16d430bbb056e5117b24eb055511c109

Sharing

Copy URL

Twitter E-mail

General

Target

16d430bbb056e5117b24eb055511c109
Size

41KB
MD5

16d430bbb056e5117b24eb055511c109
SHA1

27b0e0d45bdf7b7f1a9ffab5dbc36222907e1203
SHA256

36e3dc0bb4f76171ffe67e24d7144bbbf644187dff418cb2cdbd70424249d9ae
SHA512

9edc6ef0c6e2f02ed0b894b4eef33d02cd5ae980ee9f191a47d6c884ef86566327ce3bc86f7e1e466d51076b73dc1d8a9c9b7759acd72937cf8c7b581a4d43ee
SSDEEP

768:KDqU+pb8FhiawrQQEuM6OcMeXX+NHg0FEjtskcajc4dOJsOf4m:Wm4F5tDcM+XWTEjiGgrJsOf4m

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
16d430bbb056e5117b24eb055511c109

Files

16d430bbb056e5117b24eb055511c109
.exe windows:5 windows x86 arch:x86

14af688b1c8588c9ad36b01d4b2af85e

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

sqlunirl

_RegSaveKey_@12
_FindFirstChangeNotification_@12
_GetLogColorSpace_@12
_OpenEvent_@12
_NDdeSetTrustedShare_@12
_tsystem
_RegisterServiceCtrlHandler_@8
_NDdeShareAdd_@20
_OpenFileMapping_@12
_CommDlg_OpenSave_GetSpec@12
_RemoveProp@8
_GetLocaleInfo_@16
_OpenDesktop_@16
_GlobalAddAtom_@4
_lstrcmpi_@8

olesvr32

OleBlockServer
FindItemWnd
DocWndProc
OleRegisterServerDoc
TerminateDocClients
OleUnblockServer
OleRevertServerDoc
SrvrWndProc
OleRevokeServerDoc
SendDataMsg
EnumForTerminate
OleSavedServerDoc
DeleteClientInfo
OleRegisterServer
SendRenameMsg
ItemWndProc
TerminateClients
OleRevokeObject
OleQueryServerVersion

crtdll

_popen
_ismbcspace
_chmod
_write
_strnextc
_errno
_wcsrev
_winmajor_dll
__threadhandle
fflush
_gcvt
_strspnp
_getcwd
_clearfp
exp
vfprintf
_purecall
_stricmp
_global_unwind2
rename
wcstoul
vprintf

cmutil

CmAtolA
GetOSBuildNumber
CmStrTrimW
?SetEntry@CIniW@@QAEXPBG@Z
?GetPrimaryFile@CIniA@@QBEPBDXZ
CmStrStrW
?Clear@CmLogFile@@QAEXH@Z
?FormatWrite@CmLogFile@@AAEXW4_CMLOG_ITEM@@PAG@Z
?WPPB@CIniW@@QAEXPBG0H@Z
?SetFile@CIniA@@QAEXPBD@Z
?SetHInst@CIniA@@QAEXPAUHINSTANCE__@@@Z
CmStrtokW
?SetICSDataPath@CIniA@@QAEXPBD@Z
CmRealloc
CmWinHelp
?LoadSection@CIniW@@QBEPAGPBG@Z
?GPPI@CIniA@@QBEKPBD0K@Z
WzToSzWithAlloc

kernel32

OutputDebugStringA
IsValidLocale
VirtualAlloc
_hwrite
ExpandEnvironmentStringsA
CallNamedPipeW
DosPathToSessionPathW
GetConsoleInputExeNameA
FreeResource
AddConsoleAliasA
SetConsoleScreenBufferSize
CreateTimerQueueTimer
GetOEMCP
GetModuleHandleExW
GetUserDefaultLCID
GetCurrentThread
DeleteAtom
ReplaceFileW
GetStartupInfoA
SetCommBreak
FindActCtxSectionStringA
GetExitCodeProcess
GetCommandLineA
RtlMoveMemory
SetFirmwareEnvironmentVariableW
LoadLibraryA
SearchPathW

Sections

.text
Size: 32KB - Virtual size: 32KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

14af688b1c8588c9ad36b01d4b2af85e

Headers

DLL Characteristics

File Characteristics

Imports

sqlunirl

olesvr32

crtdll

cmutil

kernel32

Sections

.text Size: 32KB - Virtual size: 32KB

.rdata Size: 2KB - Virtual size: 2KB

.data Size: 3KB - Virtual size: 3KB

.rsrc Size: 1KB - Virtual size: 1KB

.text
Size: 32KB - Virtual size: 32KB

.rdata
Size: 2KB - Virtual size: 2KB

.data
Size: 3KB - Virtual size: 3KB

.rsrc
Size: 1KB - Virtual size: 1KB