4998ed5be09de5afec67621073785176

Sharing

Copy URL Twitter E-mail

General

Target

4998ed5be09de5afec67621073785176
Size

866KB
MD5

4998ed5be09de5afec67621073785176
SHA1

2646ae50724b5ce17fc79c262c70e1c1444cee33
SHA256

a39c67327333f6a68ddc35ec3d3662f674ecd8f134509fca9913137b98af9e48
SHA512

28c170fb2edfd82233fcafa46f71e230e0bb39190da71fd5575e19a2d8ce70da01c8470368dca72e13bce5817d216c8193201cc6b5e15b5dd2f2e86575a22ebe
SSDEEP

24576:n0PGfVZVYYuxtm3+aGIMt+Hq/Lcp89MYlMKNdrob80Vk33:nOaqltu+qC+Hq/LcK9BMurskn

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
4998ed5be09de5afec67621073785176

Files

4998ed5be09de5afec67621073785176
.exe windows:5 windows x86 arch:x86

7be8ffc4d5c6ae3b625a60992ad36446

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

mswsock

dn_expand
SetServiceA
GetNameByTypeW
SetServiceW
GetAcceptExSockaddrs
GetServiceA
StopWsdpService
GetTypeByNameA
GetServiceW
EnumProtocolsW
GetTypeByNameW
s_perror
GetAddressByNameA
EnumProtocolsA
WSARecvEx
WSPStartup
NSPStartup
StartWsdpService
GetNameByTypeA
TransmitFile
AcceptEx
NPLoadNameSpaces
MigrateWinsockConfiguration
GetAddressByNameW

kernel32

HeapCompact
_lread
GetSystemDefaultLCID
SetCommMask
DuplicateHandle
CopyLZFile
EnumSystemCodePagesW
lstrcpyW
GetNumberOfConsoleInputEvents
FindFirstChangeNotificationW
GlobalAddAtomA
WriteProfileSectionW
Heap32ListNext
SetSystemTimeAdjustment
LoadLibraryA
GetCurrentDirectoryA
FindFirstFileExA
CreateToolhelp32Snapshot
WaitForDebugEvent
BeginUpdateResourceW
GetSystemWindowsDirectoryW
DebugBreakProcess
EnumResourceTypesA
InterlockedDecrement
RegisterWowExec
ReadConsoleInputA
SetNamedPipeHandleState
ConvertThreadToFiber
QueueUserAPC
SetThreadIdealProcessor
ReadConsoleInputExA
Heap32ListFirst
GetUserDefaultLCID
SetTapeParameters
CreateEventA
GetCurrentThread
CompareStringW
VirtualAlloc
GetStartupInfoW
MoveFileExW
OpenWaitableTimerA
SetProcessPriorityBoost

msasn1

ASN1intx2int32
ASN1BEREncS32
ASN1BEREncLength
ASN1ztchar32string_free
ASN1_CreateModule
ASN1DecAlloc
ASN1CEREncGeneralizedTime
ASN1BERDecOpenType2
ASN1CEREncChar32String
ASN1BERDecTag
ASN1BEREncZeroMultibyteString
ASN1intx_add
ASN1CEREncEndBlk
ASN1BERDecSXVal
ASN1_SetEncoderOption
ASN1BERDecChar16String
ASN1CEREncFlushBlkElement
ASN1objectidentifier_free
ASN1CEREncCharString
ASN1BERDecS16Val
ASN1BEREoid_free
ASN1BEREncTag
ASN1charstring_cmp
ASN1open_free
ASN1_FreeDecoded
ASN1_SetDecoderOption
ASN1BEREncUTCTime
ASN1BERDecSkip
ASN1BERDecZeroChar16String

ole32

CreateStdProgressIndicator
WriteOleStg
DoDragDrop
CoUnmarshalInterface
MkParseDisplayName
ReleaseStgMedium
HWND_UserFree
STGMEDIUM_UserSize
ComPs_NdrDllCanUnloadNow
OleDraw
CoWaitForMultipleHandles
SNB_UserUnmarshal
StringFromCLSID
UtGetDvtd32Info
OleLoad
UtGetDvtd16Info
CoCopyProxy
OleRegEnumFormatEtc
OleNoteObjectVisible
HWND_UserUnmarshal
CoRegisterSurrogate
CoGetComCatalog
OleCreate
CoInitializeEx
StgCreatePropSetStg
CoGetCallContext
CoGetObjectContext
HBITMAP_UserSize
HENHMETAFILE_UserSize
CoInitialize
HACCEL_UserUnmarshal
CoGetInterfaceAndReleaseStream

winipsec

DeleteQMPolicy
EnumQMSAs
EnumIPSecInterfaces
GetQMPolicyByID
MatchTransportFilter
AddMMPolicy
AddTunnelFilter
GetMMPolicy
AddMMAuthMethods
AddQMPolicy
SetQMPolicy
MatchTunnelFilter
GetQMPolicy
CloseTransportFilterHandle
SetTunnelFilter
EnumTransportFilters
EnumTunnelFilters
GetMMFilter
SPDApiBufferFree
EnumMMPolicies
DeleteMMPolicy
GetTunnelFilter
MatchMMFilter
GetTransportFilter
CloseMMFilterHandle
DeleteTransportFilter
SPDApiBufferAllocate
DeleteMMAuthMethods
SetTransportFilter
OpenMMFilterHandle
QueryIPSecStatistics
OpenTunnelFilterHandle

