261550133dc89335d77dae312a00380d

Sharing

Copy URL Twitter E-mail

General

Target

261550133dc89335d77dae312a00380d
Size

157KB
MD5

261550133dc89335d77dae312a00380d
SHA1

0f4287515dbdc3a2f975400801dda8ef52b9e570
SHA256

31e38ffbeb382c9a329af5b37627c1f04f7a8781946374e55f1b87328a81dc0e
SHA512

b4e6d2a7006fc1ab748253e0a727a5434a0489acda6479a8a5efd0e1c5a1b1ad2a2ea5f69bc40b1429d5cef14cf260d6236031a1a53aef5a6114ac35bf8f61b0
SSDEEP

3072:fMYlOF0OucUXXuBjU34DdDtyRoYghLkS+vW0dMM0TzExNt7yxqmBZv0F:fMYlO1V8AQoDFtyuFk7vW0dZpt2UmDm

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
261550133dc89335d77dae312a00380d

Files

261550133dc89335d77dae312a00380d
.exe windows:5 windows x86 arch:x86

ff014d516cd31716d6404e05ea6f7824

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

gdi32

PATHOBJ_vEnumStart
RectInRegion
GetSystemPaletteEntries
GetAspectRatioFilterEx
FillRgn
DeleteDC
GdiConvertToDevmodeW
GetCharacterPlacementA
GetEnhMetaFilePixelFormat
EngAlphaBlend
GetWindowOrgEx
SetMapMode
FontIsLinked
GdiFixUpHandle
EngGetPrinterDataFileName
PolyTextOutA
CreateCompatibleBitmap
GetOutlineTextMetricsW
STROBJ_bGetAdvanceWidths
FillPath
GetTextExtentPointA
ResizePalette
GdiGetSpoolFileHandle
Polygon
DdEntry54
DdEntry12
LPtoDP
GetBitmapAttributes
GetBitmapDimensionEx
GdiTransparentBlt
GetCharWidthFloatA
GdiSetLastError
EngFillPath
GdiDllInitialize
DdEntry36
GetGlyphOutline
GetCharABCWidthsW
GetTextExtentPoint32A

cfgmgr32

CM_Run_Detection_Ex
CM_Set_Class_Registry_PropertyW
CM_Run_Detection
CM_Open_Class_Key_ExW
CM_Query_Arbitrator_Free_Data_Ex
CM_Set_DevNode_Problem_Ex
CM_Get_HW_Prof_FlagsW
CM_Request_Eject_PC
CM_Free_Range_List
CM_Add_Range
CM_Get_Device_ID_ExA
CM_Create_DevNode_ExW
CM_Get_Device_ID_List_SizeW
CM_Get_Device_Interface_List_ExA
CMP_Report_LogOn
CM_Set_HW_Prof_Flags_ExW
CM_Get_Depth_Ex
CM_Locate_DevNode_ExA
CM_Get_Next_Log_Conf_Ex
CM_Set_HW_Prof
CM_Setup_DevNode
CM_Locate_DevNodeW
CM_Get_DevNode_Registry_Property_ExW
CM_Get_Version_Ex
CM_Free_Res_Des
CM_Open_DevNode_Key
CM_Unregister_Device_Interface_ExA
CM_Get_Device_Interface_ListA
CM_Get_Res_Des_Data_Size
CM_Setup_DevNode_Ex
CM_Get_Device_IDW
CM_Set_HW_Prof_Flags_ExA
CM_Register_Device_InterfaceA
CM_Unregister_Device_Interface_ExW
CM_Set_DevNode_Registry_PropertyW
CM_Get_Global_State_Ex
CM_Register_Device_Driver_Ex
CM_Get_Sibling_Ex
CM_Free_Res_Des_Handle
CM_Query_Arbitrator_Free_Data
CM_Add_IDA

vdmdbg

VDMGetSegtablePointer
VDMDetectWOW
VDMGetSymbol
VDMGlobalFirst
VDMModuleNext
VDMEnumTaskWOWEx
VDMBreakThread
VDMSetThreadContext
VDMStartTaskInWOW
VDMGetThreadSelectorEntry
VDMGetModuleSelector
VDMSetDbgFlags
VDMGetAddrExpression
VDMGetSegmentInfo
VDMProcessException
VDMGetPointer
VDMGetThreadContext
VDMTerminateTaskWOW
VDMGetDbgFlags
VDMEnumProcessWOW
VDMKillWOW
VDMSetContext
VDMEnumTaskWOW
VDMModuleFirst
VDMGlobalNext
VDMGetSelectorModule
VDMIsModuleLoaded
VDMGetContext

kernel32

Heap32First
WriteProfileStringA
LoadLibraryA
SetEvent
GetEnvironmentStringsW
SetConsoleCP
_lwrite
DeleteTimerQueueEx
RtlCaptureStackBackTrace
ReplaceFileA
SetConsolePalette
BackupWrite
Heap32Next
Module32Next
RequestWakeupLatency
MultiByteToWideChar
GetBinaryTypeA
VirtualAlloc
QueryPerformanceCounter
EscapeCommFunction
DeleteFileA
BeginUpdateResourceA
GetOEMCP
LocalFileTimeToFileTime
WaitForDebugEvent
InterlockedExchange
WaitNamedPipeA
GetThreadPriority
PurgeComm
CreateMutexA
GetConsoleTitleW
LockResource

