57ee482526c7db7493933d40bd8fdf09

Sharing

Copy URL Twitter E-mail

General

Target

57ee482526c7db7493933d40bd8fdf09
Size

364KB
MD5

57ee482526c7db7493933d40bd8fdf09
SHA1

09b095524478898549c7a4182e3ddea90375f987
SHA256

e181bfd4fc3dcc16fbaae6b6467336c71c7e63cb358b1706a5074a501a91d8b1
SHA512

cac1b85dfabf44e8fa2609654f75476263c2d9144122ea15a929841309a9201132491c9a4ae525b03507fdb493523bc392fc9582f8bac75f91e93fefc35ca548
SSDEEP

6144:I9nG4WeVTkd5Sq8DLwRTXd5kCE89x7Ap9y4O5cB7nec7FKx:j9gkdsqJXd5Dj9xEFO5Y7neOKx

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
57ee482526c7db7493933d40bd8fdf09

Files

57ee482526c7db7493933d40bd8fdf09
.exe windows:5 windows x86 arch:x86

d043889283c89078b2a87637828e1d88

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

setupapi

CM_Get_DevNode_Registry_Property_ExW
pSetupStringTableDuplicate
CMP_Init_Detection
CM_Setup_DevNode_Ex
SetupGetFileCompressionInfoExA
SetupRemoveInstallSectionFromDiskSpaceListW
SetupDiGetSelectedDriverA
pSetupDestroyRunOnceNodeList
CM_Get_Parent_Ex
SetupQueueRenameA
CM_Modify_Res_Des
CM_Free_Res_Des
SetupDefaultQueueCallbackA
MyFree
CM_Uninstall_DevNode
SetupDiGetClassRegistryPropertyA
SetupCloseFileQueue
SetupQuerySourceListA
SetupDiSetClassInstallParamsW
pSetupVerifyQueuedCatalogs
CM_Get_Class_Key_Name_ExW
CM_Register_Device_Interface_ExW
SetupDiGetDeviceInstallParamsA
CM_Is_Dock_Station_Present
SetupDiDrawMiniIcon
CM_Set_HW_Prof_Ex
CM_Query_Arbitrator_Free_Size
CM_Register_Device_InterfaceW
SetupDiGetDeviceRegistryPropertyW
SetupDiSetClassRegistryPropertyW
CM_Get_Hardware_Profile_InfoW
pSetupShouldDeviceBeExcluded
pSetupAddMiniIconToList
CM_Invert_Range_List
CM_Set_HW_Prof_Flags_ExA
pSetupOpenAndMapFileForRead
CM_Get_Device_Interface_Alias_ExW
pSetupDoesUserHavePrivilege
SetupQueryInfOriginalFileInformationW
CM_Is_Version_Available
SetupQueueDefaultCopyA
ExtensionPropSheetPageProc
pSetupStringTableDestroy
CM_Dup_Range_List
SetupGetBackupInformationW
SetupGetFileQueueFlags
CM_Set_DevNode_Registry_Property_ExW
SetupQueryInfVersionInformationA
SetupCloseLog
CM_Get_Depth
CM_Get_First_Log_Conf
SetupCreateDiskSpaceListA
SetupGetIntField
SetupDiGetDeviceInfoListDetailW
CM_Get_Device_Interface_ListW
CM_Get_Device_ID_List_ExA
CM_Free_Log_Conf
SetupInitializeFileLogA
SetupDiSetDeviceRegistryPropertyA
SetupGetFileCompressionInfoA
SetupQueueRenameSectionA
CM_Unregister_Device_Interface_ExA
SetupCopyOEMInfW
pSetupGetField
pSetupQueryMultiSzValueToArray
CM_Enumerate_EnumeratorsW
SetupDiGetClassImageListExW

kernel32

EnterCriticalSection
SetFirmwareEnvironmentVariableA
GetConsoleCommandHistoryA
GetCommandLineW
SetCommState
GetFullPathNameW
UpdateResourceW
DeleteCriticalSection
EnumLanguageGroupLocalesW
FindAtomA
FillConsoleOutputCharacterW
GetDevicePowerState
SetDefaultCommConfigA
PeekNamedPipe
Toolhelp32ReadProcessMemory
DefineDosDeviceW
_lwrite
Thread32First
FindClose
TlsAlloc
VirtualAlloc
LoadLibraryA
SystemTimeToTzSpecificLocalTime
GetFirmwareEnvironmentVariableW
RegisterWowBaseHandlers
FindResourceExW
SetThreadContext
CreateFileA
CreateSemaphoreA
GetAtomNameW
GlobalDeleteAtom
IsBadStringPtrW
LeaveCriticalSection
LocalCompact
LZDone
ExpungeConsoleCommandHistoryA

