15fc6104fce791f8f354775d94f78d91

Sharing

Copy URL

Twitter E-mail

General

Target

15fc6104fce791f8f354775d94f78d91
Size

382KB
MD5

15fc6104fce791f8f354775d94f78d91
SHA1

9cd7d5e29e2b98b0a4a8ec7dcb140620878da90e
SHA256

172704c7931dd235452e3109f554c7e641fae411bce5128a3f7c337fe92e3e85
SHA512

48113bee497e73d4d434caecb6d5de6c38b67db05788e2a1365c1b6e853d5a8ba48d2762e2f22d827c71429735a2338f0f4ffc5ee65c4449aed3a5989d83f1d8
SSDEEP

6144:yluRB1GqKNdprzxv4aKFn/09SmaCp18BxJF5iNVMk9fEiKZFwt8Pkot4vq+qk5C:yIRBVKT4aKN/ed8bjEMk9UFwOsot4C6

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
15fc6104fce791f8f354775d94f78d91

Files

15fc6104fce791f8f354775d94f78d91
.exe windows:5 windows x86 arch:x86

d401ef1e06f9d52d0c86c70904d0f50b

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

advapi32

RegCreateKeyExA
ChangeServiceConfig2W
EnumDependentServicesW
CreateProcessWithLogonW
CryptEncrypt
SaferiIsExecutableFileType
GetFileSecurityW
AddAccessAllowedObjectAce
LsaGetUserName
RegisterServiceCtrlHandlerW
BuildExplicitAccessWithNameW
A_SHAFinal
SaferRecordEventLogEntry
LsaOpenTrustedDomain
CredReadDomainCredentialsW
MD5Update
GetNamedSecurityInfoExA
CryptDuplicateKey
LsaAddPrivilegesToAccount
CryptDuplicateHash
EncryptFileA
LogonUserW
AccessCheckByTypeResultList
SetSecurityDescriptorDacl
BuildTrusteeWithObjectsAndNameA
ReportEventW
EnumDependentServicesA
GetSidSubAuthorityCount
SystemFunction020
CredWriteW
LsaEnumerateAccountsWithUserRight
MD5Init
SetInformationCodeAuthzPolicyW
GetExplicitEntriesFromAclW
ObjectDeleteAuditAlarmW
SystemFunction035
SystemFunction040
SetInformationCodeAuthzLevelW
CreatePrivateObjectSecurity
StartServiceCtrlDispatcherA
CryptVerifySignatureW
GetEffectiveRightsFromAclW
GetMultipleTrusteeOperationA
LsaSetDomainInformationPolicy

msi

MsiRecordSetStringA
MsiDatabaseExportW
MsiRecordGetStringW
MsiDatabaseOpenViewA
MsiQueryProductStateW
MsiProvideQualifiedComponentExW
MsiDatabaseGenerateTransformW
MsiRecordGetStringA
MsiRecordGetInteger
MsiEnumComponentsA
MsiMessageBoxW
MsiRecordClearData
MsiGetFeatureCostW
MsiDatabaseCommit
MsiCollectUserInfoW
MsiSetInstallLevel
MsiOpenPackageW
MsiSetComponentStateW
MsiGetProductInfoW
MsiInstallProductW
MsiGetComponentStateA
MsiProvideQualifiedComponentW
MsiEnumProductsW
MsiGetFileVersionW
MsiSetTargetPathW
MsiEnumProductsA
MsiViewClose
MsiRecordIsNull
MsiEvaluateConditionW
MsiGetFeatureInfoW
MsiSetInternalUI
MsiSourceListForceResolutionW
MsiInstallMissingComponentW
MsiPreviewDialogA
MsiConfigureFeatureFromDescriptorA
MsiDatabaseMergeA
MsiUseFeatureExW
MsiGetPropertyW
MsiDecomposeDescriptorA
MsiDatabaseGenerateTransformA
MsiEnumFeaturesW
MsiGetComponentPathA
MsiSummaryInfoSetPropertyA
MsiOpenPackageExA
MsiGetMode

