8f4af50bcda66a96d325d9caf6c5a8f5

Sharing

Copy URL

Twitter E-mail

General

Target

8f4af50bcda66a96d325d9caf6c5a8f5
Size

352KB
MD5

8f4af50bcda66a96d325d9caf6c5a8f5
SHA1

3af5c9a6361072be63c500967556113e6d11d111
SHA256

596f4161262eafa8fcc3cff8cdcbd9e747591a8debc41996ac77bd8c77eb059d
SHA512

7dd29ad2a1c230de75032e87535a26e57d3cf177f63de15e43cb4d9bcf1916fb65a94e025483ec6d0b5341277d35edeba89ba96bd29017f911d9ff3e9ed040e2
SSDEEP

6144:c2cIeDaRxjqOFpWXx6f1PaMtAn/4g0f3yb73IF+tAmJPgp:cq6hB6dPaMtsAITHtLJ4

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
8f4af50bcda66a96d325d9caf6c5a8f5

Files

8f4af50bcda66a96d325d9caf6c5a8f5
.dll windows:5 windows x86 arch:x86

09c8500cd3b5bdccb491effb8efe4ffe

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_REMOVABLE_RUN_FROM_SWAP
IMAGE_FILE_NET_RUN_FROM_SWAP
IMAGE_FILE_DLL

PDB Paths

sysmod_a.pdb

Imports

msvcrt

_adjust_fdiv
memmove
_initterm
free
atoi
wcschr
sprintf
_mbsdec
_atoi64
_mbctolower
sscanf
_local_unwind2
_ismbcalpha
_except_handler3
_mbslen
_mbsnicmp
_mbsrchr
_ismbcupper
strtoul
wcslen
strchr
towlower
_wcsicmp
setlocale
malloc
_ismbblead
_mbsinc
_mbsnextc
_ismbcspace
_mbschr
wcsrchr
isalpha
strncpy
_wcsnicmp
_mbsncmp
_mbsncpy
__lconv_init
_mbsicmp

kernel32

FileTimeToSystemTime
WritePrivateProfileStringA
GetLastError
CopyFileA
SetLastError
GetLogicalDrives
GetVersionExA
GetProcAddress
LoadLibraryA
GetProfileStringA
DeleteFileA
CreateDirectoryA
HeapFree
CloseHandle
SetFilePointer
CreateFileA
GetWindowsDirectoryA
QueryPerformanceCounter
GetTickCount
GetCurrentThreadId
GetCurrentProcessId
GetSystemTimeAsFileTime
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetPrivateProfileStringA
GetPrivateProfileIntA
GetFileSize
MultiByteToWideChar
BeginUpdateResourceA
EndUpdateResourceA
UpdateResourceA
FindResourceA
LoadResource
LockResource
SizeofResource
FreeResource
LoadLibraryExA
EnumResourceNamesA
ReadFile
SetEndOfFile
RemoveDirectoryA
SetFileAttributesA
GetLogicalDriveStringsA
GetDriveTypeA
FindNextFileA
SearchPathA
GetCurrentDirectoryA
HeapReAlloc
ExitProcess
DebugBreak
WideCharToMultiByte
FreeLibrary
HeapAlloc
GetEnvironmentVariableA
FormatMessageA
LocalFree
IsDBCSLeadByte
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
GetProcessHeap
GetModuleHandleA
InitializeCriticalSection
CreateEventA
WriteFile
FindClose
FindFirstFileA
SetErrorMode
GetFileAttributesA
MapViewOfFile
CreateFileMappingA
UnmapViewOfFile

user32

wsprintfA
CharUpperA
CharLowerA
MessageBoxA

advapi32

RegEnumValueA
RegQueryValueExA
RegEnumKeyA
RegCloseKey
RegOpenKeyExA
RegQueryInfoKeyA

shell32

SHGetSpecialFolderLocation
SHGetPathFromIDListA
SHGetMalloc

mpr

WNetEnumResourceA
WNetGetConnectionA
WNetAddConnection2A
WNetCancelConnection2A
WNetOpenEnumA

setupapi

SetupOpenInfFileA
SetupCloseInfFile
SetupFindFirstLineA
SetupGetMultiSzFieldA
SetupGetStringFieldA
SetupGetIntField
SetupFindNextLine

