5b797902a4913eaad0823b4dd6fa00dc

Sharing

Copy URL

Twitter E-mail

General

Target

5b797902a4913eaad0823b4dd6fa00dc
Size

85KB
MD5

5b797902a4913eaad0823b4dd6fa00dc
SHA1

708a35a56ec6016483fae03e01a037d5eea4860c
SHA256

0d01615bbf5aa5f8c41b54fa1dfe8a68d62f5406ebf9f3089241c0de7a1cc46c
SHA512

65dd609058c88b315be152a0242c2b841084e6b0e405299807b26b4922ee6633d9c96038a2d24c5d4bbac72975f96096545d1bd1dbc9c41c9fdd48c80af18bad
SSDEEP

1536:X2KMyXugR92nkWMvkj4jP2TlEdEHxrcHrZSOx442BMMuYU6QKWAYS:zRXHFPvkciQfLDgXhYS

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
5b797902a4913eaad0823b4dd6fa00dc

Files

5b797902a4913eaad0823b4dd6fa00dc
.exe windows:5 windows x86 arch:x86

6404d891d423fe4abd97ad3f41dd846e

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

wininet

SetUrlCacheHeaderData
InternetShowSecurityInfoByURLW
InternetGetConnectedState
InternetSetDialStateW
HttpAddRequestHeadersW
FindNextUrlCacheContainerA
InternetTimeToSystemTimeA
HttpEndRequestA
InternetQueryOptionW
InternetUnlockRequestFile
InternetGetCookieExW
InternetAutodial
FindFirstUrlCacheContainerW
UrlZonesDetach
SetUrlCacheConfigInfoW
FtpRemoveDirectoryW
InternetSetCookieExA
InternetLockRequestFile
HttpSendRequestExW
GopherOpenFileW
InternetTimeFromSystemTimeA
IsUrlCacheEntryExpiredA

kernel32

HeapValidate
SetEnvironmentVariableA
GlobalFree
SetLocaleInfoA
GetThreadPriority
GetCalendarInfoA
GetConsoleInputWaitHandle
GetCalendarInfoW
FindFirstVolumeMountPointA
LocalLock
LZClose
DeactivateActCtx
SetFileAttributesW
GetProcessPriorityBoost
SetLastError
GetEnvironmentStringsA
HeapDestroy
SetHandleInformation
HeapCreate
IsValidLanguageGroup
FreeLibrary
CreateProcessW
GetLastError
_lopen
LoadLibraryA
GetVolumePathNameA
QueryPerformanceCounter
GetTickCount
SetTimerQueueTimer
GetSystemTimeAsFileTime
TerminateProcess
VirtualAlloc
GlobalFix
GetCurrentProcessId
GetCurrentThreadId
SetConsoleKeyShortcuts
FindVolumeMountPointClose
WritePrivateProfileStringW
GetStartupInfoA
SetCommMask
SetCurrentDirectoryA
SetEvent
_llseek
GetProcessWorkingSetSize

atl

AtlModuleRevokeClassObjects
AtlAxCreateDialogW
AtlAxWinInit
AtlModuleAddCreateWndData
AtlGetVersion
AtlModuleRegisterTypeLib
AtlAxAttachControl
AtlModuleUnregisterServerEx
AtlAxDialogBoxW
AtlDevModeW2A
DllUnregisterServer

query

?Pause@CCatalogAdmin@@QAEHXZ
?SetProperty@CFullPropSpec@@QAEHPBG@Z
?GetPropInfo@CEmptyPropertyList@@QAEHPBGPAPAVCDbColId@@PAGPAI@Z
?AddRef@CDbProperties@@UAGKXZ
?ClearList@CCombinedPropertyList@@QAEXXZ
?Release@CEnumString@@UAGKXZ
?WritePrimaryProperty@CPropStoreManager@@QAEJKKABVCStorageVariant@@@Z
?Read@CRegAccess@@QAEKPBGK@Z
?WriteProperty@CPropStoreManager@@QAEJKKABVCStorageVariant@@@Z
DoneCIPerformanceData
?GetStringFromLCID@@YGXKPAG@Z
??0CUnfilteredRestriction@@QAE@XZ
?Add@CDbQueryResults@@QAEXPAGK@Z
?LokUpdate@CCatStateInfo@@QAEHXZ
?QueryInterface@CDbProperties@@UAGJABU_GUID@@PAPAX@Z
??0CCiAdminParams@@QAE@PAVCLangList@@@Z
??0CFullPath@@QAE@PBGI@Z
CIBuildQueryTree
?AcqPhrase@CQueryScanner@@QAEPAGXZ

mmcbase

?GetFacility@SC@mmcerror@@ABE?AW4facility_type@12@XZ
??4CMMCStrongReferences@@QAEAAV0@ABV0@@Z
?Throw@SC@mmcerror@@QAEXXZ
?FatalError@SC@mmcerror@@QBEXXZ
??8SC@mmcerror@@QBE_NABV01@@Z
?SetHWnd@SC@mmcerror@@SGXPAUHWND__@@@Z
?AddRef@CMMCStrongReferences@@SGKXZ
??4CEventBuffer@@QAEAAV0@ABV0@@Z
?s_dwMainThreadID@SC@mmcerror@@0KA
?InternalAddRef@CMMCStrongReferences@@AAEKXZ
?GetComObjectEventSource@@YGAAV?$CEventSource@VCComObjectObserver@@VCVoid@@V2@V2@V2@@@XZ
??1CEventBuffer@@QAE@XZ
?GetHelpFile@SC@mmcerror@@SGPBGXZ
??4SC@mmcerror@@QAEAAV01@ABV01@@Z
?ToHr@SC@mmcerror@@QBEJXZ
?FormatErrorString@@YGXPBGVSC@mmcerror@@IPAGH@Z
?GetCode@SC@mmcerror@@QBEJXZ
??4?$CEventLock@UAppEvents@@@@QAEAAV0@ABV0@@Z
??8SC@mmcerror@@QBE_NJ@Z

Sections

.text
Size: 31KB - Virtual size: 31KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 15KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 18KB - Virtual size: 62KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 19KB - Virtual size: 19KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 316B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

6404d891d423fe4abd97ad3f41dd846e

Headers

DLL Characteristics

File Characteristics

Imports

wininet

kernel32

atl

query

mmcbase

Sections

.text Size: 31KB - Virtual size: 31KB

.rdata Size: 15KB - Virtual size: 14KB

.data Size: 18KB - Virtual size: 62KB

.rsrc Size: 19KB - Virtual size: 19KB

.reloc Size: 512B - Virtual size: 316B

.text
Size: 31KB - Virtual size: 31KB

.rdata
Size: 15KB - Virtual size: 14KB

.data
Size: 18KB - Virtual size: 62KB

.rsrc
Size: 19KB - Virtual size: 19KB

.reloc
Size: 512B - Virtual size: 316B