7b5adf1028d88cb29dbf779b65417d10

Sharing

Copy URL Twitter E-mail

General

Target

7b5adf1028d88cb29dbf779b65417d10
Size

388KB
MD5

7b5adf1028d88cb29dbf779b65417d10
SHA1

9a206540e01537cd6d4a7ac58d26b348a97eeacd
SHA256

7ffabab6683a14944b89cb7eab529dafbe25b6d260e61482352e07c9b4903f66
SHA512

ee2fa86a4b6117d82931805c19b9fed68e879562aac7ea2b26f54e2039e56b694021dc96a011ddb0e4060583807bf2efe999d9f598feea314fe3d7e570f4c0b9
SSDEEP

6144:thEbqwreSXjFBlw6luTh64K16/lWBgI+pAnx3x/zJ5qGROV2B37uFucT:t6eclMVvg6ig7o2GRCEuFu6

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
7b5adf1028d88cb29dbf779b65417d10

Files

7b5adf1028d88cb29dbf779b65417d10
.exe windows:5 windows x86 arch:x86

0d29e80cdd634939602dc227524ee06b

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

VerifyVersionInfoW
GetPrivateProfileSectionNamesA
ReleaseSemaphore
FindActCtxSectionStringA
GetVolumeNameForVolumeMountPointW
GetFullPathNameW
GetCurrentProcessId
ReadConsoleOutputAttribute
GetTimeFormatA
ConsoleMenuControl
GetModuleHandleExW
GetCurrentThreadId
SetConsoleScreenBufferSize
SetTimerQueueTimer
SetVolumeMountPointA
ReleaseActCtx
GetShortPathNameW
EnumCalendarInfoW
GetStartupInfoA
SetEnvironmentVariableA
GlobalFree
GetFileAttributesW
CreateConsoleScreenBuffer
GetConsoleSelectionInfo
SetFilePointerEx
SystemTimeToFileTime
GetTickCount
Thread32First
IsBadReadPtr
SetEvent
GetCommConfig
CloseHandle
SetLocaleInfoW
GlobalDeleteAtom
VirtualUnlock
Process32NextW
LoadLibraryA
LocalReAlloc
CopyFileExA
GetUserDefaultLCID
GetStartupInfoW
WaitNamedPipeW
MoveFileExW
MultiByteToWideChar
GetEnvironmentVariableA
Heap32ListFirst
GetTimeZoneInformation
QueryPerformanceCounter
DosDateTimeToFileTime
EndUpdateResourceA
GetEnvironmentStringsA
CreateTimerQueue
VirtualAlloc
GetProcessAffinityMask
GetEnvironmentStringsW
ExpandEnvironmentStringsA
FreeResource
InterlockedPushEntrySList
GetSystemDirectoryW
CreateIoCompletionPort
LocalFlags
SetConsoleDisplayMode
GetConsoleKeyboardLayoutNameW

msdart

?IsWriteUnlocked@CCritSec@@QBE_NXZ
?IsWin95@CMdVersionInfo@@SAHXZ
?RemoveHead@CLockedDoubleList@@QAEQAVCListEntry@@XZ
??1CReaderWriterLock2@@QAE@XZ
?ConvertSharedToExclusive@CReaderWriterLock3@@QAEXXZ
?WriteLock@CLKRLinearHashTable@@QAEXXZ
?_RemoveThisFromGlobalList@CLKRHashTable@@AAEXXZ
?TryReadLock@CSmallSpinLock@@QAE_NXZ
?ReadLock@CSpinLock@@QAEXXZ
?_Clear@CLKRLinearHashTable@@AAEX_N@Z
MpHeapFree
?ReadUnlock@CReaderWriterLock2@@QAEXXZ
?TryWriteLock@CReaderWriterLock3@@QAE_NXZ
?IsEmpty@CLockedSingleList@@QBE_NXZ
?_ExtractKey@CLKRLinearHashTable@@ABE?BKPBX@Z
?GetSpinCount@CSmallSpinLock@@QBEGXZ
?ReadOrWriteUnlock@CReaderWriterLock3@@QAEX_N@Z
?sm_dblDfltSpinAdjFctr@CReaderWriterLock2@@1NA
?GetSpinCount@CSpinLock@@QBEGXZ
?ReadLock@CFakeLock@@QAEXXZ
?SetTableLockSpinCount@CLKRLinearHashTable@@QAEXG@Z
?sm_wDefaultSpinCount@CReaderWriterLock3@@1GA
?IsReadUnlocked@CCritSec@@QBE_NXZ
?IsEmpty@CDoubleList@@QBE_NXZ
?SetDefaultSpinCount@CReaderWriterLock3@@SGXG@Z
?IsWriteUnlocked@CReaderWriterLock2@@QBE_NXZ
?SetDefaultSpinAdjustmentFactor@CReaderWriterLock3@@SGXN@Z
MpHeapDestroy
?_Expand@CLKRLinearHashTable@@AAE?AW4LK_RETCODE@@XZ
?_InsertThisIntoGlobalList@CLKRLinearHashTable@@AAEXXZ

