7909bb48f89f6a23c47b6786e66ea19e

Sharing

Copy URL Twitter E-mail

General

Target

7909bb48f89f6a23c47b6786e66ea19e
Size

56KB
MD5

7909bb48f89f6a23c47b6786e66ea19e
SHA1

3963d9eb41f6cf9c7e01b23853a918741399a98f
SHA256

5bfaf7dca5da6e460e223ad329e90a50cb72e6f348cdc169488645309e59cbe5
SHA512

d1e7cf92f641ce52e59be587fc906c41a9b2e0ca1c3b9c8a7186a47449e46f54938dc2a5bbf80f2cdc2aa1b25dc646e934e793afa4aecb71617578806e8c9415
SSDEEP

1536:oex6hVtgodOVcdqBGrV4BYzLubQmmGDGPt:Ct7dOVWqB/Xbh0

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
7909bb48f89f6a23c47b6786e66ea19e

Files

7909bb48f89f6a23c47b6786e66ea19e
.exe windows:5 windows x86 arch:x86

6ecf0a06c95d07044f1822225baa6b67

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

user32

SetWindowsHookExA
PostQuitMessage
IMPQueryIMEW
IsWindow
DefMDIChildProcW
LoadMenuW
ShowCursor
GetSystemMetrics
SetWindowsHookW
TranslateMDISysAccel
GetKeyNameTextA
GetSystemMenu
CliImmSetHotKey
WINNLSEnableIME
TrackPopupMenuEx
GetNextDlgGroupItem
GetDC
DlgDirSelectExA
IsClipboardFormatAvailable
SendMessageA
GetInternalWindowPos
SetParent
FillRect
EndPaint
BlockInput
ChangeMenuW
SetUserObjectSecurity
OemToCharBuffA
EndDeferWindowPos
OffsetRect
PrivateExtractIconsA
GetWinStationInfo
RealChildWindowFromPoint
CopyImage
DdeSetUserHandle
LoadMenuIndirectA
CreateDialogParamA
CharLowerBuffW
IsCharUpperW
InvalidateRect
CreatePopupMenu
EnumDesktopsW
DragDetect
EndTask
GetPropA
SendMessageCallbackW

kernel32

GetThreadPriorityBoost
LZCloseFile
SearchPathW
BuildCommDCBA
WritePrivateProfileSectionA
FlushInstructionCache
GetWindowsDirectoryA
GetConsoleFontInfo
VirtualFree
VirtualAlloc
LoadLibraryA
GetFullPathNameW
RtlMoveMemory
CompareFileTime
GetSystemWindowsDirectoryW
FileTimeToDosDateTime
OpenMutexW
CreateMemoryResourceNotification
DosDateTimeToFileTime
IsBadHugeReadPtr
GetConsoleMode
HeapCreate
CopyLZFile
TzSpecificLocalTimeToSystemTime

serialui

drvGetDefaultCommConfigA
drvGetDefaultCommConfigW
drvCommConfigDialogA
drvSetDefaultCommConfigA
drvSetDefaultCommConfigW
drvCommConfigDialogW

ntdll

wcsrchr
NtPulseEvent
DbgUiDebugActiveProcess
ZwQuerySystemEnvironmentValue
NtOpenEvent
_wcsnicmp
ZwAccessCheckByType
NtSetEvent
RtlCreateTimerQueue
_ltoa
ZwCreateSymbolicLinkObject
RtlTimeToSecondsSince1970
RtlQuerySecurityObject
RtlTryEnterCriticalSection
RtlInitializeCriticalSection
NtSetInformationKey
NtTestAlert
NtWaitForKeyedEvent
RtlRaiseException
NtOpenObjectAuditAlarm
LdrSetAppCompatDllRedirectionCallback

mfcsubs

??H@YG?AVCString@@DABV0@@Z
?SetAt@CMapStringToPtr@@QAEXPBGPAX@Z
?Copy@CStringArray@@QAEXABV1@@Z
??_FCMapStringToPtr@@QAEXXZ
?RemoveKey@CMapStringToPtr@@QAEHPBG@Z
??ACString@@QBEGH@Z
?Release@CString@@KGXPAUCStringData@@@Z
?RemoveAt@CStringArray@@QAEXHH@Z
?SetAtGrow@CStringArray@@QAEXHPBG@Z
?ReverseFind@CString@@QBEHG@Z
??0CString@@QAE@PBE@Z
??M@YG_NPBGABVCString@@@Z
??YCString@@QAEABV0@PBG@Z
?GetCount@CMapStringToPtr@@QBEHXZ
??8@YG_NPBGABVCString@@@Z
?TrimRight@CString@@QAEXXZ
?GetAssocAt@CMapStringToPtr@@IBEPAUCAssoc@1@PBGAAI@Z
??4CString@@QAEABV0@PBG@Z
?FreeExtra@CStringArray@@QAEXXZ
??4CString@@QAEABV0@ABV0@@Z
??9@YG_NABVCString@@0@Z
?CompareNoCase@CString@@QBEHPBG@Z

rpcns4

RpcNsMgmtEntryDeleteA
RpcNsBindingUnexportPnPA
RpcNsGroupMbrInqNextA
RpcNsGroupMbrAddA
RpcNsEntryObjectInqNext
RpcNsMgmtEntryCreateA
RpcNsBindingImportBeginA
RpcNsMgmtBindingUnexportA
RpcNsGroupMbrAddW
RpcNsProfileEltAddA
RpcNsGroupMbrRemoveW
RpcNsBindingLookupBeginA
RpcNsProfileEltInqBeginA
RpcNsBindingExportW
RpcNsEntryExpandNameW
I_RpcReBindBuffer
RpcNsGroupMbrInqBeginA
RpcNsBindingUnexportW
RpcNsBindingUnexportA
RpcNsProfileEltAddW
RpcNsBindingImportBeginW
RpcNsGroupMbrRemoveA
RpcNsProfileEltRemoveW

Sections

.text
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 13KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 19KB - Virtual size: 50KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 19KB - Virtual size: 18KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 184B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

6ecf0a06c95d07044f1822225baa6b67

Headers

DLL Characteristics

File Characteristics

Imports

user32

kernel32

serialui

ntdll

mfcsubs

rpcns4

Sections

.text Size: 4KB - Virtual size: 3KB

.rdata Size: 13KB - Virtual size: 12KB

.data Size: 19KB - Virtual size: 50KB

.rsrc Size: 19KB - Virtual size: 18KB

.reloc Size: 512B - Virtual size: 184B

.text
Size: 4KB - Virtual size: 3KB

.rdata
Size: 13KB - Virtual size: 12KB

.data
Size: 19KB - Virtual size: 50KB

.rsrc
Size: 19KB - Virtual size: 18KB

.reloc
Size: 512B - Virtual size: 184B