502e2158b9f44f91490d15c62f2dcb61

Sharing

Copy URL Twitter E-mail

General

Target

502e2158b9f44f91490d15c62f2dcb61
Size

85KB
MD5

502e2158b9f44f91490d15c62f2dcb61
SHA1

a0f0ac8593e9c49b2caaf505f8a278b99b0c4ad0
SHA256

3bdd3913df572e896562049ff271506eecd68761c3a8bc3db9c9911d7fb1342c
SHA512

c763cbe51f76bf0fc088bf36d3908e64c90ba08b81b01af14b06a42fb9f4e2bd83b1e7de843f2fd41277d74c7581eb1f599ff82d9f5c030079519ca618bb7ba9
SSDEEP

1536:oaIX5je2BELVhkOfe8u0lg9zSn+WV3aixOelvOlwW9rV/qKHBDOFzTEgD0OGWcWN:LIJ/E5eOf9yhSnXxrvSL99gD7rr6Y

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
502e2158b9f44f91490d15c62f2dcb61

Files

502e2158b9f44f91490d15c62f2dcb61
.exe windows:5 windows x86 arch:x86

1acb1221d0b2a51be3be63b3a933b51c

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

winscard

SCardIntroduceReaderGroupW
SCardConnectW
SCardLocateCardsA
g_rgSCardT1Pci
SCardDisconnect
SCardListReaderGroupsW
SCardGetStatusChangeA
SCardListCardsW
SCardSetCardTypeProviderNameW
SCardForgetReaderW
SCardListReadersW
SCardIntroduceReaderGroupA
SCardIntroduceCardTypeA
SCardConnectA
SCardGetCardTypeProviderNameA
SCardIntroduceCardTypeW
SCardRemoveReaderFromGroupW
SCardGetProviderIdA

mprapi

MprAdminPortDisconnect
MprAdminGetErrorString
MprConfigTransportCreate
MprAdminUserWriteProfFlags
MprGetUsrParams
MprAdminServerGetCredentials
MprConfigTransportGetInfo
MprInfoDuplicate
MprAdminServerDisconnect
MprAdminInterfaceCreate
MprAdminIsDomainRasServer
MprInfoBlockFind
MprAdminPortClearStats
MprDomainQueryRasServer
MprConfigTransportSetInfo
MprAdminServerGetInfo
MprAdminMIBEntrySet
MprInfoDelete
MprAdminInterfaceTransportSetInfo
MprAdminUserOpen

kernel32

LZStart
GetBinaryType
CreateEventA
GetCurrentProcessId
GetProcAddress
GetDefaultCommConfigA
LoadLibraryA
FindResourceExA
UnregisterWait
FileTimeToDosDateTime
GetStartupInfoA
VirtualAlloc
HeapCreate
GetDiskFreeSpaceA
EnumSystemGeoID
LocalSize
SetConsoleInputExeNameW
HeapQueryInformation
QueryPerformanceCounter
GetProfileSectionA
FindNextVolumeMountPointW
IsBadHugeReadPtr
GetTickCount
SetCommConfig
SetLocalPrimaryComputerNameW
BuildCommDCBAndTimeoutsA
CreateTapePartition
GetSystemTimeAsFileTime
GetLastError
RequestWakeupLatency
MoveFileW
GetCurrentThreadId
_lwrite

advapi32

GetServiceDisplayNameW
GetTokenInformation
SystemFunction029
GetNamedSecurityInfoW
SystemFunction020
SystemFunction015
RegEnumKeyA
LsaICLookupNames
SetSecurityInfoExA
RegFlushKey
DecryptFileW
LsaQuerySecret
RegOpenUserClassesRoot
SetEntriesInAccessListW

msvcp60

??Mstd@@YA_NPBDABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@@Z
?ends@std@@YAAAV?$basic_ostream@DU?$char_traits@D@std@@@1@AAV21@@Z
??_D?$basic_istringstream@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEXXZ
?do_truename@?$numpunct@G@std@@MBE?AV?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@2@XZ
?sqrt@?$_Ctr@M@std@@SAMM@Z
?compare@?$collate@G@std@@QBEHPBG000@Z
??0?$basic_iostream@DU?$char_traits@D@std@@@std@@QAE@ABV01@@Z
?open@?$basic_ofstream@DU?$char_traits@D@std@@@std@@QAEXPBDH@Z
??_F?$basic_ostringstream@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAEXXZ
??8std@@YA_NABMABV?$complex@M@0@@Z

wsnmp32

SnmpCreateSession
SnmpGetPduData
_SnmpSetAgentAddress@4
SnmpDuplicatePdu
SnmpClose
SnmpFreeEntity
SnmpGetVendorInfo
SnmpStrToOid
SnmpCancelMsg
SnmpOidCopy
SnmpOidToStr

Sections

.text
Size: 31KB - Virtual size: 31KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 12KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 19KB - Virtual size: 51KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 20KB - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 308B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

1acb1221d0b2a51be3be63b3a933b51c

Headers

DLL Characteristics

File Characteristics

Imports

winscard

mprapi

kernel32

advapi32

msvcp60

wsnmp32

Sections

.text Size: 31KB - Virtual size: 31KB

.rdata Size: 12KB - Virtual size: 12KB

.data Size: 19KB - Virtual size: 51KB

.rsrc Size: 20KB - Virtual size: 20KB

.reloc Size: 512B - Virtual size: 308B

.text
Size: 31KB - Virtual size: 31KB

.rdata
Size: 12KB - Virtual size: 12KB

.data
Size: 19KB - Virtual size: 51KB

.rsrc
Size: 20KB - Virtual size: 20KB

.reloc
Size: 512B - Virtual size: 308B