879203973d21cef2f32954606822aac0

Sharing

Copy URL Twitter E-mail

General

Target

879203973d21cef2f32954606822aac0
Size

849KB
MD5

879203973d21cef2f32954606822aac0
SHA1

1dc8ad65191fb6a2345c9896fe8812dc1e44db74
SHA256

3f68e98cc499aefda53035cd3a9dd8d9c5f48bf516f53576107ea22bc1cea9be
SHA512

95fe720bd8c95fc0a798979e383be4939de1df65de56c624686fafc28e8cb0290d759347ecbddb91ea9cc0c6d0875a3fb8856607673fbb10bcf4aa32995cfc34
SSDEEP

24576:e1lY/z9qvf7eDenzCQRZkccpAubKILauIWgEa:e1lY/z9qvDeDAdHkp/bKKau

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
879203973d21cef2f32954606822aac0

Files

879203973d21cef2f32954606822aac0
.exe windows:5 windows x86 arch:x86

66389884f088f5617e91177396361d04

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

msdart

?InsertTail@CDoubleList@@QAEXQAVCListEntry@@@Z
?GetDefaultSpinAdjustmentFactor@CReaderWriterLock3@@SGNXZ
?SetDefaultSpinAdjustmentFactor@CReaderWriterLock@@SGXN@Z
?sm_dblDfltSpinAdjFctr@CReaderWriterLock3@@1NA
?IsWin98@CMdVersionInfo@@SAHXZ
??4CReaderWriterLock3@@QAEAAV0@ABV0@@Z
?IsEmpty@CDoubleList@@QBE_NXZ
?GetSpinCount@CFakeLock@@QBEGXZ
?_LockSpin@CSpinLock@@AAEXXZ
?ReadLock@CLKRHashTable@@QBEXXZ
?_LockSpin@CReaderWriterLock2@@AAEX_N@Z
?IsWin95@CMdVersionInfo@@SAHXZ
?ReadLock@CFakeLock@@QAEXXZ
?IsReadUnlocked@CReaderWriterLock@@QBE_NXZ
?sm_wDefaultSpinCount@CFakeLock@@1GA
??4CLockedDoubleList@@QAEAAV0@ABV0@@Z
?TryReadLock@CFakeLock@@QAE_NXZ
?IsWriteLocked@CLKRLinearHashTable@@QBE_NXZ
?s_aBucketSizes@?1??BucketSizes@CLKRHashTableStats@@SGPBJXZ@4QBJB
?Lock@CLockedSingleList@@QAEXXZ

cmpbk32

PhoneBookGetPhoneDUNA
PhoneBookMatchFilter
PhoneBookFreeFilter
PhoneBookGetPhoneCanonicalA
PhoneBookEnumNumbersWithRegionsZero
PhoneBookHasPhoneType
PhoneBookParseInfoA
PhoneBookEnumNumbers
PhoneBookEnumCountries
PhoneBookLoad
PhoneBookGetCurrentCountryId
PhoneBookMergeChanges
PhoneBookGetPhoneType
PhoneBookGetRegionNameA
PhoneBookGetPhoneNonCanonicalA
PhoneBookUnload
PhoneBookGetCountryId
PhoneBookGetPhoneDescA
PhoneBookGetCountryNameW
PhoneBookCopyFilter
PhoneBookGetCountryNameA
PhoneBookEnumRegions
PhoneBookGetPhoneDispA

mapistub

cmc_send
MAPISendMail
OpenStreamOnFile
ScCopyProps@16
cmc_free
__ValidateParameters@8
HrThisThreadAdviseSink@8
MAPIDeinitIdle@0
FBadRglpszW@8
FtMulDw@12
HrAllocAdviseSink@12
BMAPIGetAddress
BMAPIAddress
UNKOBJ_COFree@8
CbOfEncoded@4
UlPropSize@4
FBadSortOrderSet@4
FBadRestriction@4
ScCountNotifications@12
MAPIFindNext
EncodeID@12

kernel32

IsValidCodePage
SetConsoleLocalEUDC
FindFirstChangeNotificationW
LoadLibraryA
GetCommandLineA
SetLastError
GetDriveTypeW
VirtualAlloc
SetConsoleMode
FindResourceA
SetCurrentDirectoryW
GlobalFindAtomA
CloseProfileUserMapping
GetCurrentThread
GetFirmwareEnvironmentVariableW
WriteProfileStringW
VirtualUnlock
SetTermsrvAppInstallMode
EnumTimeFormatsA
SetFileShortNameA
QueryActCtxW
DeviceIoControl
CreateWaitableTimerW

Sections

.text
Size: 741KB - Virtual size: 740KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 99KB - Virtual size: 99KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 1.5MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

66389884f088f5617e91177396361d04

Headers

DLL Characteristics

File Characteristics

Imports

msdart

cmpbk32

mapistub

kernel32

Sections

.text Size: 741KB - Virtual size: 740KB

.rdata Size: 99KB - Virtual size: 99KB

.data Size: 4KB - Virtual size: 1.5MB

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 1KB - Virtual size: 1KB

.text
Size: 741KB - Virtual size: 740KB

.rdata
Size: 99KB - Virtual size: 99KB

.data
Size: 4KB - Virtual size: 1.5MB

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 1KB - Virtual size: 1KB