ad4a8e4800227a436d4dbbc4f8a159f9

Sharing

Copy URL Twitter E-mail

General

Target

ad4a8e4800227a436d4dbbc4f8a159f9
Size

871KB
MD5

ad4a8e4800227a436d4dbbc4f8a159f9
SHA1

1cedb9bff54f3d73c6a68e55fbce70d0ec0744a2
SHA256

95455f1a349d43cbbaa8b720619b89551869d7b80cf36f7d950d3b1f47f83372
SHA512

d0f058edf9851352aa4da1665462973bbbaa396ef6f4fb0272f2cc92b128760c35f6dd85e6119bcba0479ea5f73bca464e44b90cf66c0e3d94b83be3dc39c6dc
SSDEEP

12288:dH/GR6lvPnuybVWz+tRSkMRL/u2rDoMNqK0ouf7ZtXqYqf5XXe+KAHhkPzc3vXPG:duEv7LWpDo27cFENf5XXeYHsz+FMwJ

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
ad4a8e4800227a436d4dbbc4f8a159f9

Files

ad4a8e4800227a436d4dbbc4f8a159f9
.exe windows:5 windows x86 arch:x86

2b038c5cfeae37673225c45e5bf6a0e5

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

msi

MsiOpenPackageW
MsiGetProductCodeA
MsiGetProductCodeW
MsiViewGetColumnInfo
MsiViewClose
MsiLoadStringW
MsiNotifySidChangeA
MsiSetPropertyW
MsiGetFeatureValidStatesA
MsiLoadStringA
MsiConfigureProductW
MsiProvideComponentFromDescriptorW
MsiCloseHandle
DllGetClassObject
MsiPreviewBillboardA
MsiGetFeatureInfoA
MsiIsProductElevatedA
MsiRecordClearData
MsiProvideComponentW
MsiGetComponentPathW
MsiDatabaseMergeA
MsiProvideQualifiedComponentExW
MsiGetPropertyA
MsiLocateComponentA
MsiGetProductPropertyW
MsiCreateTransformSummaryInfoW
MsiDatabaseOpenViewW
MsiGetFeatureCostA
MsiAdvertiseScriptW
MsiGetFileVersionW
MsiSummaryInfoSetPropertyW
MsiGetShortcutTargetA
MsiEnumComponentsA
MsiGetProductInfoFromScriptA
MsiGetProductPropertyA
MsiInstallMissingComponentW
MsiReinstallProductA
MsiCreateAndVerifyInstallerDirectory

mfcsubs

?TrimRight@CString@@QAEXXZ
??9@YG_NABVCString@@0@Z
?FreeExtra@CStringArray@@QAEXXZ
?ReleaseBuffer@CString@@QAEXH@Z
??4CString@@QAEABV0@G@Z
?GetLength@CString@@QBEHXZ
?ConcatCopy@CString@@IAEXHPBGH0@Z
?GetData@CString@@IBEPAUCStringData@@XZ
?GetStartPosition@CMapStringToPtr@@QBEPAU__POSITION@@XZ
??ACMapStringToPtr@@QAEAAPAXPBG@Z
?Mid@CString@@QBE?AV1@H@Z
?Format@CString@@QAAXPBGZZ
?AfxW2AHelper@@YGPADPADPBGH@Z
?InitHashTable@CMapStringToPtr@@QAEXIH@Z
??1CObject@@UAE@XZ
?SetAtGrow@CStringArray@@QAEXHPBG@Z
??4CString@@QAEABV0@PBG@Z
?Find@CString@@QBEHPBG@Z
?LookupKey@CMapStringToPtr@@QBEHPBGAAPBG@Z
?RemoveKey@CMapStringToPtr@@QAEHPBG@Z
?GetData@CStringArray@@QBEPBVCString@@XZ
?Lock@CCriticalSection@@QAEHXZ
?GetAssocAt@CMapStringToPtr@@IBEPAUCAssoc@1@PBGAAI@Z
?Unlock@CCriticalSection@@UAEHXZ
?InsertAt@CStringArray@@QAEXHPAV1@@Z

