4dc61b63c962b6710b6e4981e563fb61

Sharing

Copy URL Twitter E-mail

General

Target

4dc61b63c962b6710b6e4981e563fb61
Size

159KB
MD5

4dc61b63c962b6710b6e4981e563fb61
SHA1

74f1cdb2a3e81d6c800f59a76cc1791827f82e67
SHA256

35b9d48e7a141d6c92f95a11afbabe4f75c237e56b121461d353f96052a5e6f4
SHA512

e146f94f56e3b000dd5c068729c7160f7b2af348f0f6aa6e698d3eb2af09d2886c7d8996e7b517ede37b9db5ad6e98277dd81a140c38c820be21cf8f00e432c0
SSDEEP

3072:SZ9j1LLrjAAW/JbwMjsLQAAkQrOsU/6HM3TZb+uZk3GtPan9tzNiNxlj/d71a8oC:SfjtlgwM28CsUCSTZdZKGtPaDYNxp7aq

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
4dc61b63c962b6710b6e4981e563fb61

Files

4dc61b63c962b6710b6e4981e563fb61
.exe windows:5 windows x86 arch:x86

4cf55cfbc5f7c4e36093360d0a3dfba7

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

msvcrt40

_strdate
??_8ostream@@7B@
?read@istream@@QAEAAV1@PACH@Z
?xalloc@ios@@SAHXZ
_getcwd
gmtime
swprintf
_execve
_ismbcspace
_flsbuf
??_Gistrstream@@UAEPAXI@Z
_wfopen
?seekp@ostream@@QAEAAV1@JW4seek_dir@ios@@@Z
putwc
?name@type_info@@QBEPBDXZ
?getdouble@istream@@AAEHPADH@Z
??4istream@@IAEAAV0@ABV0@@Z
?is_open@ofstream@@QBEHXZ
?rdbuf@ofstream@@QBEPAVfilebuf@@XZ
_ctype
_wcsicoll
?fail@ios@@QBEHXZ
_vsnprintf
_wmktemp
_dup
?terminate@@YAXXZ
??_Distream_withassign@@QAEXXZ
_getdrive
_mbctokata
atexit
_spawnv
__wgetmainargs
??5istream@@QAEAAV0@AAJ@Z
??_Gfstream@@UAEPAXI@Z
_mbsnset

polstore

IPSecFreePolStr
IPSecCopyAuthMethod
IPSecFreeNegPolData
IPSecEnumISAKMPData
IPSecDeletePolicyData
IPSecFreeNFAData
IPSecAllocPolStr
IPSecEnumNegPolData
IPSecCreateFilterData
IPSecGetFilterData
IPSecEnumPolicyData
IPSecUnassignPolicy
IPSecImportPolicies
IPSecSetNFAData
IPSecFreeFilterData
IPSecFreeISAKMPData
IPSecAllocPolMem
IPSecFreeMulNFAData
IPSecGetAssignedPolicyData
IPSecSetISAKMPData
IPSecCopyFilterSpec
IPSecSetPolicyData
IPSecCopyISAKMPData
IPSecDeleteISAKMPData
IPSecDeleteFilterData
IPSecExportPolicies
IPSecCopyFilterData
IPSecCreateNegPolData
IPSecCreateNFAData
IPSecCopyNegPolData
IPSecFreeFilterSpecs
IPSecEnumFilterData
IPSecGetISAKMPData
IPSecIsDomainPolicyAssigned
IPSecFreeMulISAKMPData
IPSecDeleteNFAData
IPSecEnumNFAData

odbccu32

SQLGetInfo
SQLFreeStmt
SQLEndTran
SQLMoreResults
SQLSetScrollOptions
SQLSetConnectOption
SQLExecDirect
SQLGetDescField
SQLParamData
SQLGetDescRec
SQLRowCount
SQLSetConnectAttr
SQLCancel
SQLPrepare
SQLSetDescRec
SQLExtendedFetch
SQLFreeHandle
SQLGetData
SQLNativeSql
SQLBulkOperations
SQLBindParameter
SQLGetStmtAttr
SQLGetStmtOption
ReleaseCLStmtResources
SQLNumParams
SQLFetch
SQLSetPos

