081f71b675b5cdd952b39f03a030776d

Sharing

Copy URL Twitter E-mail

General

Target

081f71b675b5cdd952b39f03a030776d
Size

334KB
MD5

081f71b675b5cdd952b39f03a030776d
SHA1

1e261fc8e7078f62a06766ff3508ac27aeefc972
SHA256

c647979ac78593c70f6ca412d96f861c554e1e0ef70c07775f1748d658c699a8
SHA512

3a34e169044b77320304518be6e783e05407b9ba2259cb0cbb8073586c9dbf08ca20955fe9b69d0ad54c510477f2185ad5094da095436cfa7539ff7d15a08a18
SSDEEP

6144:jTlGnX22J+iarE6rdrjrmnZbVofLCG0mX5EHIZx3T/Gfgo1Tyb:flgX2O+3E6prmJCLCOX5EcD/oTR8

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
081f71b675b5cdd952b39f03a030776d

Files

081f71b675b5cdd952b39f03a030776d
.exe windows:5 windows x86 arch:x86

5d47afa8e2722e7954085e398b211eb1

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

rpcrt4

RpcImpersonateClient
RpcBindingFree
RpcStringBindingParseW
RpcRaiseException
RpcStringFreeW
RpcBindingFromStringBindingW
RpcBindingSetAuthInfoA
RpcSsDestroyClientContext
I_RpcExceptionFilter
RpcBindingToStringBindingW
RpcBindingSetAuthInfoExA
RpcStringBindingComposeW
UuidToStringW
I_RpcBindingIsClientLocal
UuidFromStringW
NdrClientCall2
RpcBindingSetAuthInfoW
NDRCContextBinding
RpcEpResolveBinding
UuidCreate
RpcRevertToSelf
I_RpcMapWin32Status
RpcBindingSetAuthInfoExW

kernel32

GetWindowsDirectoryW
lstrcpynW
GetComputerNameExW
SetErrorMode
DeleteCriticalSection
LocalFree
CreateMutexW
GetComputerNameW
WriteFile
SizeofResource
LoadLibraryW
GetVersionExA
LoadLibraryExW
SetThreadPriority
GetLocalTime
GetCommandLineW
GetDiskFreeSpaceW
DeleteFileW
OutputDebugStringW
GetLongPathNameW
VirtualFree
DelayLoadFailureHook
GetFullPathNameW
OpenFile
CreateEventA
CancelIo
GetCurrentProcess
InterlockedExchangeAdd
CreateProcessInternalA
Sleep
CloseHandle
CopyFileW
ResumeThread
HeapAlloc
WaitForMultipleObjectsEx
GetModuleHandleW
ResetEvent
GetFileSize
GetTickCount
FindClose
OpenEventW
WideCharToMultiByte
WaitNamedPipeW
SetUnhandledExceptionFilter
GetSystemDirectoryW
SetFilePointer
SetNamedPipeHandleState
GetSystemInfo
LocalAlloc
GetProfileStringA
DeviceIoControl
GetSystemTime
CreateFileMappingW
SetEvent
WaitForSingleObject
DuplicateHandle
GetProcessHeap
CreateThread
GetFileSizeEx
lstrlenA
InterlockedIncrement
ReleaseMutex
GetProfileIntA
GetUserDefaultUILanguage
SearchPathW
GetCurrentThread
GetFileAttributesExW
ExpandEnvironmentStringsW
MultiByteToWideChar
InterlockedExchange
OpenProcess
lstrlenW
GetTimeZoneInformation
UnhandledExceptionFilter
GetCurrentThreadId
MoveFileW
GetLastError
OpenMutexW
CreateProcessInternalW
GetProcAddress
ExpandEnvironmentStringsA
FindFirstFileExW
FindFirstFileW
SetLastError
CompareFileTime
SleepEx
FreeLibrary
GetOverlappedResult
GetPriorityClass
GetPrivateProfileStringW
LoadResource
GetModuleHandleExW
GetModuleHandleA
InterlockedCompareExchange
MapViewOfFile
GetFullPathNameA
lstrcmpW
lstrcmpiW
lstrcpyW
GetDriveTypeW
FindResourceA
GetCurrentProcessId
GetVolumeInformationW
RaiseException
FindNextFileW
VirtualAlloc
UnmapViewOfFile
LoadLibraryA
GetPrivateProfileIntW
CreateFileMappingA
GetComputerNameA
TerminateProcess
ReadProcessMemory
InterlockedDecrement
FormatMessageW
GetLogicalDriveStringsW
GetFileTime
GetModuleFileNameW
LocalReAlloc
WritePrivateProfileStringW
_lclose
lstrcatW
IsBadWritePtr
lstrcpyA
GetSystemTimeAsFileTime
ExitThread
LeaveCriticalSection
InitializeCriticalSection
CreateFileA
GlobalMemoryStatus
ReadFile
QueryPerformanceCounter
AreFileApisANSI
FindResourceExW
GetDiskFreeSpaceExW
HeapFree
EnumUILanguagesW
GetSystemWindowsDirectoryW
CreateFileW
CreateEventW
EnterCriticalSection
GetFileAttributesW

