66514297ceba0be4002757b0d4f227f4

Sharing

Copy URL Twitter E-mail

General

Target

66514297ceba0be4002757b0d4f227f4
Size

58KB
MD5

66514297ceba0be4002757b0d4f227f4
SHA1

3dd76bd4ad1aaba1a4359d67fef0b42aa5d5f20f
SHA256

a5da51e85dc8d03a65e1848ff42b0bff6a202473e9d21e2fe69b23ce20d082bd
SHA512

91025172237c1cff729c8f5946b19101d5bc190b89774b318d0a190dc82ebc7a0c9f0e72f836637cbc765fe0b86cbbf62b03b287b252593fae2808f8bf386433
SSDEEP

1536:eydXzP7TU16SVUKgRrbKyHdOtELUi368S8P:eGvYTVUKPyxLr

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
66514297ceba0be4002757b0d4f227f4

Files

66514297ceba0be4002757b0d4f227f4
.exe windows:5 windows x86 arch:x86

7cd163c9282c01ffe82cebe513831688

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

LZCopy
IsValidLocale
EnumUILanguagesW
GetProcessIoCounters
SetHandleInformation
GetFullPathNameW
InterlockedDecrement
WritePrivateProfileStructA
ResetWriteWatch
GetDevicePowerState
SetThreadPriority
lstrcat
IsBadWritePtr
VirtualAlloc
lstrcpyW
OpenSemaphoreA
GetVDMCurrentDirectories
VirtualFreeEx
MoveFileWithProgressW
VerLanguageNameW
LoadLibraryA
GetCalendarInfoW
LocalFlags
HeapCreate
GetUserDefaultUILanguage
HeapSetInformation
GetOverlappedResult
ReleaseMutex
SetConsoleCtrlHandler

wsock32

ioctlsocket
getservbyname
WSAAsyncGetHostByName
getprotobyname
WSAGetLastError
send
rcmd
TransmitFile
WSAIsBlocking
GetAddressByNameW
s_perror
gethostname
GetTypeByNameW
WSACancelBlockingCall
WSACancelAsyncRequest
accept
listen
WEP
recvfrom
GetAddressByNameA
GetServiceW
closesocket
select
htons
setsockopt
EnumProtocolsA
getprotobynumber
sendto

shlwapi

PathUndecorateA
SHRegSetUSValueW
UrlEscapeW
UrlCompareA
ChrCmpIA
PathIsURLW
PathIsDirectoryA
PathFindNextComponentW
PathFindSuffixArrayW
StrStrIW
UrlGetPartW
IntlStrEqWorkerA
PathStripToRootA
PathIsNetworkPathW
PathAppendA
StrPBrkA
UrlHashA
SHRegQueryUSValueA
SHRegQueryUSValueW
PathUnExpandEnvStringsA
StrCSpnIW
UrlEscapeA
PathRemoveFileSpecA
SHDeleteValueW
StrStrW
StrFormatByteSizeW
SHRegGetUSValueW

samlib

SamSetInformationAlias
SamCreateGroupInDomain
SamCreateUser2InDomain
SamLookupIdsInDomain
SamiChangeKeys
SamRidToSid
SamGetCompatibilityMode
SamGetMembersInGroup
SamOpenDomain
SamSetSecurityObject
SamCreateUserInDomain
SamRemoveMemberFromGroup
SamLookupDomainInSamServer
SamQueryInformationDomain
SamGetDisplayEnumerationIndex
SamConnect
SamTestPrivateFunctionsUser
SamRemoveMultipleMembersFromAlias
SamGetGroupsForUser
SamAddMultipleMembersToAlias
SamiChangePasswordUser2
SamQueryInformationUser
SamSetMemberAttributesOfGroup
SamiEncryptPasswords
SamChangePasswordUser3
SamQueryInformationGroup
SamChangePasswordUser
SamOpenAlias
SamTestPrivateFunctionsDomain
SamCloseHandle

t2embed

_TTLoadEmbeddedFont@40
_TTIsEmbeddingEnabledForFacename@8
_TTEnableEmbeddingForFacename@8
TTIsEmbeddingEnabledForFacename
TTGetEmbeddingType
_TTGetEmbeddedFontInfo@28
TTEmbedFontEx
_TTEmbedFontFromFileA@52
TTRunValidationTests
TTLoadEmbeddedFont
TTGetEmbeddedFontInfo
_TTCharToUnicode@24
_TTDeleteEmbeddedFont@12
TTCharToUnicode
TTGetNewFontName
TTEmbedFont
_TTIsEmbeddingEnabled@8
_TTGetEmbeddingType@8
TTIsEmbeddingEnabled
_TTRunValidationTests@8
TTEmbedFontFromFileA
TTRunValidationTestsEx
TTDeleteEmbeddedFont
_TTEmbedFont@44
TTEnableEmbeddingForFacename

msdart

?GetDefaultSpinAdjustmentFactor@CReaderWriterLock2@@SGNXZ
??0CCritSec@@QAE@XZ
?sm_wDefaultSpinCount@CCritSec@@1GA
??4CReaderWriterLock3@@QAEAAV0@ABV0@@Z
?GetDefaultSpinCount@CFakeLock@@SGGXZ
?IsReadUnlocked@CReaderWriterLock2@@QBE_NXZ
?IsWriteLocked@CLKRHashTable@@QBE_NXZ
FXMemAttach
?Unlock@CLockedSingleList@@QAEXXZ
?IsReadLocked@CSmallSpinLock@@QBE_NXZ
?IsReadLocked@CReaderWriterLock2@@QBE_NXZ
?Clear@CLKRHashTable@@QAEXXZ
?_TryWriteLock@CReaderWriterLock2@@AAE_NJ@Z
?_Expand@CLKRLinearHashTable@@AAE?AW4LK_RETCODE@@XZ
??4CSingleList@@QAEAAV0@ABV0@@Z
??1CLKRHashTable@@QAE@XZ
?ReadOrWriteUnlock@CFakeLock@@QAEX_N@Z
?IsReadUnlocked@CFakeLock@@QBE_NXZ
?ReadUnlock@CLKRHashTable@@QBEXXZ
?GetDefaultSpinCount@CReaderWriterLock@@SGGXZ
?GetDefaultSpinAdjustmentFactor@CCritSec@@SGNXZ
?SetTableLockSpinCount@CLKRLinearHashTable@@QAEXG@Z

Sections

.text
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 14KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 18KB - Virtual size: 57KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 19KB - Virtual size: 18KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 224B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

7cd163c9282c01ffe82cebe513831688

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

wsock32

shlwapi

samlib

t2embed

msdart

Sections

.text Size: 5KB - Virtual size: 4KB

.rdata Size: 14KB - Virtual size: 14KB

.data Size: 18KB - Virtual size: 57KB

.rsrc Size: 19KB - Virtual size: 18KB

.reloc Size: 512B - Virtual size: 224B

.text
Size: 5KB - Virtual size: 4KB

.rdata
Size: 14KB - Virtual size: 14KB

.data
Size: 18KB - Virtual size: 57KB

.rsrc
Size: 19KB - Virtual size: 18KB

.reloc
Size: 512B - Virtual size: 224B