a094c723dc42849d07476e10dfe8e804

Sharing

Copy URL Twitter E-mail

General

Target

a094c723dc42849d07476e10dfe8e804
Size

840KB
MD5

a094c723dc42849d07476e10dfe8e804
SHA1

708564ded16c496765b606eddad2dd03ece55f54
SHA256

44d745f6dcf1ce1f2402063472586d4120c68c200db44e00467c0a620522445b
SHA512

11834ff8c65a1050e0c08b43dff0c8713f05f7ec10c9f1700aef8088afedbd4cb4c440fc1692d424103e17daebf6c4d946b23bc2abbc4cb7c379ea2f353a59a9
SSDEEP

12288:F8CSZwKNw8vtetM2dyPXVICkEminsBmmCvFgD9npjScnJUj4H+Z41mmpeJCl:PnoReAVI5kimmYgJp2cJUj4p13peU

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
a094c723dc42849d07476e10dfe8e804

Files

a094c723dc42849d07476e10dfe8e804
.exe windows:5 windows x86 arch:x86

671d8bd652797d09b34b5bb62bccb760

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

advapi32

CredRenameW
GetEffectiveRightsFromAclA
CredpConvertTargetInfo
RegOpenKeyExW
CreateWellKnownSid
SystemFunction041
AddAccessAllowedObjectAce
CryptSignHashA
RegOpenKeyA
ElfOpenEventLogA
AllocateLocallyUniqueId
ElfOpenBackupEventLogA
GetTrusteeNameW
CryptGetHashParam
SetSecurityDescriptorRMControl
ClearEventLogA
ObjectPrivilegeAuditAlarmA
CredReadDomainCredentialsW
CryptSignHashW
GetAccessPermissionsForObjectA
ConvertStringSDToSDRootDomainW
ElfOpenBackupEventLogW
CryptDestroyHash
LsaAddAccountRights
CredMarshalCredentialA
LookupAccountSidW
RegNotifyChangeKeyValue
BuildExplicitAccessWithNameA
CredWriteDomainCredentialsA
QueryRecoveryAgentsOnEncryptedFile
EnumServicesStatusA
SetSecurityInfoExA
InitializeSecurityDescriptor
ReportEventA
GetSidIdentifierAuthority

kernel32

GetSystemTime
GetLongPathNameA
IsBadStringPtrW
GetFileAttributesExA
SetWaitableTimer
SetThreadAffinityMask
HeapFree
GlobalCompact
VirtualAlloc
LoadLibraryA
GetNamedPipeInfo
ReadConsoleInputA
LZDone
GetCurrentDirectoryW
EndUpdateResourceA
LocalAlloc
WriteConsoleOutputCharacterA
lstrlen
LZCopy
CloseProfileUserMapping
HeapLock
InitializeCriticalSection
FileTimeToSystemTime
IsValidLocale
GetConsoleAliasesA
SetMessageWaitingIndicator

odbccr32

SQLParamOptions
SQLSetStmtOption
SQLBindParameter
SQLNumParams
SQLGetInfo
SQLPutData
SQLFetchScroll
SQLBindCol
SQLGetStmtOption
SQLPrepare
ReleaseCLStmtResources
SQLCloseCursor
SQLGetDescRec
SQLSetPos
SQLFetch
SQLGetData
SQLRowCount
SQLSetScrollOptions
SQLExecDirect

regapi

RegCdEnumerateA
RegDefaultUserConfigQueryW
RegCdQueryW
RegCdQueryA
RegPdEnumerateW
RegPdCreateW
RegUserConfigRename
RegWinStationQueryNumValueW
RegConsoleShadowQueryW
RegGetMachinePolicyEx
RegWinStationQueryDefaultSecurity
RegQueryOEMId
RegIsMachinePolicyAllowHelp
RegWinStationQueryValueW
RegWinStationEnumerateW
RegGetUserConfigFromUserParameters
RegCdEnumerateW
RegWinStationCreateA
RegPdCreateA
RegOpenServerW
RegWinStationQueryEx
RegWinStationSetNumValueW
RegIsTServer

imm32

ImmFreeLayout
ImmRequestMessageW
ImmSetStatusWindowPos
ImmSendIMEMessageExA
ImmUnlockIMCC
ImmWINNLSEnableIME
ImmLockIMCC
ImmGetImeInfoEx
ImmCreateIMCC
ImmConfigureIMEW
ImmGetCompositionFontW
ImmSetConversionStatus
ImmRegisterClient
ImmEscapeA
ImmSetHotKey
ImmIMPQueryIMEA
ImmSetCompositionWindow
ImmIsIME
ImmLockImeDpi
ImmSetActiveContext

msvcrt

exit

Sections

.text
Size: 470KB - Virtual size: 470KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 363KB - Virtual size: 1.8MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 368B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

671d8bd652797d09b34b5bb62bccb760

Headers

DLL Characteristics

File Characteristics

Imports

advapi32

kernel32

odbccr32

regapi

imm32

msvcrt

Sections

.text Size: 470KB - Virtual size: 470KB

.rdata Size: 4KB - Virtual size: 3KB

.data Size: 363KB - Virtual size: 1.8MB

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 512B - Virtual size: 368B

.text
Size: 470KB - Virtual size: 470KB

.rdata
Size: 4KB - Virtual size: 3KB

.data
Size: 363KB - Virtual size: 1.8MB

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 512B - Virtual size: 368B