3d5dc46a097ff0a61201c89ebce21060

Sharing

Copy URL

Twitter E-mail

General

Target

3d5dc46a097ff0a61201c89ebce21060
Size

42KB
MD5

3d5dc46a097ff0a61201c89ebce21060
SHA1

a464ed75d311408a7f49bdc452ffd8f77d887a1a
SHA256

6ad29f0582962c601fed6b8f0284a8c5557d97284fe5510a8bfc5df6fb4c7718
SHA512

446d41995b594ff08de0c7bd01cb6842c8371ce9936749a36905a1924dced1377857dfa25b6ebb4064b8de6399461bcbfa20536f0c701c49f34c65873e00c553
SSDEEP

768:tPIUvg6jPxHR61A6s7F09reqQb9fqLgJjipz/:fvg+PDTn504LGtz

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
3d5dc46a097ff0a61201c89ebce21060

Files

3d5dc46a097ff0a61201c89ebce21060
.exe windows:5 windows x86 arch:x86

27b4f00bf96d345550308e590c0c4285

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

msvcrt

islower
_Gettnames
_pipe
_safe_fprem1
_putwch
__getmainargs
_CIsinh
_ismbstrail
_wcstoi64
__p__commode
_CIpow
__set_app_type
__crtLCMapStringA
??_Gbad_cast@@UAEPAXI@Z
_mbscspn
_set_SSE2_enable
_wspawnlp
_pctype
__p__wcmdln
_fullpath
__crtGetLocaleInfoW
_CIfmod
??0__non_rtti_object@@QAE@PBD@Z
__DestructExceptionObject
exit
_searchenv
_flushall
_mbsnextc
srand
_putws
sscanf
__p__tzname
towupper
__CxxFrameHandler

kernel32

UpdateResourceA
LocalSize
GetOEMCP
_lclose
GetTickCount
GetNativeSystemInfo
GetUserDefaultLCID
AddVectoredExceptionHandler
LZCopy
GetSystemInfo
CreateActCtxA
SetThreadPriority
VirtualProtectEx
SearchPathA
SetCurrentDirectoryW
GetShortPathNameW
GetVolumePathNameA
LoadLibraryA
MoveFileExA
CreateActCtxW
AddAtomW
SetConsoleDisplayMode
OpenJobObjectA
GetNumberOfConsoleInputEvents
DebugBreakProcess
GetVolumeNameForVolumeMountPointA
SetConsoleKeyShortcuts
GlobalUnfix
GetLocaleInfoW
WritePrivateProfileSectionA
GetVersionExA
GetCPInfo

mprapi

MprDomainQueryRasServer
MprInfoBlockFind
MprAdminUserServerConnect
MprAdminUserServerDisconnect
MprAdminBufferFree
MprAdminRegisterConnectionNotification
MprConfigTransportSetInfo
MprConfigServerRestore
MprDomainRegisterRasServer
MprConfigInterfaceTransportRemove
MprConfigGetGuidName
MprAdminInterfaceEnum
MprInfoDuplicate
MprConfigInterfaceDelete
MprAdminUpgradeUsers
MprAdminPortClearStats
MprAdminMIBServerDisconnect
MprAdminUserRead
MprConfigBufferFree
MprConfigServerBackup
MprAdminInterfaceCreate
MprAdminInterfaceGetHandle
MprConfigServerDisconnect
MprAdminServerDisconnect
MprAdminUserClose
MprInfoBlockRemove
MprAdminMIBEntryGet
MprConfigTransportGetHandle
MprPortSetUsage
MprAdminServerSetCredentials
CompressPhoneNumber
MprConfigTransportEnum
MprAdminInterfaceSetCredentials
MprInfoRemoveAll
MprAdminInterfaceTransportAdd

mfcsubs

?Lookup@CMapStringToPtr@@QBEHPBGAAPAX@Z
??M@YG_NABVCString@@0@Z
??0CString@@QAE@PBE@Z
?FormatMessageW@CString@@QAAXIZZ
??8@YG_NABVCString@@0@Z
??H@YG?AVCString@@ABV0@G@Z
??YCString@@QAEABV0@PBG@Z
?GetSize@CStringArray@@QBEHXZ
?RemoveKey@CMapStringToPtr@@QAEHPBG@Z
?GetLength@CString@@QBEHXZ
?FreeExtra@CString@@QAEXXZ
?RemoveAll@CMapStringToPtr@@QAEXXZ
??O@YG_NPBGABVCString@@@Z
?Unlock@CCriticalSection@@UAEHXZ
?InitHashTable@CMapStringToPtr@@QAEXIH@Z
?TrimLeft@CString@@QAEXXZ
?ReverseFind@CString@@QBEHG@Z
?SetSize@CStringArray@@QAEXHH@Z
??1CCriticalSection@@UAE@XZ
?FormatV@CString@@IAEXPBGPAD@Z
?Find@CString@@QBEHPBG@Z
?TrimRight@CString@@QAEXXZ
??4CString@@QAEABV0@PBG@Z
?MakeUpper@CString@@QAEXXZ
?AfxA2WHelper@@YGPAGPAGPBDH@Z
?Find@CString@@QBEHG@Z
?CopyBeforeWrite@CString@@IAEXXZ

loghours

DialinHoursDialogEx
DirSyncScheduleDialog
ReplicationScheduleDialogEx
DialinHoursDialog
ReplicationScheduleDialog
ConnectionScheduleDialog
ConnectionScheduleDialogEx
LogonScheduleDialog
DirSyncScheduleDialogEx
LogonScheduleDialogEx

Sections

.text
Size: 28KB - Virtual size: 28KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 416B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 7KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

27b4f00bf96d345550308e590c0c4285

Headers

DLL Characteristics

File Characteristics

Imports

msvcrt

kernel32

mprapi

mfcsubs

loghours

Sections

.text Size: 28KB - Virtual size: 28KB

.rdata Size: 5KB - Virtual size: 5KB

.data Size: 512B - Virtual size: 416B

.rsrc Size: 7KB - Virtual size: 6KB

.text
Size: 28KB - Virtual size: 28KB

.rdata
Size: 5KB - Virtual size: 5KB

.data
Size: 512B - Virtual size: 416B

.rsrc
Size: 7KB - Virtual size: 6KB