1753b7dbad36fdb4365e231a9098d576

Sharing

Copy URL Twitter E-mail

General

Target

1753b7dbad36fdb4365e231a9098d576
Size

233KB
MD5

1753b7dbad36fdb4365e231a9098d576
SHA1

3452d53dc996b60c7023e06f66fc8738f89f0390
SHA256

90aa872e2c2c8ac11ac30ab675b003f6f6269c9ca09fa2e3cfc78891782cc0a5
SHA512

e3ccbc59031c31ff3b57cbd642238618a266197a1b3ed7e46f204e51ff4964c3f4086e8a9df27c0dffe2c3ae92e0d70aeaf72f4ed8644d0bfb00b7ce0f128798
SSDEEP

6144:6dbwPKOq65h2hHl1mBgJfW6aIA8hsI4Lq45tlSxykjPJNj:gwP9AEQfWLIA8hsIX45rSBjPr

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
1753b7dbad36fdb4365e231a9098d576

Files

1753b7dbad36fdb4365e231a9098d576
.exe windows:5 windows x86 arch:x86

deeec3bb3ffbbad79113d061d346a305

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

EnumSystemCodePagesW
CloseHandle
GlobalFindAtomA
WriteConsoleInputW
GlobalAlloc
GetMailslotInfo
ReadConsoleOutputCharacterW
SetConsoleWindowInfo
EnumCalendarInfoA
DuplicateConsoleHandle
VirtualAlloc
GetDevicePowerState
Toolhelp32ReadProcessMemory
BackupWrite
UTUnRegister
LoadLibraryA
GetNumberOfConsoleInputEvents
CreateDirectoryW
GetExitCodeProcess
ExitProcess
GetTapeStatus
OutputDebugStringW
FreeUserPhysicalPages
CreateSemaphoreW
IsDBCSLeadByteEx
GetModuleHandleA
QueryInformationJobObject
RemoveDirectoryW
lstrcatA
WaitNamedPipeA
WriteConsoleOutputW
RemoveLocalAlternateComputerNameW
lstrcmpiW

t2embed

_TTIsEmbeddingEnabled@8
TTEmbedFontFromFileA
_TTDeleteEmbeddedFont@12
TTCharToUnicode
TTGetEmbeddingType
TTEmbedFont
_TTRunValidationTests@8
_TTGetEmbeddedFontInfo@28
_TTLoadEmbeddedFont@40
_TTCharToUnicode@24
TTGetNewFontName
TTRunValidationTests
_TTEnableEmbeddingForFacename@8
TTDeleteEmbeddedFont
_TTGetEmbeddingType@8
TTEmbedFontEx
TTRunValidationTestsEx
_TTIsEmbeddingEnabledForFacename@8
_TTEmbedFontFromFileA@52
_TTEmbedFont@44
TTEnableEmbeddingForFacename
TTGetEmbeddedFontInfo
TTIsEmbeddingEnabledForFacename
TTIsEmbeddingEnabled
TTLoadEmbeddedFont

odbc32

SQLDriversW
SQLBrowseConnectA
SQLConnectA
SQLGetEnvAttr
SQLBindParameter
SQLSetStmtAttrA
SQLGetTypeInfoA
SQLGetDescRecW
SQLSetConnectAttrW
SQLGetStmtAttr
SQLColAttributesA
SQLColumns
SQLSpecialColumns
SQLGetStmtAttrW
SQLGetDiagRecA
SQLPrimaryKeysW
SQLFetch
SQLDriverConnectA
SQLDataSourcesA
CollectODBCPerfData
SQLSetCursorNameA
SQLStatisticsA
CursorLibLockDbc
SQLParamOptions
SQLGetInfoA
SQLRowCount
SQLBrowseConnectW
SQLFreeEnv
ODBCSetTryWaitValue
SQLProcedures
SQLNativeSqlW
SQLSetConnectAttr

