2a5a9218a5705f92fbdf0cc90ed5cfc3

Sharing

Copy URL Twitter E-mail

General

Target

2a5a9218a5705f92fbdf0cc90ed5cfc3
Size

869KB
MD5

2a5a9218a5705f92fbdf0cc90ed5cfc3
SHA1

1f18c2636257cb69a95500f6a08441e3e77755fc
SHA256

a1cd731797b642a28851309f4c2cee0a8d9ad92f2a88ffdc10feae18ef8a5e7b
SHA512

a03b74b4ae59e47781e2ea89d024618e71521940309e49473c10d38a8987e8245bc881f0d5456ed52055d2441c0259aa07e69cdb421d53702e66f1694b9973bd
SSDEEP

24576:46gWqaJdTCNqUpLVqbSYS8nocZFSCvQMS0u:duJpLknocr74

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2a5a9218a5705f92fbdf0cc90ed5cfc3

Files

2a5a9218a5705f92fbdf0cc90ed5cfc3
.exe windows:5 windows x86 arch:x86

b2682d420fe04785ef89e74cd1e260eb

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

mapistub

FtDivFtBogus@20
ScGenerateMuid@4
BMAPIGetReadMail
GetTnefStreamCodepage@12
HrValidateIPMSubtree@20
ScCountNotifications@12
HrSetOmiProvidersFlagsInvalid
BMAPIResolveName
HrDecomposeMsgID@24
MAPIFreeBuffer@4
WrapProgress@20
MAPIAllocateBuffer@8
CreateTable@36
MAPIUninitialize
FGetComponentPath
UlFromSzHex@4
FDecodeID@12
IsBadBoundedStringPtr@8
BMAPISendMail
OpenIMsgSession@12
FtSubFt@16
cmc_list
UNKOBJ_Free@8
MAPIInitialize
HrComposeMsgID@24
HrThisThreadAdviseSink@8
ScCopyNotifications@16
BMAPIDetails
InstallFilterHook@4
HrComposeEID@28
MAPIOpenFormMgr@8
HrSetOmiProvidersFlagsInvalid@4
MAPIAdminProfiles@8
PpropFindProp@12
MAPIAllocateBuffer
HrDecomposeEID@28
MNLS_CompareStringW@24
OpenTnefStreamEx@32
LPropCompareProp@8
MNLS_lstrlenW@4
BuildDisplayTable@40

msvcirt

??5istream@@QAEAAV0@AAM@Z
?fLockcInit@ios@@0HA
??_Eiostream@@UAEPAXI@Z
??4Iostream_init@@QAEAAV0@ABV0@@Z
?seekoff@strstreambuf@@UAEJJW4seek_dir@ios@@H@Z
??0ostream@@IAE@XZ
?open@fstream@@QAEXPBDHH@Z
??_Eifstream@@UAEPAXI@Z
??_Estdiobuf@@UAEPAXI@Z
??_7strstream@@6B@
?overflow@strstreambuf@@UAEHH@Z
?getline@istream@@QAEAAV1@PAEHD@Z
??_Giostream@@UAEPAXI@Z
??1filebuf@@UAE@XZ
??_7stdiostream@@6B@
?eback@streambuf@@IBEPADXZ
??_Glogic_error@@UAEPAXI@Z
?pcount@strstream@@QBEHXZ
??_Eistream@@UAEPAXI@Z
??_Dstdiostream@@QAEXXZ
??4ostream_withassign@@QAEAAVostream@@PAVstreambuf@@@Z
??0ofstream@@QAE@HPADH@Z
?setmode@fstream@@QAEHH@Z
?setmode@ofstream@@QAEHH@Z
?setp@streambuf@@IAEXPAD0@Z
?fill@ios@@QBEDXZ
?read@istream@@QAEAAV1@PADH@Z
?ebuf@streambuf@@IBEPADXZ
??_8strstream@@7Bistream@@@

resutils

ResUtilFindMultiSzProperty
ClusWorkerTerminate
ResUtilStopService
ResUtilSetResourceServiceStartParameters
ResUtilSetExpandSzValue
ResUtilSetSzValue
ResUtilFindDependentDiskResourceDriveLetter
ResUtilSetPropertyTableEx
ResUtilFindExpandSzProperty
ResUtilExpandEnvironmentStrings
ResUtilGetCoreClusterResources
ResUtilFindExpandedSzProperty
ResUtilGetPropertyFormats
ResUtilTerminateServiceProcessFromResDll
ResUtilGetBinaryValue
ResUtilGetResourceDependencyByName
ResUtilEnumPrivateProperties
ResUtilVerifyPrivatePropertyList
ResUtilAddUnknownProperties
ResUtilGetResourceDependencyByClass
ResUtilFreeParameterBlock
ResUtilFindSzProperty
ResUtilGetDwordProperty
ResUtilFindDwordProperty
ResUtilGetResourceNameDependency
ResUtilGetPrivateProperties
ClusWorkerCreate
ResUtilSetResourceServiceEnvironment
ResUtilStartResourceService
ResUtilGetBinaryProperty

