77c65ec957b98b5476cda98df642d239

Sharing

Copy URL

Twitter E-mail

General

Target

77c65ec957b98b5476cda98df642d239
Size

33KB
MD5

77c65ec957b98b5476cda98df642d239
SHA1

8508d03dc810db19ab5b7e53818a9b744132d7d2
SHA256

257864ba40566965b94a6b83d1c378ff60ce45eb2d523d5028d5ada5ac4f984a
SHA512

8ea120da8b3921bea458ddb7546df38966defc2a2fc3d18998dda606ee3a488abba16c8433dc409a69de5a49743b4da93eda130659cbac8c1312ea9fcd1d081c
SSDEEP

768:sj0AVrmUJ0e+VCPOuFaL4c5SDlcVH6tIuqB3cOxn:2xJ0vIHF24cIpcH6ebcOxn

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
77c65ec957b98b5476cda98df642d239

Files

77c65ec957b98b5476cda98df642d239
.exe windows:5 windows x86 arch:x86

77a4e86e64ae7754d5aef8497be8c9b7

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

WritePrivateProfileStructA
GetFullPathNameA
LocalHandle
CreateRemoteThread
HeapReAlloc
Thread32Next
UnmapViewOfFile
GetLargestConsoleWindowSize
DisableThreadLibraryCalls
VirtualAlloc
FindNextVolumeW
VerLanguageNameA
SetFileAttributesA
SetConsoleMaximumWindowSize
GetVersion
ResumeThread
GetVolumePathNameW
TlsSetValue
GetNumberOfConsoleMouseButtons
GetComputerNameA
GetNumberOfConsoleInputEvents
InterlockedFlushSList
SetHandleInformation
DosPathToSessionPathA
GetBinaryTypeA
SetFileShortNameW
GetProcessIoCounters
GetDiskFreeSpaceA
Sleep
CreateDirectoryExA
SetMessageWaitingIndicator
GetConsoleFontInfo
EnumSystemGeoID
GetTimeZoneInformation
ReplaceFileA
CloseProfileUserMapping
EnumSystemCodePagesW
CmdBatNotification
OpenProcess
GetACP
LZStart
GetConsoleCommandHistoryA
AddRefActCtx
RegisterWaitForSingleObject
OutputDebugStringA
Beep
SetTimerQueueTimer

rsaenh

CPCreateHash
CPDuplicateKey
CPGetProvParam
DllRegisterServer
CPAcquireContext
CPExportKey
CPGenRandom
CPHashSessionKey
CPSetKeyParam
CPDeriveKey
CPGenKey
CPReleaseContext
CPDuplicateHash
CPDestroyKey
CPDecrypt
CPDestroyHash
CPGetKeyParam
CPSetProvParam
CPSignHash
CPImportKey
CPHashData
CPVerifySignature
CPGetHashParam
CPEncrypt

ntprint

PSetupCreateDrvSetupPage
PSetupDestroyMonitorInfo
PSetupEnumMonitor
PSetupShowBlockedDriverUI
PSetupPreSelectDriver
PSetupDestroyDriverInfo3
PSetupGetLocalDataField
PSetupGetPathToSearch
PSetupSelectDeviceButtons
PSetupIsCompatibleDriver
PSetupBuildDriversFromPath
PSetupSelectDriver
PSetupInstallPrinterDriver
PSetupGetDriverInfo3
PSetupGetSelectedDriverInfo
PSetupCreatePrinterDeviceInfoList
PSetupDestroySelectedDriverInfo
PSetupThisPlatform
PSetupIsDriverInstalled
PSetupDestroyPrinterDeviceInfoList
ClassInstall32
PSetupInstallMonitor
PSetupDriverInfoFromName
PSetupFreeMem
PSetupIsTheDriverFoundInInfInstalled
PSetupSetSelectDevTitleAndInstructions
PSetupCreateMonitorInfo
PSetupFreeDrvField
PSetupInstallICMProfiles
PSetupInstallInboxDriverSilently
PSetupProcessPrinterAdded
ServerInstallW
PSetupAssociateICMProfiles