dnsapi

Dns_ReadPacketNameAllocate
DnsCopyStringEx
DnsDhcpSrvRegisterTerm
DnsWriteQuestionToBuffer_UTF8
DnsGetDnsServerList
DnsReplaceRecordSetA
Dns_SkipToRecord
NetInfo_Clean
DnsCreateStandardDnsNameCopy
DnsDowncaseDnsNameLabel
NetInfo_Copy
DnsValidateName_W
DnsNotifyResolverEx
DnsRecordListFree
DnsCreateReverseNameStringForIpAddress
DnsAcquireContextHandle_A
DnsApiAlloc
DnsIsStatusRcode
DnsNameCompare_UTF8
NetInfo_IsForUpdate
DnsIpv6StringToAddress
DnsModifyRecordsInSet_UTF8
DnsQueryExW
DnsApiRealloc
DnsRecordSetCompare
Dns_ResetNetworkInfo

dbghelp

SymGetTypeInfo
SymGetModuleBase
vc7fpo
SymGetLineFromAddr64
SymGetLineFromName
SymGetOptions
srcfiles
sym
SymEnumTypes
dh
SymEnumerateSymbolsW
FindDebugInfoFile
MapDebugInformation
SymGetModuleInfoW64
SymRegisterFunctionEntryCallback
WinDbgExtensionDllInit
SymRegisterFunctionEntryCallback64
DbgHelpCreateUserDump
SearchTreeForFile
SymGetModuleInfo
SymGetFileLineOffsets64
SymGetSymFromAddr
SymGetLineFromAddr

regapi

RegDefaultUserConfigQueryA
RegGetUserConfigFromUserParameters
RegCdQueryA
RegWinStationQuerySecurityW
RegQueryOEMId
RegPdEnumerateW
RegWinStationQueryA
RegCdCreateA
RegPdQueryA
RegUserConfigQuery
RegBuildNumberQuery
RegPdCreateA
RegWinStationDeleteA
RegWinStationQueryW
RegPdDeleteW
RegWinStationAccessCheck
RegConsoleShadowQueryA
RegWdDeleteW
RegPdCreateW
RegMergeUserConfigWithUserParameters
RegWinStationSetSecurityW
RegQueryUtilityCommandList
RegCdQueryW

lz32

GetExpandedNameW
LZOpenFileW
LZSeek
LZDone
LZInit
LZRead
CopyLZFile
LZCopy
LZClose
GetExpandedNameA
LZCloseFile
LZOpenFileA
LZStart
LZCreateFileW

Sections

.text
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 40KB - Virtual size: 39KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 302KB - Virtual size: 742KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 512B - Virtual size: 4B

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 37KB - Virtual size: 37KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 268B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

0d29e80cdd634939602dc227524ee06b

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

msdart

dnsapi

dbghelp

regapi

lz32

Sections

.text Size: 6KB - Virtual size: 6KB

.rdata Size: 40KB - Virtual size: 39KB

.data Size: 302KB - Virtual size: 742KB

.tls Size: 512B - Virtual size: 4B

.rsrc Size: 37KB - Virtual size: 37KB

.reloc Size: 512B - Virtual size: 268B

.text
Size: 6KB - Virtual size: 6KB

.rdata
Size: 40KB - Virtual size: 39KB

.data
Size: 302KB - Virtual size: 742KB

.tls
Size: 512B - Virtual size: 4B

.rsrc
Size: 37KB - Virtual size: 37KB

.reloc
Size: 512B - Virtual size: 268B