7a3df635acece9a59cf7840159b7678d

Sharing

Copy URL Twitter E-mail

General

Target

7a3df635acece9a59cf7840159b7678d
Size

42KB
MD5

7a3df635acece9a59cf7840159b7678d
SHA1

e72651bbe1e86631b6ef52ac6a1c2ecb5859ace9
SHA256

48103a6863fd9a0b698c31233ae8088869de694dda051c1a4aa0b54449c46662
SHA512

5945cf3b89d8f28f553b3ec0f47a5c4655539eca28ca555cf8fd7132ceae66546b660482c1972cbc52e1c719eb7dda318c5da32209e1b4154a4da4ff65c34282
SSDEEP

768:0+0of2EkPHmZEqp6aw6NO8tyQUbmpyaLO2f8410S:PfoPHmZEREsQUbmpBLO4r

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
7a3df635acece9a59cf7840159b7678d

Files

7a3df635acece9a59cf7840159b7678d
.exe windows:5 windows x86 arch:x86

698462e65c2fe3e47422b0c35831d1a7

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

ExpandEnvironmentStringsA
InterlockedPushEntrySList
GetCommProperties
GetProcessVersion
LoadLibraryA
CreateMutexA
SetProcessAffinityMask
DefineDosDeviceA
WriteConsoleInputW
WaitForSingleObject
CreateFileW
GetCommMask
CommConfigDialogW
GetShortPathNameW
OpenThread
VirtualAlloc
SetConsoleScreenBufferSize
SetConsoleMaximumWindowSize
GetModuleHandleA
GetNumaAvailableMemoryNode
WaitForMultipleObjectsEx
SystemTimeToTzSpecificLocalTime
GetFirmwareEnvironmentVariableA
NlsGetCacheUpdateCount

iphlpapi

IcmpCreateFile
UnenableRouter
_PfRemoveFilterHandles@12
GetUniDirectionalAdapterInfo
DeleteProxyArpEntry
GetAdaptersAddresses
InternalGetIpAddrTable
InternalGetIpForwardTable
IcmpSendEcho2
NhGetInterfaceNameFromGuid
GetNumberOfInterfaces
GetUdpTable
IcmpCloseHandle
IcmpParseReplies
DeleteIPAddress
InternalSetIpForwardEntry
EnableRouter
NotifyAddrChange
CreateIpForwardEntry
SetIpTTL
GetUdpStatistics
InternalSetIpNetEntry
_PfRemoveFiltersFromInterface@20
SetIpNetEntry
_PfDeleteInterface@4
InternalCreateIpForwardEntry
_PfMakeLog@4
GetTcpStatisticsEx
InternalSetIfEntry

ntdll

RtlInitAnsiString
DbgUiSetThreadDebugObject
vDbgPrintEx
ZwMapViewOfSection
NtCreateDirectoryObject
RtlTimeFieldsToTime
RtlCreateSystemVolumeInformationFolder
RtlUniform
NtWaitHighEventPair
RtlDefaultNpAcl
ZwFsControlFile
NlsMbOemCodePageTag
NtOpenKeyedEvent
ZwWaitForDebugEvent
RtlQueryInformationAcl
NtCurrentTeb
ZwSetDefaultUILanguage
ZwReadRequestData
wcslen
ZwSetIntervalProfile
RtlQueryInformationActivationContext
ZwMapUserPhysicalPages
RtlEnumerateGenericTableWithoutSplayingAvl
ZwSetSystemInformation
ZwVdmControl
ZwQueryObject
iswdigit
ZwDuplicateToken
ZwEnumerateValueKey
NtCreateSemaphore
ZwNotifyChangeMultipleKeys
NtCreateJobObject
RtlxOemStringToUnicodeSize
ZwPrivilegedServiceAuditAlarm
ZwCreateSection
RtlAddAccessAllowedAce
NtQueryQuotaInformationFile
NtLockProductActivationKeys
ZwAllocateVirtualMemory
RtlFormatCurrentUserKeyPath
ZwQueryInformationPort
NtSetSystemTime
RtlDeleteNoSplay
NtPulseEvent
RtlpApplyLengthFunction

ntdsapi

DsMakeSpnW
DsUnBindW
DsUnquoteRdnValueW
DsReplicaConsistencyCheck
DsListInfoForServerA
DsFreeSpnArrayW
DsReplicaSyncAllA
DsInheritSecurityIdentityW
DsListServersForDomainInSiteW
DsWriteAccountSpnA
DsMakePasswordCredentialsA
DsFreeDomainControllerInfoW
DsReplicaUpdateRefsW
DsRemoveDsServerW
DsBindA
DsClientMakeSpnForTargetServerW
DsCrackUnquotedMangledRdnW
DsaopBind
DsGetDomainControllerInfoA
DsReplicaVerifyObjectsW
DsReplicaDelW
DsCrackSpn2W
DsReplicaModifyW
DsServerRegisterSpnW
DsGetSpnW

comctl32

CreatePropertySheetPageW
FlatSB_SetScrollProp
DestroyPropertySheetPage
ImageList_SetDragCursorImage
ImageList_DragMove
ImageList_GetIconSize
ImageList_GetImageCount
ImageList_DrawEx
FlatSB_GetScrollInfo
FlatSB_SetScrollInfo
CreateToolbarEx
DrawStatusTextW
ImageList_Read
ImageList_SetIconSize
ShowHideMenuCtl
ImageList_DrawIndirect
ImageList_Draw
FlatSB_SetScrollRange
PropertySheetA
ImageList_SetBkColor
CreateToolbar
CreatePropertySheetPage

advpack

RegSaveRestoreOnINF
DelNodeRunDLL32
CloseINFEngine
RegisterOCX
SetPerUserSecValues
ExtractFiles
RunSetupCommand
RegSaveRestore
RegRestoreAll
AddDelBackupEntry
OpenINFEngine
TranslateInfString
LaunchINFSection
UserInstStubWrapper
IsNTAdmin
LaunchINFSectionEx
GetVersionFromFile
UserUnInstStubWrapper
DelNode
FileSaveRestoreOnINF
TranslateInfStringEx
ExecuteCab
NeedRebootInit

Sections

.text
Size: 1024B - Virtual size: 738B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 13KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 17KB - Virtual size: 95KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 9KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 68B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

698462e65c2fe3e47422b0c35831d1a7

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

iphlpapi

ntdll

ntdsapi

comctl32

advpack

Sections

.text Size: 1024B - Virtual size: 738B

.rdata Size: 13KB - Virtual size: 12KB

.data Size: 17KB - Virtual size: 95KB

.rsrc Size: 9KB - Virtual size: 9KB

.reloc Size: 512B - Virtual size: 68B

.text
Size: 1024B - Virtual size: 738B

.rdata
Size: 13KB - Virtual size: 12KB

.data
Size: 17KB - Virtual size: 95KB

.rsrc
Size: 9KB - Virtual size: 9KB

.reloc
Size: 512B - Virtual size: 68B