76cfb01c7d576f6f665fba01014b8587

Sharing

Copy URL Twitter E-mail

General

Target

76cfb01c7d576f6f665fba01014b8587
Size

542KB
MD5

76cfb01c7d576f6f665fba01014b8587
SHA1

911da9172587879cbfd6be60fc0326c0b69993ff
SHA256

20d8b98bea32796dd617f9106505849446e2063f2aec3515e4c2cfd1eec072c1
SHA512

a3612a9274aee6045ee474afee57c0bfe460f5bfe548d7b0079540c4ad632f71f705ab74a70c7b0a1bc35b167c67c6a98698d120db20735584dc319b49bd2a44
SSDEEP

12288:Cik1gkGzhkgbUyINSfuLgbt//xst7aJwlLitZEOIW:CikElbUyASFZ+tmJwhirEG

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
76cfb01c7d576f6f665fba01014b8587

Files

76cfb01c7d576f6f665fba01014b8587
.exe windows:5 windows x86 arch:x86

8047e21d85361a3814f511741c22353b

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

msvcirt

??4istream_withassign@@QAEAAV0@ABV0@@Z
?stossc@streambuf@@QAEXXZ
??_Eofstream@@UAEPAXI@Z
??1strstreambuf@@UAE@XZ
?lockc@ios@@KAXXZ
??_Gifstream@@UAEPAXI@Z
?write@ostream@@QAEAAV1@PBCH@Z
??6ostream@@QAEAAV0@O@Z

inetcomm

MimeOleGenerateCID
MimeOleObjectFromMoniker
MimeOleSetDefaultCharset
MimeOleSetCompatMode
CreateRASTransport
HrGetLastOpenFileDirectory
HrSaveAttachToFile
MimeOleGetPropertySchema
MimeOleGetCodePageCharset
HrGetDisplayNameWithSizeForFile
MimeOleSMimeCapsFromDlg

kernel32

DebugBreak
SetUserGeoID
FlushInstructionCache
LoadLibraryA
EnumCalendarInfoW
GetUserDefaultLCID
GetOEMCP
lstrlen
ChangeTimerQueueTimer
GetLocaleInfoW
GetFirmwareEnvironmentVariableA
FatalExit
FreeUserPhysicalPages
GetNumberOfConsoleFonts
GetConsoleDisplayMode

winsta

_WinStationFUSCanRemoteUserDisconnect
WinStationConnectCallback
_WinStationNotifyLogon
WinStationTerminateProcess
WinStationEnumerate_IndexedA
_WinStationReadRegistry
WinStationEnumerate_IndexedW
WinStationShadowStop
WinStationConnectW
WinStationQueryLogonCredentialsW
_WinStationShadowTargetSetup
LogonIdFromWinStationNameA
WinStationUnRegisterConsoleNotification
ServerLicensingUnloadPolicy

wldap32

ber_bvecfree
ldap_extended_operationW
ldap_modify_sW
ldap_compare_ext_sW
ldap_explode_dn
ldap_search_sW
ldap_first_entry
ldap_ufn2dnW
ldap_explode_dnA
ber_alloc_t
ldap_encode_sort_controlA
ldap_openA
ldap_set_optionW
ldap_add_extW
ldap_modrdn2_s

Sections

.text
Size: 114KB - Virtual size: 113KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 149KB - Virtual size: 149KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 122KB - Virtual size: 122KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 154KB - Virtual size: 153KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

8047e21d85361a3814f511741c22353b

Headers

File Characteristics

Imports

msvcirt

inetcomm

kernel32

winsta

wldap32

Sections

.text Size: 114KB - Virtual size: 113KB

.rdata Size: 149KB - Virtual size: 149KB

.data Size: 122KB - Virtual size: 122KB

.rsrc Size: 154KB - Virtual size: 153KB

.text
Size: 114KB - Virtual size: 113KB

.rdata
Size: 149KB - Virtual size: 149KB

.data
Size: 122KB - Virtual size: 122KB

.rsrc
Size: 154KB - Virtual size: 153KB