sqlsrv32

SQLTablesW
SQLSetScrollOptions
SQLSetConnectOptionW
BCP_writefmt
BCP_colfmt
SQLAllocHandle
BCP_done
SQLNativeSqlW
LibMain
WizLanguageDlgProc
SQLBulkOperations
BCP_bind
SQLSetDescFieldW
SQLProceduresW
SQLSetCursorNameW
SQLDescribeColW
WizDSNDlgProc
SQLProcedureColumnsW
SQLBrowseConnectW
SQLDebug
SQLFreeHandle
SQLPrimaryKeysW
SQLGetDescFieldW
BCP_collen
ConnectDlgProc
SQLSetEnvAttr

msasn1

ASN1CEREncEndBlk
ASN1octetstring_free
ASN1_CreateModule
ASN1BEREncLength
ASN1intx_add
ASN1_CloseModule
ASN1CEREncChar32String
ASN1BEREncFlush
ASN1BEREncUTF8String
ASN1charstring_free
ASN1BEREncCheck
ASN1BEREncMultibyteString
ASN1char32string_free
ASN1objectidentifier_cmp
ASN1BERDecChar32String
ASN1intx_sub
ASN1_FreeEncoded
ASN1_CloseDecoder
ASN1BERDecPeekTag
ASN1BERDecZeroChar32String
ASN1bitstring_cmp
ASN1BERDecZeroChar16String
ASN1BERDecCheck
ASN1BERDecU8Val
ASN1BERDecLength
ASN1CEREncBitString
ASN1BERDecS16Val
ASN1intx_setuint32
ASN1BEREncS32
ASN1objectidentifier2_cmp
ASN1uint32_uoctets
ASN1CEREncOctetString
ASN1intx2uint32
ASN1BERDecDouble
ASN1ztchar16string_free
ASN1BERDecS8Val
ASN1DecAlloc
ASN1BEREoid_free
ASN1BERDecBitString2
ASN1intx2int32

winsta

ServerLicensingGetPolicy
WinStationWaitSystemEvent
WinStationQueryInformationA
WinStationConnectW
WinStationSendMessageA
ServerQueryInetConnectorInformationA
WinStationShadowStop
WinStationSendWindowMessage
_WinStationAnnoyancePopup
WinStationNameFromLogonIdA
WinStationConnectCallback
ServerLicensingLoadPolicy
WinStationGetLanAdapterNameW
WinStationActivateLicense
WinStationFreeMemory
WinStationEnumerateLicenses
ServerLicensingUnloadPolicy
LogonIdFromWinStationNameA
WinStationInstallLicense
WinStationOpenServerW
WinStationVirtualOpen
_WinStationNotifyLogoff
WinStationQueryInformationW
_WinStationUpdateClientCachedCredentials
_WinStationFUSCanRemoteUserDisconnect
WinStationNtsdDebug
ServerLicensingFreePolicyInformation
WinStationCheckLoopBack
WinStationGenerateLicense
_WinStationCallback
WinStationIsHelpAssistantSession
WinStationRenameA
WinStationUnRegisterConsoleNotification
WinStationGetAllProcesses
_WinStationNotifyDisconnectPipe
ServerLicensingDeactivateCurrentPolicy
_WinStationCheckForApplicationName
_WinStationGetApplicationInfo

kernel32

GetACP
GetSystemWindowsDirectoryW
SystemTimeToFileTime
MultiByteToWideChar
DefineDosDeviceA
SetConsoleOS2OemFormat
GetGeoInfoW
GetProfileStringA
GetVersion
OutputDebugStringA
GetVolumePathNamesForVolumeNameA
EscapeCommFunction
GetComputerNameA
CreateNamedPipeW
EnumResourceTypesA
FindFirstChangeNotificationW
AddAtomA
LocalSize
MapUserPhysicalPagesScatter
CreateJobObjectW
SetDefaultCommConfigA
GetEnvironmentStringsW
DosPathToSessionPathA
SetConsoleKeyShortcuts
ExitProcess
TlsAlloc
LocalFileTimeToFileTime
GetStringTypeExW
FillConsoleOutputCharacterA
GetVolumePathNamesForVolumeNameW
GetOEMCP
FindActCtxSectionGuid
SetFileAttributesW
LZStart
DeleteFileA
HeapCreate
UTRegister
GetSystemDirectoryA
HeapAlloc
VirtualAlloc
GetCurrentProcessId
CallNamedPipeA
CopyLZFile
WriteFileEx
BuildCommDCBA
GetConsoleAliasesLengthA
ReadConsoleOutputCharacterA
VDMOperationStarted
GetSystemTimeAsFileTime
LoadLibraryA
LockFile
EnumerateLocalComputerNamesA
ChangeTimerQueueTimer
GetConsoleInputWaitHandle
WaitForMultipleObjectsEx
FreeLibrary
OpenProfileUserMapping
ReadConsoleInputW
SetProcessPriorityBoost
GetThreadSelectorEntry
GlobalMemoryStatusEx

