96cd625b1055ddbea1e49cb9dcf57a38

Sharing

Copy URL Twitter E-mail

General

Target

96cd625b1055ddbea1e49cb9dcf57a38
Size

85KB
MD5

96cd625b1055ddbea1e49cb9dcf57a38
SHA1

11ecfd8155e971c3de4878ff2c5656fa75bc3fdc
SHA256

10e562d83a3232b4f33fc0d105166749e3ef7fdd2ca7f8009a7620e740a08e9d
SHA512

8ed56c3ce0040632e74980151caa7fc28c22c8ef32da1af15e861096e3207abab9682fff5ebc5d5d11c70ad764ebb4e98b7b21fb91f5417b0127ee1410dccf32
SSDEEP

1536:Zt2ySz6FjH6wv0Yoc2YF7Xy8R1OhzHgZ7MuO5hAPYZJt7fLHNeTYA:Zt2l6IwMXo1XjL2zb5UYBn4Y

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
96cd625b1055ddbea1e49cb9dcf57a38

Files

96cd625b1055ddbea1e49cb9dcf57a38
.exe windows:5 windows x86 arch:x86

bbe7e49e08928f408fa88a306da3b3a3

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

user32

GetProgmanWindow
BuildReasonArray
MB_GetString
LoadMenuW
PtInRect
EqualRect
PeekMessageW
ChangeDisplaySettingsW
IsCharAlphaNumericW
IMPSetIMEW
SetSystemCursor
GetWindowTextA
ReplyMessage
DispatchMessageA
CreateWindowExW
UserLpkPSMTextOut
SystemParametersInfoA
CheckDlgButton
CheckRadioButton

kernel32

GetStartupInfoA
ReadConsoleOutputA
HeapCreate
QueueUserWorkItem
TerminateJobObject
lstrcpyn
GetCurrentProcessId
VirtualAlloc
GlobalWire
SetLastConsoleEventActive
GetLastError
FindResourceW
GetTickCount
SetConsoleInputExeNameA
GetUserGeoID
lstrcmp
GlobalFlags
GetCurrentThreadId
DebugActiveProcessStop
OpenMutexW
GetSystemTimeAsFileTime
QueryPerformanceCounter
QueryDepthSList
LoadLibraryA

lpk

LpkInitialize
LpkEditControl
LpkDllInitialize
LpkGetTextExtentExPoint
LpkExtTextOut
LpkPSMTextOut
LpkDrawTextEx
LpkUseGDIWidthCache
LpkGetCharacterPlacement
ftsWordBreak
LpkTabbedTextOut

cmutil

?GetSection@CIniW@@QBEPBGXZ
?GetFile@CIniA@@QBEPBDXZ
?SetICSDataPath@CIniA@@QAEXPBD@Z
CmStrCatAllocW
CmLoadImageW
?SetSection@CIniW@@QAEXPBG@Z
?GPPB@CIniW@@QBEHPBG0H@Z
MakeBold
?LoadEntry@CIniA@@IBEPADPBD@Z
CmFree
?DeInit@CmLogFile@@QAEJXZ

rasman

RasInitialize
RasPortListen
RasPortDisconnect
RasGetBuffer
RasPortOpenEx
RasDeviceConnect
RasGetConnectionParams
RasLinkGetStatistics
RasPortGetBundledPort
RasSignalNewConnection
RasSetDevConfig
RasGetDevConfig
RasRpcConnect
RasRpcRemoteGetSystemDirectory
RasRPCBind
RasGetDeviceName
RasBundleGetStatisticsEx
RasRpcDeleteEntry
RasGetInfo
RasPortGetStatisticsEx

mgmtapi

SnmpMgrCtl
SnmpMgrClose
SnmpMgrGetTrap
SnmpMgrTrapListen
SnmpMgrOpen
SnmpMgrGetTrapEx
SnmpMgrRequest
SnmpMgrOidToStr
SnmpMgrStrToOid

Sections

.text
Size: 32KB - Virtual size: 32KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 22KB - Virtual size: 31KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 20KB - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 364B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

bbe7e49e08928f408fa88a306da3b3a3

Headers

DLL Characteristics

File Characteristics

Imports

user32

kernel32

lpk

cmutil

rasman

mgmtapi

Sections

.text Size: 32KB - Virtual size: 32KB

.rdata Size: 8KB - Virtual size: 8KB

.data Size: 22KB - Virtual size: 31KB

.rsrc Size: 20KB - Virtual size: 20KB

.reloc Size: 512B - Virtual size: 364B

.text
Size: 32KB - Virtual size: 32KB

.rdata
Size: 8KB - Virtual size: 8KB

.data
Size: 22KB - Virtual size: 31KB

.rsrc
Size: 20KB - Virtual size: 20KB

.reloc
Size: 512B - Virtual size: 364B