034b532b5aa3aa249da64282d93ba3d4

Sharing

Copy URL Twitter E-mail

General

Target

034b532b5aa3aa249da64282d93ba3d4
Size

54KB
MD5

034b532b5aa3aa249da64282d93ba3d4
SHA1

483fc416ac1c3d4e4598c02d0a3568cfa227a937
SHA256

4a064da9fffa0cf6a431f28ac76b5a60856c1b68e0e66373192d9994dddf6979
SHA512

a6a72a5aa60c9b31e72fa647e4da4db6d3b8e3bb5bf6e9cf334dd38603ccfa351d2be0b3178a4309054f0b00a24d158729119dc3081d78ac13c2942885bf4c4a
SSDEEP

1536:WyjNcRYmFiocUU3wQh4Rs6FE1Yz3/LZ119a4m3gdf:dSRYmQocU2w2Os6FPz+4egd

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
034b532b5aa3aa249da64282d93ba3d4

Files

034b532b5aa3aa249da64282d93ba3d4
.exe windows:5 windows x86 arch:x86

878545f059afbff1406af9f8e72183eb

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

ntdll

RtlUnicodeStringToInteger
isalnum
RtlPushFrame
RtlInitializeSListHead
ZwSetSystemEnvironmentValueEx
NtModifyBootEntry
ZwRequestPort
RtlUnicodeStringToCountedOemString
RtlAssert
DbgUserBreakPoint
_alldiv
RtlRemoveVectoredExceptionHandler
NtQueryInformationJobObject
ZwCreatePort
RtlAddAce
ZwCreateEventPair
ZwCreateToken
ZwAllocateUserPhysicalPages
ZwRegisterThreadTerminatePort
RtlAddAccessAllowedObjectAce
wcscspn
ZwAccessCheckByTypeResultListAndAuditAlarmByHandle
__isascii
RtlGetCurrentPeb
RtlEnlargedUnsignedDivide
RtlGetLastNtStatus
_memccpy
RtlAnsiStringToUnicodeString
NtPrivilegeObjectAuditAlarm
NtTerminateJobObject
NtFlushInstructionCache
KiUserCallbackDispatcher

kernel32

GetTickCount
LoadLibraryA
GetEnvironmentVariableW
GetEnvironmentStringsW
ClearCommError
CreateMemoryResourceNotification
GetCurrentProcessId
GetBinaryType
VirtualAlloc
GlobalFindAtomA
ReadConsoleA
GetProcAddress
GetConsoleAliasExesW
CreateHardLinkA
IsValidLocale
IsProcessorFeaturePresent
WriteProfileSectionA
FindFirstVolumeMountPointW
GetProcessId
WaitForMultipleObjects
OutputDebugStringA
_lopen
GetNumberOfConsoleMouseButtons
CreateEventW
GetDriveTypeW
GetConsoleMode
RemoveDirectoryA
EnumDateFormatsExW
WaitForMultipleObjectsEx
GetStartupInfoA
ReplaceFileW
OpenThread
SetConsoleNlsMode
CompareStringW
CreateSemaphoreA
CopyFileExA

wshtcpip

WSHOpenSocket2
WSHGetSockaddrType
WSHGetWildcardSockaddr
WSHNotify
WSHOpenSocket
WSHGetBroadcastSockaddr
WSHGetWSAProtocolInfo
WSHGetProviderGuid
WSHAddressToString
WSHEnumProtocols
WSHGetWinsockMapping
WSHGetSocketInformation
WSHIoctl
WSHJoinLeaf
WSHSetSocketInformation
WSHStringToAddress

cmutil

CmStrchrA
??0CIniW@@QAE@PAUHINSTANCE__@@PBG111@Z
CmLoadIconA
?OpenFile@CmLogFile@@AAEJXZ
?SetSection@CIniA@@QAEXPBD@Z
?SetEntry@CIniA@@QAEXPBD@Z
?SetWriteICSData@CIniA@@QAEXH@Z
CmFree
?Generate@CRandom@@QAEHXZ
?GetFile@CIniA@@QBEPBDXZ
?CIniW_GetEntryFromReg@CIniW@@IBEPAEPAUHKEY__@@PBG1KK@Z
CmStrchrW
?GetPrimaryRegPath@CIniA@@QBEPBDXZ
CmAtolA
?SetWriteICSData@CIniW@@QAEXH@Z
CmLoadIconW
?LoadEntry@CIniA@@IBEPADPBD@Z
GetOSMajorVersion
CmStrTrimW
??4CIniW@@QAEAAV0@ABV0@@Z
CmStripFileNameW
CmParsePathW
??1CmLogFile@@QAE@XZ
?GetFile@CIniW@@QBEPBGXZ
CmStripPathAndExtW
?GetLogFilePath@CmLogFile@@QAEPBGXZ
?SetFile@CIniA@@QAEXPBD@Z
?Init@CmLogFile@@QAEJPAUHINSTANCE__@@HPBD@Z
?WPPI@CIniW@@QAEXPBG0K@Z
?SetHInst@CIniA@@QAEXPAUHINSTANCE__@@@Z
?LoadSection@CIniW@@QBEPAGPBG@Z

msv1_0

SpUserModeInitialize
Msv1_0ExportSubAuthenticationRoutine
SpInitialize
LsaApCallPackageUntrusted
MsvSamValidate
MsvGetLogonAttemptCount
LsaApLogonUserEx2
MsvSamLogoff
LsaApCallPackage
Msv1_0SubAuthenticationPresent
SpInstanceInit
SpLsaModeInitialize
LsaApLogonTerminated
LsaApInitializePackage
LsaApCallPackagePassthrough

Sections

.text
Size: 43KB - Virtual size: 43KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

878545f059afbff1406af9f8e72183eb

Headers

DLL Characteristics

File Characteristics

Imports

ntdll

kernel32

wshtcpip

cmutil

msv1_0

Sections

.text Size: 43KB - Virtual size: 43KB

.rdata Size: 5KB - Virtual size: 4KB

.data Size: 3KB - Virtual size: 2KB

.rsrc Size: 1KB - Virtual size: 1KB

.text
Size: 43KB - Virtual size: 43KB

.rdata
Size: 5KB - Virtual size: 4KB

.data
Size: 3KB - Virtual size: 2KB

.rsrc
Size: 1KB - Virtual size: 1KB