960b00beae77c1fd766e8ee3457abeae

Sharing

Copy URL

Twitter E-mail

General

Target

960b00beae77c1fd766e8ee3457abeae
Size

92KB
MD5

960b00beae77c1fd766e8ee3457abeae
SHA1

6a7044fcde5955a200004aaa6b85c11b28193b67
SHA256

a3e943ae1ac097be1f2284e65231112908a2a7d9f5ba46e041529b0a972ff938
SHA512

9ad91f76e578292b6c0f38a398fbc96641755666e557d4243199487f7bd4a67d3f3dd243902a6eceb2004c44e1cd0cd3e3936a7c42bee01d80f1e02479ed4065
SSDEEP

1536:ZGonN4UuBKrmBF3rQgvPKXnDYRa1l66gX9H7Mj2eQyfXUZJ3okHcSAvQKOD:pN4FB7jFKXD0d6gX1oSet6zH9

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
960b00beae77c1fd766e8ee3457abeae

Files

960b00beae77c1fd766e8ee3457abeae
.exe windows:5 windows x86 arch:x86

e74f0e88235fdce0a137bbc201eb9a1a

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

dssenh

CPHashData
DllRegisterServer
CPImportKey
CPDecrypt
CPCreateHash
DllUnregisterServer
CPAcquireContext
CPGetHashParam
CPExportKey
CPDestroyKey
CPHashSessionKey
CPEncrypt
CPGetProvParam

mapi32

__CPPValidateParameters@8
WrapStoreEntryID@24
MAPIAddress
UNKOBJ_ScCOReallocate@12
MAPIAllocateMore@12
cmc_logoff
BMAPIAddress
HrGetOmiProvidersFlags@8
ScCreateConversationIndex@16
HrSetOmiProvidersFlagsInvalid@4
FPropCompareProp@12
BuildDisplayTable@40
MAPIInitialize@4
GetOutlookVersion@0
OpenStreamOnFile
HrDispatchNotifications@4
InstallFilterHook@4

kernel32

GlobalFlags
GetTickCount
ProcessIdToSessionId
VerLanguageNameW
GetQueuedCompletionStatus
QueryDepthSList
GetThreadSelectorEntry
ReadConsoleOutputCharacterA
LocalFileTimeToFileTime
GetExitCodeProcess
GetPrivateProfileIntW
SetConsoleLocalEUDC
LoadLibraryA
ReleaseActCtx
GetMailslotInfo
VirtualAlloc
FindClose

shimeng

SE_ProcessDying
SE_InstallAfterInit
SE_IsShimDll
SE_DllUnloaded
SE_DynamicShim
SE_DllLoaded
SE_InstallBeforeInit

ntdll

NtRaiseHardError
ZwQueryMutant
_wtoi64
RtlDebugPrintTimes
_ltoa
NtOpenMutant
ZwClose
_i64toa
ZwUnloadKey
NtOpenFile
RtlQueryAtomInAtomTable
RtlImpersonateSelf

Sections

.text
Size: 35KB - Virtual size: 34KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 30KB - Virtual size: 39KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 25KB - Virtual size: 25KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 276B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

e74f0e88235fdce0a137bbc201eb9a1a

Headers

DLL Characteristics

File Characteristics

Imports

dssenh

mapi32

kernel32

shimeng

ntdll

Sections

.text Size: 35KB - Virtual size: 34KB

.data Size: 30KB - Virtual size: 39KB

.rsrc Size: 25KB - Virtual size: 25KB

.reloc Size: 512B - Virtual size: 276B

.text
Size: 35KB - Virtual size: 34KB

.data
Size: 30KB - Virtual size: 39KB

.rsrc
Size: 25KB - Virtual size: 25KB

.reloc
Size: 512B - Virtual size: 276B