10f538324caa9f442966bdf4a28af92c

Sharing

Copy URL

Twitter E-mail

General

Target

10f538324caa9f442966bdf4a28af92c
Size

863KB
MD5

10f538324caa9f442966bdf4a28af92c
SHA1

5d94d9e5376449455068c4fe953ac6e6bcb27674
SHA256

b8806290b62127c354b79851097631d5323c38416b682314cdfb7e6a591da683
SHA512

e3adf664d0b8259a6f23764bfbfc54d689ef5604bdb94afd89c6b7eef3b7f3196d237e743ffee31e329055df19054517248c2fdf1d95ff68cd3ca9aa5349076c
SSDEEP

12288:Ns+hG0nKWYJ4mT+7OTl8nVHgmZZcJnohxMWsYIenaWuXKliOrTeC4CyrLXPVG:6+hhnKWYu1m8nh7hHfaW9QOrXy3PVG

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
10f538324caa9f442966bdf4a28af92c

Files

10f538324caa9f442966bdf4a28af92c
.exe windows:5 windows x86 arch:x86

d12891d038a3e7bbdeaf3895bef0f817

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

rtutils

RouterLogEventExW
TracePrintfW
LogErrorA
TracePutsExW
TraceDumpExA
LogEventW
TracePrintfExW
TraceDumpExW
RouterLogEventDataA
RouterLogDeregisterW
MprSetupProtocolFree
RouterLogEventA
TraceDeregisterW
RouterAssert
TraceRegisterExW
RouterGetErrorStringW
TraceGetConsoleW
RouterLogEventValistExA
TraceDeregisterExW
RouterLogEventDataW
RouterLogEventValistExW
MprSetupProtocolEnum
RouterLogEventW
TracePrintfA
RouterGetErrorStringA
TraceVprintfExW
TraceRegisterExA
LogErrorW
TraceDeregisterExA
RouterLogEventExA
LogEventA
TraceGetConsoleA
RouterLogRegisterA
TraceVprintfExA
TracePrintfExA
TracePutsExA
RouterLogEventStringA
RouterLogRegisterW
RouterLogEventStringW
TraceDeregisterA
RouterLogDeregisterA

imagehlp

SymEnumerateModules64
SymRegisterFunctionEntryCallback
SymGetSymPrev64
RemoveRelocations
SymFindFileInPath
SymEnumerateSymbolsW
ReBaseImage
SymRegisterCallback64
GetImageUnusedHeaderBytes
ImageRvaToSection
SymEnumerateModules
ImagehlpApiVersionEx
SymGetSymFromAddr
SymLoadModule
ImageNtHeader
ImageGetDigestStream
GetTimestampForLoadedLibrary
SymLoadModule64
ImageRvaToVa
SymGetSymNext
SymGetLineFromAddr
SymGetLinePrev64
SymGetLinePrev
SymGetModuleInfoW64
SymGetLineNext
SymEnumSymbols
SymGetLineNext64
ImageDirectoryEntryToData
SymGetSymFromAddr64
RemovePrivateCvSymbolicEx
ImageLoad
SymEnumerateSymbols

iphlpapi

NhpAllocateAndGetInterfaceInfoFromStack
DeleteIpForwardEntry
GetIpForwardTable
GetIfTable
DeleteIpNetEntry
IpReleaseAddress
GetIpStatisticsEx
SetTcpEntry
GetUdpStatistics
GetUdpTable
GetIpNetTable
DeleteProxyArpEntry
InternalCreateIpForwardEntry
NhGetInterfaceNameFromDeviceGuid
InternalDeleteIpForwardEntry
InternalGetIpForwardTable
IcmpSendEcho2
InternalSetIpStats
_PfDeleteLog@0
SetAdapterIpAddress
Icmp6SendEcho2
DisableMediaSense
CreateProxyArpEntry
NotifyRouteChange
CreateIpForwardEntry
IcmpSendEcho
SetIpNetEntry
GetBestRoute
InternalSetTcpEntry
GetUniDirectionalAdapterInfo
NhGetInterfaceNameFromGuid
register_icmp
DeleteIPAddress
InternalGetUdpTable
GetTcpStatisticsEx
GetNumberOfInterfaces
_PfRebindFilters@8

