489d3f9889ba512c61485e95d0ea35f1

Sharing

Copy URL

Twitter E-mail

General

Target

489d3f9889ba512c61485e95d0ea35f1
Size

865KB
MD5

489d3f9889ba512c61485e95d0ea35f1
SHA1

38a7f3815d95bd566eeb5d007cedce9f6e3da57b
SHA256

6f1f002e1e65a05f4f8150f9cc32653a58fcbaed7641b8a7ff0ccab661cac134
SHA512

287c24de8eb84af58f68a4b1ceef071ff141fbb4d942ac720ae5a2fa67aea884879e090d7bd34f71c1198c140eb2bb57eadb59a1178e97a31657ad91f307aaad
SSDEEP

24576:202W0LdOhOHqUE5MmKoWtFLQmD1ni26HdjBQEql:D2W0LdOhMqUEZKoWtJYHNB1q

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
489d3f9889ba512c61485e95d0ea35f1

Files

489d3f9889ba512c61485e95d0ea35f1
.exe windows:5 windows x86 arch:x86

979fd0fb07a705f639bfe2ead3722f8a

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetLastError
SetEndOfFile
LocalReAlloc
RtlCaptureContext
InterlockedExchangeAdd
SetCommState
EnumDateFormatsA
IsDebuggerPresent
DisconnectNamedPipe
EnumerateLocalComputerNamesW
GetConsoleHardwareState
TlsFree
lstrcmp
FindFirstFileW
WaitCommEvent
ZombifyActCtx
GetEnvironmentStringsW
LZInit
GlobalAddAtomW
IsValidCodePage
GetUserDefaultLCID
CancelTimerQueueTimer
GetTempFileNameA
GetConsoleAliasesA
IsValidLocale
VirtualAlloc
GetProfileIntW
GetFullPathNameW
OpenConsoleW
GetVersionExA
EnterCriticalSection
GetConsoleFontInfo
FillConsoleOutputAttribute
LoadLibraryA
GetLocaleInfoW
GetNumaProcessorNode
LeaveCriticalSection
SetProcessShutdownParameters

crtdll

putc
_ismbblead
_CIlog
_ctype
__toascii
wcscmp
_fileinfo_dll
printf
strspn
_CIlog10
wprintf
isalnum
_chdir
_ecvt
_wtoi
strtod
_flushall
_mbcjistojms
_ismbbprint
_ismbbkana
_fpieee_flt
fwscanf
wctomb
_loaddll
_ismbbkalnum
_heapmin
_access
_expand
wcstombs

wininet

GetUrlCacheEntryInfoExA
InternetGoOnlineW
FindFirstUrlCacheEntryA
FreeUrlCacheSpaceW
UnlockUrlCacheEntryStream
InternetCheckConnectionA
InternetConnectA
InternetGetPerSiteCookieDecisionW
InternetHangUp
InternetFortezzaCommand
DeleteUrlCacheEntry
InternetSetStatusCallback
FtpOpenFileA
FindFirstUrlCacheEntryW
InternetUnlockRequestFile
HttpSendRequestW
RetrieveUrlCacheEntryStreamW
RetrieveUrlCacheEntryStreamA
IncrementUrlCacheHeaderData
FtpPutFileW
InternetTimeToSystemTimeW
CreateUrlCacheContainerW
FtpGetFileEx
SetUrlCacheEntryGroup
SetUrlCacheGroupAttributeA
HttpEndRequestA
ForceNexusLookup
FtpOpenFileW
GetUrlCacheConfigInfoW
DeleteUrlCacheContainerW
GopherFindFirstFileA
CreateUrlCacheEntryA
RunOnceUrlCache
UpdateUrlCacheContentPath
InternetQueryFortezzaStatus
ShowClientAuthCerts
InternetCanonicalizeUrlA
InternetWriteFileExW
HttpAddRequestHeadersA
SetUrlCacheEntryInfoA
CreateMD5SSOHash
InternetDialW
IsUrlCacheEntryExpiredW
InternetCreateUrlW
InternetSetOptionA

lz32

LZCopy
LZStart
GetExpandedNameA
LZDone
LZClose
LZOpenFileW
CopyLZFile
LZSeek
LZInit
LZRead
LZCloseFile
LZOpenFileA

cfgmgr32

CM_Add_ID_ExW
CM_Get_Device_ID_ListW
CM_Enumerate_Enumerators_ExA
CM_Get_Class_Name_ExA
CM_Merge_Range_List
CM_Get_First_Log_Conf
CM_Set_HW_Prof
CM_Free_Log_Conf
CM_Set_Class_Registry_PropertyA
CM_Get_Parent_Ex
CM_Enable_DevNode_Ex
CM_Request_Eject_PC_Ex
CMP_UnregisterNotification
CM_Modify_Res_Des
CM_Dup_Range_List
CM_Get_Res_Des_Data_Size_Ex
CM_Get_Hardware_Profile_InfoA
CM_Disable_DevNode_Ex
CM_Modify_Res_Des_Ex
CM_Get_Device_ID_ExW
CM_Free_Range_List
CM_Free_Log_Conf_Handle
CM_Locate_DevNodeW
CM_Locate_DevNode_ExA
CM_Locate_DevNodeA
CM_Query_Remove_SubTree
CM_Enumerate_EnumeratorsA
CM_Query_Resource_Conflict_List

msvcrt40

?cerr@@3Vostream_withassign@@A
?get@istream@@QAEAAV1@AAVstreambuf@@D@Z
??_7logic_error@@6B@
isxdigit
?flush@@YAAAVostream@@AAV1@@Z
_getdrive
strspn
_wexecve
??5istream@@QAEAAV0@AAN@Z
?rdstate@ios@@QBEHXZ
??4istream_withassign@@QAEAAVistream@@PAVstreambuf@@@Z
_wcreat
_ungetch
_scalb
??0__non_rtti_object@@QAE@PBD@Z
??0ofstream@@QAE@ABV0@@Z
_CIcosh
wcsxfrm
??8type_info@@QBEHABV0@@Z
??_Gstrstream@@UAEPAXI@Z
??0ostream_withassign@@QAE@PAVstreambuf@@@Z
??5istream@@QAEAAV0@AAM@Z
_ismbbkpunct
_mbscpy
_osver
_wputenv
??1bad_cast@@UAE@XZ
_mtlock

Sections

.text
Size: 451KB - Virtual size: 451KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 326KB - Virtual size: 326KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 82KB - Virtual size: 1.5MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

979fd0fb07a705f639bfe2ead3722f8a

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

crtdll

wininet

lz32

cfgmgr32

msvcrt40

Sections

.text Size: 451KB - Virtual size: 451KB

.rdata Size: 326KB - Virtual size: 326KB

.data Size: 82KB - Virtual size: 1.5MB

.rsrc Size: 3KB - Virtual size: 3KB

.reloc Size: 1KB - Virtual size: 1KB

.text
Size: 451KB - Virtual size: 451KB

.rdata
Size: 326KB - Virtual size: 326KB

.data
Size: 82KB - Virtual size: 1.5MB

.rsrc
Size: 3KB - Virtual size: 3KB

.reloc
Size: 1KB - Virtual size: 1KB