ws2_32

WSAIsBlocking
WSAAddressToStringW
WEP
gethostbyname
connect
WSAHtons
WSAAsyncGetHostByAddr
WSCEnableNSProvider
send
WSACreateEvent
WSAStringToAddressW
WSAGetQOSByName
WSCInstallNameSpace
WSAAsyncGetProtoByName
WSAProviderConfigChange
WSAStringToAddressA
WSACloseEvent
WSANtohs
gethostbyaddr
WSAResetEvent
getaddrinfo
WSARemoveServiceClass
select
WSAGetOverlappedResult
accept
WSAConnect
WSALookupServiceNextA
WSAWaitForMultipleEvents
WSAEnumNameSpaceProvidersW
WSAGetServiceClassNameByClassIdA
WSASetServiceW
getservbyport

kernel32

SetConsoleCursorMode
SetupComm
GetProcessId
GetModuleHandleA
GetPrivateProfileIntA
WriteConsoleOutputCharacterA
RegisterConsoleVDM
SetConsoleDisplayMode
GetVolumeNameForVolumeMountPointW
OpenEventA
SetSystemTime
CreateToolhelp32Snapshot
GetCalendarInfoW
ExpungeConsoleCommandHistoryA
DisconnectNamedPipe
SetEndOfFile
VirtualFreeEx
LoadLibraryA
lstrcmpA
WaitForSingleObjectEx
GlobalMemoryStatusEx
FormatMessageA
OpenEventW
GetWindowsDirectoryA
AllocConsole
GetNativeSystemInfo
ReadFileScatter
GetConsoleCharType
SetCommTimeouts
MapViewOfFileEx
PeekConsoleInputA
GlobalUnWire
OpenConsoleW
AreFileApisANSI
Process32Next
GetNamedPipeInfo
GetNumaAvailableMemoryNode
ReadConsoleInputExA
GetProfileStringA
DeleteTimerQueueEx
VirtualAlloc
IsBadStringPtrA
RemoveVectoredExceptionHandler
SetVolumeMountPointW
LoadLibraryExA
GetNumaProcessorNode
FreeConsole
DeleteFileA
CreateMailslotW
AddAtomA
GetCPInfoExW
CreateRemoteThread
UnlockFile
GetComPlusPackageInstallStatus
CmdBatNotification
SetTimeZoneInformation
FindResourceExW
CreateJobSet
GetTempPathW
SetStdHandle
CreateNamedPipeW
SetTapePosition
VerifyVersionInfoW
SetFirmwareEnvironmentVariableW
GetCurrentProcessId

ntdll

ZwSaveKeyEx
RtlApplyRXactNoFlush
wcstoul
RtlGetCurrentPeb
ZwCallbackReturn
NtClose
RtlGetNtGlobalFlags
ZwOpenProcess
NtDeleteBootEntry
memchr
RtlFindSetBitsAndClear
RtlRaiseException
ZwQueryTimer
RtlFirstFreeAce
iswdigit
ZwAccessCheckByType
RtlAddAccessAllowedObjectAce
NtSaveKey
RtlAddRefActivationContext
ZwQueryAttributesFile
NtSetIoCompletion
ZwSetInformationThread
RtlLargeIntegerArithmeticShift
ZwMakePermanentObject
_itow
RtlGetControlSecurityDescriptor
RtlInt64ToUnicodeString
RtlExtendedLargeIntegerDivide
NtQueryOpenSubKeys
RtlZombifyActivationContext
RtlGetVersion
NtAddAtom
RtlCreateEnvironment
ZwSystemDebugControl
RtlTraceDatabaseAdd

sfc

SRSetRestorePoint
SRSetRestorePointW
SfcIsFileProtected
SfpVerifyFile
SRSetRestorePointA
SfcGetNextProtectedFile

Sections

.text
Size: 547KB - Virtual size: 547KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 314KB - Virtual size: 1.7MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 1024B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

2b038c5cfeae37673225c45e5bf6a0e5

Headers

DLL Characteristics

File Characteristics

Imports

msi

mfcsubs

ws2_32

kernel32

ntdll

sfc

Sections

.text Size: 547KB - Virtual size: 547KB

.rdata Size: 6KB - Virtual size: 6KB

.data Size: 314KB - Virtual size: 1.7MB

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 1024B - Virtual size: 1024B

.text
Size: 547KB - Virtual size: 547KB

.rdata
Size: 6KB - Virtual size: 6KB

.data
Size: 314KB - Virtual size: 1.7MB

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 1024B - Virtual size: 1024B