5851389434e83f88c7e195f17f09cdb5

Sharing

Copy URL Twitter E-mail

General

Target

5851389434e83f88c7e195f17f09cdb5
Size

867KB
MD5

5851389434e83f88c7e195f17f09cdb5
SHA1

934500c1792ea32f6f0c48a8a6bef26576f41857
SHA256

40924643a4ac47cc84100f9d6d51d792890c9eeec81b0ea4ee6f90d51c730d0c
SHA512

4b504ddb7d8da15170cd4b43f577ffa2f798d322ef8e836bf3e15569403b8c5bac3dcbec72085fd7dfaa20883de2e82f47020f7e070790179abef8ffbd9580eb
SSDEEP

12288:KFS8SgLymO9Nl5NEwQM8tcwW674TWq+zD5LuJzBDW0oPq1tq7H9F3kum+x:OSgLy3RX8jv74y/lqFNW0oPqDqrjm

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
5851389434e83f88c7e195f17f09cdb5

Files

5851389434e83f88c7e195f17f09cdb5
.exe windows:5 windows x86 arch:x86

441807280800c5e574efe13cfd78fa15

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetDevicePowerState
GetConsoleTitleA
SetConsoleHardwareState
IsDebuggerPresent
IsValidLocale
EnterCriticalSection
ReadProcessMemory
BuildCommDCBW
CreateMailslotW
LoadLibraryA
VirtualAlloc
OpenFileMappingW
DnsHostnameToComputerNameA
GetSystemDefaultLCID
SetConsoleActiveScreenBuffer
ConvertThreadToFiber
SetThreadContext
GetFileSizeEx
PeekConsoleInputW
GetCommState
DelayLoadFailureHook
IsValidCodePage
GetUserDefaultLCID
LeaveCriticalSection
EscapeCommFunction
EndUpdateResourceA
SetMessageWaitingIndicator
GetProcessVersion
FindNextVolumeMountPointA
WriteProcessMemory
TransmitCommChar
GetLogicalDriveStringsA
SetThreadPriority
HeapValidate
MapViewOfFile
FlushFileBuffers
GetLocaleInfoW
GetSystemTimeAdjustment
SetLocaleInfoA
WideCharToMultiByte
ConsoleMenuControl
_lclose
GetConsoleInputWaitHandle
InterlockedPushEntrySList

ntdll

ZwCreateFile
RtlRegisterWait
NtOpenKey
wcspbrk
RtlAbortRXact
RtlCharToInteger
RtlCopySecurityDescriptor
RtlUpperString
NtSecureConnectPort
NtQueryValueKey
ZwSetSecurityObject
NtTerminateJobObject
NtOpenProcessTokenEx
RtlActivateActivationContextEx
RtlAnsiCharToUnicodeChar
RtlVerifyVersionInfo
RtlPrefixString
__iscsym
ZwSetValueKey
_snwprintf
NtReplyWaitReceivePort
RtlUnhandledExceptionFilter
RtlInitUnicodeString
_memccpy
ZwCreateWaitablePort
NtOpenSemaphore
NtQuerySystemEnvironmentValue
RtlIpv4AddressToStringA
NtSuspendProcess
_strcmpi
ZwQueryEaFile
NtOpenThreadTokenEx
wcsncat
ZwSetQuotaInformationFile

dnsapi

DnsAcquireContextHandle_W
NetInfo_ResetServerPriorities
DnsGetBufferLengthForStringCopy
DnsDhcpSrvRegisterHostName
DnsRecordSetCompare
DnsValidateName_UTF8
DnsReleaseContextHandle
NetInfo_Build
DnsReplaceRecordSetA
Dns_ParseMessage
DnsUtf8ToUnicode
Dns_SetRecordDatalength
DnsApiHeapReset
DnsQueryExW
DnsRecordBuild_W
DnsGetCacheDataTable
DnsSetConfigDword
DnsRecordStringForType
Dns_InitializeMsgRemoteSockaddr
Dns_UpdateLib
Dns_CloseSocket
DnsNameCompare_W
DnsGlobals
DnsValidateUtf8Byte
DnsAsyncRegisterTerm
Dns_GetRandomXid
DnsAsyncRegisterHostAddrs
DnsNameCopy
DnsRemoveRegistrations
Dns_SkipToRecord
Dns_SendEx
DnsMapRcodeToStatus
Dns_InitializeWinsock
DnsExtractRecordsFromMessage_UTF8
DnsModifyRecordsInSet_W

