6590e8620bb88d29d9cc8c5cfe3facdd

Sharing

Copy URL

Twitter E-mail

General

Target

6590e8620bb88d29d9cc8c5cfe3facdd
Size

130KB
MD5

6590e8620bb88d29d9cc8c5cfe3facdd
SHA1

accb281d159a341dcdeabde3c29ef53fdd11651b
SHA256

3f873060b554b0d6171dcb689cdd80867459f2ad7e0f06da3b1b30e6ed8fcd7d
SHA512

a324b785571c23de4d1f64f13f174e1c1573bb13574aa0f6aebd403cc56cff9e85e1fdd140b71af683437615e45d57e8e804184e7d18408b9e0d78878e6edadc
SSDEEP

1536:s/iCNRKPMKptQS/K+P6ZyNJJN5QHCZ6mT0U7/lp1y2baawUNzJgIgVfVn9gEXQcn:IiL3rgCp7/nU2baaBhgVfV9gEck5

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
6590e8620bb88d29d9cc8c5cfe3facdd

Files

6590e8620bb88d29d9cc8c5cfe3facdd
.exe windows:5 windows x86 arch:x86

dd2f826be56f380c2275f4a7f8cfdaa7

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

sqlunirl

_NDdeSetTrustedShare_@12
_SetICMProfile_@8
_CopyFile_@12
_CharLowerBuff_@8
_PolyTextOut_@12
_GetEnhMetaFileDescription_@12
_PostThreadMessage_@16
_ShellExecuteEx_@4
_GlobalGetAtomName_@12
_LoadCursor@8
_RegSetValueEx_@24
_EnumResourceNames_@16
_strerror_@4
_CreateDirectory_@8
_TextOut@20
_CreateNamedPipe_@32
_CharPrev_@8
_GetCharABCWidths_@16
_IsBadStringPtr_@8
__lopen_@8
_FindResource@12
_GetKerningPairs_@12

printui

bFolderEnumPrinters
PnPInterface
PrintUIEntryW
DocumentPropertiesWrap
ConstructPrinterFriendlyName
vPrinterPropPages
ConnectToPrinterDlg
bPrinterSetup
vDocumentDefaults
ShowErrorMessageSC
PrintNotifyTray_Init
vQueueCreate
bFolderGetPrinter
DllGetClassObject
RegisterPrintNotify
ShowErrorMessageHR
DllMain
PrinterPropPageProvider
DllCanUnloadNow

snmpapi

SnmpSvcSetLogLevel
SnmpUtilAnsiToUnicode
SnmpUtilMemReAlloc
SnmpTfxOpen
SnmpSvcSetLogType
SnmpUtilDbgPrint
SnmpUtilOidCmp
SnmpUtilAsnAnyFree
SnmpUtilOctetsCmp
SnmpUtilAsnAnyCpy
SnmpSvcAddrToSocket
SnmpUtilIdsToA
SnmpUtilMemFree
SnmpUtilUnicodeToUTF8
SnmpUtilMemAlloc
SnmpSvcGetUptimeFromTime
SnmpUtilOidCpy
SnmpUtilOidToA
SnmpUtilUnicodeToAnsi
SnmpSvcGetEnterpriseOID
SnmpTfxQuery
SnmpUtilOidFree
SnmpUtilPrintAsnAny
SnmpSvcAddrIsIpx
SnmpUtilOctetsFree
SnmpSvcGetUptime
SnmpUtilOidNCmp
SnmpUtilOctetsCpy
SnmpUtilOidAppend
SnmpUtilVarBindListCpy

hhsetup

?RemoveAll@CFIFOString@@QAEXXZ
?SetId@CLocation@@QAEXPBG@Z
?ConfirmTitles@CCollection@@QAEXXZ
?SetOrder@CFolder@@QAEXK@Z
?GetNextLocation@CLocation@@QAEPAV1@XZ
?GetCollectionFileName@CCollection@@QAEPBDXZ
?GetOrder@CFolder@@QAEKXZ
?GetTail@CFIFOString@@QAEKPAPAD@Z
?DeleteLocalFiles@CCollection@@AAEXPAULocationHistory@@PAVCTitle@@@Z
?NewLocation@CCollection@@AAEPAVCLocation@@XZ
?GetRootFolder@CCollection@@QAEPAVCFolder@@XZ
?GetVisableRootFolder@CCollection@@QAEPAVCFolder@@XZ
?Next@CPointerList@@QAEPAUListItem@@PAU2@@Z
?MergeKeywords@CCollection@@QAEHPAD@Z
?AddFolder@CCollection@@QAEPAVCFolder@@PBGKPAKG@Z
?GetFirstTitle@CCollection@@QAEPAVCTitle@@XZ
?DeleteFolders@CCollection@@AAEXPAPAVCFolder@@@Z
?DeleteFolder@CCollection@@QAEKPAVCFolder@@@Z
?SetTitle@CLocation@@QAEXPBG@Z
??4CCollection@@QAEAAV0@ABV0@@Z

dnsapi

DnsCreateStringCopy
DnsDhcpSrvRegisterHostName
Dns_CreateSocketEx
Dns_InitializeMsgRemoteSockaddr
DnsDowncaseDnsNameLabel
DnsDhcpSrvRegisterInit
DnsReleaseContextHandle
Dns_SkipToRecord
DnsDhcpSrvRegisterTerm
DnsRecordSetCompare
DnsFree
DnsCopyStringEx
Dns_ReadRecordStructureFromPacket
Dns_WriteRecordStructureToPacketEx
NetInfo_IsForUpdate
DnsModifyRecordsInSet_A
DnsRecordSetCopyEx
DnsAcquireContextHandle_W
CombineRecordsInBlob
BreakRecordsIntoBlob
Dns_GetRandomXid

kernel32

HeapReAlloc
CreateEventW
IsSystemResumeAutomatic
RemoveDirectoryA
HeapDestroy
SetLocalTime
CreateConsoleScreenBuffer
GetComputerNameW
GetModuleHandleA
SetDefaultCommConfigA
LoadLibraryW
GlobalDeleteAtom
GetOEMCP

Sections

.text
Size: 65KB - Virtual size: 65KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 54KB - Virtual size: 54KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

dd2f826be56f380c2275f4a7f8cfdaa7

Headers

File Characteristics

Imports

sqlunirl

printui

snmpapi

hhsetup

dnsapi

kernel32

Sections

.text Size: 65KB - Virtual size: 65KB

.rdata Size: 54KB - Virtual size: 54KB

.data Size: 5KB - Virtual size: 4KB

.rsrc Size: 3KB - Virtual size: 2KB

.text
Size: 65KB - Virtual size: 65KB

.rdata
Size: 54KB - Virtual size: 54KB

.data
Size: 5KB - Virtual size: 4KB

.rsrc
Size: 3KB - Virtual size: 2KB