ulib

?NewBuf@FSTRING@@UAEEK@Z
?Stricmp@WSTRING@@SGHPAG0@Z
?Initialize@FSTRING@@QAEPAVWSTRING@@PAGK@Z
?QueryStringInput@MESSAGE@@UAEEPAVWSTRING@@@Z
?QueryDriveType@SYSTEM@@SG?AW4DRIVE_TYPE@@PBVWSTRING@@@Z
??0PATH_ARGUMENT@@QAE@XZ
??0MEM_BLOCK_MGR@@QAE@XZ
?SelectResponse@MESSAGE@@UAAKKZZ
?QueryCurrentDosDriveName@SYSTEM@@SGEPAVWSTRING@@@Z
?SetFileName@FSN_FILTER@@QAEEPBVWSTRING@@@Z
?Put@SORTED_LIST@@UAEEPAVOBJECT@@@Z
??0HMEM@@QAE@XZ
?FillAndReadByte@BYTE_STREAM@@AAEEPAE@Z
?QueryMemberCount@SORTED_LIST@@UBEKXZ
??0SCREEN@@QAE@XZ
??0ARRAY@@QAE@XZ
?Initialize@MULTIPLE_PATH_ARGUMENT@@QAEEPADEE@Z
?AppendString@PATH@@QAEEPBVWSTRING@@@Z
?ReadMbLine@STREAM@@QAEEPADKPAKEK@Z
?Initialize@PATH@@QAEEPBGE@Z
??0ARGUMENT_LEXEMIZER@@QAE@XZ
?DisplayMsg@MESSAGE@@QAAEKPBDZZ
??0MESSAGE@@QAE@XZ
?Strupr@WSTRING@@QAEPAV1@KK@Z
??0COMM_DEVICE@@QAE@XZ
?Initialize@SORTED_LIST@@QAEEE@Z
?QueryLocalTimeFromUTime@SYSTEM@@SGEPBVTIMEINFO@@PAV2@@Z
?ReadWLine@STREAM@@QAEEPAGKPAKEK@Z
?QueryIterator@SORTED_LIST@@UBEPAVITERATOR@@XZ
?Initialize@FSN_FILTER@@QAEEXZ
??0TIMEINFO_ARGUMENT@@QAE@XZ
?QueryDirectory@SYSTEM@@SGPAVFSN_DIRECTORY@@PBVPATH@@E@Z
?LogMsg@MESSAGE@@QAEEK@Z
?Free@MEM_BLOCK_MGR@@QAEEPAX@Z
?QueryTimeOut@COMM_DEVICE@@QBEEXZ
?IsGuidVolName@PATH@@QAEEXZ
??1BITVECTOR@@UAE@XZ
?DeleteAllMembers@ARRAY@@UAEEXZ
??1COMM_DEVICE@@UAE@XZ
?Unlock@MESSAGE@@QAEXXZ
?IsYesResponse@MESSAGE@@UAEEE@Z

query

?Close@CPhysStorage@@QAEXXZ
??1CFullPropSpec@@QAE@XZ
?Skip@CEnumString@@UAGJK@Z
?EnumPropInfo@CEmptyPropertyList@@UAGJKPAPBGPAPAUtagDBID@@PAGPAI@Z
?GetLocation@CCatalogAdmin@@QAEPBGXZ
?SetWeight@CDbCmdTreeNode@@QAEXJ@Z
?GetSortProp@CCatState@@QBEXIPAPBGPAW4SORTDIR@@@Z
?ParseQueryPhrase@CQueryParser@@QAEPAVCDbRestriction@@XZ
??1CDbSortKey@@QAE@XZ
??0CCiAdminParams@@QAE@PAVCLangList@@@Z
?AddCachedProperty@CCatalogAdmin@@QAEXABVCFullPropSpec@@KKKH@Z
??0CPropListFile@@QAE@PAVCEmptyPropertyList@@HPBGK@Z
?SetBOOL@CStorageVariant@@QAEXFI@Z
?Marshall@CBaseStorageVariant@@QBEXAAVPSerStream@@@Z
?SkipLong@CMemDeSerStream@@UAEXXZ
?Flush@CDynStream@@QAEXXZ
?SkipUShort@CMemDeSerStream@@UAEXXZ
