0deeaca94c2d1cb19e1a0eec99d8590d

Sharing

Copy URL Twitter E-mail

General

Target

0deeaca94c2d1cb19e1a0eec99d8590d
Size

61KB
MD5

0deeaca94c2d1cb19e1a0eec99d8590d
SHA1

6ab6028c30dd53c76ab50365a614cc2ef05e88cf
SHA256

4da5e133e1f7b5bc44cd89c609048ab2866c9b3e36119adfbced5d140e943a39
SHA512

cd7b271d5bc0631aba279fc26faa69d7b40558f61e979355d31ecb9c523a970d47700f88e72f1560607ae66ed127ebdcf7ca61738bd8127cf7344dded5538c35
SSDEEP

1536:6EQOqQLw3wMlXlxCTy1tgQDeCxwi3JIA0+3IjPV76dxZtnIC//DqfSl:6EQOtLw3VleTy3gQDtxvYmIjPetnR/jl

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
0deeaca94c2d1cb19e1a0eec99d8590d

Files

0deeaca94c2d1cb19e1a0eec99d8590d
.exe windows:5 windows x86 arch:x86

c3fe934d650dee7f56184a2c336e6060

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

ntdll

_ltow
NtQueryDirectoryObject
NtCreateMailslotFile
RtlDelete
NtAllocateUserPhysicalPages
ZwCloseObjectAuditAlarm
ZwContinue
RtlUniform
RtlLargeIntegerNegate
RtlSubAuthoritySid
ZwAssignProcessToJobObject
ZwSetInformationFile
strrchr
NtPowerInformation
LdrUnlockLoaderLock
RtlFindCharInUnicodeString
RtlpNtOpenKey
ZwSetEventBoostPriority
ZwDuplicateToken
RtlComputePrivatizedDllName_U
RtlRegisterSecureMemoryCacheCallback

kernel32

GetNativeSystemInfo
LoadLibraryA
LoadLibraryW
GetCurrentProcessId
FillConsoleOutputCharacterA
CloseHandle
MulDiv
CmdBatNotification
GetVolumePathNameA
VirtualAlloc
QueryPerformanceCounter
GetModuleHandleW
GetTickCount
RegisterWaitForSingleObjectEx
SetConsoleInputExeNameA
SetUserGeoID
TransactNamedPipe
VirtualFreeEx
UnhandledExceptionFilter
PeekConsoleInputA
LCMapStringA
GetSystemTimeAsFileTime
GetCurrentActCtx
SetFirmwareEnvironmentVariableW
RtlCaptureStackBackTrace
SetSystemTimeAdjustment
GetCurrentThreadId
UnregisterWait
CreateTimerQueue
GetStartupInfoW
BackupRead
GetProcAddress
GetConsoleAliasExesA

winmm

waveOutUnprepareHeader
timeSetEvent
auxGetNumDevs
mixerGetLineControlsA
waveOutGetNumDevs
waveOutPrepareHeader
midiStreamPause
waveInGetNumDevs
midiStreamOpen
mciGetDeviceIDFromElementIDW
mixerGetDevCapsA
midiStreamStop
mixerGetID
mciGetDeviceIDFromElementIDA
mmioInstallIOProcW
mixerSetControlDetails
mmioFlush
mid32Message
PlaySoundW
waveInAddBuffer
mmioClose

