799de6b1803f387a4c4982c16f689001

Sharing

Copy URL

Twitter E-mail

General

Target

799de6b1803f387a4c4982c16f689001
Size

53KB
MD5

799de6b1803f387a4c4982c16f689001
SHA1

3430aca38328f707d6b599495569e565d1f5bd1e
SHA256

21b14815c7a323d06790a7fde902eb00235edb326bcbda89d3333b3d2c6aac0c
SHA512

5000b27f2eb7cbc8d7bb46452085c657abaf2e6c7cde8e86c719af9b3c13ae8a31d6d49668e0216bf6edbaec558888e7e91e399bfda7d6233e0a7074543ca745
SSDEEP

1536:PLXrYbkII7ewMNpPZHlplofzASLMeRYgl:j7YQv7ewMNRZHHlo7rLz3

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
799de6b1803f387a4c4982c16f689001

Files

799de6b1803f387a4c4982c16f689001
.exe windows:5 windows x86 arch:x86

2c5938a4c4cd830d418ef0b7919e6e1f

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

msvcrt

__uncaught_exception
__p__commode
??0bad_typeid@@QAE@ABV0@@Z
_atoi64
_filelengthi64
_flushall
_y1
puts
_fputchar
_CItan
_locking
_mbsbtype
mbstowcs
fwrite
ceil
_wcreat
__p__wpgmptr
__getmainargs
__set_app_type
wprintf
_adj_fptan
_wcstoui64
_strerror
exit
_mbsrchr
exp
wcscat
??_7bad_cast@@6B@
ftell
_j1
_wcsset

msvcirt

??_Estrstream@@UAEPAXI@Z
??6ostream@@QAEAAV0@P6AAAV0@AAV0@@Z@Z
??_Eofstream@@UAEPAXI@Z
??0logic_error@@QAE@ABQBD@Z
?lockptr@ios@@IAEPAU_CRT_CRITICAL_SECTION@@XZ
?fill@ios@@QAEDD@Z
??1logic_error@@UAE@XZ
?rdbuf@istrstream@@QBEPAVstrstreambuf@@XZ
??_Dstdiostream@@QAEXXZ
??_8ostream@@7B@
??Bios@@QBEPAXXZ
??0ostream@@QAE@PAVstreambuf@@@Z
??0Iostream_init@@QAE@AAVios@@H@Z
??4filebuf@@QAEAAV0@ABV0@@Z
?unsetf@ios@@QAEJJ@Z
??0strstreambuf@@QAE@H@Z
?what@exception@@UBEPBDXZ
?setlock@streambuf@@QAEXXZ
??0fstream@@QAE@HPADH@Z
?get@istream@@QAEAAV1@PADHD@Z
??0fstream@@QAE@XZ
??6ostream@@QAEAAV0@C@Z
??1istream_withassign@@UAE@XZ
??4iostream@@IAEAAV0@AAV0@@Z
?cerr@@3Vostream_withassign@@A
?delbuf@ios@@QAEXH@Z
?pword@ios@@QBEAAPAXH@Z
?get@istream@@QAEAAV1@PACHD@Z
??_7exception@@6B@
?get@istream@@QAEAAV1@PAEHD@Z
?open@ifstream@@QAEXPBDHH@Z
?unbuffered@streambuf@@IAEXH@Z
??_8stdiostream@@7Bostream@@@
?x_curindex@ios@@0HA
??0ios@@QAE@PAVstreambuf@@@Z

netapi32

NlBindingRemoveServerFromCache
NetLocalGroupGetInfo
DsGetDcSiteCoverageW
NetpAllocFtinfoEntry
I_NetServerReqChallenge
NetMessageNameGetInfo
NetServerTransportEnum
NetEnumerateComputerNames
I_NetLogonControl2
NetServiceGetInfo
DsAddressToSiteNamesExW
I_NetServerAuthenticate
NetConfigGet
NetShareDel
DsRoleAbortDownlevelServerUpgrade
DsGetForestTrustInformationW
I_BrowserResetStatistics
I_NetLogonSamLogon
NetUserModalsGet
NetMessageBufferSend
NetServerTransportAddEx
NetLogonGetTimeServiceParentDomain
NetDfsManagerGetConfigInfo
NetDfsEnum
NetUseAdd
NetGetAnyDCName
DsGetSiteNameW
NetapipBufferAllocate
NetAlertRaise
I_NetDatabaseSync2
I_NetDatabaseSync
NetGroupGetInfo
NetRemoveAlternateComputerName
NetLocalGroupAddMembers

kernel32

GetSystemDefaultLCID
ClearCommBreak
GetLastError
IsValidLocale
DebugBreakProcess
PeekConsoleInputA
_lread
ResetEvent
SetFileTime
GetACP
GetNamedPipeHandleStateW
GetProcessHeaps
GetFileSizeEx
MoveFileWithProgressA
GetUserGeoID
ReadFileScatter
WaitForMultipleObjectsEx
lstrcmpA
ReleaseMutex
ReadFile
GetExitCodeThread
IsBadWritePtr
GetSystemDirectoryA
RtlCaptureStackBackTrace
GetStartupInfoW
GetLocalTime
InitializeCriticalSection
ReadConsoleW
OpenFile
lstrcpyW
EnumResourceTypesA
LoadLibraryA
VirtualAlloc
SizeofResource

ntdll

NtCurrentTeb
ZwAllocateUuids
ZwFreeVirtualMemory
RtlSelfRelativeToAbsoluteSD
RtlUpcaseUnicodeChar
NtSetDebugFilterState
RtlNewSecurityObjectEx
ZwQueryInformationFile
RtlQueryInformationActiveActivationContext
RtlCreateUserProcess
RtlImageDirectoryEntryToData
NtAddBootEntry
RtlNtStatusToDosErrorNoTeb
ZwSetSystemInformation
RtlUniform
RtlCreateSystemVolumeInformationFolder
qsort
NtSecureConnectPort
RtlUnicodeStringToAnsiSize
NtReplyWaitReplyPort
RtlSetLastWin32Error
RtlSetLastWin32ErrorAndNtStatusFromNtStatus
ZwSetQuotaInformationFile
NtReplaceKey
RtlApplicationVerifierStop
RtlLargeIntegerDivide
RtlMoveMemory
RtlIsActivationContextActive
ZwSetBootOptions
sprintf
DbgUiConnectToDbg
wcsstr
NtExtendSection

user32

EndDialog

Sections

.text
Size: 38KB - Virtual size: 38KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 6KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 6KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

2c5938a4c4cd830d418ef0b7919e6e1f

Headers

DLL Characteristics

File Characteristics

Imports

msvcrt

msvcirt

netapi32

kernel32

ntdll

user32

Sections

.text Size: 38KB - Virtual size: 38KB

.rdata Size: 6KB - Virtual size: 5KB

.data Size: 1KB - Virtual size: 1KB

.rsrc Size: 6KB - Virtual size: 5KB

.text
Size: 38KB - Virtual size: 38KB

.rdata
Size: 6KB - Virtual size: 5KB

.data
Size: 1KB - Virtual size: 1KB

.rsrc
Size: 6KB - Virtual size: 5KB