dnsapi

DnsRecordCompare
Dns_SendAndRecvUdp
DnsRecordBuild_W
Dns_InitializeWinsock
DnsRecordBuild_UTF8
DnsAcquireContextHandle_W
DnsFlushResolverCacheEntry_A
DnsDhcpSrvRegisterHostName
DnsRecordSetCopyEx
DnsReplaceRecordSetA
DnsQuery_W
DnsQuery_UTF8
Dns_BuildPacket
DnsRecordSetDetach
DnsNotifyResolver
DnsExtractRecordsFromMessage_W
DnsNameCompareEx_UTF8
Dns_InitializeMsgRemoteSockaddr
DnsApiRealloc
DnsIpv6AddressToString
DnsModifyRecordsInSet_UTF8
DnsNameCompareEx_A
DnsQueryConfigDword
DnsValidateUtf8Byte
Dns_ReadPacketNameAllocate
DnsUpdate
DnsRecordSetCompare
DnsFreeConfigStructure
DnsExtractRecordsFromMessage_UTF8
DnsRecordStringForWritableType

query

?QueryScopeAdmin@CScopeEnum@@QAEPAVCScopeAdmin@@XZ
?FastInit@CPropStoreManager@@QAEXPAVCiStorage@@@Z
??3CDbPropSet@@SGXPAX@Z
??0CWordRestriction@@QAE@ABVCKeyBuf@@KKKH@Z
??0CPropertyStoreWids@@QAE@AAVCPropStoreManager@@@Z
??0CRcovStrmAppendTrans@@QAE@AAVPRcovStorageObj@@@Z
?DetermineDriveType@CiStorage@@SGIPBG@Z
??3CDbContent@@SGXPAX@Z
CIRestrictionToFullTree
?GetStackTrace@@YGXPADK@Z
?OpenRecordForWrites@CPropStoreManager@@QAEPAVCCompositePropRecordForWrites@@KPAE@Z
??1CDbQueryResults@@QAE@XZ
??0CMachineAdmin@@QAE@PBGH@Z
??0CLocalGlobalPropertyList@@QAE@K@Z
?SetNumberOfSortProps@CCatState@@QAEXI@Z
?ReturnBuffer@CPhysStorage@@QAEXKHH@Z
??0CCiRegParams@@QAE@PBG@Z
?GetBlob@CMemDeSerStream@@UAEXPAEK@Z
?VT_VARIANT_LE@@YGHABUtagPROPVARIANT@@0@Z
?SetBSTR@CAllocStorageVariant@@QAEXPAGAAVPMemoryAllocator@@@Z
?GetColumn@CCatState@@QBEPBGI@Z
?IsCIPaused@CMachineAdmin@@QAEHXZ
?QueryInterface@CFwPropertyMapper@@UAGJABU_GUID@@PAPAX@Z
_ForceMasterMerge@16
?GetTotalSizeInKB@CPropertyStore@@QAEKXZ
?Find@CCombinedPropertyList@@UAEPBVCPropEntry@@PBG@Z
?Write@CRcovStrmTrans@@IAEXPBXK@Z
?SetBOOL@CStorageVariant@@QAEXFI@Z

glu32

gluErrorString
gluBuild2DMipmaps
gluDeleteTess
gluEndSurface
gluTessBeginContour
gluTessCallback
gluBeginPolygon
gluUnProject
gluEndCurve
gluTessBeginPolygon
gluNewQuadric
gluGetString
gluPartialDisk
gluLoadSamplingMatrices
gluTessProperty
gluNewTess
gluPerspective
gluPwlCurve
gluBuild1DMipmaps
gluEndTrim
gluTessVertex
gluScaleImage
gluQuadricCallback
gluDeleteNurbsRenderer
gluBeginCurve
gluTessEndPolygon
gluLookAt
gluGetNurbsProperty
gluNewNurbsRenderer
gluProject

Sections

.text
Size: 75KB - Virtual size: 75KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 36KB - Virtual size: 36KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 50KB - Virtual size: 260KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 1024B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 1024B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

ff014d516cd31716d6404e05ea6f7824

Headers

DLL Characteristics

File Characteristics

Imports

gdi32

cfgmgr32

vdmdbg

kernel32

dnsapi

query

glu32

Sections

.text Size: 75KB - Virtual size: 75KB

.rdata Size: 36KB - Virtual size: 36KB

.data Size: 50KB - Virtual size: 260KB

.rsrc Size: 1024B - Virtual size: 1024B

.reloc Size: 1024B - Virtual size: 1024B

.text
Size: 75KB - Virtual size: 75KB

.rdata
Size: 36KB - Virtual size: 36KB

.data
Size: 50KB - Virtual size: 260KB

.rsrc
Size: 1024B - Virtual size: 1024B

.reloc
Size: 1024B - Virtual size: 1024B