09589aab944a9858d1ce8773f96a858e

Sharing

Copy URL Twitter E-mail

General

Target

09589aab944a9858d1ce8773f96a858e
Size

863KB
MD5

09589aab944a9858d1ce8773f96a858e
SHA1

5b8d93208366ceb615b979206c336d62259cff7a
SHA256

9811f8af287199b27dece20497917bf4928381498d0d15735249ff5f03792faf
SHA512

08dfe19a6808db284eea83e960b2c0b272bf8dc84e92ba1b553ddebbe9902376a74a716fd6072a2a4c35f41f991d9d3e2fccd9b0b5c615241271ea1dd99909b5
SSDEEP

24576:rpuzjrnek39oJR2nklr+EcgURXQxPrNuRAz:iX9oJtlr+XFQxPr4a

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
09589aab944a9858d1ce8773f96a858e

Files

09589aab944a9858d1ce8773f96a858e
.exe windows:5 windows x86 arch:x86

dc3c05a24be8826bc1db4cf4d97813d2

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

HeapCreate
OutputDebugStringA
RemoveLocalAlternateComputerNameA
ReleaseSemaphore
GetOEMCP
SetLocalPrimaryComputerNameW
FindClose
WTSGetActiveConsoleSessionId
LocalLock
SetConsoleIcon
SetLocaleInfoW
LZSeek
QueryPerformanceFrequency
GetModuleHandleA
VirtualAlloc
DeleteVolumeMountPointW
OpenFileMappingW
EnumSystemCodePagesA
GetSystemTimeAsFileTime
LocalCompact
SetConsoleMode
OpenFileMappingA
IsBadHugeWritePtr
GetCalendarInfoA
LoadLibraryA
GetCurrentProcessId
GetEnvironmentStringsW
GetConsoleCursorInfo
GetProcessAffinityMask
GetDiskFreeSpaceExA
GetACP
VirtualProtectEx
SetFileTime
CancelTimerQueueTimer
DeleteFileW
ExitProcess
CreatePipe
MoveFileWithProgressA
SetThreadUILanguage
GetStringTypeExW
SetConsoleMenuClose
lstrcmpi
TerminateJobObject
GetComputerNameExA
SetConsoleCursor
GetConsoleCP
DebugBreakProcess
EnumCalendarInfoExW
SetSystemTime
lstrcpynW

odbcjt32

SQLAllocEnv
SQLGetData
SQLProcedureColumnsW
InitializeLoginDialog
ConfigDSN
SQLAllocStmt
ConfigDSNExW
LoadByOrdinal
SQLGetDiagFieldW
SQLFreeHandle
SQLGetDescFieldW
InitDialogAgain
SQLPrepareW
SQLDriverConnectW
SQLGetCursorNameW
SQLStatisticsW
SQLFetch
AdvancedDialogProc
ConfigDSNW
InvisibleSelectDb
SQLSetCursorNameW
SQLGetDescRecW
SQLGetDiagRecW
SQLFreeEnv
SQLSetEnvAttr
SQLColAttributeW
SQLCopyDesc
SQLAllocConnect
SQLExtendedFetch
SQLSetPos
SQLGetFunctions
SQLFetchScroll

msi

MsiDoActionW
Migrate10CachedPackagesW
MsiSummaryInfoGetPropertyA
MsiSetTargetPathW
MsiAdvertiseProductA
MsiSummaryInfoGetPropertyW
MsiSetInternalUI
MsiRecordGetInteger
MsiConfigureProductExA
MsiSummaryInfoGetPropertyCount
MsiGetSummaryInformationA
MsiDeleteUserDataW
MsiGetUserInfoA
MsiGetProductCodeFromPackageCodeA
MsiQueryFeatureStateA
MsiSourceListAddSourceW
MsiSummaryInfoPersist
MsiOpenPackageW
MsiInstallMissingComponentA
MsiGetProductPropertyW
MsiFormatRecordW
MsiDatabaseApplyTransformW
MsiGetSummaryInformationW
MsiEnumComponentCostsW
MsiSetTargetPathA
MsiEnumComponentQualifiersW
MsiRecordIsNull
MsiProvideQualifiedComponentA
MsiGetFeatureUsageA
MsiInstallMissingFileW
MsiOpenDatabaseA
MsiGetProductInfoFromScriptW
MsiGetFileVersionA
MsiCreateAndVerifyInstallerDirectory
MsiCollectUserInfoA
MsiRecordDataSize
MsiSourceListForceResolutionA
MsiAdvertiseProductExW
MsiEnumProductsW

