41b16a25041987dd88c850cf2e91fabe

Sharing

Copy URL Twitter E-mail

General

Target

41b16a25041987dd88c850cf2e91fabe
Size

140KB
MD5

41b16a25041987dd88c850cf2e91fabe
SHA1

8629ecf3a387cc90341aead3af37347446cbd50e
SHA256

e21a4aea2382ad02d1874a87cfbae13d3e0a3becb219628d39af58a8dcb46d2c
SHA512

601e620e5a467684aa69d33651ecbe480c1298e216b26701be3837b0eed14e49a23e5f8c6d1d0d785ab5dbd69b3a36170db5ef92c7460fb4612fb1b7eab39e69
SSDEEP

3072:gcjbxcTHmyg7UK0wbyj+lMZuybXFS9JoNCG+ajcqeFCpBUcau:16ay+0wbyRLYu/rjzeFqWzu

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
41b16a25041987dd88c850cf2e91fabe

Files

41b16a25041987dd88c850cf2e91fabe
.exe windows:4 windows x86 arch:x86

9141afdb9e16a6388b987f03c5e31000

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

mscms

GetPS2ColorRenderingIntent
CreateProfileFromLogColorSpaceW
GetStandardColorSpaceProfileW
AssociateColorProfileWithDeviceA
CloseColorProfile
UnregisterCMMW
GetColorProfileFromHandle
UninstallColorProfileA
SetColorProfileElementReference
AssociateColorProfileWithDeviceW
InstallColorProfileA
RegisterCMMA

dbnetlib

ConnectionOpenW
ConnectionGetSvrUser
GenClientContext
ConnectionServerEnum
ConnectionErrorW

dhcpsapi

DhcpAddSubnetElementV5
DhcpEnumClasses
DhcpGetOptionInfoV5
DhcpEnumOptionsV5
DhcpDeleteClientInfo
DhcpAuditLogSetParams
DhcpGetServerBindingInfo
DhcpEnumMScopeElements
DhcpRemoveSubnetElementV5
DhcpAddSubnetElement
DhcpSetClientInfoV4
DhcpServerGetConfig
DhcpServerQueryDnsRegCredentials
DhcpAddMScopeElement
DhcpGetClassInfo
DhcpDeleteClass

uniplat

StopMonitoringHandle
UnimodemDeviceIoControlEx
UmPlatformDeinitialize

scrrun

DLLGetDocumentation

wmi

WmiQueryGuidInformation
WmiMofEnumerateResourcesW
WmiEnumerateGuids
CloseTrace
WmiMofEnumerateResourcesA
OpenTraceA
GetTraceEnableLevel
QueryAllTracesW

kbdca

KbdLayerDescriptor

shimeng

SE_DllLoaded

stobject

DllGetClassObject
DllCanUnloadNow

winscard

SCardState
SCardConnectA
SCardReleaseContext
SCardDisconnect
SCardStatusA
SCardIntroduceReaderGroupW

