3e2417cab62efdfb00947b0fbfeb22c6

Sharing

Copy URL Twitter E-mail

General

Target

3e2417cab62efdfb00947b0fbfeb22c6
Size

127KB
MD5

3e2417cab62efdfb00947b0fbfeb22c6
SHA1

907df8773229de69ac9468325429fd94795c8883
SHA256

02795bd2e4e37b1c80c6ceb213c1880408ff3ddb3cae169c87bba0b9e5afc8a2
SHA512

ce73e1cabb588098ceb12faaf3ae1452a050ce2bdf85f5bd246383b3037784cd9db89c1d7591b9d5c0aae56fd29677ce9ae6c2cc527666c25247e265aa24132e
SSDEEP

3072:jYdZ+JTLTA5dn5QLpj0Mj3wYsU/DR56J7s:7M5QyMjZNOY

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
3e2417cab62efdfb00947b0fbfeb22c6

Files

3e2417cab62efdfb00947b0fbfeb22c6
.exe windows:5 windows x86 arch:x86

61383f5afd40a53d73f47d0e68c6424e

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

sqlunirl

_EnumDesktops_@12
_CommDlg_OpenSave_GetFilePath@12
_CompareString_@24
_DlgDirSelectComboBoxEx_@16
_SetEnvironmentVariable_@8
_GetUnicodeRedirectionLayer@0
_GetCharWidth_@16
_wvsprintf_@12
_GetCharacterPlacement_@24
_SetComputerName_@4
newWideCharFromMultiByte
_GetPrivateProfileSectionNames_@12
_LookupPrivilegeName_@16
_CharUpperBuff_@8
_RegQueryValue_@16
_StartDoc@8
_GetOpenFileName@4
_LoadCursorFromFile_@4
_GetServiceKeyName_@16
_IsCharLower_@4
_GetServiceDisplayName_@16
_OutputDebugString_@4
_NDdeTrustedShareEnum_@24
_FatalAppExit_@8
_GetPrivateProfileSection_@16
_GetKeyNameText_@12
_OemToChar_@8
_DefWindowProc@16
_ReadEventLog_@28
_SHGetFileInfo_@20
_LoadAccelerators_@8
_CreateWindowStation_@16
_OpenFileMapping_@12
_OemToCharBuff_@12
_GetVolumeInformation_@32
_SendMessage@16
_RegisterClass_@4
_EnumResourceNames_@16
_CharUpper@4
_GetNamedPipeHandleState_@28
_GetPrivateProfileStruct_@20
_GetShortPathName_@12
_GetProfileString_@20
_GetWindowsDirectory_@8

ifsutil

?GetData@TLINK@@QAEAAVBIG_INT@@G@Z
?Initialize@SUPERAREA@@IAEEPAVMEM@@PAVLOG_IO_DP_DRIVE@@KPAVMESSAGE@@@Z
?GetMessageW@IO_DP_DRIVE@@QAEPAVMESSAGE@@XZ
?IsThisNtfs@IFS_SYSTEM@@SGEVBIG_INT@@KPAX@Z
??1CANNED_SECURITY@@UAE@XZ
?CloseDriveHandle@DP_DRIVE@@QAEXXZ
?SetAutochkTimeOut@VOL_LIODPDRV@@SGEK@Z
?GetMessageW@SUPERAREA@@QAEPAVMESSAGE@@XZ
?Read@IO_DP_DRIVE@@QAEEVBIG_INT@@KPAX@Z
?Verify@IO_DP_DRIVE@@QAEEVBIG_INT@@0@Z
?SetSystemId@LOG_IO_DP_DRIVE@@QAEEE@Z
??0MOUNT_POINT_MAP@@QAE@XZ
?GetAt@MOUNT_POINT_MAP@@QAEEKPAVWSTRING@@0@Z
?QueryChildren@DIGRAPH@@QBEEKPAVNUMBER_SET@@@Z
?QueryContainingRange@NUMBER_SET@@QBEEVBIG_INT@@PAV2@1@Z
?QueryParents@DIGRAPH@@QBEEKPAVNUMBER_SET@@@Z
?WriteToFile@IFS_SYSTEM@@SGEPBVWSTRING@@PAXKE@Z
?AddEntry@AUTOREG@@SGEPBVWSTRING@@@Z
?QueryNtfsSupportInfo@DP_DRIVE@@SGJPAXPAE@Z
?QueryVolumeName@MOUNT_POINT_MAP@@QAEEPAVWSTRING@@0@Z
?QueryCanonicalNtDriveName@IFS_SYSTEM@@SGEPBVWSTRING@@PAV2@@Z
?Initialize@VOL_LIODPDRV@@IAEEPBVWSTRING@@0PAVSUPERAREA@@PAVMESSAGE@@E@Z
?QueryFreeDiskSpace@IFS_SYSTEM@@SGEPBVWSTRING@@PAVBIG_INT@@@Z
?IsATformat@DP_DRIVE@@QBEEXZ
?GetData@TLINK@@QAEAAVBIG_INT@@PAX@Z
??1DIGRAPH@@UAE@XZ
?IsFileSystemEnabled@IFS_SYSTEM@@SGEPBVWSTRING@@PAE@Z
?QueryParentsWithChildren@DIGRAPH@@QBEEPAVNUMBER_SET@@K@Z
?Initialize@READ_WRITE_CACHE@@QAEEPAVIO_DP_DRIVE@@K@Z
??0LOG_IO_DP_DRIVE@@QAE@XZ

