744800ad45215d8913d634d126b37f70

Sharing

Copy URL Twitter E-mail

General

Target

744800ad45215d8913d634d126b37f70
Size

862KB
MD5

744800ad45215d8913d634d126b37f70
SHA1

0c3d95dcbd31522ee826a5fc9d6374db2f0e2bb2
SHA256

ed2760c2b531f7fdf0b14cff7d26c314c3083736d296db255eded196dabdec2d
SHA512

526b59839c43d491cffa1d3ad622ba953bcb6cbcc349bcdddc71155bb3201b3a9710bdfd474326aeafd53b55446158dac1c925fae7edd4ff575ae30f60286b78
SSDEEP

24576:rbxxyKONYkrhpLfAe+0wkAT0XJyAlBxbrUfT:rbxxyTjrhpLfAeSt0Bbgr

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
744800ad45215d8913d634d126b37f70

Files

744800ad45215d8913d634d126b37f70
.exe windows:5 windows x86 arch:x86

ad6a1446f10f6d20c4cfb6fe87383e1f

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

dbghelp

FindFileInPath
SymRegisterCallback64
SymFromAddr
SymEnumerateSymbolsW64
ImageRvaToVa
SymGetModuleBase64
SymEnumSymbols
StackWalk
SymGetModuleBase
ImageDirectoryEntryToData
SymGetLineFromAddr64
EnumerateLoadedModules
SymGetTypeInfo
SymSetOptions
SymRegisterFunctionEntryCallback
SymGetFileLineOffsets64
SymFunctionTableAccess
SymEnumSourceFiles
SymGetSymFromAddr
SymGetLinePrev
SymGetSymFromName
SymFromName
SymGetLinePrev64
StackWalk64
SymUnloadModule
SymMatchFileName
SymFunctionTableAccess64
SymEnumSym
omap
SymGetTypeFromName
SymLoadModuleEx
SymEnumerateModules64

query

?ReadProperty@CPropStoreManager@@QAEHAAVCCompositePropRecord@@KAAUtagPROPVARIANT@@@Z
?GetCGIVariable@CWebServer@@QAEHPBDAAV?$XArray@G@@AAK@Z
?Disconnect@CRequestClient@@QAEXXZ
?InitIterator@CPropertyList@@UAEXXZ
?SetLogonInfo@CScopeAdmin@@QAEXPBG0AAVCCatalogAdmin@@@Z
??0CDbColId@@QAE@ABV0@@Z
?UnMarshall@CRestriction@@SGPAV1@AAVPDeSerStream@@@Z
?Cleanup@CDbColId@@QAEXXZ
?StrLen@CKey@@QBEIXZ
?AddEntry@CPropertyList@@UAEXPAVCPropEntry@@H@Z
?AllocHeapAndGetWString@@YGPAGAAVPDeSerStream@@@Z
?GetPropType@CEmptyPropertyList@@SGGI@Z
?StopCI@CMachineAdmin@@QAEHXZ
?Remove@CColumns@@QAEXI@Z
?SetValue@CPropertyRestriction@@QAEXAAUtagBLOB@@@Z
??0CFileBuffer@@QAE@AAVCFileMapView@@I@Z
?GetStr@CKey@@QBEPAGXZ
?CoTaskAllocator@@3VCCoTaskAllocator@@A
?AddArg@CFwEventItem@@QAEXPBG@Z
?RefreshParams@CWorkQueue@@QAEXKK@Z
?SetCurrentProperty@CQueryParser@@AAEXPBGW4PropertyType@@@Z
InitializeCIISAPIPerformanceData
?CiNtOpen@@YGPAXPBGKKK@Z
??1CPropertyList@@UAE@XZ
?Init@CMmStreamConsecBuf@@QAEXPAVPMmStream@@@Z
?Marshall@CNodeRestriction@@QBEXAAVPSerStream@@@Z
CollectFILTERPerformanceData
?Get@CRegAccess@@QAEKPBG@Z
??1CNodeRestriction@@QAE@XZ
??1CVirtualString@@QAE@XZ
?WritePrimaryProperty@CPropStoreManager@@QAEJKKABVCStorageVariant@@@Z
??1CRegNotify@@MAE@XZ
?IsSameDrive@CDriveInfo@@QAEHPBG@Z
??3CDbPropSet@@SGXPAX@Z
?EnumVServers@CMetaDataMgr@@QAEXAAVCMetaDataVirtualServerCallBack@@@Z
??1CDbSortKey@@QAE@XZ
?GetLCIDFromString@@YGKPAG@Z
?DumpWorkId@@YGJPBGKPAEAAK00K@Z
?QueryInterface@CQueryUnknown@@UAGJABU_GUID@@PAPAX@Z
?Refresh@CCiRegParams@@QAEXPAUICiAdminParams@@H@Z
?DisableVPathNotify@CMetaDataMgr@@QAEXXZ
??1CDbQueryResults@@QAE@XZ
?TransferNode@CDbCmdTreeNode@@QAEXPAV1@@Z
?Initialize@CImpersonationTokenCache@@QAEXPBGHHHKKK@Z

