73735bd837b8b091e2b35afbe09679c8

Sharing

Copy URL Twitter E-mail

General

Target

73735bd837b8b091e2b35afbe09679c8
Size

874KB
MD5

73735bd837b8b091e2b35afbe09679c8
SHA1

0660cc68f6a24d866f75631c392454ae61dab77c
SHA256

6485f39f5e58e6419f7c2355df3d24d019cfd560752b50ccc68339bbe81b6509
SHA512

84ef7b32489f1460ec3a75a60bce0a44308e0f17c88a1d5c30dcdab58445bf713fbb6ae5db5d1f9121eb1466049e28beeb81e809aff7457e9e35e4e25f7c72bf
SSDEEP

12288:xzITKSgXm9wW6vm/Pp9bUSHS6XUt1r+zXEeH43affzgcX0yODYTw4N1C0K+3d/02:xigquK9bnS6Ejr+lH4k8crq9U0zG

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
73735bd837b8b091e2b35afbe09679c8

Files

73735bd837b8b091e2b35afbe09679c8
.exe windows:5 windows x86 arch:x86

493195471e4ebea2bad5c9cb2d7c99e7

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

winscard

SCardCancel
SCardSetCardTypeProviderNameW
SCardEstablishContext
SCardListCardsA
SCardAddReaderToGroupA
SCardListReadersW
SCardGetStatusChangeA
SCardGetCardTypeProviderNameW
SCardListInterfacesA
SCardFreeMemory
SCardReleaseContext
SCardForgetCardTypeA
SCardControl
ClassInstall32
g_rgSCardRawPci
SCardTransmit
SCardListReaderGroupsA
SCardBeginTransaction
SCardListReadersA
SCardIntroduceReaderW
g_rgSCardT1Pci
SCardIntroduceReaderGroupA
SCardStatusA
SCardEndTransaction
SCardForgetReaderW
SCardRemoveReaderFromGroupA
SCardGetProviderIdA
SCardIntroduceCardTypeA
SCardIsValidContext
SCardForgetReaderGroupA
SCardAccessStartedEvent
SCardListReaderGroupsW
SCardConnectA
SCardIntroduceReaderGroupW

msvcrt

_logb
__lc_codepage
_wcsncoll
_putw
__p__commode
_popen
_ui64toa
_utime
difftime
_wutime64
_mbscspn
_copysign
exit
fputws
_CIacos
_mbsnicmp
wcslen
_gcvt
_read
islower
??_U@YAPAXI@Z
_inpd
_wcmdln
_cputws
__p__winver
__iscsym
_execle
getwc
_mbstrlen
_cgetws
__p__amblksiz
_wmkdir
_spawnvp
sinh
_mbbtombc
malloc
_getdiskfree
__set_app_type
_gmtime64
_waccess

kernel32

CreateFileMappingW
GetModuleFileNameA
EnumerateLocalComputerNamesW
GetEnvironmentStringsA
LZCopy
VirtualAlloc
_lclose
GetStartupInfoA
GetSystemWindowsDirectoryA
DeleteCriticalSection
GlobalAddAtomW
FormatMessageW
VerifyConsoleIoHandle
GetPrivateProfileStringA
SetConsoleOS2OemFormat
EnterCriticalSection
DeleteTimerQueueEx
GlobalAddAtomA
VirtualUnlock
OpenSemaphoreW
SetFilePointer
GetExitCodeThread
QueryMemoryResourceNotification
IsBadStringPtrA
GlobalUnlock
lstrcmpW
GetProcessIoCounters
GetModuleHandleW
lstrcpynA
Module32NextW
ConnectNamedPipe
LoadLibraryA
WritePrivateProfileStringA
QueryPerformanceCounter
VDMOperationStarted
GetSystemPowerStatus
SetLastError
CreateFileMappingA
DebugActiveProcess
LeaveCriticalSection
SetConsoleLocalEUDC
GlobalFlags

user32

LoadBitmapA
ChangeMenuA
BeginDeferWindowPos
GetMenuItemRect
GetCursorPos
DdeFreeDataHandle
SetScrollRange
CharToOemBuffA
ClientThreadSetup
GetClipboardViewer
CallMsgFilterW
SetShellWindowEx
SetCaretPos
GetClipboardFormatNameA
DdeGetQualityOfService
LoadImageA
RegisterUserApiHook
CheckDlgButton
keybd_event
RegisterShellHookWindow
TranslateMDISysAccel
SubtractRect
RegisterLogonProcess
CharNextA
DlgDirSelectComboBoxExW
SetWindowContextHelpId
LoadStringW
EnumDisplaySettingsW
DestroyIcon
GetAppCompatFlags2
VkKeyScanExA
GetOpenClipboardWindow
DdeConnectList
GetTabbedTextExtentA
RealChildWindowFromPoint
OpenIcon
GetClassLongA
GetRawInputDeviceInfoW
InvalidateRgn

