2234851c94ffea13762a236f91b99bdd

Sharing

Copy URL Twitter E-mail

General

Target

2234851c94ffea13762a236f91b99bdd
Size

161KB
MD5

2234851c94ffea13762a236f91b99bdd
SHA1

95ec4c61d7edb3b7b4f33c689c2e003af4b2f1b8
SHA256

7efdb2e933910f6ac26b36be0b44bfedc21442de2d364440994d8061fe311ea3
SHA512

6bf9f7ab8a4ee17292dd3db6b13d2aa88ba101edb9194230f3c847978eb20aac5d9d1244b883f6c0f18d463f765eaca47d69d6de54c206d5f76a78dcfa11d272
SSDEEP

3072:az21sOpSKeeT382p8eUsCyZGYXm4cDaW5h10WffIEz7Eyq/YPNRS7gbF:L6OLb81eUsNZGY24Cag0WnIEz7Eyq/J

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2234851c94ffea13762a236f91b99bdd

Files

2234851c94ffea13762a236f91b99bdd
.exe windows:5 windows x86 arch:x86

dd30701e7a3a3df0b5a99cf8e6e4574c

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

msvcrt40

_wsetlocale
_onexit
wcspbrk
wcsxfrm
??0ifstream@@QAE@PBDHH@Z
__p__pwctype
ferror
??6ostream@@QAEAAV0@J@Z
_telli64
signal
_filelength
?ebuf@streambuf@@IBEPADXZ
getwc
_inp
_ismbcprint
_findfirst
?rdstate@ios@@QBEHXZ
?gbump@streambuf@@IAEXH@Z
??6ostream@@QAEAAV0@PBE@Z
??4ofstream@@QAEAAV0@ABV0@@Z
?x_curindex@ios@@0HA
_splitpath
??6ostream@@QAEAAV0@I@Z
??4istream@@IAEAAV0@PAVstreambuf@@@Z
??_Gstreambuf@@UAEPAXI@Z
??0ofstream@@QAE@HPADH@Z
_putw
?gcount@istream@@QBEHXZ
_wexecv
??_Gbad_cast@@UAEPAXI@Z
?seekoff@filebuf@@UAEJJW4seek_dir@ios@@H@Z
__RTtypeid
wcstoul

setupapi

SetupDiCallClassInstaller
SetupSetFileQueueFlags
SetupRemoveFileLogEntryW
CM_Is_Version_Available_Ex
CM_Get_HW_Prof_FlagsW
SetupBackupErrorW
pSetupDuplicateString
SetupGetSourceFileSizeW
SetupCloseInfFile
SetupQueryInfVersionInformationA
CM_Add_ID_ExA
SetupDiEnumDriverInfoW
CM_Create_DevNode_ExA
CM_Query_Remove_SubTree
SetupInstallFileA
SetupAdjustDiskSpaceListA
pSetupOutOfMemory
CM_Get_Device_IDA
CM_Get_Device_Interface_List_SizeA
SetupDiDeleteDevRegKey
CM_Get_Device_Interface_List_ExA
SetupGetSourceInfoW
CM_Get_Device_ID_Size
CM_Delete_Class_Key
CM_Get_DevNode_Registry_PropertyW
SetupOpenMasterInf
CM_Enumerate_EnumeratorsA
CM_Free_Resource_Conflict_Handle
SetupFindNextMatchLineA
SetupDiGetClassImageIndex
CM_Query_Arbitrator_Free_Data_Ex
SetupDiGetINFClassA
CM_Run_Detection_Ex
SetupDiBuildClassInfoList
CM_Get_Device_Interface_AliasW
CM_Add_IDW
pSetupStringTableEnum
SetupSetFileQueueAlternatePlatformA
SetupQueryInfFileInformationA
CM_Get_HW_Prof_FlagsA
CM_Get_DevNode_Custom_Property_ExW
SetupScanFileQueueA

user32

ChangeDisplaySettingsW
RegisterUserApiHook
EnumDesktopsW
SendDlgItemMessageA
SetCursorContents
RegisterRawInputDevices
GetWindowTextW
CreateWindowExA
SetMenuItemInfoA
GetKeyState
AdjustWindowRectEx
DeregisterShellHookWindow
DdeImpersonateClient
CharPrevW
SoftModalMessageBox
GetThreadDesktop
OpenClipboard
GetWindowModuleFileName
RemoveMenu
CallMsgFilterW
DrawMenuBar
GetClipboardFormatNameW
GetPriorityClipboardFormat
SetProcessDefaultLayout
SetMessageExtraInfo
GetKeyboardLayoutNameA
SetKeyboardState
DdeAbandonTransaction
DdeUninitialize
GetKeyNameTextA
InvalidateRect
GetDlgItem
ChangeDisplaySettingsA
EnableScrollBar
WINNLSEnableIME
InvertRect
InsertMenuItemW
TranslateAcceleratorA
GetMenuInfo
ChangeMenuA
UpdateLayeredWindow
FillRect
CallWindowProcA
SendMessageTimeoutA
GetWindowRect
DisplayExitWindowsWarnings
SetMenu
RemovePropW
EnumDisplayDevicesW
AnyPopup
DdeQueryStringW
EnumDisplaySettingsExW
AnimateWindow
ShowWindow
CharUpperBuffW
DdeReconnect
LookupIconIdFromDirectory
DrawEdge
SetUserObjectSecurity
LoadMenuW
GetClassWord
DestroyMenu
MonitorFromWindow
IsChild
EnumPropsExW
UnhookWindowsHook
PrivateExtractIconExA
CreateMDIWindowA
OemKeyScan
SetDoubleClickTime
RegisterClassExA

