4ec4c159b02e73aeeabb66c5d932c33e

Sharing

Copy URL Twitter E-mail

General

Target

4ec4c159b02e73aeeabb66c5d932c33e
Size

139KB
MD5

4ec4c159b02e73aeeabb66c5d932c33e
SHA1

5182114034039ca6088b9bc958fc2bed8775743e
SHA256

6c89d9fe637a5b735120d81d3a4c311e18441c5acd0a0c1e2051a769f411d1b4
SHA512

0dc46e2a253bc2d2e2942e2ffbffedb1cc05768d04c0a41feab71796260c093709a1d2bce9f24ce74278bae9b3ca2bc5630efad240e27f53ef142eb75c4dcc62
SSDEEP

3072:naBc8M2IZ5N7sxIBwrjUfpG7o8VabptyMH4mbCteHYdqPPTGC67Qs:WcKIZrawwnuGnIpnBGte4QHq7Q

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
4ec4c159b02e73aeeabb66c5d932c33e

Files

4ec4c159b02e73aeeabb66c5d932c33e
.exe windows:5 windows x86 arch:x86

4522ec36170606ae14a6da7c536aad3c

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

gdi32

GetStretchBltMode
SetBitmapBits
SetDeviceGammaRamp
GetCharWidthA
GdiEntry10
EngDeletePath
DescribePixelFormat
StartFormPage
CreatePolygonRgn
GetRgnBox
FloodFill
GdiEntry16
GdiEntry1
DdEntry40
SelectClipRgn
GetCurrentObject
SetDIBitsToDevice
GdiGetPageHandle
ExtCreateRegion
CreateRoundRectRgn
GdiConvertBitmap
MaskBlt
GetObjectW
GetCharacterPlacementA
GetTextAlign
XLATEOBJ_iXlate
GetCharWidthInfo
cGetTTFFromFOT
StartPage
GdiDescribePixelFormat
EngGetCurrentCodePage
SetRelAbs
Ellipse
GdiEntry8
GdiRealizationInfo
CLIPOBJ_ppoGetPath
GdiAddGlsRecord
DdEntry12
SetBoundsRect
DdEntry7
ExtSelectClipRgn

msi

MsiRecordReadStream
MsiEnumComponentQualifiersW
MsiCloseHandle
MsiGetActiveDatabase
MsiRecordIsNull
MsiGetProductInfoA
MsiQueryProductStateA
MsiApplyPatchA
MsiPreviewBillboardA
MsiConfigureFeatureFromDescriptorA
MsiGetShortcutTargetW
MsiGetFeatureInfoA
MsiDatabaseExportA
MsiInstallProductW
MsiDatabaseImportA
MsiOpenProductW
MsiViewExecute
MsiRecordDataSize
MsiAdvertiseProductW
MsiGetFileHashW
MsiQueryFeatureStateW
MsiGetSummaryInformationA
DllGetVersion
MsiProcessMessage
MsiViewGetErrorA
MsiViewGetErrorW
MsiInstallMissingFileA
MsiAdvertiseProductA
MsiGetFileVersionA
MsiGetPatchInfoA
MsiProvideQualifiedComponentExW
MsiDoActionA

userenv

GetUserProfileDirectoryA
DeleteProfileW
UnloadUserProfile
GetProfileType
GetProfilesDirectoryA
ExpandEnvironmentStringsForUserW
LeaveCriticalPolicySection
GetAllUsersProfileDirectoryA
GetProfilesDirectoryW
LoadUserProfileW
GetDefaultUserProfileDirectoryA
EnterCriticalPolicySection
WaitForUserPolicyForegroundProcessing
UnregisterGPNotification
RsopLoggingEnabled
RsopAccessCheckByType
GetGPOListW
RefreshPolicyEx
GetUserProfileDirectoryW
ProcessGroupPolicyCompletedEx
GetPreviousFgPolicyRefreshInfo
ExpandEnvironmentStringsForUserA
DestroyEnvironmentBlock
GetNextFgPolicyRefreshInfo
GetAppliedGPOListW
GetDefaultUserProfileDirectoryW
ProcessGroupPolicyCompleted
GetAppliedGPOListA
DeleteProfileA
LoadUserProfileA
RsopFileAccessCheck
GetGPOListA

ntdsapi

DsListServersForDomainInSiteW
DsClientMakeSpnForTargetServerW
DsFreeSpnArrayW
DsGetDomainControllerInfoA
DsListServersForDomainInSiteA
DsFreeSchemaGuidMapW
DsInheritSecurityIdentityA
DsBindW
DsCrackNamesW
DsRemoveDsServerW
DsReplicaFreeInfo
DsFreeSpnArrayA
DsMakeSpnW
DsCrackUnquotedMangledRdnW
DsFreeDomainControllerInfoA
DsUnquoteRdnValueA
DsReplicaAddA
DsReplicaModifyA
DsFreePasswordCredentials
DsReplicaVerifyObjectsA
DsCrackSpn3W
DsaopExecuteScript
DsFreeSchemaGuidMapA
DsClientMakeSpnForTargetServerA
DsFreeNameResultW
DsListServersInSiteW
DsMakeSpnA
DsRemoveDsDomainA
DsReplicaVerifyObjectsW
DsInheritSecurityIdentityW
DsUnBindW
DsaopUnBind
DsBindA

