1adbed39d636380bc0b576cddbe27ceb

Sharing

Copy URL Twitter E-mail

General

Target

1adbed39d636380bc0b576cddbe27ceb
Size

868KB
MD5

1adbed39d636380bc0b576cddbe27ceb
SHA1

12ed797f4f13f2bf803d9a454cda875b34e4987c
SHA256

5b8008daea780adabc8ea8d4e00431be9c98fdbf009fc889acb46e0808b3ea48
SHA512

4c175b8fc6ce4f221eb3cba6c942e9f4aa5a02d33c171057df4378287d8cc0c07200a5df92d191d50102326485c4e51ac31fdcbb45ffe02954727334cfdbe5da
SSDEEP

24576:G2/4+fltY4najfCsOJqHOr6nc56qLWQGHgbHfs6Csrcf1T0Ex:FQceLOJzMqLWQGATbC0O0E

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
1adbed39d636380bc0b576cddbe27ceb

Files

1adbed39d636380bc0b576cddbe27ceb
.exe windows:5 windows x86 arch:x86

b38c4eaa0f92644d3952bad982cebb49

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

mapi32

UNKOBJ_ScSzFromIdsAlloc@20
SwapPlong@8
FtAddFt@16
DeregisterIdleRoutine@4
LpValFindProp@12
MNLS_CompareStringW@24
LAUNCHWIZARD
HrComposeMsgID@24
FBadEntryList@4
FtSubFt@16
MAPILogon
UNKOBJ_ScCOAllocate@12
HrComposeEID@28
SetAttribIMsgOnIStg@16
cmc_free
DllGetClassObject
HrSzFromEntryID@12
BMAPISaveMail
InstallFilterHook@4
FBadRowSet@4
cmc_read
SzFindLastCh@8
UNKOBJ_Free@8
GetTnefStreamCodepage
MAPISendDocuments
MAPIOpenLocalFormContainer@4
ScDupPropset@16
GetOutlookVersion
OpenTnefStreamEx
FtMulDwDw@8
HrDecomposeMsgID@24
BuildDisplayTable@40
CbOfEncoded@4
cmc_logoff
FreeProws@4
HrGetOmiProvidersFlags
ScGenerateMuid@4
HrValidateIPMSubtree@20
MAPIInitialize@4
MAPIAllocateBuffer@8

kernel32

IsProcessInJob
GetConsoleInputExeNameA
CancelIo
EnumResourceTypesW
GetBinaryType
VirtualUnlock
DebugActiveProcess
WritePrivateProfileStructA
EnterCriticalSection
ReadConsoleOutputAttribute
IsValidCodePage
SetEvent
SetTapePosition
SetConsoleScreenBufferSize
FindFirstFileA
FindFirstFileExA
GetProcessVersion
IsBadCodePtr
GetComputerNameW
ReplaceFileW
HeapWalk
GetCalendarInfoA
RtlMoveMemory
SetConsoleCursorPosition
IsValidLocale
GetConsoleKeyboardLayoutNameW
SetComputerNameW
GetSystemWindowsDirectoryW
DeleteFileA
FindActCtxSectionGuid
GetThreadLocale
CreateConsoleScreenBuffer
BackupRead
CreateWaitableTimerA
Thread32Next
EnumSystemLocalesW
GlobalHandle
GenerateConsoleCtrlEvent
LZRead
SetFileShortNameA
CreateNamedPipeW
_lcreat
IsDebuggerPresent
DuplicateHandle
SystemTimeToTzSpecificLocalTime
InterlockedIncrement
GetSystemDefaultLCID
LoadLibraryA
GetSystemDefaultUILanguage
GetTickCount
EnumDateFormatsA
PrivMoveFileIdentityW
LeaveCriticalSection
SetupComm
GlobalAddAtomW
GetNamedPipeInfo
CopyFileExW
EnumLanguageGroupLocalesA
TerminateJobObject
GetConsoleCharType
RegisterConsoleIME
VirtualAlloc
LZOpenFileW
GetSystemPowerStatus
LCMapStringA
SignalObjectAndWait
GlobalReAlloc
WriteConsoleW
VirtualFreeEx
GetNumberOfConsoleInputEvents
GetDiskFreeSpaceW
GetVolumePathNamesForVolumeNameW
GetWriteWatch
QueueUserWorkItem
SetLocalPrimaryComputerNameW
WriteProcessMemory
SetConsoleActiveScreenBuffer
CreateHardLinkW
GetUserDefaultLCID
QueryPerformanceCounter
CallNamedPipeW
FreeLibrary
IsDBCSLeadByteEx
ReleaseMutex
GetTempFileNameA
GetConsoleAliasesA
GetBinaryTypeA
CreateSemaphoreA
GetFirmwareEnvironmentVariableA
SetTermsrvAppInstallMode
WritePrivateProfileStringW
InitializeSListHead
CreateRemoteThread
CreateMailslotA