msvcirt

?blen@streambuf@@IBEHXZ
?sgetn@streambuf@@QAEHPADH@Z
?put@ostream@@QAEAAV1@C@Z
??0istream@@IAE@XZ
??_Dostream@@QAEXXZ
?putback@istream@@QAEAAV1@D@Z
??5istream@@QAEAAV0@PAD@Z
??1strstreambuf@@UAE@XZ
??6ostream@@QAEAAV0@O@Z
??0Iostream_init@@QAE@AAVios@@H@Z
??_Difstream@@QAEXXZ
??_Diostream@@QAEXXZ
?ipfx@istream@@QAEHH@Z
??1stdiobuf@@UAE@XZ
??0ofstream@@QAE@PBDHH@Z
??0streambuf@@IAE@PADH@Z
?eof@ios@@QBEHXZ
?sputbackc@streambuf@@QAEHD@Z
??_Gistream_withassign@@UAEPAXI@Z
?oct@@YAAAVios@@AAV1@@Z
??0istream_withassign@@QAE@ABV0@@Z
?setf@ios@@QAEJJ@Z
?write@ostream@@QAEAAV1@PBEH@Z
?get@istream@@QAEAAV1@AAVstreambuf@@D@Z
?str@istrstream@@QAEPADXZ
?setbuf@streambuf@@UAEPAV1@PADH@Z
?rdstate@ios@@QBEHXZ
?rdbuf@stdiostream@@QBEPAVstdiobuf@@XZ
??0ostream@@QAE@PAVstreambuf@@@Z
??_7filebuf@@6B@
?sunk_with_stdio@ios@@0HA
?pbump@streambuf@@IAEXH@Z
?snextc@streambuf@@QAEHXZ
?rdbuf@ostrstream@@QBEPAVstrstreambuf@@XZ
??1filebuf@@UAE@XZ
??_Gios@@UAEPAXI@Z
??1strstream@@UAE@XZ
??0ios@@IAE@XZ
??5istream@@QAEAAV0@P6AAAV0@AAV0@@Z@Z
?sync@stdiobuf@@UAEHXZ
?read@istream@@QAEAAV1@PACH@Z
?allocate@streambuf@@IAEHXZ
?floatfield@ios@@2JB

authz

AuthzFreeResourceManager
AuthziInitializeAuditQueue
AuthziModifyAuditEventType
AuthzInitializeResourceManager
AuthzFreeAuditEvent
AuthziInitializeAuditParams
AuthziInitializeAuditEvent
AuthzGetInformationFromContext
AuthzAccessCheck
AuthzInitializeContextFromSid
AuthzFreeContext
AuthzFreeHandle
AuthziInitializeAuditParamsWithRM
AuthzInitializeContextFromToken
AuthziFreeAuditEventType
AuthziAllocateAuditParams
AuthzInitializeObjectAccessAuditEvent
AuthziModifyAuditQueue
AuthzInitializeContextFromAuthzContext
AuthziFreeAuditQueue
AuthziLogAuditEvent
AuthzCachedAccessCheck
AuthziFreeAuditParams
AuthziModifyAuditEvent
AuthzOpenObjectAudit
AuthzAddSidsToContext
AuthziInitializeAuditEventType
AuthziInitializeAuditParamsFromArray

imagehlp

ImageEnumerateCertificates
SymLoadModule
MapFileAndCheckSumA
UnmapDebugInformation
SymCleanup
ImageDirectoryEntryToData
SymGetLineNext
SymEnumSymbols
FindFileInSearchPath
SymGetModuleInfoW
SymEnumerateSymbols
SetImageConfigInformation
SymGetModuleBase
SymGetSymFromAddr
SymGetLineFromName
ReBaseImage64
MakeSureDirectoryPathExists
SymGetLineFromAddr64
SymRegisterFunctionEntryCallback
EnumerateLoadedModules64
SymMatchString
GetTimestampForLoadedLibrary
SymFindFileInPath
SymGetSymNext64
MapFileAndCheckSumW
SplitSymbols
SymFromName
StackWalk64

Sections

.text
Size: 24KB - Virtual size: 24KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 35KB - Virtual size: 35KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 296KB - Virtual size: 719KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 920B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

d043889283c89078b2a87637828e1d88

Headers

DLL Characteristics

File Characteristics

Imports

setupapi

kernel32

msvcirt

authz

imagehlp

Sections

.text Size: 24KB - Virtual size: 24KB

.rdata Size: 35KB - Virtual size: 35KB

.data Size: 296KB - Virtual size: 719KB

.rsrc Size: 5KB - Virtual size: 5KB

.reloc Size: 1024B - Virtual size: 920B

.text
Size: 24KB - Virtual size: 24KB

.rdata
Size: 35KB - Virtual size: 35KB

.data
Size: 296KB - Virtual size: 719KB

.rsrc
Size: 5KB - Virtual size: 5KB

.reloc
Size: 1024B - Virtual size: 920B