rasapi32

RasSetEntryDialParamsW
RasClearConnectionStatistics
RasEnumConnectionsA
RasGetEapUserIdentityW
RasGetEntryDialParamsW
DwEnumEntryDetails
RasDeleteEntryW
RasGetSubEntryPropertiesA
RasGetSubEntryHandleA
RasSetSubEntryPropertiesW
RasGetConnectStatusA
RasRenameEntryA
RasGetErrorStringW
RasSetCredentialsW
RasValidateEntryNameW
RasGetProjectionInfoA
RasGetAutodialAddressA
RasGetCountryInfoA
RasGetSubEntryPropertiesW
RasGetAutodialParamA
RasQuerySharedAutoDial
RasScriptGetIpAddress
RasGetLinkStatistics
RasEditPhonebookEntryA
RasSetCustomAuthDataA
RasGetCountryInfoW
RasEnumConnectionsW
RasSetEntryDialParamsA
RasGetErrorStringA
RasSetOldPassword

secur32

InitSecurityInterfaceW
LsaDeregisterLogonProcess
RevertSecurityContext
SaslInitializeSecurityContextA
EncryptMessage
AddSecurityPackageA
AddCredentialsA
LsaLookupAuthenticationPackage
InitSecurityInterfaceA
ImportSecurityContextW
FreeCredentialsHandle
VerifySignature
LsaUnregisterPolicyChangeNotification
AddSecurityPackageW
LsaRegisterLogonProcess
GetUserNameExW
AcquireCredentialsHandleA
SaslIdentifyPackageW
GetSecurityUserInfo
QueryCredentialsAttributesA
QueryContextAttributesA
DecryptMessage
GetComputerObjectNameA
EnumerateSecurityPackagesW
AddCredentialsW
LsaConnectUntrusted
SaslAcceptSecurityContext
SecpTranslateNameEx
AcquireCredentialsHandleW
SecpFreeMemory
MakeSignature
QuerySecurityPackageInfoA
LsaEnumerateLogonSessions
UnsealMessage
TranslateNameW
CredUnmarshalTargetInfo
EnumerateSecurityPackagesA
SaslEnumerateProfilesW
SaslInitializeSecurityContextW

kernel32

SetHandleInformation
MoveFileExA
TransactNamedPipe
CreateHardLinkW
WideCharToMultiByte
GetVolumeNameForVolumeMountPointA
GetUserDefaultLangID
PostQueuedCompletionStatus
GetAtomNameA
GetStdHandle
GetCurrentThread
OpenThread
ReadConsoleOutputCharacterW
ReadConsoleOutputA
GetThreadSelectorEntry
lstrcpynW
GetCommandLineW
SetConsoleWindowInfo
SearchPathW
SetDefaultCommConfigW
GetExitCodeProcess
WritePrivateProfileStringW
LZSeek
GetWindowsDirectoryA
BackupRead
GetCurrentProcessId
GetTimeZoneInformation
ExpandEnvironmentStringsW
CreateJobSet
GetUserDefaultLCID
GetDevicePowerState
LoadLibraryA
GetConsoleCommandHistoryLengthA
VirtualAlloc
GetLogicalDriveStringsA
FindFirstVolumeMountPointW
SetConsoleTitleW
GetStartupInfoA
ResetWriteWatch
SetFirmwareEnvironmentVariableW
FlushFileBuffers
VirtualQuery
IsValidLocale

Sections

.text
Size: 60KB - Virtual size: 59KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 22KB - Virtual size: 21KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 54KB - Virtual size: 210KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 364B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

4522ec36170606ae14a6da7c536aad3c

Headers

DLL Characteristics

File Characteristics

Imports

gdi32

msi

userenv

ntdsapi

rasapi32

secur32

kernel32

Sections

.text Size: 60KB - Virtual size: 59KB

.rdata Size: 22KB - Virtual size: 21KB

.data Size: 54KB - Virtual size: 210KB

.rsrc Size: 2KB - Virtual size: 1KB

.reloc Size: 512B - Virtual size: 364B

.text
Size: 60KB - Virtual size: 59KB

.rdata
Size: 22KB - Virtual size: 21KB

.data
Size: 54KB - Virtual size: 210KB

.rsrc
Size: 2KB - Virtual size: 1KB

.reloc
Size: 512B - Virtual size: 364B