ws2_32

WSAEnumNameSpaceProvidersA
WSAInstallServiceClassA
WSAGetServiceClassInfoA
WSCUpdateProvider
WSAGetServiceClassNameByClassIdW
WSCEnableNSProvider
connect
WSADuplicateSocketW
WSAHtons
WSApSetPostRoutine
WSACreateEvent
WSASetEvent
freeaddrinfo
WSACleanup
WSANtohs
getservbyname
WSAHtonl
htons
WSAUnhookBlockingHook
WSAAddressToStringW
WSAProviderConfigChange
WSALookupServiceBeginA
WSASocketA
WEP
WSCWriteProviderOrder
WSAWaitForMultipleEvents
WSCWriteNameSpaceOrder
inet_addr
WSALookupServiceNextW
WSAJoinLeaf
WSAAsyncGetProtoByNumber
ioctlsocket
WSADuplicateSocketA
WSCEnumProtocols
WSALookupServiceEnd
WSASocketW
getsockopt
WSAGetServiceClassNameByClassIdA
WSASetServiceA
shutdown
getaddrinfo
accept

ole32

CoGetDefaultContext
PropVariantClear
StgConvertPropertyToVariant
StringFromGUID2
OleConvertIStorageToOLESTREAMEx
HWND_UserSize
CoGetPSClsid
HDC_UserMarshal
HMETAFILE_UserSize
IsEqualGUID
CoAddRefServerProcess
OleSetAutoConvert
HGLOBAL_UserUnmarshal
CoTaskMemFree
DcomChannelSetHResult
CoPopServiceDomain
CoIsHandlerConnected
OleRun
CoGetMarshalSizeMax
OleCreateLinkFromData
OleBuildVersion
HACCEL_UserUnmarshal
CoGetComCatalog
OleCreateDefaultHandler
HDC_UserFree
CoQueryAuthenticationServices
GetClassFile
CreateBindCtx
OleTranslateAccelerator
CoRegisterMessageFilter
CoRegisterClassObject
HBRUSH_UserSize
SetConvertStg

ifsutil

?QueryNtfsVersion@IFS_SYSTEM@@SGEPAE0PAVLOG_IO_DP_DRIVE@@PAX@Z
?Pop@INTSTACK@@QAEXK@Z
?CheckAndRemove@NUMBER_SET@@QAEEVBIG_INT@@PAE@Z
?Sort@TLINK@@QAEXXZ
?GetAt@MOUNT_POINT_MAP@@QAEEKPAVWSTRING@@0@Z
??0INTSTACK@@QAE@XZ
?SendSonyMSInquiryCmd@DP_DRIVE@@QAEEPAUSONY_MS_INQUIRY_DATA@@@Z
??1SECRUN@@UAE@XZ
?FlushCache@IO_DP_DRIVE@@QAEEXZ
?CheckAndAdd@SPARSE_SET@@QAEEVBIG_INT@@PAE@Z
?Recover@VOL_LIODPDRV@@QAEEPBVWSTRING@@PAVMESSAGE@@@Z
?GetFirst@TLINK@@QAEPAXXZ
?AddStart@NUMBER_SET@@QAEEVBIG_INT@@@Z
?CheckValidSecurityDescriptor@IFS_SYSTEM@@SGEKPAU_SECURITY_DESCRIPTOR@@@Z
?SetSystemId@LOG_IO_DP_DRIVE@@QAEEE@Z
?QueryPageSize@IFS_SYSTEM@@SGKXZ
??1TLINK@@UAE@XZ
?QueryMediaByte@DP_DRIVE@@QBEEXZ
?AddNext@NUMBER_SET@@QAEEVBIG_INT@@@Z
?Write@LOG_IO_DP_DRIVE@@QAEEVBIG_INT@@KPAX@Z
?SendSonyMSModeSenseCmd@DP_DRIVE@@QAEEPAUSONY_MS_MODE_SENSE_DATA@@@Z
?AddDriveName@MOUNT_POINT_MAP@@QAEEPAVWSTRING@@0@Z
?SendSonyMSTestUnitReadyCmd@DP_DRIVE@@QAEEPAU_SENSE_DATA@@@Z
?DoesIntersectSet@NUMBER_SET@@QBEEVBIG_INT@@0@Z
?QueryNtfsSupportInfo@DP_DRIVE@@SGJPAXPAE@Z
?GetMessageW@IO_DP_DRIVE@@QAEPAVMESSAGE@@XZ
?ForceAutochk@VOL_LIODPDRV@@QAEEEKKGPBVWSTRING@@@Z
?EnableFileSystem@IFS_SYSTEM@@SGEPBVWSTRING@@@Z
?Add@NUMBER_SET@@QAEEPBV1@@Z
??1SPARSE_SET@@UAE@XZ
?GetCannedSecurityDescriptor@CANNED_SECURITY@@QAEPAXW4_CANNED_SECURITY_TYPE@@PAK@Z
?Initialize@LOG_IO_DP_DRIVE@@QAEEPBVWSTRING@@PAVMESSAGE@@EG@Z

