297782ff7733ea6d104903c297d64a90

Sharing

Copy URL Twitter E-mail

General

Target

297782ff7733ea6d104903c297d64a90
Size

877KB
MD5

297782ff7733ea6d104903c297d64a90
SHA1

cf6287af213e5722344c523e4262bb151499773e
SHA256

6523c97079800d08c9683f45d8528655dae4f9109fe6508cfd1606a2dfa4cbc5
SHA512

ed6d6905f9a243ee4f438f7bf426a249be6550fe8df6157a67397b6d4b235e90b992347ef4c67a39b21285c277a8b4037fbac93adcac6860d543f809a9689d40
SSDEEP

12288:RiDoIhlo5W8T6v+jdELUOpvPLlks/PdJY3rWS78BaLG0XfhA3hDg8//jI0JO8h:Q7obGmjzULlXJY7WSYBaLGBdgII04

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
297782ff7733ea6d104903c297d64a90

Files

297782ff7733ea6d104903c297d64a90
.exe windows:5 windows x86 arch:x86

d1e2db50f6fa1c0ff50fa2c21e1279b8

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

comsvcs

MTSCreateActivity
MiniDumpW
GetObjectContext
CoLeaveServiceDomain
CoCreateActivity
GetMTAThreadPoolMetrics
CosGetCallContext
ComSvcsExceptionFilter
DispManGetContext
GetTrkSvrObject
SafeRef
RecycleSurrogate
DllGetClassObject
CoLoadServices
ComSvcsLogError
CoEnterServiceDomain

dbghelp

SymEnumSourceFiles
SymGetSymNext
SymRegisterCallback
SymInitialize
FindFileInPath
FindExecutableImage
DbgHelpCreateUserDump
SymGetSymFromAddr
MiniDumpReadDumpStream
FindDebugInfoFile
SymGetSymNext64
SearchTreeForFile
EnumerateLoadedModules64
DbgHelpCreateUserDumpW
SymSetSearchPath
SymGetModuleBase
SymLoadModule64
SymGetTypeInfo
WinDbgExtensionDllInit
SymGetModuleInfoW
SymGetFileLineOffsets64
UnmapDebugInformation
SymGetTypeFromName
lmi
GetTimestampForLoadedLibrary
SymUnloadModule64

gdi32

Polygon
GetGlyphOutline
Arc
EnumFontsW
FixBrushOrgEx
GdiGetSpoolMessage
DdEntry37
GetCharWidth32W
GetCurrentPositionEx
EngTransparentBlt
GetEnhMetaFileA
EngStretchBltROP
DdEntry41
PATHOBJ_bEnumClipLines
AddFontResourceTracking
SetICMMode
GdiEntry2
EngDeleteSurface
GetGlyphOutlineW
EnumFontFamiliesExW
GetCharABCWidthsFloatW
DeleteObject
GetTextFaceA
CreateRectRgnIndirect
SelectClipRgn
ChoosePixelFormat
EnumFontFamiliesA
SetViewportOrgEx
EngAlphaBlend
SetDCPenColor
GdiConvertFont
CloseMetaFile
BeginPath
PolyPatBlt
GdiGetDC
CreateRoundRectRgn
SetPixel
CreateCompatibleBitmap
SetMapMode
GetBitmapDimensionEx
GetBoundsRect
GdiReleaseLocalDC
GdiDescribePixelFormat
ColorMatchToTarget
GetDCPenColor
PlayMetaFile
StrokePath
GdiConvertAndCheckDC
MirrorRgn
GdiSetLastError
EngDeleteClip
HT_Get8BPPMaskPalette
EngLoadModule
Ellipse
PtInRegion
AngleArc
GdiGetLocalBrush
DdEntry51
SetAbortProc
ExtCreateRegion
Rectangle
CreateRectRgn
GdiEntry8
GetDIBColorTable
StrokeAndFillPath

