4f2f36c86c5cf073ad681008a7dcbcfb

Sharing

Copy URL Twitter E-mail

General

Target

4f2f36c86c5cf073ad681008a7dcbcfb
Size

376KB
MD5

4f2f36c86c5cf073ad681008a7dcbcfb
SHA1

f45680d38cf3a375245133a96d17a9efadb1b75f
SHA256

5ed7d52630dafca5acabe6996c25ee80c62442d37fb63378a53d7d2073127032
SHA512

4c3267ee26374b2a0ca7d72571effec329f72df1c11c40fdaf6060d66b6cef309393b34977a47fa5ff8013b2ae6131773c365a159f9d4b1a84e5255d6cbfd7fb
SSDEEP

6144:LatkV5p+chSu9m37UoRrcgzhjPsOD0W03iye2jKS/y2auUBpKLFByT:LIk5pcKm3IoRQgzlxD0Qye2jlbUWLF

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
4f2f36c86c5cf073ad681008a7dcbcfb

Files

4f2f36c86c5cf073ad681008a7dcbcfb
.exe windows:5 windows x86 arch:x86

b2760aa165124ede2bef85e77940867a

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Imports

rasman

RasPortGetBundle
RasDeviceGetInfo
RasFindPrerequisiteEntry
RasRequestNotification
RasRegisterRedialCallback
RasAddConnectionPort
RasGetDialParams
RasSetDevConfig
RasSecurityDialogSend
RasGetDevConfigEx
RasDeviceConnect
RasDestroyConnection
RasStartRasAutoIfRequired
RasRpcRemoteGetUserPreferences
RasRpcGetErrorString
RasGetTimeSinceLastActivity
RasRpcDisconnect
RasRPCBind
RasRpcConnect
RasPortOpenEx
RasServerPortClose
RasGetNdiswanDriverCaps
RasRpcUnloadDll
RasPortGetProtocolCompression
RasGetUnicodeDeviceName
RasRpcGetInstalledProtocols
RasBundleClearStatistics
RasGetCalledIdInfo
RasGetInfoEx
RasDeviceEnum
RasGetEapUserInfo
RasSetRouterUsage
RasInitializeNoWait
RasPortGetStatisticsEx

msvcrt40

??6ostream@@QAEAAV0@J@Z
??6ostream@@QAEAAV0@PBE@Z
?text@filebuf@@2HB
?get@istream@@QAEAAV1@PAEHD@Z
iswxdigit
_wfdopen
?adjustfield@ios@@2JB
??_G__non_rtti_object@@UAEPAXI@Z
??_7logic_error@@6B@
__p___wargv
_snprintf
fread
??0filebuf@@QAE@XZ
_mbsbtype
__dllonexit
_fsopen
??4istream@@IAEAAV0@PAVstreambuf@@@Z
?gcount@istream@@QBEHXZ
_wexecvp
__fpecode
wcsncpy
_lrotl
?attach@filebuf@@QAEPAV1@H@Z
_adj_fdivr_m32i
_getdrive
iswprint
_logb
_ismbbprint
_filelengthi64
?_set_new_handler@@YAP6AHI@ZP6AHI@Z@Z
_wmktemp
??_7stdiobuf@@6B@
_open
atan2
??0exception@@QAE@XZ
_wopen
??1ios@@UAE@XZ
_lseeki64
islower
fseek
??_Eiostream@@UAEPAXI@Z
isxdigit
__p__winver
??0streambuf@@IAE@PADH@Z
??0fstream@@QAE@H@Z
?close@fstream@@QAEXXZ
_safe_fdiv
??0fstream@@QAE@XZ
_ismbckata
_wexeclp
?fill@ios@@QAEDD@Z
iswctype
rename
_rotr
_copysign
_mbsrchr
?unsetf@ios@@QAEJJ@Z
?getdouble@istream@@AAEHPADH@Z
?get@istream@@QAEAAV1@AAC@Z
_read
??_Gstdiobuf@@UAEPAXI@Z
?gbump@streambuf@@IAEXH@Z
?doallocate@strstreambuf@@MAEHXZ
putchar
atof

sqlunirl

_CreateMDIWindow_@40
_GetFileTitle@12
_WriteConsoleInput_@16
_OemToCharBuff_@12
_LookupAccountSid_@28
_PostMessage@16
_GetCharABCWidths_@16
_NDdeIsValidAppTopicList_@4
_RegisterWindowMessage_@4
_BuildCommDCB_@8
_RegEnumKeyEx_@32
_GetMenuString_@20
_lstrcmpi_@8
_CreateScalableFontResource_@16
_DlgDirList_@20
_MapVirtualKeyEx_@12
_PeekMessage@20
_GetFileAttributesEx_@12
_CreateDialogIndirectParam@20
_EnumDisplaySettings_@12
_FindExecutable_@12
__lwrite_@12
_ExtTextOut@32
_DispatchMessage_@4
_MoveFileEx_@12
_GetEnhMetaFileDescription_@12
_wvsprintf_@12
_IsBadStringPtr_@8
_ResetDC_@8
_DlgDirSelectComboBoxEx_@16
_DefWindowProc@16
_EnumProps_@8
_CreateIC_@16
_AddAtom_@4
_NDdeTrustedShareEnum_@24
_GetServiceKeyName_@16

