f64c9b1f8b228fdbda7b56c6414c4c47

Sharing

Copy URL Twitter E-mail

General

Target

f64c9b1f8b228fdbda7b56c6414c4c47
Size

365KB
MD5

f64c9b1f8b228fdbda7b56c6414c4c47
SHA1

0cab2780902029feec5a1986caeb6c0c5d33ed75
SHA256

6ad019ac6cc2896c81f1c4d7d219e01b6ece333fd900a76bad8611f6fea531d7
SHA512

f662c99263842802262b62aed6070806225a4ff2dac02dcab5b2e51743115f1254fb4ffbf587a58a09e0044974969426171dc7215464f5694ee36f79d6168ab4
SSDEEP

6144:fxdl6wRJky0Jy1f4j4TP9ESbj1xxkvdOJaMCAiBzgeeiPlFqgGNDeU+TQ0HQo58q:ft6wPJ0zI9ESt4dOJaMIzgeeiPlcBC+U

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
f64c9b1f8b228fdbda7b56c6414c4c47

Files

f64c9b1f8b228fdbda7b56c6414c4c47
.exe windows:5 windows x86 arch:x86

6b637a038eaad45f33a6fbebc1c61067

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Imports

msdart

?HeadNode@CDoubleList@@QBEQBVCListEntry@@XZ
?_ExtractKey@CLKRLinearHashTable@@ABE?BKPBX@Z
?GetDefaultSpinCount@CFakeLock@@SGGXZ
?SetTableLockSpinCount@CLKRLinearHashTable@@QAEXG@Z
??4CSpinLock@@QAEAAV0@ABV0@@Z
?NumSubTables@CLKRHashTable@@QBEHXZ
?SetDefaultSpinAdjustmentFactor@CCritSec@@SGXN@Z
?RemoveTail@CDoubleList@@QAEQAVCListEntry@@XZ
?RemoveHead@CLockedDoubleList@@QAEQAVCListEntry@@XZ
?InsertHead@CLockedDoubleList@@QAEXQAVCListEntry@@@Z
?FindRecord@CLKRHashTable@@QBE?AW4LK_RETCODE@@PBX@Z
?SetDefaultSpinAdjustmentFactor@CReaderWriterLock2@@SGXN@Z
?IsWriteLocked@CSpinLock@@QBE_NXZ
?GetDefaultSpinCount@CCritSec@@SGGXZ
?IsWriteUnlocked@CLKRHashTable@@QBE_NXZ
??1CFakeLock@@QAE@XZ
?IsWriteUnlocked@CCritSec@@QBE_NXZ
?IsMillnm@CMdVersionInfo@@SAHXZ
?BucketSize@CLKRHashTableStats@@SGJJ@Z
?GetDefaultSpinCount@CReaderWriterLock3@@SGGXZ
?ReadOrWriteUnlock@CCritSec@@QAEX_N@Z
?TryWriteLock@CSpinLock@@QAE_NXZ
?GetDefaultSpinAdjustmentFactor@CSmallSpinLock@@SGNXZ
?SetSpinCount@CCritSec@@QAE_NG@Z
?GetSpinCount@CSpinLock@@QBEGXZ
??1CLKRHashTable@@QAE@XZ
?IsWriteUnlocked@CReaderWriterLock2@@QBE_NXZ
mpRealloc
??1CLockedSingleList@@QAE@XZ
??4CDoubleList@@QAEAAV0@ABV0@@Z
?TryReadLock@CSpinLock@@QAE_NXZ
?SetSpinCount@CCritSec@@SGKPAPAVCCriticalSection@@K@Z
?ReadUnlock@CSpinLock@@QAEXXZ
?IsReadUnlocked@CFakeLock@@QBE_NXZ
?TryReadLock@CReaderWriterLock3@@QAE_NXZ
?BucketIndex@CLKRHashTableStats@@SGJJ@Z
?IsWriteLocked@CLKRHashTable@@QBE_NXZ
?sm_dblDfltSpinAdjFctr@CReaderWriterLock@@1NA
?_H1@CLKRLinearHashTable@@ABEKK@Z
??4CLockedSingleList@@QAEAAV0@ABV0@@Z
?TryWriteLock@CFakeLock@@QAE_NXZ
?ConvertExclusiveToShared@CReaderWriterLock3@@QAEXXZ
?Push@CLockedSingleList@@QAEXQAVCSingleListEntry@@@Z
?CheckTable@CLKRHashTable@@QBEHXZ

msvcirt

??_Estdiobuf@@UAEPAXI@Z
??_Gios@@UAEPAXI@Z
??0ofstream@@QAE@HPADH@Z
??0ostream@@IAE@XZ
?eatwhite@istream@@QAEXXZ
?stossc@streambuf@@QAEXXZ
?read@istream@@QAEAAV1@PADH@Z
??1iostream@@UAE@XZ
??0strstreambuf@@QAE@ABV0@@Z
?get@istream@@QAEAAV1@PACHD@Z
?setbuf@strstreambuf@@UAEPAVstreambuf@@PADH@Z
??_Distream@@QAEXXZ
?ipfx@istream@@QAEHH@Z
??0logic_error@@QAE@ABQBD@Z
??0streambuf@@IAE@XZ
?close@fstream@@QAEXXZ
?egptr@streambuf@@IBEPADXZ
??_7logic_error@@6B@
?unlock@ios@@QAAXXZ
??0strstream@@QAE@XZ
??4Iostream_init@@QAEAAV0@ABV0@@Z
?sh_read@filebuf@@2HB
??0ifstream@@QAE@XZ
?write@ostream@@QAEAAV1@PBDH@Z
?endl@@YAAAVostream@@AAV1@@Z
?sync@stdiobuf@@UAEHXZ
?rdbuf@stdiostream@@QBEPAVstdiobuf@@XZ