kernel32

EnumResourceTypesA
_lclose
FindFirstVolumeW
CancelDeviceWakeupRequest
GetVolumePathNamesForVolumeNameW
FindFirstFileA
EnumSystemLocalesA
GetSystemTime
IsBadCodePtr
GetVolumePathNameA
WaitForDebugEvent
CreateEventW
SetProcessPriorityBoost
QueryDepthSList
VirtualAlloc
FillConsoleOutputCharacterA
InitAtomTable
GetNumberOfConsoleInputEvents
VirtualUnlock
ShowConsoleCursor
CreateMailslotW
HeapAlloc
GetConsoleInputExeNameW
GetThreadTimes
SetConsoleCtrlHandler
SearchPathW
GetConsoleInputWaitHandle
WriteFile
FindActCtxSectionStringW
WaitForMultipleObjectsEx
ConvertDefaultLocale
FlushFileBuffers
WTSGetActiveConsoleSessionId
ChangeTimerQueueTimer
GetWindowsDirectoryW
SetLastError
WaitCommEvent
LoadLibraryA
GetDiskFreeSpaceExW
LZOpenFileW
Heap32ListFirst
OutputDebugStringA
CreateTapePartition
LocalHandle
BaseDumpAppcompatCache
EnumResourceNamesA
DebugBreak
NlsGetCacheUpdateCount
ReadConsoleOutputW
WaitNamedPipeA
GetGeoInfoW
DeleteFileW
GlobalUnlock
EnumCalendarInfoExW
GetLocaleInfoW
GetSystemWindowsDirectoryA
TerminateThread
ReadConsoleOutputCharacterW
Thread32First
CreatePipe
EnumerateLocalComputerNamesW
GetThreadContext
GetProcAddress
QueryActCtxW
GetFileSize
GetEnvironmentStringsW
SleepEx
UTUnRegister
GetACP
EnumerateLocalComputerNamesA
SetFilePointer
lstrcmpW
SetVolumeMountPointW

apphelp

SdbReadBYTETagRef
AllowPermLayer
SdbOpenApphelpInformation
ApphelpGetNTVDMInfo
SdbCreateMsiTransformFile
SdbReadQWORDTagRef
ApphelpFixMsiPackage
ShimFlushCache
SdbUnregisterDatabase
SdbGetTagFromTagID
SdbGetBinaryTagData
SdbOpenDatabase
SdbQueryData
SetPermLayers
SdbGrabMatchingInfoEx
SdbResolveDatabase
SdbFindNextTagRef
SdbReleaseDatabase
SdbCloseDatabase
SdbReadDWORDTag
ApphelpGetFileAttributes
GetPermLayers
SdbSetPermLayerKeys
SdbTagRefToTagID
SdbGrabMatchingInfo
SdbGetMsiPackageInformation
SdbFindFirstTag
SdbReadWORDTagRef
ApphelpCheckMsiPackage
SdbGetStandardDatabaseGUID
SdbReadStringTag
SdbFindFirstMsiPackage
SdbGetNextChild
SdbReadDWORDTagRef
SdbReadQWORDTag
SdbReadMsiTransformInfo
SdbReadBinaryTag
ShimDumpCache
SdbReadEntryInformation
SdbReadBYTETag
SdbGetDatabaseMatch
SdbTagToString
SdbGetPermLayerKeys
ApphelpCheckRunApp
SdbQueryDataEx

sqlunirl

_NDdeShareSetInfo_@24
_VkKeyScan_@4
_OpenFile_@12
_MapVirtualKey_@8
_GetFileVersionInfoSize_@8
_GlobalFindAtom_@4
_GetDiskFreeSpace_@20
_MoveFile@8
_GetFileVersionInfo_@16
_ResetDC_@8
_GetEnvironmentStrings_@4
_GetOpenFileName@4
_VkKeyScanEx_@8
_DefineDosDevice_@12
_GetFileSecurity_@20
_lstrcpy_@8
_GetClassInfo@12
_NDdeSetTrustedShare_@12
_SetMenuItemInfo_@16
_CreateWindowStation_@16
_ReadEventLog_@28
_LookupAccountSid_@28
_CopyMetaFile_@8
_CreateProcess_@40
_SHGetPathFromIDList_@8
_MapVirtualKeyEx_@12
_CharUpperBuff_@8
_StartDoc@8

