985a560a216a310f6ecc49fac46e9742

Sharing

Copy URL Twitter E-mail

General

Target

985a560a216a310f6ecc49fac46e9742
Size

46KB
MD5

985a560a216a310f6ecc49fac46e9742
SHA1

cf34cb4ed3c9c036d695017f570c61e0d0669d86
SHA256

768ef8ce7277fa6ba5f22e911d85663d25f0cf0041e3a8dec487bbe736e1161b
SHA512

0e42bc4772340f457194b987346df5dc777003c57839ba2e4ab7789ffb8464c99357cc169f4e8b81f3048df4180ee3459091a7302e80f4807874b6658ba91b9b
SSDEEP

768:O/5GkM+RbLvID2KKcfMwdEKahT+bHWOG68p50DlnNzUUs9s75Ls9HvtZbI:k5GkM+RvvIqKKc0wjahTkHWA8p5gN4JS

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
985a560a216a310f6ecc49fac46e9742

Files

985a560a216a310f6ecc49fac46e9742
.exe windows:5 windows x86 arch:x86

fbf0f96cfa606c1e11357e5242deace6

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

sqlunirl

_VerQueryValue_@16
_EnumFontFamiliesEx_@20
_CopyEnhMetaFile_@8
_GetVolumeInformation_@32
_ObjectCloseAuditAlarm_@12
_SHBrowseForFolder_@4
newWideCharFromMultiByte
_RegReplaceKey_@16
_CreatePropertySheetPage_@4
_CreateProcess_@40
_GetWindowText@12
_GetTextExtentPoint@16
_GetToolsFilePath@16
_FindNextFile_@8
wsprintf_
_tfopen
_GetLogicalDriveStrings_@8
_FindText_@4
newMultiByteFromWideChar
_CreateWaitableTimer_@12
_SendMessageTimeout_@28
_EnumResourceLanguages_@20
_GetObject@12
_ExpandEnvironmentStrings_@12
_RegCreateKey_@12
_LookupPrivilegeValue_@12
_GetCurrentDirectory_@8
_GetPrivateProfileSection_@16
_RegCreateKeyEx_@36

oleaut32

VarUI8FromDec
VarCyFromI8
VarDateFromCy
VarCat
VarUI8FromR4
VariantChangeType
GetRecordInfoFromTypeInfo
VarUI4FromDec
SafeArrayGetIID
VarUI4FromR8
LHashValOfNameSys
VarXor
VarAdd
VarUI8FromUI1
LPSAFEARRAY_Size
VarCyInt
VarBstrFromDate
VarDateFromUI8
VarBoolFromStr
VarI2FromI1
VarBstrFromI1
VarUI8FromI8
VarUI1FromDate
VarR4FromUI1
VarBoolFromDate
VarDecFromR8
VarWeekdayName
VarI8FromUI8
VarUI1FromCy
VarUI8FromUI4

kernel32

GetVolumePathNamesForVolumeNameW
RtlCaptureContext
GetVersion
EndUpdateResourceA
SetDefaultCommConfigA
CancelTimerQueueTimer
FindResourceA
lstrcpy
WritePrivateProfileSectionW
SetComputerNameExW
ZombifyActCtx
IsBadStringPtrA
FileTimeToSystemTime
DosPathToSessionPathA
VirtualAlloc
InterlockedFlushSList
UpdateResourceW
GlobalWire
LoadLibraryA
GetUserDefaultUILanguage
ExpandEnvironmentStringsA
SetEnvironmentVariableA
CloseConsoleHandle
InitializeCriticalSection
Module32Next
LoadModule
OpenEventA
GetProcessVersion
GetModuleHandleA
CallNamedPipeW

iphlpapi

NTPTimeToNTFileTime
GetRTTAndHopCount
_PfRemoveGlobalFilterFromInterface@8
GetIpErrorString
GetIfTable
GetUdpStatisticsEx
IpRenewAddress
InternalSetIfEntry
InternalGetIpForwardTable
UnenableRouter
Icmp6SendEcho2
CreateIpForwardEntry
InternalDeleteIpForwardEntry
SetAdapterIpAddress
SetIpNetEntry
DeleteIpForwardEntry
InternalCreateIpNetEntry
_PfRemoveFilterHandles@12
_PfUnBindInterface@4
GetIpNetTable
RestoreMediaSense
GetTcpStatisticsEx
_PfRebindFilters@8
InternalDeleteIpNetEntry
GetTcpStatistics
_PfAddFiltersToInterface@24
InternalSetIpStats
_PfRemoveFiltersFromInterface@20

msvcrt20

??0fstream@@QAE@ABV0@@Z
_isctype
_adj_fdiv_m32
_sopen
_tccpy
setlocale
?sunk_with_stdio@ios@@0HA
fgetc
?xsputn@streambuf@@UAEHPBDH@Z
_fcloseall
?clrlock@ios@@QAAXXZ
_ungetch
_mtunlock
?xsgetn@streambuf@@UAEHPADH@Z
_wfreopen
?getline@istream@@QAEAAV1@PACHD@Z
?put@ostream@@QAEAAV1@D@Z
_pwctype
_spawnle
putchar
memcpy
iscntrl
??_7istream@@6B@
??_Eifstream@@UAEPAXI@Z
_fullpath
__p__wcmdln
_adj_fpatan

user32

SetRect
DrawFrameControl
GetMonitorInfoA
GrayStringA
CreateMenu
BroadcastSystemMessage
GetParent
SetWinEventHook
GetUserObjectSecurity
SetUserObjectSecurity
DdeCreateStringHandleW
CharLowerA
CharLowerW
PeekMessageW
GetClassLongW
DrawTextExW
IsCharAlphaW
ShowWindow
EnumDisplayDevicesW
SetSysColorsTemp
WINNLSGetIMEHotkey
GetWinStationInfo
GetNextDlgTabItem
DdeGetLastError
UserRealizePalette
GetDCEx
BroadcastSystemMessageExA
DdeAddData
ArrangeIconicWindows
GetScrollBarInfo

ir50_32

DllUnregisterServer
AboutDialogProc
DllGetClassObject
DllCanUnloadNow
DriverProc
ConfigureDialogProc
DllMain
DllRegisterServer

Sections

.text
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 13KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 17KB - Virtual size: 68KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 9KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 240B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

fbf0f96cfa606c1e11357e5242deace6

Headers

DLL Characteristics

File Characteristics

Imports

sqlunirl

oleaut32

kernel32

iphlpapi

msvcrt20

user32

ir50_32

Sections

.text Size: 5KB - Virtual size: 4KB

.rdata Size: 13KB - Virtual size: 13KB

.data Size: 17KB - Virtual size: 68KB

.rsrc Size: 9KB - Virtual size: 9KB

.reloc Size: 512B - Virtual size: 240B

.text
Size: 5KB - Virtual size: 4KB

.rdata
Size: 13KB - Virtual size: 13KB

.data
Size: 17KB - Virtual size: 68KB

.rsrc
Size: 9KB - Virtual size: 9KB

.reloc
Size: 512B - Virtual size: 240B