ntdll

RtlInitUnicodeStringEx
RtlUpcaseUnicodeStringToOemString
RtlDeleteCriticalSection
_wcsnicmp
wcstombs
RtlTimeToSecondsSince1970
RtlAdjustPrivilege
strstr
RtlFreeSid
RtlxAnsiStringToUnicodeSize
RtlGetSecurityDescriptorRMControl
wcscat
NtFlushBuffersFile
NtAccessCheckByTypeAndAuditAlarm
RtlAddAccessAllowedObjectAce
RtlSetGroupSecurityDescriptor
NtSaveKey
RtlNewSecurityObjectEx
NtTraceEvent
NtSetInformationObject
NtPrivilegeObjectAuditAlarm
RtlIsTextUnicode
NtOpenObjectAuditAlarm
RtlGetGroupSecurityDescriptor
_wcslwr
NtClearEvent
RtlDosPathNameToNtPathName_U
RtlCompareUnicodeString
wcschr
RtlAllocateHeap
atol
NtQueryVolumeInformationFile
RtlFlushSecureMemoryCache
wcslen
NtAdjustPrivilegesToken
_ftol
NtDuplicateObject
RtlAllocateAndInitializeSid
NtQuerySecurityObject
RtlOpenCurrentUser
RtlAddAccessDeniedAce
_chkstk
wcsncmp
RtlMakeSelfRelativeSD
NtQueryVirtualMemory
RtlFreeHeap
NtQueryMultipleValueKey
RtlEnumerateGenericTableWithoutSplaying
RtlSetSecurityObjectEx
RtlDeleteSecurityObject
RtlQueryInformationAcl
RtlNewSecurityObjectWithMultipleInheritance
RtlGetOwnerSecurityDescriptor
RtlDetermineDosPathNameType_U
NtOpenProcess
RtlCopyUnicodeString
RtlStringFromGUID
NtDeleteValueKey
RtlPrefixUnicodeString
NtFreeVirtualMemory
RtlInsertElementGenericTable
RtlLookupElementGenericTable
RtlFreeAnsiString
RtlLengthRequiredSid
NtPrivilegeCheck
RtlSetOwnerSecurityDescriptor
RtlSetControlSecurityDescriptor
RtlDeleteAce
NtQuerySystemTime
RtlValidSid
NtCreateDirectoryObject
NtOpenProcessToken
NtDeleteKey
RtlAddAuditAccessObjectAce
RtlAddAccessAllowedAce
NtClose
RtlInitString
NtWriteFile
RtlAddAccessDeniedObjectAce
RtlSubAuthoritySid
RtlMultiByteToUnicodeN
RtlExpandEnvironmentStrings_U
NtCloseObjectAuditAlarm
RtlEqualSid
RtlGetFullPathName_U
RtlIdentifierAuthoritySid
RtlIsGenericTableEmpty
NtAllocateVirtualMemory
RtlAddAuditAccessAce
NtWaitForMultipleObjects
RtlDestroyHandleTable
RtlAddAuditAccessAceEx
NtLoadKey
RtlFirstFreeAce
NtCompareTokens
NtSaveMergedKeys
_wcsicmp
RtlValidSecurityDescriptor
RtlValidRelativeSecurityDescriptor
NtPowerInformation
RtlAddAccessAllowedAceEx
RtlCompareMemory
RtlQueryProcessDebugInformation
NlsMbCodePageTag
NtAccessCheckByTypeResultListAndAuditAlarmByHandle
wcsstr
RtlGUIDFromString
NtQueryInformationThread
sprintf
RtlSetInformationAcl
RtlSubAuthorityCountSid
NtSetSecurityObject
RtlGetAce
NtQueryInformationProcess
RtlSelfRelativeToAbsoluteSD
NtOpenSymbolicLinkObject
RtlGetControlSecurityDescriptor
NtAccessCheck
NtFlushKey
RtlUpcaseUnicodeChar
wcscpy
NtDeviceIoControlFile
_vsnwprintf
iswctype
RtlFreeUnicodeString
NtOpenKey
NtAdjustGroupsToken
NtCreateFile
NtImpersonateAnonymousToken
NtQueryKey
RtlRandom
NtEnumerateKey
NtRestoreKey
NtSetValueKey
NtCreateSemaphore
tolower
wcstoul
NtAccessCheckByTypeResultListAndAuditAlarm
RtlCreateUnicodeStringFromAsciiz
mbstowcs
_itow
RtlImpersonateSelf
_strnicmp
RtlInitializeGenericTable
RtlImageNtHeader
_ultow
NtCreateKey
RtlUnicodeToMultiByteN
