7e7822f69c846dd80383043b01797365

Sharing

Copy URL

Twitter E-mail

General

Target

7e7822f69c846dd80383043b01797365
Size

821KB
MD5

7e7822f69c846dd80383043b01797365
SHA1

906d86b126d396f255de955547b5aae79f92f819
SHA256

199b60d7df03718bbc7e90322026a12227568e9c0400e241c67ace01f91314b5
SHA512

d6da1dde5136b4071204ab2957d1b10ae892119f71e01767801b298475ffc0fe375bd0add10b8b33eb0d8e4310ba15858eee816e53480442f1fc19d238babe32
SSDEEP

24576:36Ut3vzno9aYk9KUHOLZTlJrQbYTGdgJpCbbSt:ht3U9g9K4oZJJrQbYTGdg31

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
7e7822f69c846dd80383043b01797365

Files

7e7822f69c846dd80383043b01797365
.exe windows:5 windows x86 arch:x86

102405211fbc3cc4bd86e6b03e360bfb

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

utildll

AsyncDeviceEnumerate
IsPartOfDomain
ConfigureModem
NetworkDeviceEnumerate
InstallModem
CtxGetAnyDCName
HaveAnonymousUsersChanged
NetBIOSDeviceEnumerate
RegGetNetworkServiceName
GetSystemMessageW
SetupAsyncCdConfig
StrSystemWaitReason
ParseDecoratedAsyncDeviceName
CalculateElapsedTime
DateTimeString
TestUserForAdmin
WinEnumerateDevices
GetAssociatedPortName
StrAsyncConnectState
CurrentDateTimeString
QueryCurrentWinStation
StrSdClass
StandardErrorMessage
RegGetNetworkDeviceName
StrConnectState
ElapsedTimeString
FormDecoratedAsyncDeviceName

msdart

?TryReadLock@CReaderWriterLock3@@QAE_NXZ
?ReadOrWriteLock@CFakeLock@@QAE_NXZ
?IsEmpty@CSingleList@@QBE_NXZ
?GetSpinCount@CSmallSpinLock@@QBEGXZ
?_TryReadLock@CReaderWriterLock3@@AAE_NXZ
?WriteUnlock@CCritSec@@QAEXXZ
?IsWriteUnlocked@CReaderWriterLock@@QBE_NXZ
?sm_wDefaultSpinCount@CReaderWriterLock3@@1GA
?SetSpinCount@CFakeLock@@QAE_NG@Z
?WriteUnlock@CSpinLock@@QAEXXZ
?ConvertSharedToExclusive@CReaderWriterLock@@QAEXXZ
?ReadLock@CReaderWriterLock3@@QAEXXZ
?MaxSize@CLKRLinearHashTable@@QBEKXZ
?IsWin98orLater@CMdVersionInfo@@SAHXZ
?ReadLock@CSpinLock@@QAEXXZ
?_TryLock@CSpinLock@@AAE_NXZ
??1CCritSec@@QAE@XZ
?InitializeVersionInfo@CMdVersionInfo@@CAHXZ
??0CLKRHashTableStats@@QAE@XZ
?DeleteKey@CLKRHashTable@@QAE?AW4LK_RETCODE@@K@Z
?sm_wDefaultSpinCount@CFakeLock@@1GA
?WriteLock@CLKRHashTable@@QAEXXZ
?ConvertExclusiveToShared@CReaderWriterLock3@@QAEXXZ
?IsLocked@CLockedDoubleList@@QBE_NXZ
?ReadUnlock@CReaderWriterLock3@@QAEXXZ
?_LockSpin@CReaderWriterLock3@@AAEXW4SPIN_TYPE@1@@Z
?s_aBucketSizes@?1??BucketSizes@CLKRHashTableStats@@SGPBJXZ@4QBJB
?RemoveHead@CLockedDoubleList@@QAEQAVCListEntry@@XZ
?_ReadLockSpin@CReaderWriterLock@@AAEXXZ
?_TryWriteLock@CReaderWriterLock@@AAE_NXZ
?_WriteLockSpin@CReaderWriterLock3@@AAEXXZ
?GetSpinCount@CReaderWriterLock2@@QBEGXZ

msutb

SetRegisterLangBand
DllUnregisterServer
DllRegisterServer
ClosePopupTipbar
DllGetClassObject
DllCanUnloadNow
GetPopupTipbar

glmf32

glsGetAllContexts
glsReadFunc
glsGLRC
glsBlock
glsGetGLRCi
glsError
glsCommandAPI
glsUCS1toUTF8z
glsUCS2toUTF8z
glsNumui
glsCallStream
glsUCS4toUTF8
glsGetStreamReadName
__glsString_appendChar
glsGetError
glsNuml
glsHeaderi
glsGetHeaderiv
glsDeleteContext
glsGetOpcodeCount
glsSwapBuffers
glsGetConstubz
glsGetLayerf
glsWriteFunc
glsHeaderLayeri
glsDeleteReadPrefix
glsLongHigh
glsNumb
glsChannel
glsGetContextListl
glsGetContextFunc
glsAbortCall
glsGetHeaderubz
glsFlush
glsCaptureFunc

