

ntdll

advapi32

user32

msasn1

secur32

kernel32

msvcrt

cryptdll

Sections

.text Size: 18KB - Virtual size: 17KB

.data Size: 9KB - Virtual size: 1.4MB

.tls Size: 512B - Virtual size: 4KB

.rsrc Size: 36KB - Virtual size: 36KB

.rdata Size: 264KB - Virtual size: 263KB

.text
Size: 18KB - Virtual size: 17KB

.data
Size: 9KB - Virtual size: 1.4MB

.tls
Size: 512B - Virtual size: 4KB

.rsrc
Size: 36KB - Virtual size: 36KB

.rdata
Size: 264KB - Virtual size: 263KB