70d63f09fe6c943bc2ad0c9979d06bd2

Sharing

Copy URL

Twitter E-mail

General

Target

70d63f09fe6c943bc2ad0c9979d06bd2
Size

43KB
MD5

70d63f09fe6c943bc2ad0c9979d06bd2
SHA1

b78306a12f5448fdd5d9db13d948cbb5e22770ab
SHA256

a147d8748e41bb764de2271f2cb5854bca7d2df3c6be5a0bb2c60f8131a8caa9
SHA512

c80a187513b80f0115f8009ddabbefc8cbc3e77f26f8adfbc7e442e074961f76a65e01706cd984dab20e2f2ff9d16bf9c27bcbbcd79841607a8801ec1a4605c8
SSDEEP

768:/213z5/gbGWhVhGToNCYK1hfdyuBNxQrkRUwbJytP+Wz:/Gz5/67hi8NCYKzfdyumr/wbJ++Wz

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
70d63f09fe6c943bc2ad0c9979d06bd2

Files

70d63f09fe6c943bc2ad0c9979d06bd2
.exe windows:5 windows x86 arch:x86

65d8c11de7a065b70a25025f33ea2916

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

rtm

RtmCreateNextHopEnum
RtmWriteAddressFamilyConfig
RtmGetEntityMethods
MgmDeInitialize
RtmReleaseRoutes
RtmGetAddressFamilyInfo
RtmDeleteRoute
InsertIntoTable
NextMatchInTable
RtmIsBestRoute
RtmDereferenceHandles
RtmGetNextRoute
MgmGetNextMfe
MgmGetMfe
RtmGetOpaqueInformationPointer
CheckTable
MgmTakeInterfaceOwnership
RtmGetChangedDests
DeleteFromTable
MgmGetFirstMfeStats
RtmReadAddressFamilyConfig
RtmIsRoute
RtmGetInstances
RtmGetRouteInfo
RtmReleaseDests
RtmBlockConvertRoutesToStatic
RtmCreateEnumerationHandle
RtmDeregisterEntity
RtmGetRegisteredEntities
RtmDeregisterClient

msvcp60

?cin@std@@3V?$basic_istream@DU?$char_traits@D@std@@@1@A
?do_toupper@?$ctype@D@std@@MBEDD@Z
?_Infv@?$_Ctr@O@std@@SAOO@Z
?conj@std@@YA?AV?$complex@N@1@ABV21@@Z
?_Getctype@_Locinfo@std@@QBE?AU_Ctypevec@@XZ
?_Callfns@ios_base@std@@AAEXW4event@12@@Z
??4?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@ABV01@@Z
??4?$char_traits@D@std@@QAEAAU01@ABU01@@Z
?_Init@?$time_put@DV?$ostreambuf_iterator@DU?$char_traits@D@std@@@std@@@std@@IAEXABV_Locinfo@2@@Z
?gbump@?$basic_streambuf@GU?$char_traits@G@std@@@std@@IAEXH@Z
??0?$_Mpunct@G@std@@QAE@ABV_Locinfo@1@I_N@Z
??Kstd@@YA?AV?$complex@N@0@ABV10@ABN@Z
?table@?$ctype@D@std@@IBEPBFXZ
?_Xran@std@@YAXXZ
?setf@ios_base@std@@QAEHH@Z
?tellg@?$basic_istream@DU?$char_traits@D@std@@@std@@QAE?AV?$fpos@H@2@XZ
??_7?$basic_filebuf@GU?$char_traits@G@std@@@std@@6B@
?max@?$numeric_limits@G@std@@SAGXZ
?_Nomemory@std@@YAXXZ
?_Global@_Locimp@locale@std@@0PAV123@A
??0?$num_put@DV?$ostreambuf_iterator@DU?$char_traits@D@std@@@std@@@std@@QAE@ABV_Locinfo@1@I@Z
??4?$basic_istream@GU?$char_traits@G@std@@@std@@QAEAAV01@ABV01@@Z
?global@locale@std@@SA?AV12@ABV12@@Z
??_7?$basic_streambuf@GU?$char_traits@G@std@@@std@@6B@
?do_close@?$messages@G@std@@MBEXH@Z
?denorm_min@?$numeric_limits@K@std@@SAKXZ
?real@std@@YANABV?$complex@N@1@@Z
?_Cltab@?$ctype@D@std@@0PBFB
?fill@?$basic_ios@GU?$char_traits@G@std@@@std@@QAEGG@Z