kernel32

FindFirstFileA
GetTickCount
RegisterWaitForInputIdle
CreateWaitableTimerA
RemoveDirectoryW
SetConsoleScreenBufferSize
GetCompressedFileSizeA
FindResourceExW
LocalShrink
SetCommMask
CreateEventA
EnumSystemCodePagesW
DeleteTimerQueueTimer
GetConsoleAliasA
SetLastError
UnlockFileEx
InvalidateConsoleDIBits
QueryMemoryResourceNotification
HeapReAlloc
GetComputerNameExA
SuspendThread
LZOpenFileW
GetFullPathNameW
LoadLibraryA
SetFirmwareEnvironmentVariableW
GetNumberFormatA
GetLocaleInfoW
GetSystemDefaultLangID
GetPrivateProfileStringA
GetSystemDirectoryW
GetConsoleWindow
_llseek
QueryPerformanceCounter
GetNumberFormatW
ReadConsoleInputA
ConvertFiberToThread
SwitchToThread
SetFileValidData
LocalAlloc
EnumResourceLanguagesA
VirtualAlloc
OutputDebugStringA
ExpandEnvironmentStringsW

oleaut32

LPSAFEARRAY_UserFree
VarI4FromI2
VarUI4FromBool
VarUI1FromDec
VarAbs
VariantInit
VariantChangeTypeEx
SafeArrayGetUBound
VarR8FromUI1
SafeArrayAllocData
VarBoolFromI8
VarDecDiv
LPSAFEARRAY_UserSize
VarR8FromStr
SafeArrayGetDim
VarDateFromUI8
VarUI8FromStr
VarCyFromI1
VarCyMul
VarInt
VarR8FromR4
SafeArrayPtrOfIndex
VarDateFromR8
VarCyFromI2
VarCyFromR8

ntdll

RtlpNtOpenKey
NtOpenEventPair
RtlCopyUnicodeString
RtlEnlargedUnsignedDivide
NtReadVirtualMemory
ZwQueryInformationProcess
fabs
RtlTimeToSecondsSince1980
_ftol
RtlRunDecodeUnicodeString
NtAreMappedFilesTheSame
DbgPrompt
NtQueryMultipleValueKey
wcspbrk
RtlQueryTimeZoneInformation
RtlPrefixUnicodeString
ZwFindAtom
ZwDisplayString
strstr
RtlLargeIntegerNegate
RtlAreAnyAccessesGranted
RtlDebugPrintTimes
ZwDelayExecution
NtPrivilegedServiceAuditAlarm
NtOpenThreadTokenEx

msvcrt40

_mbsncat
_pctype
_wspawnve
??_7bad_cast@@6B@
wcschr
?get@istream@@QAEAAV1@PADHD@Z
_strnset
??5istream@@QAEAAV0@AAF@Z
ceil
ungetwc
_wasctime
??0ofstream@@QAE@ABV0@@Z
??6ostream@@QAEAAV0@J@Z
_kbhit
??1bad_cast@@UAE@XZ
strcpy
?close@ofstream@@QAEXXZ
_mbscspn
?base@streambuf@@IBEPADXZ
?lockbuf@ios@@QAAXXZ
_lrotr
??_Gifstream@@UAEPAXI@Z
??_Distream_withassign@@QAEXXZ
__p__amblksiz
_abnormal_termination
__setusermatherr
_adj_fdivr_m16i
_wtoi
ferror
??0ostrstream@@QAE@PADHH@Z

sensapi

IsDestinationReachableW
IsDestinationReachableA
IsNetworkAlive

Sections

.text
Size: 173KB - Virtual size: 173KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 145KB - Virtual size: 145KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 55KB - Virtual size: 547KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

d401ef1e06f9d52d0c86c70904d0f50b

Headers

DLL Characteristics

File Characteristics

Imports

advapi32

msi

kernel32

oleaut32

ntdll

msvcrt40

sensapi

Sections

.text Size: 173KB - Virtual size: 173KB

.rdata Size: 145KB - Virtual size: 145KB

.data Size: 55KB - Virtual size: 547KB

.rsrc Size: 6KB - Virtual size: 6KB

.reloc Size: 1KB - Virtual size: 1KB

.text
Size: 173KB - Virtual size: 173KB

.rdata
Size: 145KB - Virtual size: 145KB

.data
Size: 55KB - Virtual size: 547KB

.rsrc
Size: 6KB - Virtual size: 6KB

.reloc
Size: 1KB - Virtual size: 1KB