5a12df7769246a214a504e2234e54a19

Sharing

Copy URL Twitter E-mail

General

Target

5a12df7769246a214a504e2234e54a19
Size

57KB
MD5

5a12df7769246a214a504e2234e54a19
SHA1

b13e1a401b2570d70f924f7b04b6b82566079d79
SHA256

cb9cd8b31e87b74dc8a59a80589fa988fc8356310e31fe0cd3c612562af84674
SHA512

822970626db482c0df55966f7cf380763a42962fc78d113e5aa777bcd2e5c5b026c0aa85c6485c7baf03af95340dbc1ea95cea707ad1b1cf1051028c37c57858
SSDEEP

1536:zRK5ZgiBfYY9KYWgJUEQgvoUc4TPnKCfv1FK5BelQOBjhsVGK:NUZg6fYY9KYJXQCxTPnK89Fpq

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
5a12df7769246a214a504e2234e54a19

Files

5a12df7769246a214a504e2234e54a19
.exe windows:5 windows x86 arch:x86

ac7efef72ea3c17f7bbd811c1f3e433d

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

user32

LockWindowStation
SetMenuDefaultItem
SendNotifyMessageA
DdeQueryStringA
CallWindowProcA
DdeCmpStringHandles
DlgDirListW
SwitchToThisWindow
SetCursor
EnumWindowStationsW
OemToCharBuffA
ScreenToClient
SendMessageCallbackW
DrawTextExA
GetProgmanWindow
SetWindowsHookExW
UserRegisterWowHandlers
DdeFreeDataHandle
SetCapture
GetShellWindow
EnumPropsW
DragDetect
DrawStateA
InsertMenuW
ModifyMenuA
IsIconic
GetMessagePos
CharLowerBuffA
DdeImpersonateClient

untfs

??0NTFS_FILE_RECORD_SEGMENT@@QAE@XZ
?Initialize@NTFS_ATTRIBUTE_DEFINITION_TABLE@@QAEEPAVNTFS_MASTER_FILE_TABLE@@E@Z
??0NTFS_ATTRIBUTE_DEFINITION_TABLE@@QAE@XZ
??0NTFS_MFT_INFO@@QAE@XZ
?TakeCensus@NTFS_SA@@QAEEPAVNTFS_MASTER_FILE_TABLE@@KPAUNTFS_CENSUS_INFO@@@Z
??0NTFS_BITMAP@@QAE@XZ
??1NTFS_ATTRIBUTE_DEFINITION_TABLE@@UAE@XZ
?Flush@NTFS_FILE_RECORD_SEGMENT@@QAEEPAVNTFS_BITMAP@@PAVNTFS_INDEX_TREE@@E@Z
?Initialize@NTFS_MFT_INFO@@QAEEVBIG_INT@@PAVNTFS_UPCASE_TABLE@@EE_K@Z
FormatEx
??1NTFS_REFLECTED_MASTER_FILE_TABLE@@UAE@XZ
??0NTFS_LOG_FILE@@QAE@XZ
??0NTFS_EXTENT_LIST@@QAE@XZ
?QueryFileSizes@NTFS_FILE_RECORD_SEGMENT@@QAEEPAVBIG_INT@@0PAE@Z
??0NTFS_BAD_CLUSTER_FILE@@QAE@XZ
?ComputeDupInfoSignature@NTFS_MFT_INFO@@CGXPAU_DUPLICATED_INFORMATION@@QAE@Z
??1NTFS_MFT_FILE@@UAE@XZ
?Initialize@NTFS_REFLECTED_MASTER_FILE_TABLE@@QAEEPAVNTFS_MASTER_FILE_TABLE@@@Z
?CompareFileName@NTFS_MFT_INFO@@SGEPAXKPAU_FILE_NAME@@PAG@Z
?Initialize@NTFS_BOOT_FILE@@QAEEPAVNTFS_MASTER_FILE_TABLE@@@Z
?ReadAgain@NTFS_FRS_STRUCTURE@@QAEEVBIG_INT@@@Z
?Extend@NTFS_MASTER_FILE_TABLE@@QAEEK@Z
?Create@NTFS_FILE_RECORD_SEGMENT@@QAEEPBU_STANDARD_INFORMATION@@G@Z
??0NTFS_SA@@QAE@XZ
?SetVolumeFlag@NTFS_SA@@QAEEGPAE@Z
?Initialize@NTFS_MFT_INFO@@QAEEXZ
?Initialize@NTFS_ATTRIBUTE@@QAEEPAVLOG_IO_DP_DRIVE@@KPBXKKPBVWSTRING@@G@Z
Extend

