7dd9f164a3c53e2e6ce7032d4ec1d4f1

Sharing

Copy URL Twitter E-mail

General

Target

7dd9f164a3c53e2e6ce7032d4ec1d4f1
Size

488KB
MD5

7dd9f164a3c53e2e6ce7032d4ec1d4f1
SHA1

faee5ac7a08a222bc2f02fe89b8e1b57a8986622
SHA256

8417cc692856782cd058e493f50cf5c3e4ccf9f455fcd587feee769c8519105b
SHA512

a86c0bef77e9d48c86fbcd848c344cd25860af038b676ffa2d4f22b13178bfc7303b6f423e5efbfc2c19a8f7792fc0a3c3339ad73c13a4d426472c8b48b10b3a
SSDEEP

12288:qfpg1XF+zh+ZbHeciXpG27eTBctpj31559ITdWhhZ829QMMnMMMMMkjx:qfwF+FabHTiXpG2wBGjF559ITdYF6MMD

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
7dd9f164a3c53e2e6ce7032d4ec1d4f1

Files

7dd9f164a3c53e2e6ce7032d4ec1d4f1
.exe .ps1 windows:4 windows x86 arch:x86 polyglot

bb9cc8c89fe8709c6297084aa94b66ac

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

mpr

WNetCancelConnection2W
WNetAddConnection2W

kernel32

GetLastError
DosDateTimeToFileTime
GetTickCount
GetACP
FileTimeToLocalFileTime
CompareStringW
GetCurrentProcess
FileTimeToSystemTime
GetProcAddress
ReleaseSemaphore
UnhandledExceptionFilter
InitializeCriticalSection
DisableThreadLibraryCalls
LocalFileTimeToFileTime
FileTimeToDosDateTime
TerminateProcess
CreateSemaphoreW
DeleteCriticalSection
LoadLibraryW
SetUnhandledExceptionFilter
lstrlenW
GetCurrentThreadId
GetComputerNameW
LeaveCriticalSection
QueryPerformanceCounter
EnterCriticalSection
GetSystemTimeAsFileTime
SystemTimeToFileTime
GetSystemTime
GetCurrentProcessId
CloseHandle
FormatMessageW
InterlockedIncrement
FreeLibrary
InterlockedDecrement
SetLastError
LocalFree
LocalAlloc
GetStartupInfoA
WaitForSingleObject

user32

wsprintfW
LoadStringW

rpcrt4

RpcStringFreeW

advapi32

RegOpenKeyExW
CloseServiceHandle
DeleteService
RegConnectRegistryW
RegEnumKeyExW
ChangeServiceConfigW
EnumServicesStatusW
OpenSCManagerW
CreateServiceW
SystemFunction041
OpenServiceW
UnlockServiceDatabase
GetSidIdentifierAuthority
LookupAccountNameW
GetSidSubAuthorityCount
QueryServiceStatus
QueryServiceConfigW
RegCloseKey
GetSidSubAuthority
StartServiceW
GetUserNameW
RegQueryValueExW
LockServiceDatabase
ControlService
SystemFunction040
GetLengthSid

msvcrt

wcscpy
_initterm
wcslen
_ltow
free
_wcsnicmp
_wcsicmp
_ftol
malloc
_wtol
_itow
wcscat
_except_handler3
__dllonexit
wcscmp
wcschr
wcsrchr
_CxxThrowException
_adjust_fdiv
_onexit
_purecall

netapi32

NetServerGetInfo
NetGroupGetInfo
NetLocalGroupGetMembers
NetUserGetGroups
NetSessionGetInfo
NetUserAdd
NetUserChangePassword
NetUserSetInfo
NetLocalGroupGetInfo
NetGroupDel
DsRoleFreeMemory
NetApiBufferFree
NetFileGetInfo
NetLocalGroupAddMembers
NetShareGetInfo
NetGroupAddUser
NetShareEnum
NetLocalGroupSetInfo
NetServerEnum
NetGroupGetUsers
NetLocalGroupEnum
NetSessionDel
NetLocalGroupDelMembers
NetGetAnyDCName
NetGroupAdd
NetShareAdd
NetGroupDelUser
NetUserGetLocalGroups
NetServerSetInfo
NetQueryDisplayInformation
NetGroupEnum
NetGroupSetInfo
NetWkstaUserGetInfo
NetWkstaGetInfo
NetUserDel
NetSessionEnum
NetUserGetInfo
DsRoleGetPrimaryDomainInformation
NetGetDCName
NetUserModalsGet
NetShareSetInfo
NetLocalGroupDel
NetShareDel
NetUseGetInfo
NetLocalGroupAdd
NetUserModalsSet

ntdll

RtlTimeToSecondsSince1970
NtAllocateVirtualMemory
RtlAdjustPrivilege
RtlAddAccessAllowedAceEx
RtlSecondsSince1970ToTime

ole32

StringFromGUID2
CoTaskMemFree
IIDFromString
CreatePointerMoniker
StringFromCLSID
CLSIDFromString
CoCreateInstance

oleaut32

VariantCopy

Sections

.text
Size: 15KB - Virtual size: 14KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 9KB - Virtual size: 976KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 411KB - Virtual size: 411KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 46KB - Virtual size: 45KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 56B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

bb9cc8c89fe8709c6297084aa94b66ac

Headers

File Characteristics

Imports

mpr

kernel32

user32

rpcrt4

advapi32

msvcrt

netapi32

ntdll

ole32

oleaut32

Sections

.text Size: 15KB - Virtual size: 14KB

.data Size: 9KB - Virtual size: 976KB

.idata Size: 4KB - Virtual size: 4KB

.rdata Size: 411KB - Virtual size: 411KB

.rsrc Size: 46KB - Virtual size: 45KB

.reloc Size: 512B - Virtual size: 56B

.text
Size: 15KB - Virtual size: 14KB

.data
Size: 9KB - Virtual size: 976KB

.idata
Size: 4KB - Virtual size: 4KB

.rdata
Size: 411KB - Virtual size: 411KB

.rsrc
Size: 46KB - Virtual size: 45KB

.reloc
Size: 512B - Virtual size: 56B