06bade9f920539b77824d08355b94f89

Sharing

Copy URL Twitter E-mail

General

Target

06bade9f920539b77824d08355b94f89
Size

46KB
MD5

06bade9f920539b77824d08355b94f89
SHA1

577767de647ba54b6d207074fbb8a4684e44a6a7
SHA256

40a006e0e4b70a24d6237901511b66e5ecef7ec5ed9622c11036c2b2c5483fea
SHA512

21b7c229288c99199a7d06c4f0115ec76e38a0341995efb1093609896e940e6b283cb6eeccd98e6f83df144d82d179353404943bbac7c68e0662c4aded0a5187
SSDEEP

768:i2BgoShUxwC2peKDsnxN+rKu8DNBmjgUZvOcS/MfKHeNB:BgoAUqCoNDsWr0Da1vEMfUo

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
06bade9f920539b77824d08355b94f89

Files

06bade9f920539b77824d08355b94f89
.exe windows:5 windows x86 arch:x86

24afffd2f4cf8c5ba6921b83f9a2f78d

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

atmlib

ATMGetFontInfo
ATMXYShowTextA
ATMGetFontPathsW
ATMGetOutline
ATMGetOutlineW
ATMAddFontEx
ATMFontAvailableW
ATMGetBuildStrW
ATMGetNtmFieldsW
ATMEnumMMFontsW
ATMFontStatusA
ATMBeginFontChange
ATMMakePSS
ATMFontStatusW
ATMRemoveSubstFontA

atl

AtlDevModeW2A
AtlIPersistPropertyBag_Load
AtlModuleGetClassObject
AtlAxCreateControlEx
AtlUnadvise
AtlComPtrAssign
AtlModuleRevokeClassObjects
AtlModuleRegisterServer
AtlGetVersion
AtlModuleUnregisterServerEx
AtlWaitWithMessageLoop
AtlGetObjectSourceInterface

wldap32

ldap_add_sW
ldap_value_freeA
ldap_searchA
ldap_encode_sort_controlA
ldap_parse_referenceW
ldap_value_freeW
ldap_delete_ext_sW

crypt32

CryptExportPublicKeyInfo
CertSaveStore
CryptRegisterOIDFunction
CryptGetKeyIdentifierProperty
CryptDecodeMessage
I_CryptCreateLruCache
I_CryptFindSmartCardCertInStore
CryptCreateAsyncHandle
CertAddCTLContextToStore
CryptEncryptMessage
CertSetCertificateContextPropertiesFromCTLEntry
CertSetCTLContextProperty
RegOpenKeyExU
CryptSIPCreateIndirectData

kernel32

GetThreadPriorityBoost
IsBadStringPtrA
lstrlenW
LocalFlags
EnumSystemCodePagesA
IsValidCodePage
LocalAlloc
GetTimeZoneInformation
MoveFileExA
GetACP
LoadLibraryA
GetVolumePathNameA
SetConsoleHardwareState
ReadConsoleA
GetSystemTimeAsFileTime
GetLocaleInfoA
GetUserGeoID
ExpungeConsoleCommandHistoryA
GetStartupInfoA
FindFirstFileExW
LZInit
SetConsoleLocalEUDC
GetStringTypeExA

cmpbk32

PhoneBookGetPhoneDUNA
PhoneBookGetPhoneNonCanonicalA
PhoneBookEnumNumbersWithRegionsZero
PhoneBookGetCurrentCountryId
PhoneBookEnumCountries
PhoneBookFreeFilter
PhoneBookMergeChanges
PhoneBookUnload
PhoneBookGetPhoneCanonicalA
PhoneBookGetPhoneType

Sections

.text
Size: 35KB - Virtual size: 34KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

24afffd2f4cf8c5ba6921b83f9a2f78d

Headers

DLL Characteristics

File Characteristics

Imports

atmlib

atl

wldap32

crypt32

kernel32

cmpbk32

Sections

.text Size: 35KB - Virtual size: 34KB

.rdata Size: 4KB - Virtual size: 3KB

.data Size: 2KB - Virtual size: 1KB

.rsrc Size: 4KB - Virtual size: 3KB

.text
Size: 35KB - Virtual size: 34KB

.rdata
Size: 4KB - Virtual size: 3KB

.data
Size: 2KB - Virtual size: 1KB

.rsrc
Size: 4KB - Virtual size: 3KB