rtm

RtmDeleteRouteTable
RtmGetAddressFamilyInfo
RtmUpdateAndUnlockRoute
RtmReadInstanceConfig
MgmGetMfeStats
RtmGetChangeStatus
MgmGetFirstMfe
RtmReleaseRouteInfo
RtmGetNextHopInfo
RtmDeleteRouteToDest
RtmDeleteEnumHandle
RtmGetChangedDests
RtmDereferenceHandles
EnumOverTable
RtmLockNextHop
MgmGetMfe
RtmEnumerateGetNextRoute
RtmGetRegisteredEntities
RtmDequeueRouteChangeMessage
RtmIsBestRoute
RtmGetRouteAge
RtmGetRoutePointer
RtmGetEnumRoutes
CheckTable
InsertIntoTable
RtmDeregisterEntity
RtmReleaseEntityInfo
RtmLockDestination
SearchInTable
DestroyTable
RtmGetInstances
RtmGetMostSpecificDestination
RtmBlockConvertRoutesToStatic
RtmWriteInstanceConfig
RtmRegisterForChangeNotification
MgmDeInitialize
RtmCloseEnumerationHandle
MgmGroupEnumerationGetNext
RtmIsMarkedForChangeNotification
RtmGetNextHopPointer
RtmGetNextRoute
DeleteFromTable

kernel32

GlobalFindAtomW
GetConsoleAliasExesW
GetSystemTimeAsFileTime
SetConsoleCursorMode
PulseEvent
WriteConsoleOutputW
VirtualAlloc
GetUserDefaultLCID
CloseConsoleHandle
DefineDosDeviceW
EnumCalendarInfoA
WriteConsoleInputA
IsBadCodePtr
DelayLoadFailureHook
OpenThread
VirtualFreeEx
CreateNamedPipeA
PeekConsoleInputW
GetHandleInformation
GetStartupInfoA
EnumSystemGeoID
GetCPInfoExA
GetSystemDefaultLangID
GetDevicePowerState
GetACP
CreateSemaphoreW
SetDefaultCommConfigA
HeapCompact
GetPrivateProfileStructW
OpenJobObjectW
WriteFileGather
SetWaitableTimer
InterlockedFlushSList
DeleteFileA
OutputDebugStringA
GetConsoleInputWaitHandle
GetBinaryTypeA
CreateTapePartition
lstrcmpi
GetNumaNodeProcessorMask
DebugActiveProcess
FindNextVolumeA
SetSystemTime
SetConsoleTitleA
UnlockFileEx
LZCopy
ReleaseMutex
GetSystemDirectoryA
lstrcpynA
GetProcessHeap
GetSystemDefaultLCID
CreateConsoleScreenBuffer
SetFileApisToOEM
BaseDumpAppcompatCache
AddVectoredExceptionHandler
CreateEventW
SearchPathW
LoadLibraryA
WriteProcessMemory
IsProcessInJob
GetNumaAvailableMemoryNode
WriteProfileSectionW
GetCurrentThread
GetStartupInfoW
GetDriveTypeA

apphelp

GetPermLayers
SdbReadStringTagRef
ApphelpUpdateCacheEntry
SdbTagIDToTagRef
SdbCloseApphelpInformation
SdbGetTagFromTagID
SdbDeletePermLayerKeys
SdbEnumMsiTransforms
SdbCreateMsiTransformFile
SdbQueryData
ApphelpCheckRunApp
SdbReadQWORDTagRef
SdbOpenApphelpInformation
ApphelpFixMsiPackage
SdbFindNextTag
ApphelpCheckExe
SdbGetDatabaseID
SdbFindNextMsiPackage
SdbReadQWORDTag
ApphelpFixMsiPackageExe
SdbGetMsiPackageInformation
ShimFlushCache
SdbGetStringTagPtr
SdbQueryDataEx
SdbReadStringTag
SdbFindFirstNamedTag
SdbFindNextTagRef
SdbGetTagDataSize
SdbReadBYTETagRef
SdbOpenDatabase
SdbInitDatabase
SdbRegisterDatabase
SdbGrabMatchingInfo
SdbReadEntryInformation

