7bb6ee430559ce8fe69c2cf284ce4750

Sharing

Copy URL Twitter E-mail

General

Target

7bb6ee430559ce8fe69c2cf284ce4750
Size

30KB
MD5

7bb6ee430559ce8fe69c2cf284ce4750
SHA1

fab6dd4a375b2ab8c9a9f403ff57ac5abd47d3c7
SHA256

e343cce5f04776a23ced33bb092473c0cd1719d83171402a6c12c01429886b14
SHA512

2ed3bf3e1acd042ada3fd29c4d81e41dc9dafdcd49c5d6ca0c032dacb5dd2bb89d71bb141f6eeb5b3c760abb181030153835e55e25dfebfced3cce307b77555f
SSDEEP

768:awQznJS6DI7YVUP6ZE627VC4ZvPkvhF3pIeF+7SCRRpY:aPr8AI7OZH27Vhxcv+qRCRI

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
7bb6ee430559ce8fe69c2cf284ce4750

Files

7bb6ee430559ce8fe69c2cf284ce4750
.exe windows:5 windows x86 arch:x86

331083e275073ef84b054e48f104fade

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

msvcrt

_snwscanf
_adj_fdiv_m32
_outpw
wcsstr
asin
_strtoi64
_adj_fdivr_m32
iswctype
free
___unguarded_readlc_active_add_func
_adj_fdiv_m64
_mbscoll
localtime
perror
difftime
__p__fmode
_ismbbkprint
_adj_fdiv_r
_mbctombb
iswdigit
_c_exit
??1type_info@@UAE@XZ
_wstrtime
mblen
_amsg_exit
_wcsnset
freopen
_wcstoui64
_wstrdate
_wfopen
_lock
_callnewh
_mbsncmp
isalpha

kernel32

RemoveVectoredExceptionHandler
GetSystemDefaultUILanguage
_hread
EndUpdateResourceA
SetEndOfFile
SetCommState
Sleep
GetThreadPriority
GlobalSize
GetExitCodeProcess
GetExpandedNameW
GetDriveTypeW
ReadConsoleInputExA
IsBadWritePtr
GenerateConsoleCtrlEvent
WaitForSingleObjectEx
ReadConsoleOutputCharacterA
HeapQueryInformation
GetUserDefaultLangID
OpenFileMappingA
SetFileShortNameW
DeleteFileW
LoadLibraryExW
FindFirstFileExA
WriteProcessMemory
OpenSemaphoreW
SetCommTimeouts
Process32FirstW
QueryInformationJobObject
FindNextFileW
GetFileSizeEx
CreateWaitableTimerW
SetComputerNameExA
SetConsoleWindowInfo
InterlockedPopEntrySList
SetFileShortNameA
Module32FirstW
SetConsoleCtrlHandler
GetTempFileNameA
FreeEnvironmentStringsW
InterlockedPushEntrySList
GetConsoleCursorMode
SetConsoleCP
GetNextVDMCommand
BindIoCompletionCallback
ResumeThread
FindFirstFileA
DelayLoadFailureHook
IsValidCodePage
FindNextVolumeA
PulseEvent
SetFileValidData
QueueUserAPC
SetThreadExecutionState
GetFullPathNameW
GetDevicePowerState
GlobalAlloc
GetConsoleSelectionInfo
ReadConsoleOutputW
BaseUpdateAppcompatCache
GetTimeZoneInformation
ExpandEnvironmentStringsA
GetCommState
WriteConsoleOutputAttribute
ResetWriteWatch
OpenSemaphoreA
GetConsoleAliasesLengthW
GetCurrentProcessId
VirtualAlloc
IsDebuggerPresent
InterlockedDecrement
GetConsoleAliasExesLengthW

