104629bc6bc2f33a770d0133a90252f2

Sharing

Copy URL Twitter E-mail

General

Target

104629bc6bc2f33a770d0133a90252f2
Size

860KB
MD5

104629bc6bc2f33a770d0133a90252f2
SHA1

995fa2824dea0b617913684680f61ff67e9dd7d4
SHA256

21b46ed5f82db4d8330db8bf5ae7ba23e5e0b36ded71f9841877d7a659391dca
SHA512

de25e08b1fce62eac64d32d3c238d68d1409b22cb001f85ac7b95badd007564b4371304baa593088f4847b461a72de34d6b11a9b9d7110eaba43752d1a648434
SSDEEP

24576:lO+cDOC0PJbp93gsj/ZJH3ca83KEVCCFRtVthLaUos:9iOpRBjjsa83KTQRXP+

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
104629bc6bc2f33a770d0133a90252f2

Files

104629bc6bc2f33a770d0133a90252f2
.exe windows:5 windows x86 arch:x86

07961411713c3fca76d12c8e9ad4f905

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

VirtualAlloc
GetVersionExA
GetSystemDirectoryW
LeaveCriticalSection
IsDebuggerPresent
EnterCriticalSection
GetProcessShutdownParameters
CreateRemoteThread
GetUserDefaultLCID
IsValidLocale
EnumLanguageGroupLocalesA
GetNumberFormatW
IsBadHugeReadPtr
MapUserPhysicalPages
MulDiv
GetCurrentProcess
SetTapePosition
IsWow64Process
FindActCtxSectionGuid
VirtualQuery
LoadLibraryA
EnumCalendarInfoA
_lread
EscapeCommFunction
WriteConsoleInputVDMA
GetBinaryTypeA
PrepareTape
IsValidCodePage
EnumCalendarInfoExW
FindVolumeMountPointClose
RegisterConsoleVDM
LocalCompact
InitializeCriticalSection
SetComPlusPackageInstallStatus
LZRead
SetConsoleCursorPosition
GetConsoleMode
FindAtomA
CreateFileMappingA

ntdll

NtWriteFile
RtlCreateSystemVolumeInformationFolder
ZwReadRequestData
RtlConsoleMultiByteToUnicodeN
_wcsnicmp
ZwInitiatePowerAction
RtlDestroyQueryDebugBuffer
tolower
atol
RtlMultiByteToUnicodeSize
NtNotifyChangeDirectoryFile
RtlQueryTimeZoneInformation
RtlFlushSecureMemoryCache
NtUnloadKeyEx
NtGetDevicePowerState
RtlDeleteSecurityObject
NtReleaseSemaphore
ZwNotifyChangeKey
RtlInitializeRXact
ZwPulseEvent
ZwAssignProcessToJobObject
RtlpApplyLengthFunction
NtFsControlFile
ZwWriteFileGather
NtProtectVirtualMemory
RtlInitString
ZwFsControlFile
RtlGUIDFromString
ZwAdjustGroupsToken
ZwQueryEaFile
RtlGetLengthWithoutLastFullDosOrNtPathElement

setupapi

CM_Get_Device_Interface_Alias_ExW
SetupDiClassGuidsFromNameExW
SetupDiGetClassDevPropertySheetsW
SetupQuerySpaceRequiredOnDriveW
CM_Get_Device_ID_ExW
pSetupFree
SetupDiOpenDevRegKey
CM_Setup_DevNode
CM_Enable_DevNode_Ex
SetupDiCreateDeviceInfoList
CM_Get_Device_ID_List_ExA
SetupRemoveFileLogEntryA
SetupDiGetClassDescriptionA
CMP_Init_Detection
pSetupStringFromGuid
pSetupGetCurrentDriverSigningPolicy
CM_Set_HW_Prof_FlagsA
CM_Get_Child_Ex
SetupPromptReboot
SetupDiRemoveDevice
SetupDiGetSelectedDevice
SetupGetInfSections
SetupOpenLog
pSetupStringTableDuplicate
SetupFindNextLine
pSetupRealloc
pSetupWriteLogError
CM_Get_DevNode_Status
SetupDiRegisterCoDeviceInstallers
pSetupOutOfMemory
CM_Set_Class_Registry_PropertyW
SetupUninstallOEMInfA
SetupQueueCopySectionW
CM_Get_Device_ID_Size_Ex
SetupGetBackupInformationA
SetupInstallServicesFromInfSectionW
pSetupVerifyQueuedCatalogs
SetupAddToSourceListA
SetupGetLineByIndexW
CM_Get_First_Log_Conf_Ex
SetupVerifyInfFileA
CM_Get_Device_ID_ExA
CM_Uninstall_DevNode

msctf

TF_GetThreadMgr
TF_GetThreadFlags
TF_CreateCategoryMgr
TF_CreateCicLoadMutex
TF_CreateLangBarItemMgr
TF_GetGlobalCompartment
TF_CreateLangBarMgr
TF_RunInputCPL
TF_InvalidAssemblyListCacheIfExist
TF_InitSystem
TF_UninitSystem
TF_IsCtfmonRunning
TF_CreateThreadMgr
TF_PostAllThreadMsg
TF_CreateInputProcessorProfiles
DllGetClassObject
TF_CreateDisplayAttributeMgr

lz32

LZInit
LZRead
CopyLZFile
GetExpandedNameA
LZStart
LZCloseFile
LZOpenFileA
LZOpenFileW
LZSeek
LZClose
LZDone

Sections

.text
Size: 448KB - Virtual size: 448KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 309KB - Virtual size: 309KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 99KB - Virtual size: 1.6MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 1024B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 1024B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

07961411713c3fca76d12c8e9ad4f905

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

ntdll

setupapi

msctf

lz32

Sections

.text Size: 448KB - Virtual size: 448KB

.rdata Size: 309KB - Virtual size: 309KB

.data Size: 99KB - Virtual size: 1.6MB

.rsrc Size: 1024B - Virtual size: 1024B

.reloc Size: 1024B - Virtual size: 1024B

.text
Size: 448KB - Virtual size: 448KB

.rdata
Size: 309KB - Virtual size: 309KB

.data
Size: 99KB - Virtual size: 1.6MB

.rsrc
Size: 1024B - Virtual size: 1024B

.reloc
Size: 1024B - Virtual size: 1024B