scrobj

DllRegisterServerExA
DllInstall
DllUnregisterServer
GenerateTypeLibW
GenerateTypeLib
DllRegisterServerEx
DllRegisterServer
DllUnregisterServerEx
DllRegisterServerExW
DllGetClassObject

kernel32

Process32Next
DeleteCriticalSection
CreateSocketHandle
FindVolumeClose
FindNextVolumeMountPointW
ChangeTimerQueueTimer
HeapValidate
GetLocalTime
RegisterConsoleIME
CreateMutexW
GlobalLock
CreateDirectoryExA
FindClose
InitializeCriticalSectionAndSpinCount
GlobalFix
LeaveCriticalSection
GetUserGeoID
SetConsoleIcon
SetThreadPriority
AddConsoleAliasA
SetConsoleCursorMode
LCMapStringW
MultiByteToWideChar
GetCurrencyFormatW
AttachConsole
SetProcessShutdownParameters
CloseConsoleHandle
TerminateJobObject
LoadLibraryExW
Heap32First
SetHandleCount
Module32NextW
EnterCriticalSection
SetLastError
GetNumaProcessorNode
VirtualAlloc
GetProcessTimes
lstrcmpW
TlsGetValue
LocalAlloc
SetConsoleCursorInfo
lstrcmpi
SetThreadAffinityMask
GetModuleHandleExW
LoadLibraryA

clusapi

RemoveClusterResourceNode
ClusterEnum
GetClusterQuorumResource
OnlineClusterResource
ClusterGroupOpenEnum
CloseCluster
GetClusterNetInterfaceState
GetNodeClusterState
CreateClusterGroup
ClusterNetworkGetEnumCount
GetClusterNetInterface
SetClusterNetworkName
ClusterRegSetValue
ClusterRegOpenKey
ClusterResourceControl
SetClusterResourceName
GetClusterNetworkKey
ClusterControl
DeleteClusterGroup
AddClusterResourceDependency
ClusterResourceEnum
ClusterRegDeleteValue
ClusterNetworkEnum
ClusterRegEnumValue
ClusterNodeControl
ClusterResourceGetEnumCount
ClusterRegDeleteKey
GetClusterResourceKey
OpenClusterNetInterface

msvcrt40

??0fstream@@QAE@H@Z
??_7ostrstream@@6B@
??4iostream@@IAEAAV0@AAV0@@Z
_inp
??_7strstream@@6B@
??9type_info@@QBEHABV0@@Z
??6ostream@@QAEAAV0@J@Z
cosh
_mbsnbicoll
??1stdiostream@@UAE@XZ
?sh_read@filebuf@@2HB
??_7filebuf@@6B@
_assert
_wfindfirst
strspn
??0strstreambuf@@QAE@H@Z
wcscmp
??4istream@@IAEAAV0@ABV0@@Z
_wstati64
isupper
malloc
pow
_fmode
?underflow@stdiobuf@@UAEHXZ
_chsize
__p__daylight
?write@ostream@@QAEAAV1@PBEH@Z
__p___argc
ferror
_wexecl
_getmaxstdio
_ismbbtrail
_j1
atan2
??4streambuf@@QAEAAV0@ABV0@@Z
?put@ostream@@QAEAAV1@C@Z
_chdir
wcsncmp
??0iostream@@IAE@XZ
_set_error_mode
iswdigit
calloc
??_Eexception@@UAEPAXI@Z
getchar
?bitalloc@ios@@SAJXZ
wcstol
vprintf
_getdcwd
??_Eofstream@@UAEPAXI@Z
_osver
_tell
_rmdir
fgetws
?sync_with_stdio@ios@@SAXXZ
atof
??_Eios@@UAEPAXI@Z
?get@istream@@QAEAAV1@AAE@Z
wcslen
?attach@filebuf@@QAEPAV1@H@Z
_heapchk
??0strstreambuf@@QAE@XZ
_heapmin
?lockptr@streambuf@@IAEPAU_CRT_CRITICAL_SECTION@@XZ
_mbsnbcat
??Bios@@QBEPAXXZ
_global_unwind2
_mbsnextc
??4stdiostream@@QAEAAV0@AAV0@@Z
??_8iostream@@7Bistream@@@
putchar
_strtime
_mbsnbcnt
?_set_new_mode@@YAHH@Z
_strerror
_wchmod
??6ostream@@QAEAAV0@P6AAAV0@AAV0@@Z@Z
_mbsinc
_wcsicoll
_wstrdate
isgraph
atexit