?SetStartKey@CRangeRestriction@@QAEXABVCKeyBuf@@@Z
?Release@CEnumWorkid@@UAGKXZ
?Marshall@CDbProp@@QBEXAAVPSerStream@@@Z
?NumberOfSortProps@CCatState@@QBEIXZ
??0CAllocStorageVariant@@QAE@PBDAAVPMemoryAllocator@@@Z
?SetCurrentProperty@CQueryParser@@AAEXPBGW4PropertyType@@@Z
?IsCIEnabled@CMachineAdmin@@QAEHXZ
?ReadProperty@CPropStoreManager@@QAEHAAVCCompositePropRecord@@KAAUtagPROPVARIANT@@@Z
??0CMachineAdmin@@QAE@PBGH@Z
?PutWString@@YGXAAVPSerStream@@PBG@Z
?MakeBackupCopy@CPidLookupTable@@QAEXAAVPRcovStorageObj@@AAVPSaveProgressTracker@@@Z
?GetFloat@CMemDeSerStream@@UAEMXZ
??0CAllocStorageVariant@@QAE@W4VARENUM@@KAAVPMemoryAllocator@@@Z
?GetUShort@CMemDeSerStream@@UAEGXZ
?IsRunningAsSystem@CImpersonateSystem@@SGHXZ
??1CDbPropIDSet@@QAE@XZ
?GetPropertyInfo@CDbProperties@@UAGJKQBUtagDBPROPIDSET@@PAKPAPAUtagDBPROPINFOSET@@PAPAG@Z
?SetNumberOfSortProps@CCatState@@QAEXI@Z
?InitIterator@CCombinedPropertyList@@UAEXXZ
?SetI4@CStorageVariant@@QAEXJI@Z
?GrowBuffer@CVirtualString@@AAEXK@Z
?SkipChar@CMemDeSerStream@@UAEXK@Z
?AllocHeapAndCopy@@YGPAGPBGAAK@Z
?Next@CPropertyList@@UAEPBVCPropEntry@@XZ
??0CDynStream@@QAE@PAVPMmStream@@@Z
DoneCIPerformanceData
??0CAllocStorageVariant@@QAE@PBGAAVPMemoryAllocator@@@Z
??0CDbContentRestriction@@QAE@PBGABVCDbColumnNode@@KK@Z
?StopFiltering@CFilterDaemon@@QAEXXZ
?Next@CEnumString@@UAGJKPAPAGPAK@Z
?Marshall@CDbColId@@QBEXAAVPSerStream@@@Z
?OpenFileFromPath@@YGPAU_iobuf@@PBG@Z
?UnMarshall@CDbProp@@QAEHAAVPDeSerStream@@@Z
?UnMarshall@CDbByGuid@@QAEHAAVPDeSerStream@@@Z
?UnMarshall@CRestriction@@SGPAV1@AAVPDeSerStream@@@Z
?AddRef@CDbProperties@@UAGKXZ
?GetString@CMemDeSerStream@@UAEPADXZ
?GetPropInfoFromId@CEmptyPropertyList@@UAGJPBUtagDBID@@PAPAGPAGPAI@Z
?GetDWORDParam@CCatalogAdmin@@QAEHPBGAAK@Z
?Shutdown@CWorkQueue@@QAEXXZ
?IsWriteProtected@CDriveInfo@@QAEHXZ
?GetStartupData@CGenericCiProxy@@QAEPBEAAU_GUID@@AAK@Z
?IsWaitingForDocument@CFilterDaemon@@QAEHXZ
?IsNullPointerVariant@@YGHPAUtagPROPVARIANT@@@Z
??1CScopeEnum@@QAE@XZ
??0CCiRegParams@@QAE@PBG@Z
??1CContentRestriction@@QAE@XZ