crypt32

I_CryptWalkAllLruCacheEntries
CertFindChainInStore
CertSetCRLContextProperty
CryptSIPRemoveSignedDataMsg
I_CryptUninstallOssGlobal
CertNameToStrA
I_CryptRegisterSmartCardStore
CertGetCTLContextProperty
CryptSIPRetrieveSubjectGuidForCatalogFile
I_CryptUnregisterSmartCardStore
CryptProtectData
CryptExportPKCS8
CertFindSubjectInCTL
CertGetEnhancedKeyUsage
CertCreateCertificateContext
CryptBinaryToStringA
CertFindRDNAttr
CertAddEncodedCRLToStore
RegSetValueExU
CryptGetDefaultOIDFunctionAddress
CertEnumSystemStore
CryptMsgCountersign
CryptLoadSip
CertGetPublicKeyLength
CryptUnregisterDefaultOIDFunction
CertAddCRLContextToStore
CryptHashToBeSigned
CertAddEncodedCertificateToSystemStoreA
RegEnumValueU
PFXImportCertStore
CryptSignHashU
CryptMsgControl
CryptMsgSignCTL
CertRemoveEnhancedKeyUsageIdentifier
CryptSIPPutSignedDataMsg
I_CryptSetTls
CertSerializeCTLStoreElement
PFXIsPFXBlob
CryptSignMessage
CryptSIPGetSignedDataMsg
RegQueryValueExU
CryptInitOIDFunctionSet
CryptAcquireContextU
CryptExportPublicKeyInfo
I_CryptDisableLruOfEntries

oleaut32

VarI1FromUI1
VARIANT_UserSize
SafeArrayGetVartype
VarUI2FromDate
VarBoolFromStr
BSTR_UserFree
VarUI8FromI1
SafeArrayGetDim
VarDateFromI1
VarBstrFromI1
VarUI4FromR8
VarAdd
VarI8FromUI1
VarDecFromI2
DispInvoke
VarCyFromR4
VarBoolFromUI2
VarR8FromUI1
VarDecFix
OleCreatePropertyFrameIndirect
VarUI4FromI4
VarDecFromBool
VarDecFromStr
VarUI1FromI8
LPSAFEARRAY_UserUnmarshal
VarUI2FromUI1
SafeArrayUnlock
VarI4FromCy
VarR8FromI4
SetErrorInfo
VarI2FromI4
VarUI8FromCy
VarI1FromCy
VarNot
VarFormatFromTokens
SafeArrayAllocDescriptor

mspatcha

ApplyPatchToFileA
ApplyPatchToFileExA
GetFilePatchSignatureW
GetFilePatchSignatureA
GetFilePatchSignatureByHandle
TestApplyPatchToFileByHandles
ApplyPatchToFileW
TestApplyPatchToFileW
ApplyPatchToFileByHandlesEx
ApplyPatchToFileExW
ApplyPatchToFileByHandles
TestApplyPatchToFileA

msvcrt40

_isatty
_mbcjmstojis
??_Distream_withassign@@QAEXXZ
_jn
iswupper
wctomb
??0iostream@@IAE@ABV0@@Z
__argv
_wtempnam
??_Gexception@@UAEPAXI@Z
?clrlock@streambuf@@QAEXXZ
??5istream@@QAEAAV0@AAK@Z
?getdouble@istream@@AAEHPADH@Z
_ismbcl2
_hypot
?setmode@ifstream@@QAEHH@Z
?in_avail@streambuf@@QBEHXZ
_ultoa
bsearch
wscanf
?write@ostream@@QAEAAV1@PBCH@Z
_endthread
??0ostrstream@@QAE@ABV0@@Z
?rdbuf@istrstream@@QBEPAVstrstreambuf@@XZ
??5istream@@QAEAAV0@P6AAAVios@@AAV1@@Z@Z
_isctype

Sections

.text
Size: 375KB - Virtual size: 375KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 171KB - Virtual size: 171KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 313KB - Virtual size: 1.8MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 1024B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

dc3c05a24be8826bc1db4cf4d97813d2

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

odbcjt32

msi

crypt32

oleaut32

mspatcha

msvcrt40

Sections

.text Size: 375KB - Virtual size: 375KB

.rdata Size: 171KB - Virtual size: 171KB

.data Size: 313KB - Virtual size: 1.8MB

.rsrc Size: 2KB - Virtual size: 2KB

.reloc Size: 1024B - Virtual size: 1024B

.text
Size: 375KB - Virtual size: 375KB

.rdata
Size: 171KB - Virtual size: 171KB

.data
Size: 313KB - Virtual size: 1.8MB

.rsrc
Size: 2KB - Virtual size: 2KB

.reloc
Size: 1024B - Virtual size: 1024B