oleaut32

BSTR_UserFree
VarParseNumFromStr
VarBoolFromDate
VarDateFromI4
VarWeekdayName
VarBstrCmp
VarDateFromStr
UnRegisterTypeLib
OleLoadPictureFile
VarDecFromUI2
VarBstrFromUI4
VarI2FromUI8
VarCyFromUI1
VarUI4FromUI2
VarBoolFromDec
VarI2FromUI1
VarDateFromUI8
LPSAFEARRAY_UserSize
SysStringByteLen
SafeArrayCopyData
VarR8FromDec
VarUI4FromI4
VarUI2FromUI8
VarI4FromDisp
VarI8FromI1
VarUI8FromUI4
OleLoadPictureEx
VarI1FromUI2
SafeArrayGetIID
VarUI4FromUI8

msi

MsiDatabaseMergeA
MsiSetInternalUI
MsiViewExecute
MsiGetShortcutTargetW
MsiLocateComponentW
Migrate10CachedPackagesA
MsiGetSourcePathW
MsiEvaluateConditionA
MsiSetComponentStateA
MsiDatabaseGetPrimaryKeysW
DllGetVersion
MsiSourceListClearAllW
MsiLoadStringW
MsiFormatRecordA
MsiDatabaseGenerateTransformW
MsiSourceListAddSourceA
MsiGetProductCodeW
MsiDeleteUserDataW
MsiViewGetErrorW
MsiUseFeatureA
MsiDatabaseCommit
MsiSetInstallLevel
MsiDatabaseApplyTransformW
MsiPreviewDialogA
MsiDecomposeDescriptorA
MsiOpenPackageA
MsiEnumComponentQualifiersW
MsiVerifyPackageA
MsiGetFileSignatureInformationA
MsiProcessMessage
MsiVerifyDiskSpace
MsiGetComponentPathA
MsiQueryFeatureStateFromDescriptorW
MsiDatabaseIsTablePersistentW
MsiFormatRecordW
MsiApplyPatchA
MsiGetProductCodeA
MsiProvideComponentFromDescriptorW
MsiGetFileHashW
MsiSetFeatureAttributesA

user32

CtxInitUser32
GetWindowModuleFileNameW
MB_GetString
ShowScrollBar
IsCharAlphaA
GetKeyNameTextW
GetDesktopWindow
TranslateMessage
RegisterClassW
PackDDElParam
UserLpkTabbedTextOut
EndMenu
ScrollWindowEx
InsertMenuA
ValidateRgn
InvalidateRgn
GetKBCodePage
DdeNameService
CopyAcceleratorTableW
DdeImpersonateClient
PaintMenuBar
ModifyMenuA
CalcMenuBar
DefMDIChildProcW
DdeClientTransaction
SetDeskWallpaper
DdeQueryNextServer
DragObject
ShowOwnedPopups
WINNLSGetEnableStatus
DefWindowProcW
IsCharAlphaNumericW
RegisterMessagePumpHook
GetTitleBarInfo
AdjustWindowRectEx
SetClassLongA
EnumDisplaySettingsA
LockSetForegroundWindow
CloseWindowStation
PtInRect

Sections

.text
Size: 74KB - Virtual size: 73KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 20KB - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 33KB - Virtual size: 194KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 944B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

61383f5afd40a53d73f47d0e68c6424e

Headers

DLL Characteristics

File Characteristics

Imports

sqlunirl

ifsutil

scrobj

kernel32

clusapi

msvcrt40

oleaut32

msi

user32

Sections

.text Size: 74KB - Virtual size: 73KB

.rdata Size: 20KB - Virtual size: 20KB

.data Size: 33KB - Virtual size: 194KB

.rsrc Size: 3KB - Virtual size: 3KB

.reloc Size: 1024B - Virtual size: 944B

.text
Size: 74KB - Virtual size: 73KB

.rdata
Size: 20KB - Virtual size: 20KB

.data
Size: 33KB - Virtual size: 194KB

.rsrc
Size: 3KB - Virtual size: 3KB

.reloc
Size: 1024B - Virtual size: 944B