atmlib

ATMBeginFontChange
ATMFontStatus
ATMRemoveSubstFontW
ATMMakePFMA
ATMAddFont
ATMInstallSubstFontA
ATMEnumFonts
ATMMakePSSW
ATMForceFontChange
ATMMakePSS
ATMFontSelected
ATMXYShowTextA
ATMGetPostScriptNameA
ATMGetOutline
ATMFinish
ATMGetGlyphList
ATMRemoveFontW
ATMSelectObject
ATMGetMenuNameA
ATMAddFontExA
ATMGetBuildStrW
ATMFontAvailableW
ATMFontStatusW
ATMAddFontExW
ATMGetOutlineW
ATMGetNtmFields
ATMAddFontW
ATMGetMenuName
ATMXYShowTextW
ATMAddFontEx
ATMGetFontInfoA
ATMGetPostScriptName
ATMSetFlags

msvcp60

??_F?$codecvt@DDH@std@@QAEXXZ
??1money_base@std@@UAE@XZ
??_7?$num_get@DV?$istreambuf_iterator@DU?$char_traits@D@std@@@std@@@std@@6B@
?gcount@?$basic_istream@DU?$char_traits@D@std@@@std@@QBEHXZ
?_Isnan@?$_Ctr@M@std@@SA_NM@Z
??Hstd@@YA?AV?$complex@N@0@ABV10@0@Z
?real@std@@YAOABV?$complex@O@1@@Z
?round_error@?$numeric_limits@F@std@@SAFXZ
??_7?$ctype@D@std@@6B@
?cosh@std@@YA?AV?$complex@M@1@ABV21@@Z
?_Exp@?$_Ctr@M@std@@SAFPAMMF@Z
?pubimbue@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAE?AVlocale@2@ABV32@@Z
??_F_Locinfo@std@@QAEXXZ
??_7?$codecvt@DDH@std@@6B@
??0?$basic_istringstream@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@H@Z
??Hstd@@YA?AV?$complex@N@0@ABV10@@Z
?sputn@?$basic_streambuf@GU?$char_traits@G@std@@@std@@QAEHPBGH@Z
?_Getcat@?$time_get@GV?$istreambuf_iterator@GU?$char_traits@G@std@@@std@@@std@@SAIXZ
??_D?$basic_ofstream@DU?$char_traits@D@std@@@std@@QAEXXZ
?getloc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAE?AVlocale@2@XZ
?abs@std@@YAMABV?$complex@M@1@@Z
?falsename@?$numpunct@D@std@@QBE?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@2@XZ
??0?$basic_ifstream@GU?$char_traits@G@std@@@std@@QAE@ABV01@@Z
?out@?$codecvt@GDH@std@@QBEHAAHPBG1AAPBGPAD3AAPAD@Z
??0messages_base@std@@QAE@I@Z
?find@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIPBDI@Z
?real@?$_Complex_base@M@std@@QBEMXZ
?find_last_not_of@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QBEIGI@Z
?_Ifmt@?$num_put@GV?$ostreambuf_iterator@GU?$char_traits@G@std@@@std@@@std@@KAPADPADDH@Z
??4?$basic_streambuf@GU?$char_traits@G@std@@@std@@QAEAAV01@ABV01@@Z
??0locale@std@@QAE@XZ
??6std@@YAAAV?$basic_ostream@GU?$char_traits@G@std@@@0@AAV10@G@Z
?setf@ios_base@std@@QAEHH@Z
??4?$basic_ostringstream@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAEAAV01@ABV01@@Z
?cin@std@@3V?$basic_istream@DU?$char_traits@D@std@@@1@A
?reserve@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAEXI@Z
??5?$basic_istream@GU?$char_traits@G@std@@@std@@QAEAAV01@AAJ@Z

pdh

PdhUpdateLogA
PdhGetLogFileTypeW
PdhTranslateLocaleCounterW
PdhAdd009CounterW
PdhGetDataSourceTimeRangeH
PdhParseInstanceNameW
PdhVbAddCounter
PdhCreateSQLTablesA
PdhLookupPerfNameByIndexW
PdhEnumObjectItemsHA
PdhGetCounterInfoW
PdhExpandWildCardPathHW
PdhOpenQuery
PdhVerifySQLDBA
PdhGetDefaultPerfCounterW
PdhRelogW
PdhExpandCounterPathA
PdhSetLogSetRunID
PdhVbIsGoodStatus
PdhGetRawCounterArrayW
PdhGetDataSourceTimeRangeW
PdhBindInputDataSourceA
PdhGetDefaultPerfCounterHA
PdhVbGetLogFileSize
PdhIsRealTimeQuery
PdhExpandWildCardPathA
PdhVbGetDoubleCounterValue
PdhGetFormattedCounterArrayW
PdhOpenLogA
PdhCloseQuery
PdhMakeCounterPathW
PdhCloseLog
PdhVbGetCounterPathFromList
PdhTranslate009CounterA
PdhBrowseCountersHA
PdhGetCounterTimeBase
PdhTranslate009CounterW
PdhParseCounterPathA
PdhEnumMachinesHA
PdhGetDefaultPerfObjectW
PdhSelectDataSourceW
PdhGetFormattedCounterValue
PdhCalculateCounterFromRawValue
PdhConnectMachineW

opengl32

glTexCoord4sv
glPixelMapusv
wglCopyContext
glGetTexLevelParameteriv
glNormal3i
glDrawArrays
glClipPlane
glColor3usv
glDrawPixels
glTexImage2D
wglShareLists
glTexEnvfv
glCopyPixels
glLightModelf
glEvalMesh1
glRasterPos4d
glIndexfv
glColor3ub
wglGetCurrentDC
wglDescribePixelFormat
glGetMapiv
glEndList
glTranslated
glRectd
glTexCoord4iv
glGetIntegerv
glGetString
glColor3b
glNormal3d

odbcconf

SetActionLogModeSz
OpenAppRegEnum
DllGetClassObject
SetSilent
SetActionLogMode
CloseAppRegEnum
SetActionEnum
RunDLL32_UnregisterApplication
ExecuteAction
RegisterApplication
AppRegEnum
QueryApplication
SetActionName
DllRegisterServer
DllUnregisterServer
SetActionLogFile
RunDLL32_RegisterApplication
UnregisterApplication
DllCanUnloadNow
RefreshAppRegEnum

user32

PostMessageA

Sections

.text
Size: 28KB - Virtual size: 27KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

77a4e86e64ae7754d5aef8497be8c9b7

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

rsaenh

ntprint

ulib

query

atmlib

msvcp60

pdh

opengl32

odbcconf

user32

Sections

.text Size: 28KB - Virtual size: 27KB

.rdata Size: 2KB - Virtual size: 1KB

.data Size: 2KB - Virtual size: 4KB

.text
Size: 28KB - Virtual size: 27KB

.rdata
Size: 2KB - Virtual size: 1KB

.data
Size: 2KB - Virtual size: 4KB