user32

CharLowerW
DrawAnimatedRects
SendMessageCallbackA
SendMessageW
GetUpdateRect
ChangeDisplaySettingsA
CheckMenuItem
LoadAcceleratorsW
LoadAcceleratorsA
DdeGetLastError
DestroyMenu
SendNotifyMessageW
UserRegisterWowHandlers
CreateDialogIndirectParamW
SetDeskWallpaper
SetWindowTextW
SetScrollPos
MessageBoxIndirectW
RegisterServicesProcess
CharLowerBuffW
PrivateExtractIconsW
CreateIconFromResource
CharToOemW
DdeReconnect
GetForegroundWindow
CascadeChildWindows
User32InitializeImmEntryTable
RegisterRawInputDevices
OemToCharBuffW
MonitorFromRect
QuerySendMessage
ChangeClipboardChain
GetGUIThreadInfo
SetUserObjectInformationW
SetSystemMenu
DdeCmpStringHandles
ReleaseCapture
GetClipboardData
UnloadKeyboardLayout
LoadMenuIndirectW
DispatchMessageA
AlignRects
RemoveMenu
GetClipCursor

kernel32

GetNextVDMCommand
CreateEventW
FindFirstFileExA
SetFileShortNameA
GetProcessHeaps
IsValidCodePage
CloseConsoleHandle
GetCurrentDirectoryA
CreateIoCompletionPort
VirtualAlloc
SetConsoleScreenBufferSize
CreateNamedPipeW
GetDiskFreeSpaceA
VirtualProtectEx
SetNamedPipeHandleState
GetConsoleAliasW
GetCurrentConsoleFont
DefineDosDeviceA
GetComPlusPackageInstallStatus
QueryDepthSList
SetConsoleIcon
CancelWaitableTimer
EnumCalendarInfoExW
GetUserDefaultUILanguage
EnterCriticalSection
PostQueuedCompletionStatus
GetEnvironmentStringsA
GetLogicalDrives
SignalObjectAndWait
LocalAlloc
GetProcAddress
FindFirstVolumeMountPointA
WritePrivateProfileSectionA
SetConsoleInputExeNameA
SetConsoleTextAttribute
LoadLibraryA
SetLastError
CommConfigDialogW
GenerateConsoleCtrlEvent
PeekNamedPipe
GetModuleHandleW

dxtrans

?DXConstUnderArray@@YGXPAVDXPMSAMPLE@@ABV1@K@Z
?DXDitherArray@@YGXPBUDXDITHERDESC@@@Z
DllEnumClassObjects
DllGetClassObject
?DXConstOverArray@@YGXPAVDXPMSAMPLE@@ABV1@K@Z
?DXOverArrayMMX@@YGXPAVDXPMSAMPLE@@PBV1@K@Z
?DXOverArray@@YGXPAVDXPMSAMPLE@@PBV1@K@Z
?DXLinearInterpolateArray@@YGXPBVDXBASESAMPLE@@PAUDXLIMAPINFO@@PAV1@K@Z

Sections

.text
Size: 424KB - Virtual size: 424KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 303KB - Virtual size: 303KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 132KB - Virtual size: 1.6MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 1024B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 1024B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

ad6a1446f10f6d20c4cfb6fe87383e1f

Headers

DLL Characteristics

File Characteristics

Imports

dbghelp

query

user32

kernel32

dxtrans

Sections

.text Size: 424KB - Virtual size: 424KB

.rdata Size: 303KB - Virtual size: 303KB

.data Size: 132KB - Virtual size: 1.6MB

.rsrc Size: 1024B - Virtual size: 1024B

.reloc Size: 1024B - Virtual size: 1024B

.text
Size: 424KB - Virtual size: 424KB

.rdata
Size: 303KB - Virtual size: 303KB

.data
Size: 132KB - Virtual size: 1.6MB

.rsrc
Size: 1024B - Virtual size: 1024B

.reloc
Size: 1024B - Virtual size: 1024B