ntdll

ZwSetThreadExecutionState
RtlGetCurrentPeb
NtReleaseKeyedEvent
NtSaveKeyEx
NtFsControlFile
ZwQueryPortInformationProcess
ZwDebugContinue
RtlAddAccessAllowedAce
NtOpenSemaphore
RtlDowncaseUnicodeString
RtlDetermineDosPathNameType_U
NtCompleteConnectPort
strncat
_wtoi
RtlDeNormalizeProcessParams
RtlUpcaseUnicodeToMultiByteN
RtlDeleteSecurityObject
RtlpNtEnumerateSubKey
NtClearEvent
ZwSetInformationJobObject
NtCompareTokens
RtlCreateTimerQueue
RtlUnwind
_wcsnicmp
ZwSetHighEventPair
ZwMapViewOfSection
RtlAllocateAndInitializeSid
ZwSetVolumeInformationFile
iswxdigit
NtQueryPortInformationProcess
_vsnwprintf
_strnicmp
RtlCopyLuidAndAttributesArray
RtlIpv4AddressToStringA
NtRemoveIoCompletion
RtlFirstEntrySList
RtlGetSecurityDescriptorRMControl
NtAcceptConnectPort
RtlZeroHeap
RtlUpperChar
RtlDecompressBuffer
ZwSetSystemEnvironmentValueEx
NtWriteVirtualMemory
ZwAllocateLocallyUniqueId
NtSecureConnectPort
NtSetBootEntryOrder
RtlUnicodeStringToAnsiString
DbgBreakPoint
ZwAccessCheckByTypeResultListAndAuditAlarm
NtCreateDebugObject
NtRaiseException
NtSystemDebugControl
_snprintf
RtlEraseUnicodeString
ZwOpenJobObject
NtUnlockFile
_wcsicmp
NtSetSystemTime
NtDeviceIoControlFile
NtFindAtom
ZwQuerySystemEnvironmentValueEx
ZwSaveMergedKeys
LdrUnloadAlternateResourceModule
ZwLockVirtualMemory
NtQueryInformationFile
NtWriteRequestData
_memicmp
NtQueryEaFile
RtlQueueApcWow64Thread
RtlInitUnicodeString
DbgUiDebugActiveProcess
RtlIpv6StringToAddressW
RtlAppendUnicodeToString
RtlIpv4AddressToStringW
RtlCopySecurityDescriptor
NtInitializeRegistry
NtQueryInformationAtom
RtlUpcaseUnicodeToCustomCPN
RtlSetTimer
ZwAddBootEntry
NtWriteFileGather
RtlImageRvaToSection
RtlReleaseActivationContext
RtlHashUnicodeString
_i64tow
NtQuerySecurityObject
RtlLargeIntegerToChar
RtlConvertSharedToExclusive
memcpy
RtlpUnWaitCriticalSection
RtlTraceDatabaseCreate
RtlpApplyLengthFunction
wcscmp
RtlOpenCurrentUser
ZwFreeUserPhysicalPages
ZwOpenDirectoryObject
RtlCreateRegistryKey
ZwRenameKey
NtSetValueKey
NtCreateKey
__iscsymf
RtlPinAtomInAtomTable
RtlFindClearRuns
NtReplyWaitReceivePortEx
RtlSetCurrentEnvironment
NtFreeVirtualMemory
_wcsupr
vDbgPrintExWithPrefix
DbgQueryDebugFilterState
ZwCreateSymbolicLinkObject
NtSetUuidSeed
RtlRaiseStatus
RtlInt64ToUnicodeString
NtPowerInformation
RtlRemoveVectoredExceptionHandler
RtlQueryProcessLockInformation
_fltused
NtOpenJobObject
NtDeleteKey
NtWaitHighEventPair
ZwGetContextThread
ZwLockRegistryKey
RtlSetHeapInformation
RtlGetActiveActivationContext
RtlFindLeastSignificantBit
DbgUiConnectToDbg
RtlAcquireResourceShared
ZwAllocateVirtualMemory
ZwCompactKeys
RtlTraceDatabaseUnlock
ZwSetValueKey
RtlLookupElementGenericTableAvl
PfxFindPrefix
ZwCompressKey
RtlSetSecurityObject
RtlGetLastWin32Error
RtlSeekMemoryStream
RtlAreAnyAccessesGranted
RtlVerifyVersionInfo
RtlFindCharInUnicodeString
RtlLookupAtomInAtomTable
NtDeleteObjectAuditAlarm
ZwFindAtom
RtlUnicodeStringToOemSize
NtLockFile
ZwAdjustPrivilegesToken
NtQueryDebugFilterState
LdrFindResource_U
wcsncat
RtlInitializeAtomPackage
NtQueryDefaultLocale
ZwReadFile
NtTraceEvent
NtQueryQuotaInformationFile
RtlUnlockBootStatusData
RtlComputeImportTableHash
ZwMapUserPhysicalPagesScatter
ZwSetLdtEntries
RtlFormatCurrentUserKeyPath
strpbrk
NtQueryBootOptions
ZwLockFile
NtCreateMailslotFile
RtlNumberGenericTableElementsAvl
ZwDuplicateObject
RtlDestroyEnvironment
ZwWaitHighEventPair
RtlFlushSecureMemoryCache
NtWaitForKeyedEvent
ZwRemoveIoCompletion
RtlAddressInSectionTable
ZwDebugActiveProcess
NtProtectVirtualMemory
RtlInitializeSListHead
ZwRequestPort
NtReplyWaitReplyPort
wcsncpy
ZwCompleteConnectPort
RtlFreeOemString
RtlDeactivateActivationContextUnsafeFast
RtlInitializeCriticalSection
ZwDisplayString
NtReplyWaitReceivePort
RtlSetUserValueHeap
RtlReAllocateHeap
RtlInitAnsiString
NtReplyPort
RtlUnicodeToMultiByteN
ZwCreateJobSet
NtQueryPerformanceCounter
RtlComputePrivatizedDllName_U
__iscsym
RtlValidateUnicodeString
RtlFindMessage
RtlAddAccessDeniedAce
LdrVerifyImageMatchesChecksum
isxdigit
LdrShutdownProcess
RtlxUnicodeStringToOemSize
ZwOpenProcessTokenEx
RtlSelfRelativeToAbsoluteSD
ZwDuplicateToken
RtlDeleteAce