RtlNtStatusToDosError
NtQueryInformationToken
wcscmp
RtlSetSaclSecurityDescriptor
RtlQuerySecurityObject
NtSetInformationToken
RtlCreateSecurityDescriptor
RtlUnicodeStringToAnsiString
RtlSelfRelativeToAbsoluteSD2
memmove
RtlxUnicodeStringToAnsiSize
RtlNumberGenericTableElements
RtlReAllocateHeap
RtlNewSecurityObject
RtlAnsiStringToUnicodeString
NtQueryPerformanceCounter
RtlGetVersion
NtQuerySystemInformation
RtlAddAccessDeniedAceEx
RtlSetDaclSecurityDescriptor
NtPrivilegedServiceAuditAlarm
RtlCopyLuid
strchr
RtlFreeHandle
NtSetInformationThread
wcsncpy
_snwprintf
wcstol
RtlCreateQueryDebugBuffer
RtlGetSaclSecurityDescriptor
NtSetEvent
NtQuerySymbolicLinkObject
strncpy
NtOpenThreadToken
RtlAreAllAccessesGranted
RtlAppendUnicodeToString
RtlIntegerToUnicodeString
RtlLengthSid
RtlGetDaclSecurityDescriptor
_stricmp
NtFsControlFile
NtQueryValueKey
swprintf
RtlEqualUnicodeString
RtlAddAce
RtlSetSecurityObject
RtlUnicodeStringToInteger
RtlUnicodeToMultiByteSize
NtReleaseSemaphore
_alloca_probe
NtSetInformationFile
RtlDestroyHeap
RtlGetNtProductType
RtlLeaveCriticalSection
NtOpenFile
DbgPrint
RtlCopySid
NtNotifyChangeMultipleKeys
NtWaitForSingleObject
NtNotifyChangeKey
NtDeleteObjectAuditAlarm
RtlDeleteElementGenericTable
wcsrchr
RtlQueryRegistryValues
RtlDuplicateUnicodeString
RtlCreateUnicodeString
RtlEqualPrefixSid
RtlEnterCriticalSection
RtlInitUnicodeString
NtSetInformationProcess
RtlCreateAcl
RtlFormatCurrentUserKeyPath
NtDuplicateToken
RtlInitAnsiString
NtEnumerateValueKey
NtTerminateProcess
NtReadFile
RtlUnwind
RtlAreAnyAccessesGranted
NtReplaceKey
RtlInitializeCriticalSection
RtlDestroyQueryDebugBuffer
RtlSetSecurityDescriptorRMControl
RtlAbsoluteToSelfRelativeSD
RtlIsValidIndexHandle
RtlAppendUnicodeStringToString
NtQueryInformationFile
RtlAllocateHandle
RtlInitializeHandleTable
NtAccessCheckByType
RtlInitializeSid
RtlValidAcl
RtlConvertToAutoInheritSecurityObject
NtFilterToken
RtlOemStringToUnicodeString
NtUnloadKey
NtSaveKeyEx
NtCreateEvent
RtlLengthSecurityDescriptor
NtAccessCheckByTypeResultList
RtlMapGenericMask
NtAccessCheckAndAuditAlarm
RtlConvertSidToUnicodeString
NtAllocateLocallyUniqueId
RtlCreateHeap

Sections

.text
Size: 261KB - Virtual size: 261KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 15KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 7.1MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 52KB - Virtual size: 52KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

5d47afa8e2722e7954085e398b211eb1

Headers

DLL Characteristics

File Characteristics

Imports

rpcrt4

kernel32

ntdll

Sections

.text Size: 261KB - Virtual size: 261KB

.rsrc Size: 15KB - Virtual size: 14KB

.data Size: 3KB - Virtual size: 7.1MB

.rdata Size: 52KB - Virtual size: 52KB

.tls Size: 512B - Virtual size: 4KB

.text
Size: 261KB - Virtual size: 261KB

.rsrc
Size: 15KB - Virtual size: 14KB

.data
Size: 3KB - Virtual size: 7.1MB

.rdata
Size: 52KB - Virtual size: 52KB

.tls
Size: 512B - Virtual size: 4KB