olecli32

PbCreateLinkFromClip
ObjQuerySize
OleQueryReleaseMethod
OleCreateFromFile
PbCreateFromFile
PbDraw
DibClone
BmGetData
MfCopy
LeRelease
LeCopyFromLink
DibDraw
ErrUpdate
ObjQueryType
ErrExecute
ObjRename
OleIsDcMeta
OleSetTargetDevice
LeEqual
OleQueryType
OleExecute
OleDraw
OleQueryProtocol
LeSetHostNames
DefCreateInvisible
OleLoadFromStream

ntdll

RtlInterlockedFlushSList
ZwSetInformationDebugObject
NtAddAtom
NtSetSystemTime
RtlComputeCrc32
ZwSetInformationFile
NtWriteFile
RtlAssert
ZwOpenJobObject
ZwSetEaFile
NtSetDefaultUILanguage
NtFindAtom
NtEnumerateSystemEnvironmentValuesEx
CsrGetProcessId
NtOpenTimer
_wcsicmp
ZwQueryObject
NtTranslateFilePath
RtlInitializeContext
RtlCopyUnicodeString
ZwNotifyChangeKey
RtlUpperChar
NtCreateMutant
NtDuplicateToken
CsrIdentifyAlertableThread
_fltused
NtDuplicateObject
ZwQueryMutant
ZwClearEvent
ZwWaitForSingleObject
RtlFindLongestRunClear
RtlFindLeastSignificantBit
NtQueryTimer
NtAllocateVirtualMemory
RtlSetUserFlagsHeap
ZwFlushInstructionCache
RtlOemStringToUnicodeString
ZwCreateSection
RtlDosSearchPath_Ustr
NtDisplayString
NtWaitForSingleObject
RtlPopFrame
ZwCreateToken

msvcrt

??1exception@@UAE@XZ
__getmainargs
_ismbcgraph
___mb_cur_max_func
_ismbcalnum
__set_app_type
__pxcptinfoptrs
_findfirsti64
_wfindfirsti64
__p__commode
_wcsicoll
??_7exception@@6B@
_spawnvpe
__p__wcmdln
_getw
_wgetcwd
_i64tow
_tolower
strpbrk
__crtCompareStringA
_wfindnext
__p__mbcasemap
abort
_purecall
_getche
__p__winminor
_lseeki64
exit
_isctype

msjtes40

DllGetClassObject
DllMain

user32

MessageBoxW
EndDialog

shell32

SHGetMalloc

Sections

.tixt
Size: 79KB - Virtual size: 79KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 38KB - Virtual size: 38KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 49KB - Virtual size: 235KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 1024B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

4cf55cfbc5f7c4e36093360d0a3dfba7

Headers

DLL Characteristics

File Characteristics

Imports

msvcrt40

polstore

odbccu32

rtm

kernel32

apphelp

olecli32

ntdll

msvcrt

msjtes40

user32

shell32

Sections

.tixt Size: 79KB - Virtual size: 79KB

.rdata Size: 38KB - Virtual size: 38KB

.data Size: 49KB - Virtual size: 235KB

.rsrc Size: 2KB - Virtual size: 2KB

.reloc Size: 1024B - Virtual size: 1024B

.tixt
Size: 79KB - Virtual size: 79KB

.rdata
Size: 38KB - Virtual size: 38KB

.data
Size: 49KB - Virtual size: 235KB

.rsrc
Size: 2KB - Virtual size: 2KB

.reloc
Size: 1024B - Virtual size: 1024B