mprapi

MprGetUsrParams
MprAdminInterfaceUpdateRoutes
MprAdminInterfaceTransportSetInfo
MprConfigInterfaceDelete
MprAdminPortReset
MprAdminPortGetInfo
MprAdminInterfaceTransportAdd
MprInfoBlockQuerySize
MprAdminMIBEntryCreate
MprAdminDeregisterConnectionNotification
MprAdminInterfaceSetInfo
MprConfigTransportGetHandle
MprAdminIsServiceRunning
CompressPhoneNumber
MprInfoBlockAdd
MprAdminTransportCreate
MprAdminInterfaceTransportGetInfo
MprAdminServerGetCredentials
MprAdminEstablishDomainRasServer
MprConfigTransportEnum
MprConfigInterfaceCreate
MprAdminPortEnum
MprConfigServerBackup
MprInfoBlockSet
MprAdminInterfaceCreate
MprAdminUserWrite
MprConfigServerInstall
MprAdminSendUserMessage
MprAdminMIBBufferFree
MprInfoDuplicate
MprAdminInterfaceTransportRemove
MprConfigInterfaceEnum
MprAdminRegisterConnectionNotification
MprConfigInterfaceTransportEnum
MprAdminDeviceEnum
MprAdminIsDomainRasServer
MprAdminMIBServerConnect
MprAdminUserGetInfo
RasPrivilegeAndCallBackNumber
MprAdminUserServerDisconnect

pdh

PdhEnumObjectItemsHA
PdhLookupPerfIndexByNameW
PdhEnumMachinesHA
PdhSetCounterScaleFactor
PdhEnumObjectsA
PdhExpandWildCardPathHA
PdhBindInputDataSourceW
PdhCloseLog
PdhSetQueryTimeRange
PdhSetLogSetRunID
PdhFormatFromRawValue
PdhExpandWildCardPathA
PdhConnectMachineA
PdhEnumMachinesHW
PdhVbGetCounterPathElements
PdhGetCounterInfoA
PdhGetLogFileSize
PdhAdd009CounterA
PdhEnumObjectItemsA
PdhExpandCounterPathW
PdhValidatePathW
PdhAddCounterW
PdhGetDataSourceTimeRangeH
PdhVbGetDoubleCounterValue
PdhVbIsGoodStatus
PdhOpenQueryH
PdhAddCounterA
PdhParseInstanceNameW
PdhSetDefaultRealTimeDataSource
PdhGetDefaultPerfObjectW
PdhGetDefaultPerfCounterA
PdhTranslate009CounterA
PdhEnumObjectsW
PdhOpenLogW
PdhEnumLogSetNamesW
PdhEnumMachinesA
PdhCreateSQLTablesW
PdhUpdateLogA
PdhValidatePathA
PdhParseCounterPathA
PdhGetDefaultPerfObjectHA
PdhGetDataSourceTimeRangeA
PdhAdd009CounterW
PdhGetDllVersion

kernel32

GetVolumeNameForVolumeMountPointA
IsWow64Process
GetCPInfoExW
SetWaitableTimer
GetPrivateProfileSectionNamesW
IsValidLocale
VerifyConsoleIoHandle
LoadLibraryA
HeapFree
DebugBreak
LCMapStringA
GetConsoleDisplayMode
CreateDirectoryA
GetConsoleCommandHistoryA
UnlockFileEx
GetCurrentProcess
GetConsoleCommandHistoryW
MoveFileWithProgressW
FindResourceExA
RtlUnwind
SetDefaultCommConfigA
EnterCriticalSection
ReadFileEx
GetPrivateProfileStringA
SetComputerNameA
LeaveCriticalSection
AddVectoredExceptionHandler
GetStartupInfoA
DeleteCriticalSection
FileTimeToDosDateTime
TzSpecificLocalTimeToSystemTime
WaitNamedPipeW
TermsrvAppInstallMode
VirtualAlloc
GetNativeSystemInfo
ReplaceFileA
EraseTape
GetOverlappedResult
EnumCalendarInfoExA
GetDriveTypeW
VirtualUnlock
VerSetConditionMask

lz32

LZClose
LZCreateFileW
LZOpenFileW
LZInit
LZOpenFileA
LZRead
CopyLZFile
LZCloseFile
GetExpandedNameA
GetExpandedNameW
LZCopy
LZSeek
LZStart
LZDone

msvcrt

__set_app_type
__getmainargs
__p__commode
exit

Sections

.text
Size: 54KB - Virtual size: 54KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 91KB - Virtual size: 91KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 228KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 1024B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 1024B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

dd30701e7a3a3df0b5a99cf8e6e4574c

Headers

DLL Characteristics

File Characteristics

Imports

msvcrt40

setupapi

user32

mprapi

pdh

kernel32

lz32

msvcrt

Sections

.text Size: 54KB - Virtual size: 54KB

.rdata Size: 91KB - Virtual size: 91KB

.data Size: 12KB - Virtual size: 228KB

.rsrc Size: 1024B - Virtual size: 1024B

.reloc Size: 1024B - Virtual size: 1024B

.text
Size: 54KB - Virtual size: 54KB

.rdata
Size: 91KB - Virtual size: 91KB

.data
Size: 12KB - Virtual size: 228KB

.rsrc
Size: 1024B - Virtual size: 1024B

.reloc
Size: 1024B - Virtual size: 1024B