kernel32

GetSystemPowerStatus
SetConsoleCtrlHandler
SetDefaultCommConfigA
GetDiskFreeSpaceExA
WaitNamedPipeA
ConvertThreadToFiber
MoveFileWithProgressW
SetFileTime
RegisterConsoleVDM
CreateDirectoryA
HeapCreate
GetConsoleDisplayMode
ProcessIdToSessionId
FoldStringW
GlobalFlags
lstrcat
CreateHardLinkA
ResetWriteWatch
BaseCheckAppcompatCache
GetSystemInfo
VirtualAlloc
ReadFileEx
FindNextFileA
GetCalendarInfoA
SizeofResource
EnumResourceLanguagesW
InitAtomTable
GetConsoleCommandHistoryW
GetCurrentThread
GetThreadPriority
OpenSemaphoreW
DnsHostnameToComputerNameW
EnumCalendarInfoExA
GetNamedPipeInfo
LocalFree
GetEnvironmentStrings
Heap32First
GetNumberOfConsoleInputEvents
FreeUserPhysicalPages
WriteFileEx
FileTimeToSystemTime
GetOverlappedResult
EnumSystemLanguageGroupsW
LoadLibraryA
GetEnvironmentStringsW
SetEnvironmentVariableA
GetStdHandle
VerLanguageNameW
SearchPathA

ntdll

ZwCompleteConnectPort
ZwCreateDebugObject
wcsrchr
NtGetContextThread
NtOpenJobObject
_alldiv
ZwLockVirtualMemory
NtOpenEvent
NtOpenSymbolicLinkObject
ZwUnlockFile
NtImpersonateAnonymousToken
ZwPrivilegedServiceAuditAlarm
NtTerminateProcess
RtlFindMostSignificantBit
_ui64toa
NtWaitLowEventPair
RtlGetProcessHeaps
strncpy
iswdigit
DbgPrintReturnControlC
CsrSetPriorityClass
RtlFindLongestRunClear
ZwQueryBootEntryOrder
RtlAddressInSectionTable
RtlGetElementGenericTable
RtlRaiseException
RtlSetInformationAcl
ZwSetInformationProcess
RtlComputePrivatizedDllName_U
ZwRestoreKey
ZwAcceptConnectPort
RtlTraceDatabaseCreate
NtQuerySymbolicLinkObject
NtQueryMultipleValueKey
_CIpow
RtlGetLongestNtPathLength
ZwQuerySystemTime
wcschr
ZwQuerySemaphore
fabs
CsrClientConnectToServer

netapi32

NetMessageNameDel
NetErrorLogWrite
NetGetJoinableOUs
NetUnjoinDomain
NetGetAnyDCName
NetWkstaTransportAdd
NetDfsRemoveFtRoot
NetServerTransportAddEx
NetReplImportDirEnum
NetGroupAddUser
NetpAddTlnFtinfoEntry
I_NetDatabaseSync
NetAuditClear
I_BrowserServerEnum
NetReplImportDirLock
I_NetServerGetTrustInfo
NlBindingAddServerToCache
NetReplImportDirAdd
NetShareDelSticky
NetpwPathCanonicalize
NetShareCheck
I_NetLogonUasLogoff
NetUserChangePassword
DsDeregisterDnsHostRecordsW
I_NetServerSetServiceBitsEx

user32

SetCursorContents
LoadKeyboardLayoutEx
SetClipboardViewer
ChangeDisplaySettingsW
GetAsyncKeyState
FindWindowExW
SetThreadDesktop
GetWindowThreadProcessId
GetClassNameW
RegisterClipboardFormatA
ScrollDC
DrawTextExA
IsCharLowerA
BeginDeferWindowPos
UserRealizePalette
GetWindowModuleFileNameA
SetMessageExtraInfo
PostMessageA
User32InitializeImmEntryTable
DdeQueryStringA
GetTaskmanWindow
OemToCharW
SetWindowLongA
GetMessageExtraInfo
GetDlgCtrlID

Sections

.text
Size: 83KB - Virtual size: 84KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 68KB - Virtual size: 68KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 540KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 211KB - Virtual size: 212KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

6b637a038eaad45f33a6fbebc1c61067

Headers

File Characteristics

Imports

msdart

msvcirt

kernel32

ntdll

netapi32

user32

Sections

.text Size: 83KB - Virtual size: 84KB

.rdata Size: 68KB - Virtual size: 68KB

.data Size: 512B - Virtual size: 540KB

.rsrc Size: 211KB - Virtual size: 212KB

.reloc Size: 1024B - Virtual size: 4KB

.text
Size: 83KB - Virtual size: 84KB

.rdata
Size: 68KB - Virtual size: 68KB

.data
Size: 512B - Virtual size: 540KB

.rsrc
Size: 211KB - Virtual size: 212KB

.reloc
Size: 1024B - Virtual size: 4KB