ntdsapi

DsRemoveDsDomainW
DsaopExecuteScript
DsIsMangledRdnValueW
DsaopBind
DsMakePasswordCredentialsA
DsMakeSpnW
DsReplicaVerifyObjectsA
DsaopPrepareScript
DsListServersInSiteW
DsCrackSpn2W
DsReplicaDelA
DsCrackUnquotedMangledRdnA
DsReplicaDelW
DsBindA
DsReplicaSyncAllW
DsClientMakeSpnForTargetServerW
DsCrackNamesW
DsFreeSpnArrayW
DsCrackSpnA
DsListDomainsInSiteW
DsGetRdnW
DsQuoteRdnValueW
DsRemoveDsDomainA
DsReplicaGetInfo2W
DsReplicaSyncW
DsReplicaSyncA
DsReplicaSyncAllA
DsReplicaUpdateRefsW
DsRemoveDsServerA
DsMakeSpnA
DsReplicaGetInfoW
DsReplicaAddW
DsGetSpnW
DsCrackSpn3W
DsUnBindA

msvcirt

?setbuf@ifstream@@QAEPAVstreambuf@@PADH@Z
??_Eistream_withassign@@UAEPAXI@Z
?in_avail@streambuf@@QBEHXZ
?pword@ios@@QBEAAPAXH@Z
?sputn@streambuf@@QAEHPBDH@Z
?eback@streambuf@@IBEPADXZ
?xsgetn@streambuf@@UAEHPADH@Z
??_Eiostream@@UAEPAXI@Z
??0strstreambuf@@QAE@XZ
?clrlock@ios@@QAAXXZ
??0exception@@QAE@ABQBD@Z
??_Eistream@@UAEPAXI@Z
??5istream@@QAEAAV0@PAVstreambuf@@@Z
??6ostream@@QAEAAV0@F@Z
??4iostream@@IAEAAV0@AAV0@@Z
?unsetf@ios@@QAEJJ@Z
??4ostream_withassign@@QAEAAVostream@@ABV1@@Z
??5istream@@QAEAAV0@PAC@Z
?flush@@YAAAVostream@@AAV1@@Z
?setrwbuf@stdiobuf@@QAEHHH@Z
??4istrstream@@QAEAAV0@ABV0@@Z
??4ostrstream@@QAEAAV0@ABV0@@Z
_mtunlock
?overflow@strstreambuf@@UAEHH@Z
??_7istream_withassign@@6B@
??_Dostream@@QAEXXZ
?lock@ios@@QAAXXZ
??4istream@@IAEAAV0@ABV0@@Z
?setbuf@strstreambuf@@UAEPAVstreambuf@@PADH@Z
?read@istream@@QAEAAV1@PAEH@Z
?fd@ifstream@@QBEHXZ
?cin@@3Vistream_withassign@@A
??4ostream@@IAEAAV0@ABV0@@Z

kernel32

AllocateUserPhysicalPages
GetSystemTime
HeapUnlock
CompareStringW
SetInformationJobObject
GetPrivateProfileSectionNamesA
ExpandEnvironmentStringsA
GetVolumeInformationA
SetCommMask
VirtualAlloc
SetCriticalSectionSpinCount
QueryPerformanceCounter
WriteConsoleOutputA
MoveFileWithProgressA
SearchPathA
GlobalUnlock
GetEnvironmentStringsA
LoadLibraryA
LZRead
GetConsoleHardwareState
DeleteAtom
GetFileSize
ReleaseMutex
GetCurrentProcessId
GetWindowsDirectoryW
FindFirstFileA
FindCloseChangeNotification
ExitVDM
QueryMemoryResourceNotification
DisconnectNamedPipe
EnumSystemLocalesW
GetComputerNameW
lstrlen
GetSystemTimeAsFileTime
CreateFiber
ExitProcess
BackupRead
CreateActCtxA
SetConsoleMaximumWindowSize

Sections

.text
Size: 115KB - Virtual size: 114KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 93KB - Virtual size: 93KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 604KB - Virtual size: 1.9MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 308B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

102405211fbc3cc4bd86e6b03e360bfb

Headers

DLL Characteristics

File Characteristics

Imports

utildll

msdart

msutb

glmf32

ntdsapi

msvcirt

kernel32

Sections

.text Size: 115KB - Virtual size: 114KB

.rdata Size: 93KB - Virtual size: 93KB

.data Size: 604KB - Virtual size: 1.9MB

.rsrc Size: 6KB - Virtual size: 6KB

.reloc Size: 512B - Virtual size: 308B

.text
Size: 115KB - Virtual size: 114KB

.rdata
Size: 93KB - Virtual size: 93KB

.data
Size: 604KB - Virtual size: 1.9MB

.rsrc
Size: 6KB - Virtual size: 6KB

.reloc
Size: 512B - Virtual size: 308B