5597f92e82d406d56ff391cdc5a5f3ee

Sharing

Copy URL Twitter E-mail

General

Target

5597f92e82d406d56ff391cdc5a5f3ee
Size

85KB
MD5

5597f92e82d406d56ff391cdc5a5f3ee
SHA1

c2dcde09fcd794ec75cba59bc21d2168173acc15
SHA256

720ce9540a89ece52bddbf917fdb463031f10ef8522e51ef5ac45a3f1526d518
SHA512

074f00f8203ade7f3b9a9c9304d644dc595718a784aea9b327df088483cd3fed0a1d4ab7b695f7b5943c46a67efea322a1e623c4e4b104bf6c6f4ef79f36078c
SSDEEP

1536:t07Zaq8DwzBwydX4bTBaNh0xpjBUf3jqdI0HoIG7hlDk0253Sjob4GXmBv:t04qvqyN4bTDj8zqy0IVhlgF5Uf

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
5597f92e82d406d56ff391cdc5a5f3ee

Files

5597f92e82d406d56ff391cdc5a5f3ee
.exe windows:5 windows x86 arch:x86

6334dca716543f6d8411f87e5a3c5f31

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

LZInit
_llseek
Heap32ListFirst
HeapDestroy
LoadLibraryA
EnumCalendarInfoA
TlsAlloc
MapUserPhysicalPages
RestoreLastError
GetSystemInfo
_lopen
FlushConsoleInputBuffer
lstrcmpA
TzSpecificLocalTimeToSystemTime
IsDBCSLeadByteEx
LocalSize
CompareFileTime
GetConsoleAliasesA
QueryPerformanceFrequency
SetSystemTimeAdjustment
CreateProcessW
SetFileApisToOEM
GetTimeFormatA
GetConsoleNlsMode
LocalAlloc
GetDriveTypeW
GetConsoleWindow
VirtualAlloc
SetThreadAffinityMask
GetFileAttributesW
SetConsoleWindowInfo
GetNumaAvailableMemoryNode
AddLocalAlternateComputerNameW

rtm

RtmGetChangedDests
RtmDeleteRouteToDest
RtmReleaseDestInfo
RtmGetEnumNextHops
RtmGetRouteAge
MgmGetFirstMfeStats
CreateTable
RtmGetRouteInfo
RtmGetEnumRoutes
RtmGetExactMatchRoute
RtmGetNetworkCount
MgmGetMfeStats
RtmReleaseChangedDests
RtmGetOpaqueInformationPointer
InsertIntoTable
DeleteFromTable

dsquery

DllInstall
OpenQueryWindow
DllCanUnloadNow
DllUnregisterServer
DllGetClassObject
OpenSavedDsQueryW
OpenSavedDsQuery
DllRegisterServer

odbccu32

SQLSetScrollOptions
SQLGetStmtAttr
SQLFetchScroll
SQLSetPos
SQLEndTran
SQLExecute
SQLExecDirect
SQLParamData
SQLGetDescRec
SQLTransact
SQLNativeSql
SQLExtendedFetch
SQLBulkOperations
SQLGetStmtOption
SQLSetConnectAttr
SQLGetInfo

Sections

.text
Size: 36KB - Virtual size: 36KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 25KB - Virtual size: 28KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 19KB - Virtual size: 19KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 344B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

6334dca716543f6d8411f87e5a3c5f31

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

rtm

dsquery

odbccu32

Sections

.text Size: 36KB - Virtual size: 36KB

.rdata Size: 2KB - Virtual size: 1KB

.data Size: 25KB - Virtual size: 28KB

.rsrc Size: 19KB - Virtual size: 19KB

.reloc Size: 512B - Virtual size: 344B

.text
Size: 36KB - Virtual size: 36KB

.rdata
Size: 2KB - Virtual size: 1KB

.data
Size: 25KB - Virtual size: 28KB

.rsrc
Size: 19KB - Virtual size: 19KB

.reloc
Size: 512B - Virtual size: 344B