71a0b971a8bf0d6a4b8dce9310e66a6f

Sharing

Copy URL

Twitter E-mail

General

Target

71a0b971a8bf0d6a4b8dce9310e66a6f
Size

872KB
MD5

71a0b971a8bf0d6a4b8dce9310e66a6f
SHA1

62d4aa8c37929c14712aae0155680c866475fe1a
SHA256

e87205c9bdf52ce3966536de9ef55019f3d55a5d92add0664ed3e1f0f1a1ee79
SHA512

34a94efa4ce3687cb784c0c126c896d50c82c9e2fd8c86a8d2eb34df59087ea3cb09d9229ad173d4c4c7b1e2d055cf6657235374219fcaa9c8176f5fe6b8bf4a
SSDEEP

24576:GkxxXAXU0hLAR2leOngp1A9IRp7uMbdHJmW4n:G6HKMR2JgptVNpu

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
71a0b971a8bf0d6a4b8dce9310e66a6f

Files

71a0b971a8bf0d6a4b8dce9310e66a6f
.exe windows:5 windows x86 arch:x86

a089006db093e2d04c4be7e96d1df56c

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

certcli

CAOIDFreeProperty
CAGetCertTypeFlagsEx
CACloseCertType
CAEnumNextCertType
CASetCACertificate
CACertTypeGetSecurity
CAOIDGetLdapURL
CASetCAExpiration
CAFindCertTypeByName
CASetCertTypeExpiration
CAOIDSetProperty
CAOIDAdd
CAGetCertTypeProperty
CACreateLocalAutoEnrollmentObject
CAGetDN
CAFreeCertTypeProperty
CASetCertTypeExtension
CAIsCertTypeCurrent
CASetCAProperty
CAGetCAExpiration
CADeleteCertType
CAUpdateCA
CACertTypeRegisterQuery
CAOIDDelete
GetProxyDllInfo
CASetCertTypePropertyEx
CAGetCACertificate
CAInstallDefaultCertType
CASetCertTypeKeySpec
CAGetCAProperty
CAGetCertTypePropertyEx
CACreateNewCA
CAGetCAFlags
CAFindByName
DllInstall
CAGetCertTypeExtensions
CAEnumCertTypes
CACountCertTypes
CARemoveCACertificateType
CAEnumCertTypesForCAEx
CAAccessCheck
CAOIDGetProperty
CASetCertTypeProperty
CACloneCertType

kernel32

SearchPathW
GetStringTypeA
FlushViewOfFile
TerminateJobObject
WritePrivateProfileStringW
OpenFile
CreateDirectoryExA
VirtualAlloc
ReadFileEx
GetCommandLineW
LoadLibraryA
SetCriticalSectionSpinCount
GetNumaHighestNodeNumber
GetDiskFreeSpaceA
GetCommMask
lstrcat
FormatMessageW
GetCurrentThread
GetConsoleAliasesA
CreateMemoryResourceNotification
SetConsoleCtrlHandler
CreateFileMappingA
GetNamedPipeInfo
GetWriteWatch
BeginUpdateResourceW
BaseUpdateAppcompatCache
GetVolumeNameForVolumeMountPointW
SetConsoleActiveScreenBuffer
EndUpdateResourceW
WritePrivateProfileSectionA
BaseCleanupAppcompatCacheSupport
EndUpdateResourceA
FileTimeToDosDateTime
ReadProcessMemory
ResetWriteWatch
RegisterWaitForSingleObject
IsProcessorFeaturePresent
SetConsoleWindowInfo
SetUnhandledExceptionFilter
GlobalUnlock
GetEnvironmentStringsA
ReadConsoleW
GetNumaProcessorNode
SetCommMask
GetDefaultCommConfigW
GetCommProperties
HeapCreate

wldap32

ldap_result2error
ldap_count_references
ldap_free_controlsW
ldap_add_s
ldap_connect
ldap_initA
ber_scanf
ldap_set_optionW
ldap_parse_sort_controlW
ldap_rename_ext_sA
ldap_modrdn2_sA
ldap_rename_ext
ldap_sslinit
ldap_modrdn
ldap_abandon
ldap_sasl_bind_sW
ldap_deleteW
ldap_add_sA
ldap_sslinitA
LdapMapErrorToWin32
ldap_free_controlsA
ldap_next_reference
ldap_compare_ext_sA
ldap_delete_ext
ldap_sasl_bindW
ldap_set_optionA
ldap_explode_dn
ldap_add_extW
ldap_get_valuesA
ldap_rename_extW
ldap_startup
ldap_add
ber_printf
ldap_modrdnW
ldap_bind_sA

