a31ef9f516330e4b08bb800e815987aa

Sharing

Copy URL

Twitter E-mail

General

Target

a31ef9f516330e4b08bb800e815987aa
Size

60KB
MD5

a31ef9f516330e4b08bb800e815987aa
SHA1

d0cfda0e27f6c86545182c06439000dcc07abe0d
SHA256

3f292af40ab69396b241af706e4a0573800ffabfd20d25f46ae04752912c150f
SHA512

4296984bcb53fe22ace2c309e1dd012f766c7d060042f21d66e7ad746cc76e43a6151c9daf47c5325b744cf2425aa6c97d6ab534575242a949db749fbac5381e
SSDEEP

1536:ZIeA7SppGJYwqqJc1f/oZQW7lQKdf0o+TBYQ5:SeA7Sptw3JAfmX6VYq

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
a31ef9f516330e4b08bb800e815987aa

Files

a31ef9f516330e4b08bb800e815987aa
.exe windows:5 windows x86 arch:x86

fb9e9aa24727cc1f73839170ef91d3b7

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

rasmontr

RutlGetTagToken
RutlGetOsVersion
RutlDwordDup
RutlFree
RutlAlloc
RutlIsHelpToken
RutlCloseDumpFile
RutlAssignmentFromTokenAndDword
RutlParse
RutlStrDup
RutlCreateDumpFile
RutlAssignmentFromTokens
InitHelperDll

setupapi

SetupDiGetINFClassA
CM_Get_Device_ID_ExW
SetupGetStringFieldA
pSetupSetQueueFlags
SetupGetInfFileListW
SetupQueryDrivesInDiskSpaceListA
SetupRemoveFileLogEntryA
CM_Get_Device_ID_List_ExA
SetupCopyErrorW
SetupDiGetClassDevsExW
SetupDiSetDeviceInstallParamsW
CM_Remove_SubTree
SetupDiGetClassRegistryPropertyW
CM_Get_Child
CM_Merge_Range_List
pSetupStringTableSetExtraData
SetupGetFileCompressionInfoW
SetupOpenMasterInf
SetupFreeSourceListA
pSetupStringFromGuid
pSetupGetField
CM_Set_DevNode_Registry_PropertyA
SetupBackupErrorA

msvcrt20

_tcsnccmp
??4strstreambuf@@QAEAAV0@ABV0@@Z
_umask
_mbsninc
_spawnve
_wexecve
tmpfile
_wopen
strlen
_safe_fprem1
__p___argc
wscanf
??_Estrstream@@UAEPAXI@Z
_mbsupr
_strdate
__initenv
_unloaddll
?basefield@ios@@2JB
_wsystem
__p__winmajor
??_Gstrstreambuf@@UAEPAXI@Z
?read@istream@@QAEAAV1@PADH@Z
raise
??1Iostream_init@@QAE@XZ
_atodbl

expsrv

rtcPackTime
rtcRemoveDir
__vbaR8ForNextCheck
rtcFileWidth
__vbaRedimPreserveVar2
rtcIntVar
rtcPackDate
__vbaVarTextTstGe
rtcArray
rtcLeftBstr
rtcFileAttributes
__vbaCopyBytes
__vbaVarLateMemCallLd
__vbaI4Sgn
__vbaVar2Vec
__vbaLateMemSt
__vbaEnd
GetMemNewObj
__vbaNextEachVar
__vbaCyI4
__vbaPut4
rtcTan
rtcFormatNumber
rtcSwitch
_adj_fptan
rtcEndOfFile

kernel32

GetTickCount
GetCurrentThreadId
GetConsoleWindow
ConnectNamedPipe
GetBinaryType
SetTimeZoneInformation
LZInit
DeleteCriticalSection
GetCurrentProcessId
GetExpandedNameA
InvalidateConsoleDIBits
RtlZeroMemory
RegisterConsoleOS2
GetSystemTimeAsFileTime
GetFullPathNameA
RegisterWaitForSingleObject
GetProcAddress
GetStartupInfoW
QueueUserWorkItem
GetLogicalDrives
GetModuleHandleW
QueryPerformanceCounter
FatalAppExitW
LoadLibraryW
ReadDirectoryChangesW
ReadConsoleInputExW
GetDiskFreeSpaceA
VirtualAlloc
LoadLibraryA

Sections

.text
Size: 11KB - Virtual size: 11KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 13KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 14KB - Virtual size: 61KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 19KB - Virtual size: 19KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 396B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

fb9e9aa24727cc1f73839170ef91d3b7

Headers

DLL Characteristics

File Characteristics

Imports

rasmontr

setupapi

msvcrt20

expsrv

kernel32

Sections

.text Size: 11KB - Virtual size: 11KB

.rdata Size: 13KB - Virtual size: 13KB

.data Size: 14KB - Virtual size: 61KB

.rsrc Size: 19KB - Virtual size: 19KB

.reloc Size: 512B - Virtual size: 396B

.text
Size: 11KB - Virtual size: 11KB

.rdata
Size: 13KB - Virtual size: 13KB

.data
Size: 14KB - Virtual size: 61KB

.rsrc
Size: 19KB - Virtual size: 19KB

.reloc
Size: 512B - Virtual size: 396B