ifsutil

??0VOL_LIODPDRV@@IAE@XZ
?GetSortedNext@TLINK@@QAEPAXPAX@Z
?SendSonyMSTestUnitReadyCmd@DP_DRIVE@@QAEEPAU_SENSE_DATA@@@Z
??0DP_DRIVE@@QAE@XZ
?QueryDisjointRange@NUMBER_SET@@QBEXKPAVBIG_INT@@0@Z
?IsEntryPresent@AUTOREG@@SGEPBVWSTRING@@@Z
?Initialize@LOG_IO_DP_DRIVE@@QAEEPBVWSTRING@@0PAVMESSAGE@@E@Z
?CheckAndRemove@NUMBER_SET@@QAEEVBIG_INT@@PAE@Z
?Initialize@SPARSE_SET@@QAEEXZ
?DismountVolume@IFS_SYSTEM@@SGEPBVWSTRING@@@Z
?RemoveAll@SPARSE_SET@@QAEEXZ
?GetMessageW@IO_DP_DRIVE@@QAEPAVMESSAGE@@XZ
??1LOG_IO_DP_DRIVE@@UAE@XZ
?Initialize@DIGRAPH@@QAEEK@Z
?QueryCanonicalNtDriveName@IFS_SYSTEM@@SGEPBVWSTRING@@PAV2@@Z
?CheckValidSecurityDescriptor@IFS_SYSTEM@@SGEKPAU_SECURITY_DESCRIPTOR@@@Z
?Remove@NUMBER_SET@@QAEEVBIG_INT@@0@Z
?IsFileSystemEnabled@IFS_SYSTEM@@SGEPBVWSTRING@@PAE@Z
?Read@LOG_IO_DP_DRIVE@@QAEEVBIG_INT@@KPAX@Z
?EnableFileSystem@IFS_SYSTEM@@SGEPBVWSTRING@@@Z
?GetNextDataSlot@TLINK@@QAEAAVBIG_INT@@XZ
?Initialize@READ_WRITE_CACHE@@QAEEPAVIO_DP_DRIVE@@K@Z
?QueryNtfsVersion@IFS_SYSTEM@@SGEPAE0PAVLOG_IO_DP_DRIVE@@PAX@Z
?QueryAutochkTimeOut@VOL_LIODPDRV@@SGEPAK@Z
??1SECRUN@@UAE@XZ

shdocvw

URLQualifyW
DoOrganizeFavDlg
HlinkFrameNavigateNHL
DoPrivacyDlg
DoFileDownload
DllGetVersion
SHGetIDispatchForFolder
ImportPrivacySettings
DllGetClassObject
AddUrlToFavorites
SHAddSubscribeFavorite
DoAddToFavDlgW
DllCanUnloadNow
OpenURL
HlinkFrameNavigate
URLQualifyA
DoAddToFavDlg
DoOrganizeFavDlgW
DllRegisterWindowClasses
SoftwareUpdateMessageBox
HlinkFindFrame
SetQueryNetSessionCount

esent

JetOSSnapshotFreeze
JetAttachDatabase2
JetCommitTransaction
JetGotoSecondaryIndexBookmark
JetPrepareUpdate@12
JetBeginTransaction2
JetComputeStats
JetRetrieveColumn
JetIdle
JetTerm
JetCreateDatabase2
JetFreeBuffer
JetGetLogInfo
JetOpenDatabase
JetGetObjectInfo
JetStopBackupInstance
JetIndexRecordCount
JetMove
JetGotoBookmark
JetSetColumnDefaultValue
JetCompact
JetGrowDatabase
JetOpenTempTable2
JetGetTableInfo
JetGetTruncateLogInfoInstance
JetCreateTableColumnIndex2
JetReadFileInstance

cryptui

CryptUIDlgFreeCAContext
CryptUIFreeCertificatePropertiesPagesA
I_CryptUIProtectFailure
ACUIProviderInvokeUI
CryptUIWizFreeDigitalSignContext
DllRegisterServer
CryptUIFreeViewSignaturesPagesA
CryptUIDlgViewCRLW
CryptUIGetViewSignaturesPagesA
CryptUIDlgViewCertificateW
CryptUIGetCertificatePropertiesPagesA
CryptUIDlgSelectCertificateW
CryptUIDlgViewCertificateA
CryptUIWizExport
CryptUIDlgViewCTLW
WizardFree
CryptUIWizCreateCertRequestNoDS
CryptUIWizBuildCTL
LocalEnroll
CryptUIDlgSelectStoreA
CryptUIWizFreeCertRequestNoDS
CryptUIGetCertificatePropertiesPagesW
CryptUIDlgViewContext
CryptUIDlgViewCRLA
DllUnregisterServer
I_CryptUIProtect

Sections

.text
Size: 13KB - Virtual size: 12KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 13KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 14KB - Virtual size: 88KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 19KB - Virtual size: 19KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 376B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

c3fe934d650dee7f56184a2c336e6060

Headers

DLL Characteristics

File Characteristics

Imports

ntdll

kernel32

winmm

ifsutil

shdocvw

esent

cryptui

Sections

.text Size: 13KB - Virtual size: 12KB

.rdata Size: 13KB - Virtual size: 13KB

.data Size: 14KB - Virtual size: 88KB

.rsrc Size: 19KB - Virtual size: 19KB

.reloc Size: 512B - Virtual size: 376B

.text
Size: 13KB - Virtual size: 12KB

.rdata
Size: 13KB - Virtual size: 13KB

.data
Size: 14KB - Virtual size: 88KB

.rsrc
Size: 19KB - Virtual size: 19KB

.reloc
Size: 512B - Virtual size: 376B