2644db59f20c14e6f95136e7aa157c86

Sharing

Copy URL Twitter E-mail

General

Target

2644db59f20c14e6f95136e7aa157c86
Size

861KB
MD5

2644db59f20c14e6f95136e7aa157c86
SHA1

2409be960dc8537479d880edbea702420f2e0431
SHA256

b63b8ef0723560a770a9d092966a51bdcabf8aed0a1c30804351093aed54c693
SHA512

f5ca3c597ffadc9acc253367ab585192a1ab50cb915da0fe141101d4f2913fff09ce1dc2f5d68478b29a9599b2a2338d321231259a885c3ea2b2a44d7b6b5370
SSDEEP

24576:aVcIBBIKhVBibED/sx8By9lwQOF1wwLcfWKAgCwCgc:v8gbEDUwffFYfwwCgc

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2644db59f20c14e6f95136e7aa157c86

Files

2644db59f20c14e6f95136e7aa157c86
.exe windows:5 windows x86 arch:x86

7861cd2786c7a6c26bb5ecd7df9c495b

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

apphelp

SdbTagRefToTagID
SdbOpenDatabase
SdbOpenApphelpInformation
SdbGetDatabaseVersion
SdbTagIDToTagRef
SdbRegisterDatabase
SdbGetBinaryTagData
SdbGetNextChild
SdbGetTagDataSize
SdbTagToString
SdbGrabMatchingInfo
ApphelpUpdateCacheEntry
SdbReadBinaryTag
SdbReadDWORDTagRef
SdbReadWORDTag
SdbReadEntryInformation
SdbFindFirstMsiPackage_Str
ApphelpCheckInstallShieldPackage
SdbResolveDatabase
SdbReadStringTagRef
SdbGrabMatchingInfoEx
ApphelpCheckMsiPackage
ApphelpFixMsiPackage
SdbGetDatabaseMatch
SdbQueryData
SdbFindFirstTagRef
SdbGetFirstChild
SdbReadMsiTransformInfo
SdbReadWORDTagRef
ApphelpFreeFileAttributes
ApphelpGetNTVDMInfo
SdbDeletePermLayerKeys
ShimFlushCache
SdbGetMsiPackageInformation
SdbReadQWORDTagRef
ApphelpCheckExe
SdbGetEntryFlags
SdbCloseApphelpInformation
SdbFindNextMsiPackage

advapi32

AddAce
GetEffectiveRightsFromAclW
GetAce
OpenEncryptedFileRawW
RevertToSelf
LookupAccountNameA
OpenProcessToken
RegisterEventSourceW
LsaLookupPrivilegeDisplayName
SystemFunction017
RegisterServiceCtrlHandlerW
DuplicateEncryptionInfoFile
ObjectDeleteAuditAlarmW
AccessCheckAndAuditAlarmW
StopTraceW
ConvertToAutoInheritPrivateObjectSecurity
SetSecurityInfoExW
AccessCheckByTypeResultListAndAuditAlarmByHandleA
ElfReportEventA
IsValidSecurityDescriptor
UnlockServiceDatabase
GetSecurityDescriptorLength
CryptHashSessionKey
InitiateSystemShutdownExA
SaferGetPolicyInformation
LsaSetForestTrustInformation
EncryptionDisable
SystemFunction015
InitiateSystemShutdownW
SystemFunction007
LsaCreateAccount
ElfRegisterEventSourceW
SystemFunction027
SetTraceCallback

msvcrt

__toascii
_stat64
fprintf
_ismbstrail
wcslen
_unlock
_sys_errlist
__p__daylight
printf
_cscanf
_isatty
mktime
fwscanf
_wstat
_mbsspnp
_chdrive
__DestructExceptionObject
_lseek
_wfdopen
_CIexp
_wenviron
atof
_chdir
_wspawnvpe
??_Ebad_typeid@@UAEPAXI@Z
_vsnprintf
??_Ebad_cast@@UAEPAXI@Z
fgetpos
_HUGE
fabs
_unlink
__CxxDetectRethrow
?_set_new_handler@@YAP6AHI@ZP6AHI@Z@Z
_ismbbkalnum
_set_sbh_threshold
_wstat64
_safe_fprem
_fgetwchar