msdart

?_FindRecord@CLKRLinearHashTable@@ABE?AW4LK_RETCODE@@PBXK@Z
?sm_llGlobalList@CLKRHashTable@@0VCLockedDoubleList@@A
?CheckTable@CLKRLinearHashTable@@QBEHXZ
?_EqualKeys@CLKRLinearHashTable@@ABE_NKK@Z
?IsWriteUnlocked@CSmallSpinLock@@QBE_NXZ
?IsReadUnlocked@CSpinLock@@QBE_NXZ
_DllMain@12
?IsWriteUnlocked@CReaderWriterLock2@@QBE_NXZ
?_TryLock@CSpinLock@@AAE_NXZ
?IsWriteLocked@CReaderWriterLock3@@QBE_NXZ
?Pop@CSingleList@@QAEQAVCSingleListEntry@@XZ
??1CCritSec@@QAE@XZ
?sm_llGlobalList@CLKRLinearHashTable@@0VCLockedDoubleList@@A
?_LockSpin@CSmallSpinLock@@AAEXXZ
FXMemAttach
MpHeapDestroy
?_WriteLockSpin@CReaderWriterLock@@AAEXXZ
?_LockSpin@CReaderWriterLock2@@AAEX_N@Z
?GetDefaultSpinAdjustmentFactor@CFakeLock@@SGNXZ
?NumSubTables@CLKRHashTable@@QBEHXZ
?IsWin98orLater@CMdVersionInfo@@SAHXZ
?ReadLock@CLKRLinearHashTable@@QBEXXZ
?IsReadLocked@CFakeLock@@QBE_NXZ
?_InsertThisIntoGlobalList@CLKRLinearHashTable@@AAEXXZ
?SetDefaultSpinCount@CReaderWriterLock@@SGXG@Z
?sm_dblDfltSpinAdjFctr@CReaderWriterLock3@@1NA
?_H1@CLKRLinearHashTable@@CGKKK@Z
?_InsertThisIntoGlobalList@CLKRHashTable@@AAEXXZ
?IsValid@CLKRHashTable@@QBE_NXZ
?RemoveTail@CDoubleList@@QAEQAVCListEntry@@XZ
?sm_wDefaultSpinCount@CReaderWriterLock2@@1GA

wininet

FtpCommandA
InternetGetCookieA
HttpAddRequestHeadersA
InternetAlgIdToStringW
FindFirstUrlCacheEntryExW
FindNextUrlCacheGroup
GetUrlCacheEntryInfoA
IsUrlCacheEntryExpiredW
IsHostInProxyBypassList
InternetGoOnlineW
InternetOpenA
FindNextUrlCacheContainerA
InternetReadFileExA
InternetClearAllPerSiteCookieDecisions
RetrieveUrlCacheEntryFileW
InternetInitializeAutoProxyDll
InternetGetPerSiteCookieDecisionW
InternetDialW
CreateUrlCacheContainerA
HttpSendRequestExW
InternetConnectA
InternetGetConnectedStateExW
RunOnceUrlCache
InternetFindNextFileA
InternetSecurityProtocolToStringA
ParseX509EncodedCertificateForListBoxEntry
RetrieveUrlCacheEntryStreamA
InternetConfirmZoneCrossingA
InternetGetCookieW
InternetCheckConnectionW
DeleteUrlCacheEntryW
ForceNexusLookup
InternetSetCookieA
DeleteUrlCacheContainerW
InternetQueryOptionW
SetUrlCacheGroupAttributeW