lz32

LZCloseFile
LZClose
GetExpandedNameW
LZRead
LZCopy
LZStart
LZOpenFileW
LZDone
GetExpandedNameA
LZCreateFileW
LZInit
LZOpenFileA
LZSeek
CopyLZFile

msvcrt

__set_app_type
__getmainargs
__p__commode
exit

msvcrt40

??7ios@@QBEHXZ
?openprot@filebuf@@2HB
__fpecode
islower
sin
isupper
_chmod
?is_open@fstream@@QBEHXZ
atan2
??_8strstream@@7Bostream@@@
_lrotr
_onexit
??0stdiobuf@@QAE@ABV0@@Z
??4strstream@@QAEAAV0@AAV0@@Z
??_Eistrstream@@UAEPAXI@Z
_wcsnset
_cexit
_scalb
??4istream_withassign@@QAEAAVistream@@ABV1@@Z
??0ofstream@@QAE@ABV0@@Z
__mb_cur_max
??Bios@@QBEPAXXZ
?_query_new_mode@@YAHXZ
??5istream@@QAEAAV0@AAI@Z
_getpid
??5istream@@QAEAAV0@AAG@Z
fwprintf
_wexecl
_mbspbrk
_strerror
__p__tzname
??0stdiostream@@QAE@PAU_iobuf@@@Z
?sgetc@streambuf@@QAEHXZ
_mbsnbcpy
_read

mtxoci

oexn
obndrn
obndrv
obindps
ocon
ogetpi
oopen
ocof
oexec
osetpi
ocom
MTxOciInit
Enlist
oflng
odefin
oclose
oopt
odessp
oermsg
MTxOciRegisterCursor
oerhms
ocan
orol
MTxolog
odefinps
oexfet
olog
ologof
ologTransacted
oparse
opinit
MTxOciGetVersion
odescr
obreak
ofen
obndra
ofetch

comsvcs

CosGetCallContext
MiniDumpW
SafeRef
CoLeaveServiceDomain
CoLoadServices
GetObjectContext
CoCreateActivity
GetTrkSvrObject
ComSvcsExceptionFilter
RecycleSurrogate
GetMTAThreadPoolMetrics
DllGetClassObject
CoEnterServiceDomain
ComSvcsLogError
DispManGetContext
MTSCreateActivity

oleaut32

VarCat
BSTR_UserFree
VarDateFromI2
VarR8FromR4
GetVarConversionLocaleSetting
VarBstrFromUI1
VarI4FromUI8
SafeArrayGetDim
BSTR_UserUnmarshal
VarI1FromStr
VarBstrCat
SafeArrayGetIID
SysReAllocString
OleLoadPicturePath
VarUI8FromI8
VarUI2FromI2
VarFormatDateTime
GetAltMonthNames
VarUI1FromBool
SafeArrayGetRecordInfo
VarNumFromParseNum
VarDateFromI4
VarCyFromI8
VarDecFromI8
VarI8FromDec
SetOaNoCache
VarR4FromBool
VarUI4FromUI1
VarBstrFromI2
CreateTypeLib
VarI1FromR8
QueryPathOfRegTypeLib
LPSAFEARRAY_UserFree
DispGetParam
VarRound
VarI1FromUI2
VarCyMulI4
VarR4FromUI8
VarR8FromCy

Sections

.text
Size: 138KB - Virtual size: 138KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 535KB - Virtual size: 535KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 189KB - Virtual size: 1.6MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 512B - Virtual size: 512B

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 1024B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

441807280800c5e574efe13cfd78fa15

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

ntdll

dnsapi

lz32

msvcrt

msvcrt40

mtxoci

comsvcs

oleaut32

Sections

.text Size: 138KB - Virtual size: 138KB

.rdata Size: 535KB - Virtual size: 535KB

.data Size: 189KB - Virtual size: 1.6MB

.tls Size: 512B - Virtual size: 512B

.rsrc Size: 1024B - Virtual size: 1024B

.reloc Size: 1KB - Virtual size: 1KB

.text
Size: 138KB - Virtual size: 138KB

.rdata
Size: 535KB - Virtual size: 535KB

.data
Size: 189KB - Virtual size: 1.6MB

.tls
Size: 512B - Virtual size: 512B

.rsrc
Size: 1024B - Virtual size: 1024B

.reloc
Size: 1KB - Virtual size: 1KB