userenv

RsopAccessCheckByType
ProcessGroupPolicyCompleted
UnloadUserProfile
GetAllUsersProfileDirectoryA
GetProfilesDirectoryA
CreateEnvironmentBlock
GetAppliedGPOListA
GetProfilesDirectoryW
DeleteProfileA
ExpandEnvironmentStringsForUserA
RegisterGPNotification
GetProfileType
GetDefaultUserProfileDirectoryW
LoadUserProfileW
RefreshPolicy
LeaveCriticalPolicySection
ProcessGroupPolicyCompletedEx
RsopFileAccessCheck
RsopLoggingEnabled
GetNextFgPolicyRefreshInfo
GetUserProfileDirectoryA
DeleteProfileW
WaitForUserPolicyForegroundProcessing
GetAppliedGPOListW
GetGPOListA
DllGetClassObject
GetPreviousFgPolicyRefreshInfo
UnregisterGPNotification
ExpandEnvironmentStringsForUserW
EnterCriticalPolicySection
RefreshPolicyEx

untfs

Extend
?Save@NTFS_INDEX_TREE@@QAEEPAVNTFS_FILE_RECORD_SEGMENT@@@Z
??1NTFS_BITMAP@@UAE@XZ
?CopyIterator@NTFS_INDEX_TREE@@QAEEPAV1@@Z
?QueryEntry@NTFS_INDEX_TREE@@QAEEKPAXKPAPAU_INDEX_ENTRY@@PAPAVNTFS_INDEX_BUFFER@@PAE@Z
?Write@NTFS_ATTRIBUTE@@UAEEPBXVBIG_INT@@KPAKPAVNTFS_BITMAP@@@Z
??1NTFS_FRS_STRUCTURE@@UAE@XZ
?IsAllocated@NTFS_BITMAP@@QBEEVBIG_INT@@0@Z
?QueryAttributeList@NTFS_FRS_STRUCTURE@@QAEEPAVNTFS_ATTRIBUTE_LIST@@@Z
?Initialize@NTFS_CLUSTER_RUN@@QAEEPAVMEM@@PAVLOG_IO_DP_DRIVE@@VBIG_INT@@KK@Z
?Flush@NTFS_MFT_FILE@@QAEEXZ
?Write@NTFS_FRS_STRUCTURE@@QAEEXZ
?ReadAgain@NTFS_FRS_STRUCTURE@@QAEEVBIG_INT@@@Z
?ComputeDupInfoSignature@NTFS_MFT_INFO@@CGXPAU_DUPLICATED_INFORMATION@@QAE@Z
??1NTFS_BAD_CLUSTER_FILE@@UAE@XZ
?Initialize@NTFS_UPCASE_FILE@@QAEEPAVNTFS_MASTER_FILE_TABLE@@@Z
??1NTFS_ATTRIBUTE@@UAE@XZ
??0NTFS_INDEX_TREE@@QAE@XZ
?Initialize@NTFS_BITMAP@@QAEEVBIG_INT@@EPAVLOG_IO_DP_DRIVE@@K@Z
?Initialize@NTFS_ATTRIBUTE_DEFINITION_TABLE@@QAEEPAVNTFS_MASTER_FILE_TABLE@@E@Z
??0NTFS_BAD_CLUSTER_FILE@@QAE@XZ
?SafeQueryAttribute@NTFS_FRS_STRUCTURE@@QAEEKPAVNTFS_ATTRIBUTE@@0@Z
?QueryFileReference@NTFS_INDEX_TREE@@QAEEKPAXKPAU_MFT_SEGMENT_REFERENCE@@PAE@Z
?InsertIntoFile@NTFS_ATTRIBUTE@@UAEEPAVNTFS_FILE_RECORD_SEGMENT@@PAVNTFS_BITMAP@@@Z
?Initialize@NTFS_SA@@QAEEPAVLOG_IO_DP_DRIVE@@PAVMESSAGE@@VBIG_INT@@2@Z
??0NTFS_UPCASE_FILE@@QAE@XZ
??1NTFS_MFT_INFO@@UAE@XZ
??1NTFS_UPCASE_FILE@@UAE@XZ
??1NTFS_LOG_FILE@@UAE@XZ
??0NTFS_ATTRIBUTE@@QAE@XZ
?Read@NTFS_SA@@QAEEPAVMESSAGE@@@Z
??1NTFS_ATTRIBUTE_DEFINITION_TABLE@@UAE@XZ
?Initialize@NTFS_FILE_RECORD_SEGMENT@@QAEEVBIG_INT@@PAVNTFS_MFT_FILE@@@Z

Sections

.tixt
Size: 369KB - Virtual size: 369KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 213KB - Virtual size: 213KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 281KB - Virtual size: 1.7MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 1024B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

7be8ffc4d5c6ae3b625a60992ad36446

Headers

DLL Characteristics

File Characteristics

Imports

mswsock

kernel32

msasn1

ole32

winipsec

userenv

untfs

Sections

.tixt Size: 369KB - Virtual size: 369KB

.rdata Size: 213KB - Virtual size: 213KB

.data Size: 281KB - Virtual size: 1.7MB

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 1024B - Virtual size: 1024B

.tixt
Size: 369KB - Virtual size: 369KB

.rdata
Size: 213KB - Virtual size: 213KB

.data
Size: 281KB - Virtual size: 1.7MB

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 1024B - Virtual size: 1024B