ntdll

RtlAddRefActivationContext
wcscat
RtlExtendedMagicDivide
RtlMapSecurityErrorToNtStatus
RtlAddAccessDeniedAce
CsrAllocateCaptureBuffer
wcstombs
vDbgPrintExWithPrefix
RtlUpperString
ZwSetLdtEntries
ZwFreeVirtualMemory
NtAccessCheck
wcspbrk
_memicmp
RtlInterlockedFlushSList
RtlInitializeResource
NtRequestWaitReplyPort
ZwQueryInformationPort
RtlRunDecodeUnicodeString
ZwSetHighWaitLowEventPair
NtSetSystemTime
islower
NtSetDefaultLocale
ispunct
RtlGenerate8dot3Name
RtlFindClearBitsAndSet
RtlUnicodeToOemN
RtlValidateHeap
RtlGetLongestNtPathLength
RtlImageRvaToSection
RtlGetLengthWithoutTrailingPathSeperators
ZwProtectVirtualMemory

kernel32

CreateJobObjectA
lstrcmpiA
DnsHostnameToComputerNameA
GetAtomNameW
GetConsoleCursorMode
CreateFileMappingW
Heap32First
BindIoCompletionCallback
QueryPerformanceCounter
UnlockFile
ZombifyActCtx
SetCalendarInfoW
GetComputerNameExA
GlobalMemoryStatus
GetStringTypeExA
HeapWalk
RaiseException
ActivateActCtx
GetSystemDefaultUILanguage
WriteProfileStringA
WriteConsoleOutputAttribute
FatalAppExitW
AddConsoleAliasW
GetPrivateProfileSectionNamesW
CloseProfileUserMapping
LoadLibraryA
IsWow64Process
GetTempFileNameA
SetProcessWorkingSetSize
DeleteFileA
CommConfigDialogW
ReplaceFileA
VirtualAlloc
GetShortPathNameW
GetStringTypeW
GetEnvironmentStringsA
FindClose
AddVectoredExceptionHandler
lstrcpyW
SetHandleCount
CopyFileExW
AllocateUserPhysicalPages
FlushInstructionCache
ReleaseMutex
CreateActCtxA

sqlunirl

_ObjectPrivilegeAuditAlarm_@24
_GetDiskFreeSpaceEx_@16
_RegCreateKeyEx_@36
_GetPrivateProfileString_@24
_IsCharUpper_@4
_FatalAppExit_@8
_GetFileTitle@12
_CopyFileEx_@24
_NDdeIsValidShareName_@4
_SendMessage@16
_BeginUpdateResource_@8
_FindResource@12
_RegisterServiceCtrlHandler_@8
_tfopen
_GetFullPathName_@16
_LogonUser_@24
_NDdeShareSetInfo_@24
_TextOut@20
_GetTextExtentPoint32@16
_NDdeSetTrustedShare_@12
_ChangeDisplaySettings_@8
_FindWindow_@8
_GetICMProfile_@12
_ObjectCloseAuditAlarm_@12
_ChangeMenu_@20
_ExtractAssociatedIcon_@12
_LoadAccelerators_@8
_RegQueryValue_@16
_OpenBackupEventLog_@8
_CreateDialogParam_@20
_SendMessageTimeout_@28
_GetCommandLine_@0

Sections

.text
Size: 383KB - Virtual size: 383KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 180KB - Virtual size: 180KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 297KB - Virtual size: 1.8MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 1024B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 1024B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

d12891d038a3e7bbdeaf3895bef0f817

Headers

DLL Characteristics

File Characteristics

Imports

rtutils

imagehlp

iphlpapi

ntdll

kernel32

sqlunirl

Sections

.text Size: 383KB - Virtual size: 383KB

.rdata Size: 180KB - Virtual size: 180KB

.data Size: 297KB - Virtual size: 1.8MB

.rsrc Size: 1024B - Virtual size: 1024B

.reloc Size: 1024B - Virtual size: 1024B

.text
Size: 383KB - Virtual size: 383KB

.rdata
Size: 180KB - Virtual size: 180KB

.data
Size: 297KB - Virtual size: 1.8MB

.rsrc
Size: 1024B - Virtual size: 1024B

.reloc
Size: 1024B - Virtual size: 1024B