netapi32

NetpDbgPrint
NetEnumerateTrustedDomains
NetReplExportDirDel
NetUseAdd
I_NetlogonComputeServerDigest
NetDfsEnum
I_NetAccountSync
NetpwNameCanonicalize
NetScheduleJobDel
I_NetLogonControl
I_NetServerAuthenticate
NetUnjoinDomain
NetpGetConfigValue
NetWkstaSetInfo
NetWkstaTransportAdd
NetpGetFileSecurity
NetpAllocFtinfoEntry
NetUserSetGroups
NetSetPrimaryComputerName
NetShareAdd
DsGetDcCloseW
NetFileEnum
DsMergeForestTrustInformationW
DsAddressToSiteNamesA
NetScheduleJobGetInfo

lz32

LZCreateFileW
LZDone
GetExpandedNameA
LZClose
LZSeek
LZCloseFile
LZCopy
LZRead
LZOpenFileW
LZOpenFileA
LZStart
CopyLZFile
LZInit

msdart

?SetDefaultSpinCount@CFakeLock@@SGXG@Z
?SetSpinCount@CReaderWriterLock3@@QAE_NG@Z
?_InsertThisIntoGlobalList@CLKRLinearHashTable@@AAEXXZ
?IsWinNt4orLater@CMdVersionInfo@@SAHXZ
?_CalcKeyHash@CLKRLinearHashTable@@ABEKK@Z
?_TryLock@CSpinLock@@AAE_NXZ
?WriteUnlock@CReaderWriterLock@@QAEXXZ
?SetSpinCount@CReaderWriterLock@@QAE_NG@Z
?Pop@CLockedSingleList@@QAEQAVCSingleListEntry@@XZ
?IsWriteLocked@CReaderWriterLock@@QBE_NXZ
?WriteLock@CLKRHashTable@@QAEXXZ
IrtlTrace
??4CSingleList@@QAEAAV0@ABV0@@Z
?ReadUnlock@CSpinLock@@QAEXXZ
?GetDefaultSpinCount@CReaderWriterLock3@@SGGXZ
??4CMdVersionInfo@@QAEAAV0@ABV0@@Z
?ReadUnlock@CSmallSpinLock@@QAEXXZ
?TryWriteLock@CSpinLock@@QAE_NXZ
?sm_dblDfltSpinAdjFctr@CCritSec@@1NA
?_LockSpin@CSpinLock@@AAEXXZ
?ConvertSharedToExclusive@CLKRHashTable@@QBEXXZ
?_Unlock@CSpinLock@@AAEXXZ
?ConvertExclusiveToShared@CSpinLock@@QAEXXZ
??1CLKRHashTable@@QAE@XZ
?SetDefaultSpinCount@CCritSec@@SGXG@Z
?FindKey@CLKRLinearHashTable@@QBE?AW4LK_RETCODE@@KPAPBX@Z
?ConvertExclusiveToShared@CReaderWriterLock3@@QAEXXZ
??4CFakeLock@@QAEAAV0@ABV0@@Z
?MaxSize@CLKRLinearHashTable@@QBEKXZ
?_LockSpin@CSmallSpinLock@@AAEXXZ
?ConvertSharedToExclusive@CLKRLinearHashTable@@QBEXXZ
?IsWriteUnlocked@CSpinLock@@QBE_NXZ
MPCSInitialize
?GetDefaultSpinCount@CReaderWriterLock2@@SGGXZ
?GetDefaultSpinAdjustmentFactor@CCritSec@@SGNXZ
?SetSpinCount@CCritSec@@SGKPAPAVCCriticalSection@@K@Z
?ConvertExclusiveToShared@CLKRLinearHashTable@@QBEXXZ
??0CReaderWriterLock3@@QAE@XZ
?SetDefaultSpinAdjustmentFactor@CSpinLock@@SGXN@Z
?Last@CLockedDoubleList@@QAEQAVCListEntry@@XZ
?IsWriteUnlocked@CReaderWriterLock@@QBE_NXZ

Sections

.text
Size: 197KB - Virtual size: 197KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 222KB - Virtual size: 222KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 445KB - Virtual size: 1.8MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 1024B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

b38c4eaa0f92644d3952bad982cebb49

Headers

DLL Characteristics

File Characteristics

Imports

mapi32

kernel32

netapi32

lz32

msdart

Sections

.text Size: 197KB - Virtual size: 197KB

.rdata Size: 222KB - Virtual size: 222KB

.data Size: 445KB - Virtual size: 1.8MB

.rsrc Size: 1024B - Virtual size: 1024B

.reloc Size: 1KB - Virtual size: 1KB

.text
Size: 197KB - Virtual size: 197KB

.rdata
Size: 222KB - Virtual size: 222KB

.data
Size: 445KB - Virtual size: 1.8MB

.rsrc
Size: 1024B - Virtual size: 1024B

.reloc
Size: 1KB - Virtual size: 1KB