498e3ed3f53a9f0a7bd669d8167719e1

Sharing

Copy URL

Twitter E-mail

General

Target

498e3ed3f53a9f0a7bd669d8167719e1
Size

42KB
MD5

498e3ed3f53a9f0a7bd669d8167719e1
SHA1

2ee01c991d3178f6dd74a94ac6a83628c63000c9
SHA256

d49006d5cf00030622878c2ab6f9890e76bf4ba4ec07df3b3d27b4a7cbd061fd
SHA512

af77e88c323c60a66af1beb9ec2e0f4cbb29db475d9934ccc4c4eb9e6125bfb5d59b770c382d0f051d216359f4c87bb6cf86f39140220637c1cd5f743480e7ca
SSDEEP

768:83ZYpsgIuiotyWOi/TEhiLoIOv9qvjacKiAj/Ur2Gz3kQEe:8p8sqVcWOiw8OvETeUrHz3FEe

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
498e3ed3f53a9f0a7bd669d8167719e1

Files

498e3ed3f53a9f0a7bd669d8167719e1
.exe windows:5 windows x86 arch:x86

d03c52325dd0651f23f8f6f45ddd5dab

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

cfgmgr32

CM_Get_Res_Des_Data
CM_Move_DevNode
CM_Merge_Range_List
CM_Get_Global_State_Ex
CM_Get_Device_Interface_List_Size_ExW
CM_Get_Device_ID_ListA
CM_Run_Detection_Ex
CM_Detect_Resource_Conflict
CM_Get_Next_Log_Conf_Ex
CM_Create_DevNodeA
CM_Get_Device_Interface_Alias_ExW
CM_Enumerate_Classes_Ex
CM_Get_Device_ID_List_SizeA
CMP_WaitServicesAvailable
CM_Register_Device_Interface_ExA
CM_Add_Empty_Log_Conf
CM_Set_DevNode_Registry_PropertyW
CM_Request_Eject_PC_Ex
CM_Get_Hardware_Profile_Info_ExA
CM_Register_Device_Interface_ExW
CM_Get_HW_Prof_Flags_ExA
CM_Get_Device_Interface_AliasA
CM_Set_Class_Registry_PropertyW
CM_Get_DevNode_Registry_Property_ExA
CM_Get_Hardware_Profile_InfoW
CM_Add_Res_Des_Ex
CM_Detect_Resource_Conflict_Ex
CMP_UnregisterNotification
CM_Create_Range_List

imagehlp

ImageRvaToVa
SymGetLineFromAddr64
SymGetSymFromName
UnMapAndLoad
SymLoadModule
BindImageEx
SymGetTypeInfo
SymGetLineNext
ImagehlpApiVersionEx
StackWalk64
SplitSymbols
SymEnumerateModules
SymUnloadModule64
SymGetLinePrev
SymUnDName64
SymFunctionTableAccess64
SymRegisterCallback
SymEnumerateSymbols
TouchFileTimes
UnmapDebugInformation
SymEnumerateSymbolsW
EnumerateLoadedModules
SymGetLinePrev64
MapFileAndCheckSumW
SymGetLineNext64
StackWalk
ImageDirectoryEntryToData
SymGetModuleInfo64
SymGetSymNext
EnumerateLoadedModules64
FindFileInPath

advapi32

BuildTrusteeWithNameA
InitiateSystemShutdownA
GetAce
RegRestoreKeyA
FileEncryptionStatusA
SystemFunction033
LsaOpenSecret
GetSecurityDescriptorGroup
AllocateLocallyUniqueId
GetSidSubAuthority
SetSecurityInfo
SystemFunction002
OpenSCManagerW
MSChapSrvChangePassword
CryptGetProvParam
RegDeleteKeyA
QueryServiceConfigA
GetInformationCodeAuthzLevelW
RegReplaceKeyA
CreateTraceInstanceId
SetSecurityDescriptorSacl
ObjectOpenAuditAlarmW
WmiQuerySingleInstanceA
RegEnumValueA
RegDisablePredefinedCache
SystemFunction029
SaferiPopulateDefaultsInRegistry
AddAccessAllowedObjectAce
QueryServiceConfig2A

msoert2

CryptAllocFunc
CreateEnumFormatEtc
HrDecodeObject
StrToUintA
CreateTempFile
UlStripWhitespaceW
RicheditStreamIn
HrLPSZToBSTR
HrCreateTridentMenu
FIsValidFileNameCharW
ReplaceCharsW
GetExePath
HrGetElementImpl
CreateTempFileStream
GetDllMajorVersion
FreeTempFileList
UpdateRebarBandColors
CrackNotificationPackage
MessageBoxInst
IsDigit
HrCopyStreamCBEndOnCRLF
MessageBoxInstW
CleanupFileNameInPlaceW
CreateStreamOnHFile
IUnknownList_CreateInstance
CreateNotify
PszDupA
WriteStreamToFile
fGetBrowserUrlEncoding
FIsEmptyW

kernel32

GetConsoleCP
RegisterConsoleIME
GetLargestConsoleWindowSize
EnumSystemLanguageGroupsA
VirtualAlloc
QueryPerformanceFrequency
SetSystemPowerState
GetModuleHandleA
RequestWakeupLatency
MapUserPhysicalPages
WaitForSingleObjectEx
GetHandleInformation
GetStartupInfoA
SetLastError
QueueUserWorkItem
GetACP
SwitchToThread
GetPrivateProfileIntW
SetComputerNameW
LoadLibraryA
FindNextChangeNotification
CancelWaitableTimer
DefineDosDeviceW
FlushViewOfFile
FindClose
WritePrivateProfileStringW
VDMOperationStarted
InterlockedPopEntrySList
WritePrivateProfileStructA
_lclose

rasser

PortSetFraming
PortSetInfo
PortTestSignalState
PortEnum
PortClearStatistics
PortClose
PortSetINetCfg
PortDisconnect
PortGetStatistics
PortReceive
PortOpen
PortGetInfo
PortReceiveComplete
PortInit
PortConnect
PortSend
PortCompressionSetInfo
PortChangeCallback
PortGetPortState

Sections

.text
Size: 31KB - Virtual size: 30KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

d03c52325dd0651f23f8f6f45ddd5dab

Headers

DLL Characteristics

File Characteristics

Imports

cfgmgr32

imagehlp

advapi32

msoert2

kernel32

rasser

Sections

.text Size: 31KB - Virtual size: 30KB

.rdata Size: 8KB - Virtual size: 8KB

.rsrc Size: 2KB - Virtual size: 1KB

.text
Size: 31KB - Virtual size: 30KB

.rdata
Size: 8KB - Virtual size: 8KB

.rsrc
Size: 2KB - Virtual size: 1KB