ntprint

PSetupBuildDriversFromPath
ClassInstall32
PSetupAssociateICMProfiles
PSetupDriverInfoFromName
PSetupDestroySelectedDriverInfo
ServerInstallW
PSetupFreeDrvField
PSetupSelectDriver
PSetupDestroyDriverInfo3
PSetupThisPlatform
PSetupDestroyMonitorInfo
PSetupGetLocalDataField
PSetupDestroyPrinterDeviceInfoList
PSetupShowBlockedDriverUI
PSetupIsTheDriverFoundInInfInstalled
PSetupCreateDrvSetupPage
PSetupCreatePrinterDeviceInfoList
PSetupCreateMonitorInfo
PSetupFreeMem
PSetupIsDriverInstalled
PSetupEnumMonitor
PSetupInstallICMProfiles
PSetupGetPathToSearch
PSetupPreSelectDriver
PSetupSetSelectDevTitleAndInstructions
PSetupInstallMonitor
PSetupProcessPrinterAdded
PSetupSelectDeviceButtons
PSetupGetDriverInfo3
PSetupInstallInboxDriverSilently
PSetupIsCompatibleDriver
PSetupGetSelectedDriverInfo
PSetupInstallPrinterDriver

kernel32

SetSystemTime
AddRefActCtx
LoadLibraryA
LockFileEx
GlobalUnWire
GlobalFindAtomW
OpenFileMappingA
GetSystemWow64DirectoryA
SetLocaleInfoA
SetCurrentDirectoryA
IsSystemResumeAutomatic
GetStartupInfoW
lstrcpy
EnumResourceTypesW
FindFirstVolumeA
ReadConsoleOutputA
SetConsoleCursorInfo
CallNamedPipeW
SetProcessPriorityBoost
VirtualAlloc
FindResourceExW
GetOverlappedResult
QueryPerformanceCounter
GetModuleHandleW
ReadConsoleInputExW
PrepareTape
SetLocaleInfoW
AddAtomA
GetPrivateProfileStructA
FreeEnvironmentStringsW
CreateToolhelp32Snapshot
GetComputerNameExW

msvcrt40

??0istream@@IAE@XZ
_finite
?flags@ios@@QBEJXZ
atan
??_Distream@@QAEXXZ
??_Ebad_typeid@@UAEPAXI@Z
_adjust_fdiv
_CIsinh
fwprintf
__RTDynamicCast
__p__tzname
_spawnvp
??_Gstdiobuf@@UAEPAXI@Z
??4streambuf@@QAEAAV0@ABV0@@Z
__RTtypeid
??_Giostream@@UAEPAXI@Z
fgetws
__setusermatherr
??0ostream@@IAE@XZ
??1bad_cast@@UAE@XZ
?ignore@istream@@QAEAAV1@HH@Z
??0bad_cast@@QAE@ABQBD@Z
_mbsnbset
?fLockcInit@ios@@0HA
_CItan
??1bad_typeid@@UAE@XZ
_toupper
_wspawnl
?getline@istream@@QAEAAV1@PAEHD@Z
_winmajor
atoi
??0ostream_withassign@@QAE@XZ
??0ifstream@@QAE@ABV0@@Z
_stricoll
??_Gstrstreambuf@@UAEPAXI@Z
?iword@ios@@QBEAAJH@Z

user32

PostQuitMessage
RegisterClassA
DefWindowProcA

Sections

.text
Size: 167KB - Virtual size: 167KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 294KB - Virtual size: 294KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 396KB - Virtual size: 1.8MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 1024B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

7861cd2786c7a6c26bb5ecd7df9c495b

Headers

DLL Characteristics

File Characteristics

Imports

apphelp

advapi32

msvcrt

ntprint

kernel32

msvcrt40

user32

Sections

.text Size: 167KB - Virtual size: 167KB

.rdata Size: 294KB - Virtual size: 294KB

.data Size: 396KB - Virtual size: 1.8MB

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 1024B - Virtual size: 1024B

.text
Size: 167KB - Virtual size: 167KB

.rdata
Size: 294KB - Virtual size: 294KB

.data
Size: 396KB - Virtual size: 1.8MB

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 1024B - Virtual size: 1024B