opengl32

glNormal3sv
glTexCoord3dv
glIndexPointer
glRasterPos4dv
glVertex2dv
glColor3d
glColor3ui
glDeleteTextures
glTexCoord3d
glPointSize
glMateriali
glInterleavedArrays
glClipPlane
glEvalMesh2
glRasterPos3s
glTranslatef
glPopMatrix
glDisable
glEnd
glPixelMapusv
glRasterPos4iv
glColor4fv
glClearColor
glRasterPos2sv
glColor4i
glMultMatrixd
glDepthFunc
glTexSubImage1D
glTexCoord3s
glPixelMapuiv
glGetMaterialiv
glRasterPos2fv
glNormal3dv
glEdgeFlagv
glTexEnvf
glAccum
glColor4sv
glVertex3dv
glFogiv
glTexCoord3i
glLightiv
glDrawArrays

msdart

MPCSUninitialize
?_InsertThisIntoGlobalList@CLKRLinearHashTable@@AAEXXZ
?WriteLock@CSpinLock@@QAEXXZ
?sm_wDefaultSpinCount@CSmallSpinLock@@1GA
?IsWriteUnlocked@CReaderWriterLock2@@QBE_NXZ
?GetDefaultSpinAdjustmentFactor@CReaderWriterLock@@SGNXZ
?_CalcKeyHash@CLKRLinearHashTable@@ABEKK@Z
?_FindRecord@CLKRLinearHashTable@@ABE?AW4LK_RETCODE@@PBXK@Z
?WriteUnlock@CReaderWriterLock2@@QAEXXZ
?ConvertExclusiveToShared@CFakeLock@@QAEXXZ
?_TryWriteLock@CReaderWriterLock@@AAE_NXZ
?ReadUnlock@CCritSec@@QAEXXZ
?_CmpExch@CReaderWriterLock@@AAE_NJJ@Z
?SetDefaultSpinCount@CReaderWriterLock3@@SGXG@Z
?IsValid@CLKRLinearHashTable@@QBE_NXZ
?InitializeVersionInfo@CMdVersionInfo@@CAHXZ
?IsReadUnlocked@CReaderWriterLock2@@QBE_NXZ
?WriteLock@CReaderWriterLock2@@QAEXXZ
?TryReadLock@CFakeLock@@QAE_NXZ
?_EqualKeys@CLKRLinearHashTable@@ABE_NKK@Z
?IsEmpty@CLockedDoubleList@@QBE_NXZ
??1CFakeLock@@QAE@XZ
?SetDefaultSpinCount@CFakeLock@@SGXG@Z
??0CFakeLock@@QAE@XZ
?GetStatistics@CLKRHashTable@@QBE?AVCLKRHashTableStats@@XZ
?SetDefaultSpinCount@CReaderWriterLock2@@SGXG@Z
?ReadUnlock@CReaderWriterLock3@@QAEXXZ
?GetSpinCount@CFakeLock@@QBEGXZ
?WriteUnlock@CReaderWriterLock3@@QAEXXZ

winsta

WinStationEnumerateA
WinStationRenameW
WinStationServerPing
WinStationQueryUpdateRequired
WinStationGetTermSrvCountersValue
WinStationConnectW
WinStationWaitSystemEvent
WinStationQueryLicense
_WinStationAnnoyancePopup
WinStationNameFromLogonIdA
WinStationIsHelpAssistantSession
WinStationUnRegisterConsoleNotification
ServerLicensingOpenA
WinStationActivateLicense
_WinStationNotifyLogoff
_WinStationBreakPoint
ServerLicensingClose
WinStationDisconnect
WinStationGetAllProcesses
WinStationEnumerateProcesses
WinStationEnumerate_IndexedW
WinStationQueryInformationA
WinStationShadowStop
ServerLicensingSetPolicy
_WinStationUpdateUserConfig
_WinStationNotifyNewSession
WinStationRemoveLicense
WinStationSendMessageA
_WinStationCallback
WinStationCheckLoopBack
_NWLogonQueryAdmin
WinStationEnumerateLicenses
_WinStationBeepOpen
ServerLicensingGetPolicy
ServerLicensingGetAvailablePolicyIds
WinStationGenerateLicense
ServerLicensingGetPolicyInformationA
WinStationInstallLicense
WinStationBroadcastSystemMessage
WinStationEnumerateW
WinStationSendWindowMessage
_WinStationShadowTarget

Sections

.text
Size: 55KB - Virtual size: 55KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 243KB - Virtual size: 243KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 571KB - Virtual size: 2.0MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

493195471e4ebea2bad5c9cb2d7c99e7

Headers

DLL Characteristics

File Characteristics

Imports

winscard

msvcrt

kernel32

user32

ws2_32

ole32

ifsutil

opengl32

msdart

winsta

Sections

.text Size: 55KB - Virtual size: 55KB

.rdata Size: 243KB - Virtual size: 243KB

.data Size: 571KB - Virtual size: 2.0MB

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 1KB - Virtual size: 1KB

.text
Size: 55KB - Virtual size: 55KB

.rdata
Size: 243KB - Virtual size: 243KB

.data
Size: 571KB - Virtual size: 2.0MB

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 1KB - Virtual size: 1KB