gdi32

GetCharWidthInfo
BitBlt
GdiResetDCEMF
RectVisible
STROBJ_bGetAdvanceWidths
EngDeleteSurface
DescribePixelFormat
CreatePatternBrush
EngUnlockSurface
RealizePalette
GdiEntry5
TextOutA
GdiConvertAndCheckDC
GdiProcessSetup
GetArcDirection
GetClipRgn
BRUSHOBJ_pvGetRbrush
GdiAlphaBlend
STROBJ_dwGetCodePage
GetTextAlign
GetBoundsRect
GdiEntry2
GdiPlayScript
GdiValidateHandle
GetPixel
CreateCompatibleDC
Polyline
GdiEntry16
SetDeviceGammaRamp
GdiEntry9
GetGlyphOutlineA
GetKerningPairsA
SetBitmapBits

wininet

ReadUrlCacheEntryStream
FtpOpenFileA
GetUrlCacheConfigInfoA
InternetShowSecurityInfoByURL
GetUrlCacheEntryInfoExW
FtpGetFileEx
InternetClearAllPerSiteCookieDecisions
CreateUrlCacheGroup
InternetTimeToSystemTimeW
GopherCreateLocatorW
InternetCreateUrlA
UrlZonesDetach
InternetGetConnectedState
FtpSetCurrentDirectoryW
FindFirstUrlCacheEntryExA
InternetSetDialStateA
InternetAttemptConnect
ForceNexusLookupExW
InternetConfirmZoneCrossing
PrivacySetZonePreferenceW
FindNextUrlCacheGroup
GetUrlCacheGroupAttributeW
DllInstall
DeleteUrlCacheEntry
FtpGetCurrentDirectoryW
InternetSetCookieExW
HttpEndRequestA
ShowCertificate
GetUrlCacheEntryInfoExA
FindFirstUrlCacheEntryW
InternetErrorDlg
FtpFindFirstFileA
InternetConnectA
InternetSetStatusCallback
InternetSetPerSiteCookieDecisionW
InternetEnumPerSiteCookieDecisionW
InternetTimeToSystemTimeA
InternetGetCookieExA
IsHostInProxyBypassList
InternetGetPerSiteCookieDecisionW
CreateUrlCacheEntryA
InternetCheckConnectionW
FindNextUrlCacheEntryExA
SetUrlCacheHeaderData

resutils

ResUtilFindBinaryProperty
ClusWorkerCheckTerminate
ResUtilSetPrivatePropertyList
ResUtilGetSzValue
ResUtilFindMultiSzProperty
ResUtilGetBinaryProperty
ResUtilFreeEnvironment
ResUtilEnumProperties
ResUtilGetEnvironmentWithNetName
ResUtilGetAllProperties
ResUtilEnumPrivateProperties
ResUtilGetBinaryValue
ResUtilEnumResourcesEx
ResUtilIsResourceClassEqual
ResUtilIsPathValid
ResUtilGetMultiSzProperty
ResUtilGetResourceName
ResUtilStopResourceService
ResUtilExpandEnvironmentStrings
ResUtilFindSzProperty
ResUtilGetResourceDependencyByName
ResUtilResourcesEqual
ResUtilSetMultiSzValue
ResUtilSetResourceServiceStartParameters
ResUtilGetResourceDependencyByClass
ResUtilFreeParameterBlock
ResUtilGetCoreClusterResources
ResUtilGetProperties
ResUtilSetResourceServiceEnvironment
ClusWorkerTerminate
ResUtilGetDwordValue
ResUtilSetPropertyParameterBlock
ResUtilVerifyPropertyTable
ResUtilDupParameterBlock
ResUtilSetPropertyTableEx
ResUtilFindDependentDiskResourceDriveLetter