wsnmp32

_SnmpConveyAgentAddress@4
SnmpEncodeMsg
SnmpSetRetry
SnmpGetVb
_SnmpSetAgentAddress@4
SnmpStrToOid
SnmpSetPduData
SnmpOpen
SnmpFreeContext
SnmpCreateVbl
SnmpDuplicatePdu
SnmpFreePdu
SnmpCreatePdu
SnmpFreeVbl
SnmpSetPort
SnmpSetTimeout
SnmpCreateSession
SnmpStartup
SnmpDecodeMsg
SnmpSetVb
SnmpDuplicateVbl

query

??1CRangeRestriction@@QAE@XZ
?SetAlias@CScopeAdmin@@QAEXPBG@Z
??1CWorkManager@@QAE@XZ
?QueryPidLookupTable@CiStorage@@QAEPAVPRcovStorageObj@@K@Z
??0CAllocStorageVariant@@QAE@W4VARENUM@@KAAVPMemoryAllocator@@@Z
?Remove@CColumns@@QAEXI@Z
??1CSynRestriction@@QAE@XZ
?Marshall@CNatLanguageRestriction@@QBEXAAVPSerStream@@@Z
?Marshall@CDbNumeric@@QBEXAAVPSerStream@@@Z
?GetWChar@CMemDeSerStream@@UAEXPAGK@Z
?InsertChild@CDbCmdTreeNode@@IAEXPAV1@@Z
?IsValid@CNodeRestriction@@QBEHXZ
??1CScopeEnum@@QAE@XZ
?SetSZParam@CMachineAdmin@@QAEXPBG0K@Z
?AcqLine@CQueryScanner@@QAEPAGH@Z
?GetOleError@@YGJAAVCException@@@Z
?SetScopePropertiesNoThrow@@YGJPAUICommand@@IPBQBGPBK11@Z
LocateCatalogsA
??1CPropertyStore@@QAE@XZ
?Eof@CMmStreamConsecBuf@@QAEHXZ
?EnumerateProperty@CPidLookupTable@@QAEHAAVCFullPropSpec@@AAI@Z
?MakePath@CFullPath@@QAEXPBG@Z
?GetPropInfoFromName@CEmptyPropertyList@@UAGJPBGPAPAUtagDBID@@PAGPAI@Z
?GetChar@CMemDeSerStream@@UAEXPADK@Z

rtm

RtmDeleteRouteTable
RtmGetRoutePointer
RtmReleaseRouteInfo
RtmBlockMethods
RtmReleaseChangedDests
RtmLockRoute
RtmGetNextHopInfo
NextMatchInTable
MgmRegisterMProtocol
MgmGetFirstMfeStats
MgmTakeInterfaceOwnership
MgmAddGroupMembershipEntry
RtmReferenceHandles
RtmGetEnumRoutes
RtmGetAddressFamilyInfo
InsertIntoTable
RtmGetFirstRoute
BestMatchInTable
RtmLockNextHop
CreateTable
RtmGetInstances

kernel32

WriteProfileStringW
QueryMemoryResourceNotification
SetThreadLocale
GetProcessHeap
VirtualAlloc
LocalFlags
ExitProcess
HeapCreate
RemoveDirectoryA
GetFileSizeEx
FlushFileBuffers
SetCommBreak
EndUpdateResourceW
VerLanguageNameW
GetNumberFormatW
SetVDMCurrentDirectories
ReleaseActCtx
CreateActCtxW
CreateHardLinkW
VirtualProtect
Heap32ListNext
GetEnvironmentStrings
LoadLibraryA
UnregisterWait

Sections

.text
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 15KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 17KB - Virtual size: 64KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 19KB - Virtual size: 18KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 140B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

ac7efef72ea3c17f7bbd811c1f3e433d

Headers

DLL Characteristics

File Characteristics

Imports

user32

untfs

wsnmp32

query

rtm

kernel32

Sections

.text Size: 4KB - Virtual size: 3KB

.rdata Size: 15KB - Virtual size: 15KB

.data Size: 17KB - Virtual size: 64KB

.rsrc Size: 19KB - Virtual size: 18KB

.reloc Size: 512B - Virtual size: 140B

.text
Size: 4KB - Virtual size: 3KB

.rdata
Size: 15KB - Virtual size: 15KB

.data
Size: 17KB - Virtual size: 64KB

.rsrc
Size: 19KB - Virtual size: 18KB

.reloc
Size: 512B - Virtual size: 140B