gdi32

GetSystemPaletteUse
CreateCompatibleBitmap
GetTextExtentPointI
GetObjectType
GetWindowExtEx
EnumMetaFile
UnloadNetworkFonts
SetDIBColorTable
GdiResetDCEMF
GdiStartPageEMF
DdEntry6
EngLockSurface
GetEnhMetaFileDescriptionW
EudcLoadLinkW
EndFormPage
GdiEntry1
PolyBezierTo
DdEntry20
DdEntry46
GetRelAbs
EngCreateBitmap
GetPolyFillMode
EnumICMProfilesW
CreateMetaFileA
SetDIBitsToDevice
CreateFontIndirectW
GetClipRgn
GdiDeleteLocalDC
DdEntry43
CopyMetaFileA
ResizePalette
GetWindowOrgEx
GdiConvertMetaFilePict
SetPixelV
DdEntry34
ExtCreateRegion
CreateFontIndirectExA
GdiCleanCacheDC
EngEraseSurface
EngStrokePath
XLATEOBJ_piVector
DdEntry7
ScaleWindowExtEx
CLIPOBJ_ppoGetPath
RectVisible
EngReleaseSemaphore
SetViewportExtEx
EnumFontsW
GdiEndPageEMF
GdiDllInitialize
EngMultiByteToWideChar
GetStringBitmapA
SelectClipPath
GdiGetDC
GdiDeleteSpoolFileHandle
CreateRectRgnIndirect
GetDeviceGammaRamp
SetVirtualResolution

msvcrt40

??_Gfilebuf@@UAEPAXI@Z
??_Glogic_error@@UAEPAXI@Z
??_7fstream@@6B@
?close@fstream@@QAEXXZ
wscanf
??0iostream@@IAE@ABV0@@Z
??6ostream@@QAEAAV0@C@Z
_CIfmod
?get@istream@@QAEAAV1@PAEHD@Z
_ismbcgraph
?sh_read@filebuf@@2HB
scanf
_wexecv
wctomb
?rdstate@ios@@QBEHXZ
??4strstream@@QAEAAV0@AAV0@@Z
_execvp
?unexpected@@YAXXZ
_mbscat
??4fstream@@QAEAAV0@AAV0@@Z
_mbschr
??_7ostream_withassign@@6B@
_adj_fdiv_m64
_getdiskfree
putwc
?fill@ios@@QAEDD@Z
?close@filebuf@@QAEPAV1@XZ
??_7exception@@6B@
?tie@ios@@QBEPAVostream@@XZ
?seekp@ostream@@QAEAAV1@JW4seek_dir@ios@@@Z
_mbsrchr
__p___winitenv
_tell
??_Eistream@@UAEPAXI@Z
??5istream@@QAEAAV0@PAE@Z
_except_handler3
??1strstream@@UAE@XZ
??0ostream@@QAE@PAVstreambuf@@@Z
??4logic_error@@QAEAAV0@ABV0@@Z
?setlock@streambuf@@QAEXXZ
_wexecvp
_spawnvpe
_CIacos
?egptr@streambuf@@IBEPADXZ
?seekg@istream@@QAEAAV1@JW4seek_dir@ios@@@Z

imm32

ImmGetCandidateListCountA
ImmSetCompositionStringW
ImmCreateSoftKeyboard
ImmSetConversionStatus
ImmGetIMCCSize
ImmShowSoftKeyboard
ImmAssociateContextEx
ImmGetGuideLineA
ImmSendIMEMessageExW
ImmUnlockIMC
ImmDestroySoftKeyboard
ImmGetCompositionStringA
ImmNotifyIME
ImmLockImeDpi
ImmActivateLayout
ImmGetIMCLockCount
ImmCreateContext
ImmCreateIMCC
ImmProcessKey
ImmInstallIMEA
ImmGetCompositionFontW
ImmGetConversionStatus
ImmSetCompositionFontA
ImmLoadIME
ImmIsUIMessageW
ImmSetCompositionWindow
ImmSetActiveContextConsoleIME
ImmRequestMessageW
ImmGetStatusWindowPos
ImmGetCandidateListA
ImmSetHotKey
ImmGetConversionListW
ImmSendIMEMessageExA
ImmIMPGetIMEA

Sections

.text
Size: 194KB - Virtual size: 196KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 171KB - Virtual size: 172KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 1.9MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 504KB - Virtual size: 504KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

a089006db093e2d04c4be7e96d1df56c

Headers

DLL Characteristics

File Characteristics

Imports

certcli

kernel32

wldap32

gdi32

msvcrt40

imm32

Sections

.text Size: 194KB - Virtual size: 196KB

.rdata Size: 171KB - Virtual size: 172KB

.data Size: 512B - Virtual size: 1.9MB

.rsrc Size: 504KB - Virtual size: 504KB

.reloc Size: 1024B - Virtual size: 4KB

.text
Size: 194KB - Virtual size: 196KB

.rdata
Size: 171KB - Virtual size: 172KB

.data
Size: 512B - Virtual size: 1.9MB

.rsrc
Size: 504KB - Virtual size: 504KB

.reloc
Size: 1024B - Virtual size: 4KB