79aa445f99796940c8c3af250d5e3360

Sharing

Copy URL Twitter E-mail

General

Target

79aa445f99796940c8c3af250d5e3360
Size

455KB
MD5

79aa445f99796940c8c3af250d5e3360
SHA1

01db639408e142969d9193a872e0e1d17b87ddaa
SHA256

d896ce6144e43e255acee1b7a83bd783919298ac0991943f2d466bba44578cfe
SHA512

d7230426c8b1d91516f137abeaa79414367f851c4cff0ab577986deca12e6b90faca40d1bda1db531834cc924c4c3392446844e9645933b823cec82dd719f88c
SSDEEP

12288:Y7qRbdlXP0Qf2q/okhhis3qQssZMRkPMMnMMMMM:Ys7P0Q+0hYs6OMMnMMMMM

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
79aa445f99796940c8c3af250d5e3360

Files

79aa445f99796940c8c3af250d5e3360
.exe windows:4 windows x86 arch:x86

310024c74ce459ea60b27444008a7b95

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

cfgmgr32

CM_Next_Range
CM_Get_Version

rtm

RtmCreateEnumerationHandle
RtmEnumerateGetNextRoute
RtmRegisterClient
RtmAddRoute
RtmDequeueRouteChangeMessage
RtmBlockDeleteRoutes
RtmDeregisterClient
RtmGetFirstRoute
RtmIsRoute
RtmCloseEnumerationHandle
RtmDeleteRoute

kernel32

FileTimeToSystemTime
LeaveCriticalSection
Sleep
CreateEventA
BindIoCompletionCallback
HeapCreate
InterlockedDecrement
InitializeCriticalSection
GetLastError
GlobalAlloc
InterlockedIncrement
FreeLibraryAndExitThread
HeapAlloc
VirtualAlloc
DeleteCriticalSection
CloseHandle
ExitProcess
WaitForMultipleObjects
LoadLibraryA
HeapDestroy
SetEvent
CreateThread
GetTickCount
GlobalFree

ntdll

RtlUnwind
RtlQueryRegistryValues
wcscpy
RtlQueueWorkItem
wcslen

wmi

WmiNotificationRegistrationW

rtutils

RouterLogDeregisterA
RouterLogEventDataW
TraceRegisterExA
RouterLogEventA
TraceVprintfExA
TraceDeregisterA
RouterLogRegisterA

user32

CallMsgFilterA

shlwapi

StrCatBuffW

msi

MsiDatabaseExportW

Sections

.text
Size: 338KB - Virtual size: 337KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 1.8MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 55KB - Virtual size: 55KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.idata
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 53KB - Virtual size: 53KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 36B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

310024c74ce459ea60b27444008a7b95

Headers

DLL Characteristics

File Characteristics

Imports

cfgmgr32

rtm

kernel32

ntdll

wmi

rtutils

user32

shlwapi

msi

Sections

.text Size: 338KB - Virtual size: 337KB

.data Size: 4KB - Virtual size: 1.8MB

.rdata Size: 55KB - Virtual size: 55KB

.idata Size: 2KB - Virtual size: 1KB

.rsrc Size: 53KB - Virtual size: 53KB

.reloc Size: 512B - Virtual size: 36B

.text
Size: 338KB - Virtual size: 337KB

.data
Size: 4KB - Virtual size: 1.8MB

.rdata
Size: 55KB - Virtual size: 55KB

.idata
Size: 2KB - Virtual size: 1KB

.rsrc
Size: 53KB - Virtual size: 53KB

.reloc
Size: 512B - Virtual size: 36B