459facc80fa50dec7c1cc80b924a78c7

Sharing

Copy URL Twitter E-mail

General

Target

459facc80fa50dec7c1cc80b924a78c7
Size

861KB
MD5

459facc80fa50dec7c1cc80b924a78c7
SHA1

ee206472ddbf95392c0d5dc3d23c0ca25dfeea60
SHA256

7cba450af99f17dbb6fb48a51e08827ca8ec5a323432c2dabe5752c5d684b7c5
SHA512

da09cc37e268948119aed0c144ef7149467753aff57debf11c6085c78fe2ecb87e7d9d76a0b213e25f120ff33427b31d9cda032235a420e407767800acd5df08
SSDEEP

24576:ISkNI4dyI65uvPpjaiAHLugKpq/nXLeCugx:9kNv/xa18s/XLeCr

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
459facc80fa50dec7c1cc80b924a78c7

Files

459facc80fa50dec7c1cc80b924a78c7
.exe windows:5 windows x86 arch:x86

f2450ee978a162744d7293b429675137

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

user32

RedrawWindow
SwapMouseButton
DdeCmpStringHandles
CreatePopupMenu
MessageBoxA
EnumDisplaySettingsA
TrackMouseEvent
ChangeDisplaySettingsA
IsDialogMessageA
SetWindowTextA
GetNextDlgGroupItem
LoadMenuIndirectA
IsDialogMessageW
EnumDisplaySettingsW
OpenWindowStationA
CharNextExA
DdeGetQualityOfService
PeekMessageA
PtInRect
LockWindowStation
MonitorFromPoint
GetMenuItemInfoA
GetMenuItemCount
ReasonCodeNeedsBugID
MsgWaitForMultipleObjects
SetClipboardData
SetMenuItemInfoA
SetScrollRange
RecordShutdownReason
CallNextHookEx
EnumPropsExW
DdeKeepStringHandle
ClipCursor
UnloadKeyboardLayout
SetDoubleClickTime
GetMessageExtraInfo
InSendMessageEx
IsCharAlphaNumericW
WINNLSEnableIME
GetClipboardData
DrawFrameControl
DialogBoxParamW
SetLayeredWindowAttributes
FindWindowW
EndPaint
UnpackDDElParam
DlgDirListW
UserLpkTabbedTextOut
EndDeferWindowPos
DrawCaptionTempW
DrawFocusRect
GetRawInputData
DisplayExitWindowsWarnings
SetForegroundWindow
GetMonitorInfoA
LoadCursorA
SendDlgItemMessageW
SetUserObjectInformationW
GetKeyboardState
RegisterHotKey
DdeFreeStringHandle
DragDetect
LoadCursorW
IMPSetIMEW
MBToWCSEx
GetMenuItemID
GetDoubleClickTime
PostThreadMessageA
LoadStringW
DestroyWindow
EnumPropsW
DdeEnableCallback
ReasonCodeNeedsComment
DdeGetData
SystemParametersInfoA
DrawEdge

winipsec

AddMMAuthMethods
DeleteMMFilter
DeleteMMPolicy
MatchTransportFilter
AddMMFilter
SetTransportFilter
AddTunnelFilter
GetTunnelFilter
DeleteTunnelFilter
EnumMMFilters
GetMMPolicyByID
SetMMAuthMethods
DeleteQMPolicy
CloseTransportFilterHandle
OpenTransportFilterHandle
AddTransportFilter
EnumMMAuthMethods
CloseMMFilterHandle
SetMMPolicy
GetMMFilter
AddQMPolicy
SetQMPolicy
DeleteTransportFilter
CloseTunnelFilterHandle
SPDApiBufferFree
EnumIPSecInterfaces
SetTunnelFilter
EnumQMSAs
GetMMPolicy
GetTransportFilter
AddMMPolicy
OpenTunnelFilterHandle
DeleteMMAuthMethods
EnumTunnelFilters
EnumQMPolicies
QueryIPSecStatistics
EnumTransportFilters
GetQMPolicyByID
GetMMAuthMethods
SPDApiBufferAllocate

kernel32

VirtualAlloc
MapUserPhysicalPages
GetConsoleDisplayMode
lstrcatW
_llseek
GetLocaleInfoW
DnsHostnameToComputerNameA
Toolhelp32ReadProcessMemory
RemoveDirectoryA
Heap32Next
GetConsoleInputWaitHandle
FindAtomW
LoadLibraryA
DeleteFileA
GetThreadLocale
QueryDepthSList
IsBadWritePtr
GetSystemDirectoryA
ReplaceFileW
IsBadHugeReadPtr
GlobalAlloc
ConsoleMenuControl
FileTimeToLocalFileTime
LeaveCriticalSection
GetSystemPowerStatus
GetSystemDirectoryW
GetTempFileNameW
EnumDateFormatsW
ReadConsoleInputA
GetACP
LocalHandle
GetConsoleScreenBufferInfo
GetOEMCP
GetCalendarInfoA

ntmarta

AccProvRevokeAccessRights
AccLookupAccountSid
AccSetEntriesInAList
AccProvHandleGetAllRights
AccGetAccessForTrustee
AccProvIsAccessAudited
AccProvGetCapabilities
AccConvertAccessMaskToActrlAccess
AccProvHandleIsAccessAudited
AccTreeResetNamedSecurityInfo
AccProvHandleSetAccessRights
AccRewriteGetHandleRights
AccGetExplicitEntries
AccConvertAclToAccess
AccRewriteGetNamedRights
AccProvGetAllRights
AccProvHandleGetTrusteesAccess
AccProvGetTrusteesAccess
AccConvertAccessToSecurityDescriptor
EventGuidToName
AccProvCancelOperation
AccProvGrantAccessRights
AccProvIsObjectAccessible
AccLookupAccountTrustee
AccProvHandleRevokeAccessRights
AccProvSetAccessRights
AccProvHandleIsObjectAccessible
AccLookupAccountName
AccProvHandleGetAccessInfoPerObjectType
AccProvGetAccessInfoPerObjectType
AccRewriteSetEntriesInAcl
AccRewriteGetExplicitEntriesFromAcl
EventNameFree

Sections

.text
Size: 341KB - Virtual size: 341KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 362KB - Virtual size: 362KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 154KB - Virtual size: 1.6MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 1024B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 1024B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

f2450ee978a162744d7293b429675137

Headers

DLL Characteristics

File Characteristics

Imports

user32

winipsec

kernel32

ntmarta

Sections

.text Size: 341KB - Virtual size: 341KB

.rdata Size: 362KB - Virtual size: 362KB

.data Size: 154KB - Virtual size: 1.6MB

.rsrc Size: 1024B - Virtual size: 1024B

.reloc Size: 1024B - Virtual size: 1024B

.text
Size: 341KB - Virtual size: 341KB

.rdata
Size: 362KB - Virtual size: 362KB

.data
Size: 154KB - Virtual size: 1.6MB

.rsrc
Size: 1024B - Virtual size: 1024B

.reloc
Size: 1024B - Virtual size: 1024B