004ef5b64a40a8bd0617182978f144f6

Sharing

Copy URL Twitter E-mail

General

Target

004ef5b64a40a8bd0617182978f144f6
Size

162KB
MD5

004ef5b64a40a8bd0617182978f144f6
SHA1

7aa191acb4c8f2cd2ec779691945d9d59789247b
SHA256

aef9a801484d788b4ab4c417a44a5e6d731ae60e486a665bfc30a7fd5b256adc
SHA512

87ced7fd9b0308cccd39d3ce9d255e18ca793cf92e582e9dd30d2b58c2de476b69aa4106d1aa2e0b8d5e88c261e6d2bb2392731734410ed94191663460109079
SSDEEP

3072:8rcYrcH/hOga8JgXi4xw4qNx3x7qCBLw6m0mN9M770pV4sDzoiSbOD6q:1qcH/hQ8Juxw4qNxBWChwimN9qa4CzhD

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
004ef5b64a40a8bd0617182978f144f6

Files

004ef5b64a40a8bd0617182978f144f6
.exe windows:4 windows x86 arch:x86

b39c87d67280029780bfae5e1f4d2231

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

mprapi

MprConfigServerConnect
MprConfigServerDisconnect
MprConfigGetFriendlyName

oleacc

LresultFromObject
AccessibleObjectFromPoint

shell32

SHGetFolderPathW

kernel32

HeapFree
RaiseException
LCMapStringW
GetTimeZoneInformation
GetTickCount
GetCurrentProcess
EnterCriticalSection
UnhandledExceptionFilter
SetEndOfFile
TerminateProcess
IsValidCodePage
SetStdHandle
InitializeCriticalSection
GetACP
GetDateFormatA
QueryPerformanceCounter
MultiByteToWideChar
FreeLibrary
ReadFile
RtlUnwind
SetFilePointer
GetLocaleInfoA
IsDebuggerPresent
HeapSize
EnumResourceTypesA
VirtualAlloc
CompareStringA
GetStringTypeW
GetTimeFormatA
SetEnvironmentVariableA
HeapDestroy
CreateNamedPipeA
GetOEMCP
HeapReAlloc
LeaveCriticalSection
GetCPInfo
HeapCreate
LoadLibraryA
WriteConsoleA
CompareStringW
LCMapStringA
VirtualFree
SetUnhandledExceptionFilter
GetCurrentProcessId
GetConsoleOutputCP
WriteFile
GetSystemTimeAsFileTime
GetStringTypeA

newdev

UpdateDriverForPlugAndPlayDevicesW

advapi32

InitializeSecurityDescriptor
EnumDependentServicesW
EqualSid
AdjustTokenPrivileges
FreeSid
RegOpenKeyExW
GetSecurityInfo
FreeInheritedFromArray
LookupPrivilegeValueA
RegGetKeySecurity
SetNamedSecurityInfoW
AddAce
IsValidSecurityDescriptor
SetSecurityInfo
QueryServiceStatus
RegRestoreKeyW
ChangeServiceConfigW
GetAclInformation
RegSetValueExW
CreateServiceW
GetAce
DeleteService
OpenSCManagerW
RegCreateKeyExW
IsValidAcl
SetEntriesInAclW
LookupPrivilegeDisplayNameA
LockServiceDatabase
GetTokenInformation
ControlService
AllocateAndInitializeSid
RegDeleteValueW
QueryServiceLockStatusW
RegCloseKey
QueryServiceConfigW
CloseServiceHandle
InitializeAcl
GetNamedSecurityInfoW
RegSaveKeyW
SetEntriesInAclA
GetSecurityDescriptorControl
StartServiceA
ChangeServiceConfig2W
LookupAccountSidW
GetInheritanceSourceW
LookupPrivilegeNameA
UnlockServiceDatabase
OpenProcessToken
RegDeleteKeyW
OpenServiceW
RegQueryValueExW
RegEnumKeyExW
SetSecurityDescriptorDacl
RegEnumValueW

Sections

.text
Size: 44KB - Virtual size: 43KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 3KB - Virtual size: 407KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 113KB - Virtual size: 113KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

b39c87d67280029780bfae5e1f4d2231

Headers

File Characteristics

Imports

mprapi

oleacc

shell32

kernel32

newdev

advapi32

Sections

.text Size: 44KB - Virtual size: 43KB

.rdata Size: 3KB - Virtual size: 407KB

.data Size: 113KB - Virtual size: 113KB

.rsrc Size: 512B - Virtual size: 4KB

.text
Size: 44KB - Virtual size: 43KB

.rdata
Size: 3KB - Virtual size: 407KB

.data
Size: 113KB - Virtual size: 113KB

.rsrc
Size: 512B - Virtual size: 4KB