mmcbase

?s_hInst@SC@mmcerror@@0PAUHINSTANCE__@@A
?GetHinst@SC@mmcerror@@SGPAUHINSTANCE__@@XZ
??0?$CEventLock@UAppEvents@@@@QAE@XZ
?MMCErrorBox@@YGHIVSC@mmcerror@@I@Z
??_FSC@mmcerror@@QAEXXZ
?IsLocked@CEventBuffer@@QAE_NXZ
?MMCErrorBox@@YGHVSC@mmcerror@@I@Z
??9SC@mmcerror@@QBE_NABV01@@Z
?LastRefReleased@CMMCStrongReferences@@SG_NXZ
??0CEventBuffer@@QAE@XZ
?GetComObjectEventSource@@YGAAV?$CEventSource@VCComObjectObserver@@VCVoid@@V2@V2@V2@@@XZ
?SCODEFromSc@@YGJABVSC@mmcerror@@@Z
?FatalError@SC@mmcerror@@QBEXXZ
?MMCErrorBox@@YGHII@Z
?SetHWnd@SC@mmcerror@@SGXPAUHWND__@@@Z
?Throw@SC@mmcerror@@QAEXJ@Z
?MMCErrorBox@@YGHPBGVSC@mmcerror@@I@Z
??1CEventBuffer@@QAE@XZ
??4SC@mmcerror@@QAEAAV01@J@Z
?GetHWnd@SC@mmcerror@@SGPAUHWND__@@XZ
?MakeSc@SC@mmcerror@@AAEXW4facility_type@12@J@Z
?ScEmitOrPostpone@CEventBuffer@@QAE?AVSC@mmcerror@@PAUIDispatch@@JPAVCComVariant@ATL@@H@Z
?ScFromMMC@@YG?AVSC@mmcerror@@J@Z
?GetSingletonObject@CMMCStrongReferences@@CGAAV1@XZ
?FormatErrorIds@@YGXIVSC@mmcerror@@IPAG@Z
?Clear@SC@mmcerror@@QAEXXZ
?IsError@SC@mmcerror@@QBE_NXZ

cfgmgr32

CM_Connect_MachineA
CM_Get_DevNode_Registry_Property_ExW
CM_Remove_SubTree_Ex
CM_Set_Class_Registry_PropertyW
CM_Reenumerate_DevNode_Ex
CM_Open_Class_KeyW
CM_Enumerate_EnumeratorsA
CM_Get_Res_Des_Data_Size_Ex
CM_Get_DevNode_Registry_PropertyW
CM_Get_Device_Interface_List_Size_ExA
CM_Get_First_Log_Conf_Ex
CM_Get_Device_ID_ExW
CM_Register_Device_Interface_ExW
CM_Register_Device_Driver
CM_Free_Log_Conf_Ex
CM_Locate_DevNodeW
CM_Enumerate_Enumerators_ExA
CM_Get_DevNode_Status
CM_First_Range
CM_Uninstall_DevNode_Ex
CM_Add_ID_ExW
CM_Create_Range_List
CM_Disable_DevNode
CM_Get_Child
CM_Set_HW_Prof_Flags_ExA
CM_Detect_Resource_Conflict
CM_Get_Resource_Conflict_Count
CM_Get_Next_Log_Conf
CM_Free_Log_Conf
CM_Query_Resource_Conflict_List
CM_Get_Class_NameW
CM_Get_Device_Interface_Alias_ExW
CM_Get_HW_Prof_Flags_ExA
CM_Set_DevNode_Problem_Ex
CM_Get_HW_Prof_FlagsA
CM_Set_HW_Prof_FlagsW
CM_Enumerate_Enumerators_ExW
CM_Modify_Res_Des

mmcshext

DllGetClassObject

dmscript

DllGetClassObject

Sections

.text
Size: 339KB - Virtual size: 339KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 185KB - Virtual size: 185KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 346KB - Virtual size: 1.8MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 1024B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

d1e2db50f6fa1c0ff50fa2c21e1279b8

Headers

DLL Characteristics

File Characteristics

Imports

comsvcs

dbghelp

gdi32

kernel32

apphelp

sqlunirl

msdart

wininet

mmcbase

cfgmgr32

mmcshext

dmscript

Sections

.text Size: 339KB - Virtual size: 339KB

.rdata Size: 185KB - Virtual size: 185KB

.data Size: 346KB - Virtual size: 1.8MB

.rsrc Size: 4KB - Virtual size: 4KB

.reloc Size: 1024B - Virtual size: 1024B

.text
Size: 339KB - Virtual size: 339KB

.rdata
Size: 185KB - Virtual size: 185KB

.data
Size: 346KB - Virtual size: 1.8MB

.rsrc
Size: 4KB - Virtual size: 4KB

.reloc
Size: 1024B - Virtual size: 1024B