log

LogBegin
LogA
LogEnd
LogReInitA

winspool.drv

EnumPrintersA
ClosePrinter
DocumentPropertiesA
GetPrinterA
AddPrinterConnectionA
SetPrinterA
ord202
OpenPrinterA
DeletePrinterConnectionA

wininet

FindFirstUrlCacheEntryA
FindNextUrlCacheEntryA
InternetSetCookieA
FindCloseUrlCache

migism

IsmGetTempFile
IsmSetEnvironmentFlag
IsmGetPropertyData
IsmGetPropertyFromObject
IsmIsAttributeSetOnObject
IsmRegisterOperationApplyCallback
IsmRegisterCompareCallback
IsmRegisterRestoreCallback
IsmSetOperationOnObject
IsmMakeApplyObject
IsmEnumNextObject
IsmRegisterOperationFilterCallback
IsmSetAttributeOnObject
IsmClearAttributeOnObject
IsmParsedPatternMatch
IsmIsObjectHandleNodeOnly
TrackedIsmCreateObjectPattern
IsmAbandonObjectOnCollision
IsmGetOsVersionInfo
IsmRegisterGlobalFilterCallback
IsmIsApplyObject
IsmProhibitPhysicalEnum
IsmRegisterPhysicalAcquireHook
IsmAddToPhysicalEnum
TrackedIsmGetNativeObjectName
IsmFilterObject
IsmHookEnumeration
IsmRegisterPreEnumerationCallback
IsmRegisterPostEnumerationCallback
IsmGetObjectIdFromName
IsmIsPersistentObjectId
IsmSetAttributeOnObjectId
IsmAcquireObjectEx
TrackedIsmCompressEnvironmentString
TrackedIsmGetLongName
IsmExecuteHooks
IsmAddPropertyToObjectId
IsmIsPersistentObject
IsmMakePersistentObject
IsmMakeNonCriticalObject
IsmClearPersistenceOnObjectId
IsmReleaseObject
IsmSetOperationOnObjectId
IsmIsAttributeSetOnObjectId
IsmGetEnvironmentValue
IsmGetRealPlatform
TrackedIsmExpandEnvironmentString
IsmEnumFirstSourceObjectEx
IsmAbortObjectEnum
IsmRegisterAttribute
IsmRegisterProperty
IsmRegisterOperation
IsmGetObjectTypeId
IsmRegisterStaticExclusion
IsmSetEnvironmentString
IsmGetEnvironmentString
IsmRegisterObjectType
IsmRecordDelayedOperation
IsmRecordOperation
TrackedIsmCreateObjectStringsFromHandleEx
TrackedIsmGetMemory
IsmReleaseMemory
IsmIsComponentSelected
TrackedIsmCreateSimpleObjectPattern
IsmQueueEnumeration
IsmDestroyObjectHandle
IsmAddComponentAlias
IsmDestroyObjectString
IsmGetTempDirectory
IsmSetCancel
TrackedIsmCreateObjectHandle

gdi32

GetTextMetricsA
DeleteObject
SelectObject
CreateFontIndirectA
CreateDCA
DeleteDC

version

GetFileVersionInfoA
GetFileVersionInfoSizeA
VerQueryValueA

imagehlp

MapAndLoad
UnMapAndLoad

ole32

CoCreateInstance
CoUninitialize
CoInitialize

Exports

Exports

DestinationModule
DllMain
ModuleInitialize
ModuleTerminate
SourceModule
TypeModule
VirtualComputerModule

Sections

.text
Size: 134KB - Virtual size: 133KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 204KB - Virtual size: 234KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 10KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

09c8500cd3b5bdccb491effb8efe4ffe

Headers

File Characteristics

PDB Paths

Imports

msvcrt

kernel32

user32

advapi32

shell32

mpr

setupapi

log

winspool.drv

wininet

migism

gdi32

version

imagehlp

ole32

Exports

Exports

Sections

.text Size: 134KB - Virtual size: 133KB

.data Size: 204KB - Virtual size: 234KB

.rsrc Size: 2KB - Virtual size: 1KB

.reloc Size: 10KB - Virtual size: 10KB

.text
Size: 134KB - Virtual size: 133KB

.data
Size: 204KB - Virtual size: 234KB

.rsrc
Size: 2KB - Virtual size: 1KB

.reloc
Size: 10KB - Virtual size: 10KB