opengl32

glLightModelf
glRasterPos3s
glRasterPos2i
glTexCoord3i
glIndexPointer
glEvalCoord2dv
glRasterPos4i
glRectsv
glLoadIdentity
glNewList
glVertex2fv
glColor4fv
glTexCoord2s
glIsEnabled
glGetString
glColor3fv
glTexEnvf
glVertex3iv
glLoadName
glFogfv
glGetPolygonStipple
glStencilFunc
glTexCoord1d
glRasterPos2s
glTexImage1D
glRasterPos2dv
glIndexi
glEvalCoord1f
glRasterPos2sv
glEdgeFlagPointer
glIsTexture
glGetTexParameterfv
glMapGrid2f
glColor3s
glLoadMatrixd
glDeleteLists
glTexEnviv

ntdll

RtlSetAllBits
ZwAdjustPrivilegesToken
vDbgPrintExWithPrefix
RtlTraceDatabaseLock
ceil
LdrFindResource_U
DbgUiGetThreadDebugObject
NtSetDefaultHardErrorPort
NtQueryMutant
isdigit
NtWaitForDebugEvent
RtlTraceDatabaseEnumerate
wcscat
RtlxOemStringToUnicodeSize
RtlInitializeBitMap
NtMapUserPhysicalPages
RtlInterlockedPushListSList
NtYieldExecution
ZwLoadKey2
NtResetEvent
RtlFindMessage
ZwPrivilegedServiceAuditAlarm
RtlUnlockBootStatusData

expsrv

__vbaCySgn
__vbaEraseNoPop
rtcGetMonthOfYear
rtR8FromErrVar
__vbaObjVar
__vbaVarSetUnk
__vbaCyStr
rtcFileLength
__vbaAryConstruct2
__vbaRecDestruct
__vbaVarTextLikeVar
__vbaInStrB
__vbaLateMemNamedCallLd
__vbaFpR8
__vbaRsetFixstr
rtcLog
TipInvokeMethod2
__vbaStrAryToUnicode
__vbaStrUI1
__vbaPrintObj
rtcGetAllSettings
__vbaExitEachAry
rtcWeekdayName
rtcErrObj
__vbaR8Cy
rtcRandomNext
__vbaPutFxStr4

user32

IsIconic
PostQuitMessage
SetScrollPos
RegisterClassW
DefWindowProcW
MoveWindow

msvcrt40

??5istream@@QAEAAV0@AAI@Z
iswgraph
??0Iostream_init@@QAE@XZ
_execve
?attach@ifstream@@QAEXH@Z
frexp
_mbbtype
??_8iostream@@7Bostream@@@
??_8strstream@@7Bostream@@@
swscanf
_purecall
__p__environ
__p__pwctype
?underflow@stdiobuf@@UAEHXZ
?flush@ostream@@QAEAAV1@XZ
__p__pgmptr
_wspawnl
iswprint
??_7strstream@@6B@
_mbscat
wcstok
??_7ios@@6B@
_wutime
_wexeclp
_mbclen
?xsgetn@streambuf@@UAEHPADH@Z
strtok

mgmtapi

SnmpMgrStrToOid
SnmpMgrGetTrapEx
SnmpMgrClose
SnmpMgrRequest
SnmpMgrOpen
SnmpMgrCtl
SnmpMgrOidToStr
SnmpMgrGetTrap
SnmpMgrTrapListen

upnphost

DllUnregisterServer
DllGetClassObject
DllCanUnloadNow
DllRegisterServer
ServiceMain

Sections

.text
Size: 15KB - Virtual size: 14KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 13KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 406B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

331083e275073ef84b054e48f104fade

Headers

DLL Characteristics

File Characteristics

Imports

msvcrt

kernel32

gdi32

wininet

resutils

opengl32

ntdll

expsrv

user32

msvcrt40

mgmtapi

upnphost

Sections

.text Size: 15KB - Virtual size: 14KB

.rdata Size: 13KB - Virtual size: 12KB

.data Size: 512B - Virtual size: 4KB

.rsrc Size: 512B - Virtual size: 406B

.text
Size: 15KB - Virtual size: 14KB

.rdata
Size: 13KB - Virtual size: 12KB

.data
Size: 512B - Virtual size: 4KB

.rsrc
Size: 512B - Virtual size: 406B