97ee7123718eefbb179ab57755d74cf9

Sharing

Copy URL Twitter E-mail

General

Target

97ee7123718eefbb179ab57755d74cf9
Size

327KB
MD5

97ee7123718eefbb179ab57755d74cf9
SHA1

b6e9b95bbf882715537e0c55eddf21f95ae78e68
SHA256

16fc99dc426d1838a50b1220e4f367228a8c4569145d227491f34aab7bf4ca48
SHA512

39bc3c68f1a2871cbfc9765dacef8f52db8bcf173c623dd9ff84cddf032b66a24983d1286d79cd980e55e9a8bb367262222977816f6d89d6201a087ee3e7e413
SSDEEP

6144:BF86/NZPdCk7P9LcBD6Mo49+DtkZQ2Uh2XkaOi4BEe74UvBqmAb6Pkkkc/T:YQNZf7P9aGMo49+D4/U1a/4ee74+4mAe

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
97ee7123718eefbb179ab57755d74cf9

Files

97ee7123718eefbb179ab57755d74cf9
.exe windows:5 windows x86 arch:x86

2362aa2ea5aa2e7ee8eea3c99eada939

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Imports

winmm

waveInGetNumDevs
waveOutSetVolume
waveOutMessage
mmioGetInfo
mciGetDeviceIDFromElementIDW
mciLoadCommandResource
mixerGetNumDevs
waveInStart
midiInReset
mod32Message
mmioInstallIOProcA
mmioStringToFOURCCW
WOWAppExit
wid32Message
mciSendStringW
midiStreamStop
mixerGetLineInfoA
joyGetPosEx
auxGetDevCapsW
joyGetDevCapsW
mixerSetControlDetails
waveOutGetPitch
SendDriverMessage

resutils

ResUtilGetResourceDependencyByName
ResUtilIsResourceClassEqual
ResUtilTerminateServiceProcessFromResDll
ResUtilGetSzProperty
ResUtilFreeParameterBlock
ResUtilGetSzValue
ResUtilGetPropertyFormats
ResUtilCreateDirectoryTree
ResUtilVerifyPrivatePropertyList
ResUtilSetPropertyTable
ResUtilGetBinaryValue
ResUtilPropertyListFromParameterBlock
ClusWorkerTerminate
ResUtilSetSzValue
ResUtilGetMultiSzProperty
ResUtilSetPropertyTableEx
ResUtilGetResourceDependency
ResUtilFreeEnvironment
ClusWorkerCreate
ResUtilEnumProperties
ResUtilFindDwordProperty

kernel32

GetPriorityClass
BuildCommDCBAndTimeoutsA
Heap32First
ReleaseSemaphore
SetTapePosition
LocalAlloc
ReadConsoleOutputA
BaseCheckAppcompatCache
lstrcmpA
CallNamedPipeA
ChangeTimerQueueTimer
GetVolumePathNameW
Heap32Next
SetComputerNameW
GetTimeZoneInformation
LoadLibraryA
SetProcessAffinityMask
VirtualAlloc
lstrcmp
GetModuleHandleA

mprapi

MprAdminMIBEntryGet
MprAdminInterfaceDeviceGetInfo
MprAdminInterfaceGetCredentials
MprConfigInterfaceTransportAdd
MprAdminUserServerDisconnect
MprAdminTransportSetInfo
MprConfigInterfaceGetInfo
MprAdminMIBEntryGetNext
MprConfigInterfaceTransportSetInfo
MprConfigGetGuidName
MprAdminInterfaceDelete
MprConfigServerRefresh
MprInfoBlockAdd
MprAdminDeregisterConnectionNotification
MprAdminInterfaceTransportRemove
MprAdminInterfaceTransportAdd

clusapi

CloseClusterNotifyPort
CreateClusterGroup
ClusterNetworkOpenEnum
CloseClusterNetInterface
GetClusterNetworkKey
ResumeClusterNode
GetClusterNetInterfaceState
ClusterNodeOpenEnum
ClusterResourceOpenEnum
CloseClusterNetwork
ClusterResourceCloseEnum
ClusterNodeGetEnumCount
ClusterNetworkGetEnumCount
GetClusterNodeState
ClusterResourceControl
AddClusterResourceNode

wininet

FtpOpenFileA
InternetOpenW
GopherFindFirstFileA
ReadUrlCacheEntryStream
InternetTimeFromSystemTimeW
FindNextUrlCacheEntryExW
FtpRemoveDirectoryA
InternetErrorDlg
SetUrlCacheEntryGroupW
DeleteUrlCacheContainerW
InternetSetDialState
InternetCrackUrlW
HttpQueryInfoA
DetectAutoProxyUrl
InternetGetPerSiteCookieDecisionW
FindFirstUrlCacheEntryExA
SetUrlCacheEntryInfoW

Sections

.text
Size: 175KB - Virtual size: 174KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 128KB - Virtual size: 490KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 18KB - Virtual size: 18KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

2362aa2ea5aa2e7ee8eea3c99eada939

Headers

File Characteristics

Imports

winmm

resutils

kernel32

mprapi

clusapi

wininet

Sections

.text Size: 175KB - Virtual size: 174KB

.rdata Size: 4KB - Virtual size: 3KB

.data Size: 128KB - Virtual size: 490KB

.rsrc Size: 18KB - Virtual size: 18KB

.text
Size: 175KB - Virtual size: 174KB

.rdata
Size: 4KB - Virtual size: 3KB

.data
Size: 128KB - Virtual size: 490KB

.rsrc
Size: 18KB - Virtual size: 18KB