query

?GetStr@CKey@@QBEPAGXZ
?SkipULong@CMemDeSerStream@@UAEXXZ
?EnumerateProperty@CPidLookupTable@@QAEHAAVCFullPropSpec@@AAI@Z
?CheckHasIndexTable@CiStorage@@SGHPBG@Z
?AddToWorkQueue@CFwAsyncWorkItem@@QAEXXZ
?VT_VARIANT_GE@@YGHABUtagPROPVARIANT@@0@Z
?AddToWorkList@CWorkManager@@QAEXPAVCFwAsyncWorkItem@@@Z
?DeleteRegistryParamNoThrow@CCatalogAdmin@@QAEXPBG@Z
?ReBuild@CPidRemapper@@QAEXABVCPidMapper@@@Z
?UnMarshallTree@CDbCmdTreeNode@@SGPAV1@AAVPDeSerStream@@@Z
?SetBOOL@CStorageVariant@@QAEXFI@Z
?GetCGIVariable@CWebServer@@QAEHPBDAAV?$XArray@G@@AAK@Z
??0CMachineAdmin@@QAE@PBGH@Z
?CIShutdown@@YGXXZ
?AddArg@CEventItem@@QAEXPBG@Z
??1CRestriction@@QAE@XZ
?Set@CPidRemapper@@QAEXAAV?$XArray@K@@@Z
?CheckError@CLocalGlobalPropertyList@@QAEJAAKPAPAG@Z
?GetStackTrace@@YGXPADK@Z
?GetBackupSize@CPropStoreManager@@QAEKK@Z
_ForceMasterMerge@16
?BorrowNewBuffer@CPhysStorage@@QAEPAKK@Z
?AcqWord@CQueryScanner@@QAEPAGXZ
BindIFilterFromStorage
??1CProcess@@QAE@XZ
?SkipDouble@CMemDeSerStream@@UAEXXZ
?MakeBackupCopy@CPhysStorage@@QAEXAAV1@AAVPSaveProgressTracker@@@Z
?UnMarshall@CRestriction@@SGPAV1@AAVPDeSerStream@@@Z
?ShrinkToFit@CPhysStorage@@QAEXXZ
??0CDbColumns@@QAE@I@Z
?OpenExclusive@CMmStream@@QAEXPAGH@Z
?Find@CEmptyPropertyList@@QAEPBVCPropEntry@@ABVCDbColId@@@Z
??0CCatState@@QAE@XZ
??3CDbCmdTreeNode@@SGXPAX@Z
?Serialize@CDbQueryResults@@QBEXAAVPSerStream@@@Z
??0CPidLookupTable@@QAE@XZ
?ClearList@CCombinedPropertyList@@QAEXXZ
??0CQueryScanner@@QAE@PBGHKH@Z

user32

SetCapture
AllowForegroundActivation
ModifyMenuW
UserLpkPSMTextOut
ValidateRgn
IsChild
GetRawInputData
SetPropA
GetProcessDefaultLayout
EnumWindowStationsW
RegisterLogonProcess
GetKeyboardType
SendMessageW
UnregisterHotKey
CtxInitUser32
OemKeyScan
DdeCreateDataHandle
SetCaretPos
GetSysColorBrush
OpenClipboard
GetWindowTextLengthW
DispatchMessageA
SendNotifyMessageA
OemToCharA
CreateIconFromResource
GetMenuStringA
TrackMouseEvent
GetLayeredWindowAttributes
GetDlgCtrlID
UnloadKeyboardLayout
EnumPropsExA
CreateCaret
WCSToMBEx
DestroyWindow
GetParent
GetUserObjectInformationW
DrawStateW
DialogBoxParamA

kernel32

GetProcessHeaps
LocalAlloc
GetNumaHighestNodeNumber
Module32FirstW
GetCurrentThread
FlushInstructionCache
FindActCtxSectionGuid
GlobalLock
Heap32ListNext
RtlUnwind
QueryPerformanceCounter
EnumResourceNamesA
FindFirstFileA
HeapCreate
OpenWaitableTimerW
LoadLibraryA
SetCommState
EnumResourceTypesW
SetConsoleLocalEUDC
ReadConsoleOutputCharacterW
GetDefaultCommConfigA
FindAtomA
CopyLZFile
GetEnvironmentStringsW
DisconnectNamedPipe
VirtualAlloc
UnregisterConsoleIME
UnlockFile
GetDriveTypeA
SetVolumeLabelW
CreateConsoleScreenBuffer
GetFileAttributesA

Sections

.text
Size: 78KB - Virtual size: 78KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 115KB - Virtual size: 115KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1KB - Virtual size: 529KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 180KB - Virtual size: 180KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 1024B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

b2760aa165124ede2bef85e77940867a

Headers

File Characteristics

Imports

rasman

msvcrt40

sqlunirl

query

user32

kernel32

Sections

.text Size: 78KB - Virtual size: 78KB

.rdata Size: 115KB - Virtual size: 115KB

.data Size: 1KB - Virtual size: 529KB

.rsrc Size: 180KB - Virtual size: 180KB

.reloc Size: 1024B - Virtual size: 1024B

.text
Size: 78KB - Virtual size: 78KB

.rdata
Size: 115KB - Virtual size: 115KB

.data
Size: 1KB - Virtual size: 529KB

.rsrc
Size: 180KB - Virtual size: 180KB

.reloc
Size: 1024B - Virtual size: 1024B