7b886447c888e3e95719bfd4f6689453

Sharing

Copy URL

Twitter E-mail

General

Target

7b886447c888e3e95719bfd4f6689453
Size

427KB
MD5

7b886447c888e3e95719bfd4f6689453
SHA1

c744080f2e151e31ebb6e4e7c3afb29b1a4bf339
SHA256

20d23eb2030f7a220a46b0769babbe76600a90be43f576a100cb1bfb6a19566e
SHA512

5b21562a40c4aebe92cd6a627fc0421d2de38bd268cea746b4ffaea2b27e84d01cc73039436dc45d198a4083d9116065e11377075527ab73d356ead523e64c80
SSDEEP

12288:uNFXp2rONSOAG0XNXRJmaO3t72901UzXOe:pMSO0dXR87C4+

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
7b886447c888e3e95719bfd4f6689453

Files

7b886447c888e3e95719bfd4f6689453
.exe windows:4 windows x86 arch:x86

db2d12208bc008a8350be2a20b1b16d6

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

traffic

TcEnumerateFlows
TcCloseInterface
TcQueryFlowW
TcOpenInterfaceW
TcRegisterClient

kernel32

Module32Next
GetDefaultCommConfigA
GetExitCodeProcess
GetConsoleCP
GetCurrentProcess
GetLocaleInfoA
GetLogicalDriveStringsW
GetCommandLineW
GetPrivateProfileSectionA
ExpandEnvironmentStringsW
BeginUpdateResourceW
VirtualProtectEx
GetCommandLineA
VirtualAlloc

mprapi

MprAdminUserServerDisconnect
MprAdminInterfaceConnect
MprConfigInterfaceTransportAdd
MprAdminMIBEntrySet
MprConfigInterfaceDelete
MprAdminUserWrite
MprConfigTransportGetInfo
MprConfigServerConnect
MprAdminInterfaceGetInfo
MprAdminPortDisconnect
MprConfigInterfaceEnum
MprAdminInterfaceTransportAdd
MprAdminMIBBufferFree
MprAdminConnectionGetInfo
MprConfigServerDisconnect
MprAdminUserRead
MprConfigInterfaceTransportGetInfo
MprAdminMIBServerDisconnect
MprAdminInterfaceGetHandle
MprAdminUserWriteProfFlags

rasman

RasSendCreds
RasPortListen
RasGetPortUserData
RasBundleGetStatisticsEx
RasBundleGetPort
RasPortSetFraming
RasGetBuffer
RasRpcGetUserPreferences
RasFreeBuffer
RasPortSend
RasSetDeviceConfigInfo
RasSetPortUserData
RasAddConnectionPort

msvcrt

?terminate@@YAXXZ
_c_exit
?what@exception@@UBEPBDXZ
exit
wcschr
memcmp
strtod

Sections

.text
Size: 12KB - Virtual size: 11KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.textbs
Size: 5KB - Virtual size: 164KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 310KB - Virtual size: 496KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 98KB - Virtual size: 98KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

db2d12208bc008a8350be2a20b1b16d6

Headers

DLL Characteristics

File Characteristics

Imports

traffic

kernel32

mprapi

rasman

msvcrt

Sections

.text Size: 12KB - Virtual size: 11KB

.textbs Size: 5KB - Virtual size: 164KB

.rdata Size: 310KB - Virtual size: 496KB

.rsrc Size: 98KB - Virtual size: 98KB

.text
Size: 12KB - Virtual size: 11KB

.textbs
Size: 5KB - Virtual size: 164KB

.rdata
Size: 310KB - Virtual size: 496KB

.rsrc
Size: 98KB - Virtual size: 98KB