a9f7627d5e9d24260a351d31669656cb

Sharing

Copy URL Twitter E-mail

General

Target

a9f7627d5e9d24260a351d31669656cb
Size

85KB
MD5

a9f7627d5e9d24260a351d31669656cb
SHA1

13d6cd811a0dd85102c9e08d173e4d7d13b90ac3
SHA256

351dcdc32852ab9c1de292199c77af594fbef8aa6c715959b0caa8adcd7edb12
SHA512

b8b0cdc7c18c64d7575dad72b23cfd0dc2a98a0dacf8983e96fcb130aac5dbe47d4ed423bebaaf07b9c898cef06a652eddacb50db5f4a46d4e3ac41df36d37cc
SSDEEP

1536:3QkfDFq7Vb7aQszD8jQoJINcGjGqZRVpDStbjWKd/mzZUn5iHwKtipAY:j56RrUoJjunTpDSBWK4C5aUqY

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
a9f7627d5e9d24260a351d31669656cb

Files

a9f7627d5e9d24260a351d31669656cb
.exe windows:5 windows x86 arch:x86

9781e26d058be637bdd5ecf81728d542

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

msorcl32

SQLAllocStmt
SQLProcedureColumns
SQLSetStmtOption
SQLFreeStmt
SQLConnect
SQLAllocEnv
SQLSetConnectOption
SQLForeignKeys
SQLBindCol
SQLParamData
ConfigDSN
SQLSetScrollOptions
SQLGetData
SQLExecute
SQLProcedures

kernel32

EnumerateLocalComputerNamesW
CompareStringA
WriteConsoleOutputCharacterW
GetTickCount
QueryActCtxW
GetConsoleAliasA
WriteProfileStringW
QueryPerformanceCounter
LoadLibraryA
VirtualAlloc
GetCurrentThreadId
GetFileTime
GetCurrentProcessId
WritePrivateProfileStructW
GetStartupInfoA
FlushConsoleInputBuffer
GetLongPathNameA
CmdBatNotification
ConvertThreadToFiber
HeapCreate
WriteConsoleOutputW
GetProcessPriorityBoost
GetSystemTimeAsFileTime
TlsGetValue
SetConsoleTitleA

imagehlp

ImageRvaToSection
SymGetLinePrev
SymGetLineFromAddr64
SymGetModuleBase64
RemovePrivateCvSymbolicEx
ImagehlpApiVersion
SymGetSymPrev
RemovePrivateCvSymbolic
SymGetSymNext
MapFileAndCheckSumW
SymFunctionTableAccess
SymGetSymPrev64
SearchTreeForFile
ImagehlpApiVersionEx
SymGetSymFromName64
SymFromAddr
StackWalk
SymEnumerateModules
FindExecutableImage
SymGetOptions

sxs

SxsEndAssemblyInstall
SxsOleAut32RedirectTypeLibrary
SxsGenerateActivationContext
SxsRunDllInstallAssemblyW
SxsBeginAssemblyInstall
SxsUninstallW
SxspGenerateManifestPathOnAssemblyIdentity
CreateAssemblyCache
SxsRunDllInstallAssembly
CreateAssemblyNameObject
SxsQueryManifestInformation
SxsInstallW

glu32

gluDeleteTess
gluNextContour
gluNurbsCallback
gluPartialDisk
gluNewNurbsRenderer
gluTessVertex
gluEndTrim
gluScaleImage
gluBuild2DMipmaps
gluQuadricCallback

Sections

.text
Size: 34KB - Virtual size: 34KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 9KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 19KB - Virtual size: 51KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 20KB - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 304B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

9781e26d058be637bdd5ecf81728d542

Headers

DLL Characteristics

File Characteristics

Imports

msorcl32

kernel32

imagehlp

sxs

glu32

Sections

.text Size: 34KB - Virtual size: 34KB

.rdata Size: 9KB - Virtual size: 9KB

.data Size: 19KB - Virtual size: 51KB

.rsrc Size: 20KB - Virtual size: 20KB

.reloc Size: 512B - Virtual size: 304B

.text
Size: 34KB - Virtual size: 34KB

.rdata
Size: 9KB - Virtual size: 9KB

.data
Size: 19KB - Virtual size: 51KB

.rsrc
Size: 20KB - Virtual size: 20KB

.reloc
Size: 512B - Virtual size: 304B