iassvcs

DllGetClassObject
IASReportEvent

sendmail

DllCanUnloadNow
DllGetClassObject

qdv

DllUnregisterServer
DllGetClassObject
DllCanUnloadNow
DllRegisterServer

kernel32

lstrcmpiW
FindFirstFileExW
CreateMemoryResourceNotification
DefineDosDeviceA
SetFileShortNameW
CreateSocketHandle
_lopen
SetLastConsoleEventActive
GetDriveTypeA
IsValidLocale
FileTimeToLocalFileTime
SwitchToFiber
GetProcAddress
FreeResource
WTSGetActiveConsoleSessionId
GetConsoleCursorMode
EnumDateFormatsA
InterlockedExchangeAdd
WriteProfileStringA
CreateFileMappingA
ReplaceFileA
GetConsoleOutputCP
DefineDosDeviceW
SetCriticalSectionSpinCount
lstrcpyA
SetConsoleCursor
SetConsoleWindowInfo
RestoreLastError
GetPrivateProfileSectionA
SetHandleContext
WritePrivateProfileSectionA
SetConsoleTextAttribute
HeapAlloc
GetTempPathA
lstrcpy
GetDiskFreeSpaceExW
lstrcatA
GetComPlusPackageInstallStatus
_lwrite
OpenEventA
GetPrivateProfileStructW
lstrlenA
EnumDateFormatsExA
GetCommandLineA
SetFileApisToANSI
IsProcessorFeaturePresent
SetComputerNameExW
CreateNamedPipeA
LZOpenFileW
GetLocaleInfoA
_hwrite
GetSystemInfo
BaseUpdateAppcompatCache
VerifyConsoleIoHandle
CallNamedPipeW
GetExpandedNameA
HeapSize
GetTapeStatus
CreateDirectoryW
SetFileApisToOEM
PeekConsoleInputA
GetSystemPowerStatus
IsBadStringPtrA
LZInit
SetConsoleCursorMode

user32

ChangeDisplaySettingsExA
UnlockWindowStation
EqualRect
GetRawInputDeviceInfoA
InsertMenuItemW
IsIconic
ShowScrollBar
IsGUIThread
IsRectEmpty
GetMouseMovePointsEx
SendIMEMessageExW
ToAscii
CharPrevW
LoadStringW
GetLastInputInfo
GetUserObjectInformationW
ReuseDDElParam
ReasonCodeNeedsBugID
GetAppCompatFlags
DestroyMenu
DdeSetUserHandle
MapVirtualKeyA
CreateIconFromResourceEx
CallNextHookEx
DrawCaptionTempA
ActivateKeyboardLayout
CreateIcon
DefWindowProcW
DrawIcon
CloseDesktop
CreateCaret
GetActiveWindow
DdeCmpStringHandles
AlignRects
GetDCEx
OemToCharBuffA
GetComboBoxInfo
RegisterHotKey
MapWindowPoints
DestroyCaret
DrawCaptionTempW
GetUpdateRect
UserHandleGrantAccess
PrintWindow
GetWindowRgnBox
DdeConnectList
NotifyWinEvent
SoftModalMessageBox
BeginDeferWindowPos
UnregisterClassW
ScrollChildren
HideCaret
PrivateExtractIconsW
SetDebugErrorLevel
DdeDisconnectList
GetMonitorInfoA
MessageBoxIndirectA
GetOpenClipboardWindow
SetWinEventHook
GetWindowLongA
SendDlgItemMessageA
GetGUIThreadInfo
EnableMenuItem
CreateDesktopA
GetWindowTextW
GetPropW
InSendMessage
EnumThreadWindows
GetClassInfoExW
SetProcessDefaultLayout

msoert2

PszMonthFromIndex
HrFindInetTimeZone
PVGetCertificateParam
FIsSpaceA
PszAllocA
CchFileTimeToDateTimeSz
BrowseForFolderW
MessageBoxInst
RicheditStreamOut
HrCopyStream
PszToUnicode
PszDayFromIndex
StripCRLF
AppendTempFileList
HrBSTRToLPSZ
FIsEmptyA
CryptFreeFunc

Sections

.AQVZuQ
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.eNvVD
Size: 20KB - Virtual size: 19KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.Sn
Size: 3KB - Virtual size: 39KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.SCp
Size: 13KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.vCso
Size: 10KB - Virtual size: 46KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.xdJZQq
Size: 91KB - Virtual size: 154KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 19KB - Virtual size: 19KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 3KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

9141afdb9e16a6388b987f03c5e31000

Headers

File Characteristics

Imports

mscms

dbnetlib

dhcpsapi

uniplat

scrrun

wmi

kbdca

shimeng

stobject

winscard

ntdll

iassvcs

sendmail

qdv

kernel32

user32

msoert2

Sections

.AQVZuQ Size: 1KB - Virtual size: 1KB

.eNvVD Size: 20KB - Virtual size: 19KB

.Sn Size: 3KB - Virtual size: 39KB

.SCp Size: 13KB - Virtual size: 12KB

.vCso Size: 10KB - Virtual size: 46KB

.xdJZQq Size: 91KB - Virtual size: 154KB

.rsrc Size: 19KB - Virtual size: 19KB

.reloc Size: 3KB - Virtual size: 4KB

.AQVZuQ
Size: 1KB - Virtual size: 1KB

.eNvVD
Size: 20KB - Virtual size: 19KB

.Sn
Size: 3KB - Virtual size: 39KB

.SCp
Size: 13KB - Virtual size: 12KB

.vCso
Size: 10KB - Virtual size: 46KB

.xdJZQq
Size: 91KB - Virtual size: 154KB

.rsrc
Size: 19KB - Virtual size: 19KB

.reloc
Size: 3KB - Virtual size: 4KB