msctf

TF_CreateLangBarItemMgr
TF_InitSystem
TF_GetGlobalCompartment
TF_InvalidAssemblyListCacheIfExist
TF_PostAllThreadMsg
TF_CreateCicLoadMutex
TF_RunInputCPL
TF_GetThreadMgr
TF_CreateLangBarMgr
TF_UninitSystem
TF_IsCtfmonRunning
TF_CreateCategoryMgr
TF_CreateDisplayAttributeMgr
TF_CreateThreadMgr
DllGetClassObject
TF_CreateInputProcessorProfiles
TF_GetThreadFlags

query

??0CImpersonationTokenCache@@QAE@PBG@Z
?ChangeCurrentMachine@CCatState@@QAEXPBG@Z
?NameToReal@CPidRemapper@@QAEKPBVCFullPropSpec@@@Z
?GetNumber@CQueryScanner@@QAEHAAKAAH@Z
??0CCategorizationSet@@QAE@ABV0@@Z
?SkipChar@CMemDeSerStream@@UAEXK@Z
?GetFileSystem@CDriveInfo@@QAE?AW4eFileSystem@1@H@Z
?PutValue@CValueNormalizer@@QAEXKAAKABVCStorageVariant@@@Z
?Shutdown@CPropStoreManager@@QAEXXZ
DllGetClassObject
?AddSortColumn@CDbSortNode@@QAEHABUtagDBID@@HK@Z
?Copy@CDbParameter@@QAEHABUtagDBPARAMETER@@@Z
?FormQueryTree@@YGPAVCDbCmdTreeNode@@AAV1@AAVCCatState@@PAUIColumnMapper@@HH@Z
??0CNodeRestriction@@QAE@KI@Z
?PutWString@@YGXAAVPSerStream@@PBG@Z
?GetGlobalPropListFile@@YGPAVCPropListFile@@XZ
?Clone@CDbCmdTreeNode@@QBEPAV1@H@Z
?SetRestriction@CDbSelectNode@@QAEHPAVCDbCmdTreeNode@@@Z
?Release@CEmptyPropertyList@@UAGKXZ
??0CDbSortSet@@QAE@I@Z
??1?$XPtr@VCDbProjectListAnchor@@@@QAE@XZ
?Reopen@CPhysStorage@@QAEXH@Z
?ciNew@@YGPAXI@Z
?IsCIPaused@CMachineAdmin@@QAEHXZ
?SaComputeSize@@YGKGAAUtagSAFEARRAY@@@Z
?SetI4@CStorageVariant@@QAEXJI@Z
??0CDbColId@@QAE@ABV0@@Z
?Next@CStaticPropertyList@@UAEPBVCPropEntry@@XZ
?SkipLong@CMemDeSerStream@@UAEXXZ
?IsValid@CNodeRestriction@@QBEHXZ
?SkipULong@CMemDeSerStream@@UAEXXZ
?AddError@CEventItem@@QAEXK@Z
?SetSZParam@CMachineAdmin@@QAEXPBG0K@Z
?GetVPathAuthorization@CMetaDataMgr@@QAEKPBG@Z
FsCiShutdown
?AddToWorkList@CWorkManager@@QAEXPAVCFwAsyncWorkItem@@@Z
?SkipFloat@CMemDeSerStream@@UAEXXZ
?SkipDouble@CMemDeSerStream@@UAEXXZ
?SetI2@CStorageVariant@@QAEXFI@Z
??0CRangeKeyRepository@@QAE@XZ
?AcceptWord@CQueryScanner@@QAEXXZ
?RemoveCatalogFiles@CMachineAdmin@@QAEXPBG@Z

user32

GetMenuState
HideCaret
GetMenuCheckMarkDimensions
DeregisterShellHookWindow
SetCursorPos
RegisterClassA
GetDlgCtrlID
RealGetWindowClassA
SetParent
UnregisterMessagePumpHook
GetCaretPos
CharUpperBuffW
CreateMDIWindowW
GetTabbedTextExtentW
RegisterClassExW
UpdatePerUserSystemParameters
CreateDialogIndirectParamAorW
GetSystemMetrics
SetClipboardViewer
AnimateWindow
GetMenuContextHelpId
DdeQueryNextServer
OffsetRect
GetTopWindow
GetRegisteredRawInputDevices
GetScrollBarInfo

Sections

.text
Size: 383KB - Virtual size: 383KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 200KB - Virtual size: 200KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 280KB - Virtual size: 1.7MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 1024B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

b2682d420fe04785ef89e74cd1e260eb

Headers

DLL Characteristics

File Characteristics

Imports

mapistub

msvcirt

resutils

sqlsrv32

msasn1

winsta

kernel32

msctf

query

user32

Sections

.text Size: 383KB - Virtual size: 383KB

.rdata Size: 200KB - Virtual size: 200KB

.data Size: 280KB - Virtual size: 1.7MB

.rsrc Size: 3KB - Virtual size: 3KB

.reloc Size: 1024B - Virtual size: 1024B

.text
Size: 383KB - Virtual size: 383KB

.rdata
Size: 200KB - Virtual size: 200KB

.data
Size: 280KB - Virtual size: 1.7MB

.rsrc
Size: 3KB - Virtual size: 3KB

.reloc
Size: 1024B - Virtual size: 1024B