ntdll

RtlAppendPathElement
RtlUpcaseUnicodeToCustomCPN
RtlCreateAndSetSD
PfxInitialize
ZwReplyPort
ZwQuerySymbolicLinkObject
DbgSetDebugFilterState
ZwQuerySystemEnvironmentValueEx
RtlFreeSid
RtlRunEncodeUnicodeString
ZwTraceEvent
RtlAddActionToRXact
ZwLockFile
RtlInitializeCriticalSectionAndSpinCount
RtlActivateActivationContext
ZwCreateJobObject
NtRemoveProcessDebug
NtOpenJobObject
NtSetTimer
RtlSelfRelativeToAbsoluteSD2
strtoul
ZwDelayExecution
RtlDestroyHeap
LdrUnlockLoaderLock
RtlFindActivationContextSectionString
strchr
RtlClearAllBits

rasman

RasCompressionSetInfo
RasPortReceiveEx
RasSetConnectionParams
IsRasmanProcess
RasGetEapUserInfo
RasSetKey
RasProtocolEnum
RasSetPortUserData
RasPortFree
RasCreateConnection
RasRpcDeviceEnum
RasPortOpenEx
RasServerPortClose
RasRpcGetSystemDirectory
RasRpcUnloadDll
RasSetCachedCredentials
RasEnumLanNets
RasDeviceEnum
RasSetConnectionUserData
RasPortBundle
RasGetConnectionParams
RasInitializeNoWait
RasGetDialParams
RasGetKey
RasGetConnectInfo
RasSetCalledIdInfo

kernel32

GetConsoleScreenBufferInfo
GetPrivateProfileStructA
GlobalSize
lstrcat
DebugActiveProcess
BaseInitAppcompatCacheSupport
RestoreLastError
SetConsoleMenuClose
GetEnvironmentStringsA
RemoveDirectoryA
VirtualAlloc
ReadConsoleInputA
GetProfileStringA
LZDone
SetNamedPipeHandleState
ProcessIdToSessionId
OpenConsoleW
LockFileEx
ReleaseSemaphore
SetLocalPrimaryComputerNameW
EnumSystemLanguageGroupsW
SetConsoleTitleA
GetConsoleFontInfo
GetSystemDirectoryA
GetLocaleInfoA
GetFileType
LoadLibraryA
ReadFile
ZombifyActCtx
FatalExit
GetPrivateProfileSectionA
RemoveLocalAlternateComputerNameA
_lread
GetSystemDirectoryW
LCMapStringA
EnumerateLocalComputerNamesA
GetEnvironmentVariableA
ReadProcessMemory
CallNamedPipeW
GetPrivateProfileSectionNamesA
EnumTimeFormatsW
OpenMutexW
TerminateJobObject
RegisterWaitForSingleObject
GetUserDefaultLangID
GetModuleHandleA
GlobalFlags
GetConsoleAliasesLengthA

certmgr

DllInstall
DllUnregisterServer
DllRegisterServer
DllCanUnloadNow
DllGetClassObject

Sections

.text
Size: 1024B - Virtual size: 670B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 15KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 16KB - Virtual size: 47KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 9KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 64B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

65d8c11de7a065b70a25025f33ea2916

Headers

DLL Characteristics

File Characteristics

Imports

rtm

msvcp60

ntdll

rasman

kernel32

certmgr

Sections

.text Size: 1024B - Virtual size: 670B

.rdata Size: 15KB - Virtual size: 14KB

.data Size: 16KB - Virtual size: 47KB

.rsrc Size: 9KB - Virtual size: 9KB

.reloc Size: 512B - Virtual size: 64B

.text
Size: 1024B - Virtual size: 670B

.rdata
Size: 15KB - Virtual size: 14KB

.data
Size: 16KB - Virtual size: 47KB

.rsrc
Size: 9KB - Virtual size: 9KB

.reloc
Size: 512B - Virtual size: 64B