0953076318ba206fd667d1fb27ba8b66

Sharing

Copy URL

Twitter E-mail

General

Target

0953076318ba206fd667d1fb27ba8b66
Size

811KB
MD5

0953076318ba206fd667d1fb27ba8b66
SHA1

5d9507b7c83582dd3cee47481e2a99b7f2e777db
SHA256

5bebcd5386ac17bb7952db951010b19ede782ac1c5f96608ab4a286c0a735c0a
SHA512

2d09aa6d892416f8abe5741ea1260189bf01226c1ebe23de9771b44edc3136a65b374871b42b5fafdccf155018991761c97e723e31d743967256fe578a134909
SSDEEP

24576:aaE1nK6KLVr04G//EAZDonoXqezcpBhh/DhiA:nJVr0PXRMoGhrhiA

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
0953076318ba206fd667d1fb27ba8b66

Files

0953076318ba206fd667d1fb27ba8b66
.exe windows:5 windows x86 arch:x86

41490822d11881d7ed1836041e9700d1

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetProcessIoCounters
GetHandleInformation
FindNextVolumeMountPointA
GetModuleHandleA
SetPriorityClass
CreateEventA
InterlockedPushEntrySList
GetEnvironmentStringsA
SetTimeZoneInformation
FormatMessageA
VirtualAlloc
Thread32Next
SetConsoleIcon
LCMapStringA
GetPrivateProfileSectionA
RemoveVectoredExceptionHandler
SetVolumeMountPointA
GetProcessTimes
LZDone
VirtualFreeEx
SetNamedPipeHandleState
SearchPathW
SetConsoleMaximumWindowSize
GetLongPathNameW
SetLastConsoleEventActive
IsDebuggerPresent
MoveFileWithProgressA
RegisterWowBaseHandlers
DeleteAtom
CreateNamedPipeA
GetProcessAffinityMask
TzSpecificLocalTimeToSystemTime
FindVolumeMountPointClose
LoadLibraryA
UnmapViewOfFile
lstrcpyn

cmutil

?Stop@CmLogFile@@QAEJXZ
?SetWriteICSData@CIniW@@QAEXH@Z
?GetRegPath@CIniW@@QBEPBGXZ
?GPPS@CIniW@@QBEPAGPBG00@Z
CmBuildFullPathFromRelativeW
?Log@CmLogFile@@QAAXW4_CMLOG_ITEM@@ZZ
??1CIniA@@QAE@XZ
?GetPrimaryRegPath@CIniA@@QBEPBDXZ
?GetPrimaryFile@CIniW@@QBEPBGXZ
?Banner@CmLogFile@@QAEXXZ
IsFarEastNonOSR2Win95
CmStrCpyAllocA
?Start@CmLogFile@@QAEJH@Z
?Init@CRandom@@QAEXK@Z
?CIniA_WriteEntryToReg@CIniA@@IBEHPAUHKEY__@@PBD1PBEKK@Z
WzToSzWithAlloc
?GetFile@CIniW@@QBEPBGXZ
?LoadEntry@CIniA@@IBEPADPBD@Z
??4CIniA@@QAEAAV0@ABV0@@Z
??_FCIniW@@QAEXXZ
WzToSz
?SetEntry@CIniW@@QAEXPBG@Z
?SetSection@CIniA@@QAEXPBD@Z
?WPPB@CIniA@@QAEXPBD0H@Z
?WPPS@CIniW@@QAEXPBG00@Z
?GetLogFilePath@CmLogFile@@QAEPBGXZ
?DeInit@CmLogFile@@QAEJXZ
?GPPB@CIniA@@QBEHPBD0H@Z

sqlunirl

_ttof
_MessageBoxEx_@20
_EnumResourceNames_@16
_GetProfileSection_@12
_NDdeGetErrorString_@12
_OpenSCManager_@12
_FindNextFile_@8
AbortSystemShutdown_
_GetEnvironmentVariable_@12
_CreateDC_@16
_RegDeleteKey_@8
_EnumDesktops_@12
_CreateAcceleratorTable_@8
_LoadIcon@8
_EnumResourceTypes_@12
_CreateNamedPipe_@32
_LookupPrivilegeName_@16
_GetCharWidth32_@16
_PropertySheet_@4
_DlgDirListComboBox_@20
_ChooseColor_@4
_GetComputerName@8
_DlgDirSelectEx_@16
_ObjectDeleteAuditAlarm_@12
_CreateWindowStation_@16
_GetPrivateProfileStruct_@20

ntdll

NtAccessCheckByType
CsrIdentifyAlertableThread
RtlAssert
ZwTraceEvent
RtlDeleteTimerQueueEx
_snprintf
RtlProtectHeap
RtlStringFromGUID
RtlAppendPathElement
NtSetInformationThread
RtlSetIoCompletionCallback
ZwNotifyChangeDirectoryFile
NtRaiseHardError
RtlZombifyActivationContext
RtlInitializeResource
RtlFindSetBits
NtAcceptConnectPort
RtlStartRXact
RtlAppendUnicodeToString
ZwOpenMutant
NtCloseObjectAuditAlarm
ZwOpenJobObject
RtlDowncaseUnicodeString
isxdigit
NtPowerInformation
ZwContinue
RtlEqualString
NtCreateMutant
KiUserCallbackDispatcher
NtLoadKey

inseng

CheckTrustEx
CheckTrust
GetICifRWFileFromFile
PurgeDownloadDirectory
DownloadFile
CheckForVersionConflict
GetICifFileFromFile

asycfilt

FilterCreateInstance

Sections

.text
Size: 348KB - Virtual size: 348KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 97KB - Virtual size: 96KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 162KB - Virtual size: 1.6MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 201KB - Virtual size: 201KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

41490822d11881d7ed1836041e9700d1

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

cmutil

sqlunirl

ntdll

inseng

asycfilt

Sections

.text Size: 348KB - Virtual size: 348KB

.rdata Size: 97KB - Virtual size: 96KB

.data Size: 162KB - Virtual size: 1.6MB

.rsrc Size: 201KB - Virtual size: 201KB

.reloc Size: 1KB - Virtual size: 1KB

.text
Size: 348KB - Virtual size: 348KB

.rdata
Size: 97KB - Virtual size: 96KB

.data
Size: 162KB - Virtual size: 1.6MB

.rsrc
Size: 201KB - Virtual size: 201KB

.reloc
Size: 1KB - Virtual size: 1KB