rtm

MgmGetFirstMfe
MgmGetNextMfe
RtmGetRouteInfo
RtmReadAddressFamilyConfig
RtmGetChangeStatus
InsertIntoTable
RtmGetChangedDests
RtmBlockMethods
RtmReleaseEntityInfo
RtmReleaseChangedDests
RtmEnumerateGetNextRoute
RtmIsMarkedForChangeNotification
MgmGroupEnumerationEnd
RtmDequeueRouteChangeMessage
RtmWriteInstanceConfig
RtmDeleteNextHop
MgmGetFirstMfeStats
MgmAddGroupMembershipEntry
RtmDeleteRouteTable
MgmRegisterMProtocol
RtmReleaseDestInfo
RtmCreateEnumerationHandle
RtmIsRoute
RtmCreateRouteEnum
RtmHoldDestination
RtmCreateRouteList
RtmBlockSetRouteEnable
RtmCloseEnumerationHandle
MgmGetProtocolOnInterface
RtmDeregisterFromChangeNotification

mapi32

UNKOBJ_ScAllocateMore@16
FixMAPI@0
HrThisThreadAdviseSink@8
SzFindLastCh@8
FGetComponentPath
MAPIFreeBuffer
MAPIAllocateMore@12
cmc_logoff
SwapPword@8
ScRelocNotifications@20
SzFindSz@8
MAPILogon
cmc_query_configuration
ScMAPIXFromSMAPI
MAPIOpenFormMgr
HrQueryAllRows@24
FtSubFt@16
MAPIInitialize
BMAPIFindNext
HrAddColumns@16
InstallFilterHook@4
FtAdcFt@20
MNLS_lstrlenW@4
FixMAPI
cmc_send
LpValFindProp@12
FtMulDw@12
MAPIAdminProfiles@8
HrValidateIPMSubtree@20
CreateTable@36
HrSetOneProp@8
ScBinFromHexBounded@12

mfcsubs

?FormatV@CString@@IAEXPBGPAD@Z
?RemoveAll@CStringArray@@QAEXXZ
??H@YG?AVCString@@ABV0@0@Z
?Lock@CCriticalSection@@QAEHXZ
??P@YG_NPBGABVCString@@@Z
??0CString@@QAE@PBE@Z
??4CString@@QAEABV0@PBD@Z
??BCSyncObject@@QBEPAXXZ
?FormatMessageW@CString@@QAAXIZZ
?AfxA2WHelper@@YGPAGPAGPBDH@Z
?IsEmpty@CMapStringToPtr@@QBEHXZ
??_FCMapStringToPtr@@QAEXXZ
?SetSize@CStringArray@@QAEXHH@Z
?AssignCopy@CString@@IAEXHPBG@Z
?GetHashTableSize@CMapStringToPtr@@QBEIXZ
??0CSyncObject@@QAE@PBG@Z
?RemoveKey@CMapStringToPtr@@QAEHPBG@Z
??0CString@@QAE@PBG@Z
?UnlockBuffer@CString@@QAEXXZ
?SetAt@CString@@QAEXHG@Z
?IsEmpty@CString@@QBEHXZ
?Empty@CString@@QAEXXZ
??ACMapStringToPtr@@QAEAAPAXPBG@Z
??4CString@@QAEABV0@ABV0@@Z
??H@YG?AVCString@@DABV0@@Z
?Lookup@CMapStringToPtr@@QBEHPBGAAPAX@Z
??1CObject@@UAE@XZ
??9@YG_NPBGABVCString@@@Z
??_7CObject@@6B@
?Release@CString@@IAEXXZ
?GetData@CStringArray@@QAEPAVCString@@XZ
?GetAllocLength@CString@@QBEHXZ
??H@YG?AVCString@@ABV0@PBG@Z
?GetNextAssoc@CMapStringToPtr@@QBEXAAPAU__POSITION@@AAVCString@@AAPAX@Z
?Mid@CString@@QBE?AV1@H@Z

Sections

.text
Size: 88KB - Virtual size: 88KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 120KB - Virtual size: 119KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 13KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 9KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

deeec3bb3ffbbad79113d061d346a305

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

t2embed

odbc32

rtm

mapi32

mfcsubs

Sections

.text Size: 88KB - Virtual size: 88KB

.rdata Size: 120KB - Virtual size: 119KB

.data Size: 13KB - Virtual size: 13KB

.rsrc Size: 9KB - Virtual size: 8KB

.text
Size: 88KB - Virtual size: 88KB

.rdata
Size: 120KB - Virtual size: 119KB

.data
Size: 13KB - Virtual size: 13KB

.rsrc
Size: 9KB - Virtual size: 8KB