9752fe9347b711decd35cfc40d38d31b

Sharing

Copy URL Twitter E-mail

General

Target

9752fe9347b711decd35cfc40d38d31b
Size

85KB
MD5

9752fe9347b711decd35cfc40d38d31b
SHA1

aef1c9de5f83bea3770b21cee9e4b8f3557bd9bc
SHA256

3f1b15f00671cf456354e74264113f734c0dd3a69df4558f0d5b0a532ecd32ef
SHA512

aca0ad94ca6ba992d7a27e3ae4654f2622b28f8b677a1e14a7b8034693d13f521f72d46f03ce7019bc2784457f70cf0ff3c46d5d246b0ae86e8f17a21a6a3da3
SSDEEP

1536:I/nytkc6mrMMvTYcN8qjftZtQzTs2bQh+eujlruI5JCTCMq0I30ccOCXRRnzY:Ivytk7moM7h8qjVZtIQh5qFHD0yNIY

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
9752fe9347b711decd35cfc40d38d31b

Files

9752fe9347b711decd35cfc40d38d31b
.exe windows:5 windows x86 arch:x86

909e356aa2b92082989b881637ad6357

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

ReleaseActCtx
HeapCreate
GetVolumePathNameA
EnumLanguageGroupLocalesW
GetProcessAffinityMask
GetSystemTimeAsFileTime
CreateMutexA
GetStartupInfoA
GetTickCount
SignalObjectAndWait
QueryPerformanceCounter
VirtualAlloc
ConsoleMenuControl
FindActCtxSectionStringA
VirtualProtect
IsSystemResumeAutomatic
GetCurrentThreadId
GetCurrentProcessId
GetNativeSystemInfo
LoadLibraryA
GetConsoleAliasExesA

ntdll

RtlEnlargedUnsignedDivide
ZwIsProcessInJob
ZwWriteFileGather
RtlGetDaclSecurityDescriptor
RtlCreateSecurityDescriptor
NtQuerySystemEnvironmentValueEx
NtQuerySemaphore
RtlInterlockedPushEntrySList
RtlSplay
NtVdmControl
ZwUnloadKeyEx
RtlDestroyHandleTable
isgraph
NtSetQuotaInformationFile
NtCancelTimer
ZwVdmControl
RtlAnsiCharToUnicodeChar
NtSetEaFile
NtSetLdtEntries
RtlLargeIntegerToChar
RtlFreeHandle
ZwSuspendProcess
ZwQueryQuotaInformationFile
_strupr
RtlTraceDatabaseCreate
wcslen
NtReleaseKeyedEvent
RtlDeregisterWait
RtlUnicodeStringToCountedOemString
RtlIsTextUnicode
NtCreateJobObject

odbc32

ODBCInternalConnectW
SQLExtendedFetch
SQLGetDiagField
SQLCancel
SQLSetDescFieldW
LockHandle
SQLTablePrivilegesW
SQLErrorW
SQLColumns
SQLFreeHandle
SQLSetConnectOptionW
SQLExecDirect
SQLPrepare

msvcrt

sqrt
_mbsnset
_CItanh
_heapused
tolower
strerror
?_set_new_handler@@YAP6AHI@ZP6AHI@Z@Z
_strncoll
__p__mbctype
_strupr
atof
ferror
ispunct
_fstati64
fputws
_adj_fdivr_m16i

shell32

SHGetMalloc

adsldpc

SchemaGetClassInfo
BuildADsPathFromLDAPPath
SchemaAddRef
SchemaOpen
LdapTypeFreeLdapObjects
LdapValueFreeLen
LdapMsgFree
ADSIExecuteSearch
LdapTypeToAdsTypeUTCTime
ADsGetLastError
LdapGetValuesLen

user32

MessageBoxW
EndDialog

Sections

.text
Size: 34KB - Virtual size: 33KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 21KB - Virtual size: 31KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 20KB - Virtual size: 19KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 312B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

909e356aa2b92082989b881637ad6357

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

ntdll

odbc32

msvcrt

shell32

adsldpc

user32

Sections

.text Size: 34KB - Virtual size: 33KB

.rdata Size: 8KB - Virtual size: 8KB

.data Size: 21KB - Virtual size: 31KB

.rsrc Size: 20KB - Virtual size: 19KB

.reloc Size: 512B - Virtual size: 312B

.text
Size: 34KB - Virtual size: 33KB

.rdata
Size: 8KB - Virtual size: 8KB

.data
Size: 21KB - Virtual size: 31KB

.rsrc
Size: 20KB - Virtual size: 19KB

.reloc
Size: 512B - Virtual size: 312B