712c87bdaf07988abfb4f1b9d6d1fc42

Sharing

Copy URL

Twitter E-mail

General

Target

712c87bdaf07988abfb4f1b9d6d1fc42
Size

456KB
MD5

712c87bdaf07988abfb4f1b9d6d1fc42
SHA1

43caeec2f26c402aa902049840e837b2723b5756
SHA256

bd32db099fbf1dac36ba14591b5a09c6e9b7e409244fb325e8aea555ecc65315
SHA512

afda97d98e10eebf8299fbf103fdb9f73ad3fc5305f78508b111ed8db3eeb46f515f4cd1a622a708bbf6b555e03568a3e4380f62b3c89e30e293d938978bb66c
SSDEEP

12288:b0VZyRhrASYm35BfstvO93a4pqzzjevg:b0V03Ahm35Bn3a42jq

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
712c87bdaf07988abfb4f1b9d6d1fc42

Files

712c87bdaf07988abfb4f1b9d6d1fc42
.exe windows:4 windows x86 arch:x86

ce2910ebbc92706dd63e815b91ffe6c1

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

untfs

?Create@NTFS_FILE_RECORD_SEGMENT@@QAEEPBU_STANDARD_INFORMATION@@G@Z
?WriteRemainingBootCode@NTFS_SA@@QAEEXZ
?Initialize@NTFS_INDEX_TREE@@QAEEPAVLOG_IO_DP_DRIVE@@KPAVNTFS_BITMAP@@PAVNTFS_UPCASE_TABLE@@KPAVNTFS_FILE_RECORD_SEGMENT@@PBVWSTRING@@@Z
??0NTFS_EXTENT_LIST@@QAE@XZ
??1NTFS_FILE_RECORD_SEGMENT@@UAE@XZ
??1NTFS_LOG_FILE@@UAE@XZ
?AllocateFileRecordSegment@NTFS_MASTER_FILE_TABLE@@QAEEPAVBIG_INT@@E@Z
??0NTFS_LOG_FILE@@QAE@XZ
??1NTFS_SA@@UAE@XZ
??1NTFS_UPCASE_TABLE@@UAE@XZ
?Extend@NTFS_MASTER_FILE_TABLE@@QAEEK@Z
?Initialize@NTFS_INDEX_TREE@@QAEEKPAVLOG_IO_DP_DRIVE@@KPAVNTFS_BITMAP@@PAVNTFS_UPCASE_TABLE@@KKKPBVWSTRING@@@Z
?Initialize@NTFS_LOG_FILE@@QAEEPAVNTFS_MASTER_FILE_TABLE@@@Z
?AddSecurityDescriptor@NTFS_FILE_RECORD_SEGMENT@@QAEEW4_CANNED_SECURITY_TYPE@@PAVNTFS_BITMAP@@@Z
?InsertIntoFile@NTFS_ATTRIBUTE@@UAEEPAVNTFS_FILE_RECORD_SEGMENT@@PAVNTFS_BITMAP@@@Z

msls31

ord44
ord61
ord63
ord50
ord41
ord55
ord1
ord17
ord72
ord42
ord62
ord15
ord5
ord39
ord48
ord16
ord73
ord51
ord19
ord68

kernel32

CallNamedPipeW
FileTimeToLocalFileTime
ExitProcess
GetCommandLineA
GetLogicalDrives
GetThreadContext
GetFullPathNameW
InterlockedExchangeAdd
TlsGetValue
SetHandleInformation
CopyFileW
Module32NextW
WriteConsoleW
DosPathToSessionPathW
SearchPathW
GetConsoleCP
GlobalHandle
VirtualAlloc
GetDefaultCommConfigA
GetModuleHandleA
SearchPathA
HeapSize

Sections

.text
Size: 41KB - Virtual size: 40KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 5KB - Virtual size: 127KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

DATA
Size: 310KB - Virtual size: 533KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 98KB - Virtual size: 98KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

ce2910ebbc92706dd63e815b91ffe6c1

Headers

DLL Characteristics

File Characteristics

Imports

untfs

msls31

kernel32

Sections

.text Size: 41KB - Virtual size: 40KB

.rdata Size: 5KB - Virtual size: 127KB

DATA Size: 310KB - Virtual size: 533KB

.rsrc Size: 98KB - Virtual size: 98KB

.text
Size: 41KB - Virtual size: 40KB

.rdata
Size: 5KB - Virtual size: 127KB

DATA
Size: 310KB - Virtual size: 533KB

.rsrc
Size: 98KB - Virtual size: 98KB