b5fb01391c7f9d9fd75b89d800332fa5

Sharing

Copy URL Twitter E-mail

General

Target

b5fb01391c7f9d9fd75b89d800332fa5
Size

864KB
MD5

b5fb01391c7f9d9fd75b89d800332fa5
SHA1

2d6323719ee12689735848850b85406086c700be
SHA256

5b6565cf93e6896b4ecc30f4150f4bbbee53963236ffb9eb3c6e9f5f93f2114d
SHA512

d385408cae0fb707f952e6f2af5e292e31bea43c91aa211e0700c684378997dd3fdc7866c136f40cc30565ceb50deaa8035ca96be7fc88300766324f5064c793
SSDEEP

24576:gzdBCxFGhAW+TTpEWnNpDsoz4ToEqH9eb/:gzdYChfWNEaNRsoz4Tbg9eT

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
b5fb01391c7f9d9fd75b89d800332fa5

Files

b5fb01391c7f9d9fd75b89d800332fa5
.exe windows:5 windows x86 arch:x86

d0938fdf3db861db9241af07a5656a67

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

oleaut32

LPSAFEARRAY_Marshal
VarI8FromUI4
VarSub
VarDateFromI4
VarR4CmpR8
VarCyAdd
LHashValOfNameSysA
VarR4FromBool
VarUI1FromUI2
SetErrorInfo
VarUI4FromI4
SafeArrayAccessData
SysFreeString
VarBstrCat
SafeArrayDestroyData
VarI2FromDate
VarUI2FromStr
VarUdateFromDate
VarR8FromBool
VarCyMulI8
DispCallFunc
SafeArrayDestroy
LPSAFEARRAY_UserUnmarshal
VarI8FromUI8
GetErrorInfo
VARIANT_UserFree
VarI8FromStr
GetRecordInfoFromGuids
VarBstrFromDec
VarR4FromCy

dhcpcsvc

DhcpCApiCleanup
DhcpRequestParams
DhcpCApiInitialize
DhcpReleaseIpAddressLease
DhcpStaticRefreshParams
McastRenewAddress
DhcpAcquireParameters
McastRequestAddress
DhcpLeaseIpAddress
DhcpDeRegisterParamChange
DhcpHandlePnPEvent
DhcpOpenGlobalEvent
McastGenUID
McastEnumerateScopes
DhcpNotifyConfigChangeEx
McastApiStartup
DhcpRemoveDNSRegistrations
DhcpRegisterOptions
McastReleaseAddress
McastApiCleanup
DhcpAcquireParametersByBroadcast
DhcpDeRegisterOptions
DhcpReleaseParameters
DhcpRequestOptions
DhcpRenewIpAddressLeaseEx
DhcpLeaseIpAddressEx
DhcpRenewIpAddressLease
DhcpFallbackRefreshParams
DhcpDelPersistentRequestParams
DhcpUndoRequestParams
DhcpReleaseIpAddressLeaseEx
DhcpPersistentRequestParams
DhcpEnumClasses
DhcpNotifyConfigChange
DhcpRegisterParamChange

crtdll

sscanf
_wcsicoll
_getdcwd
atan
__toascii
_mktemp
rand
isdigit
_findfirst
remove
_strdec
_mbsspn
_ismbbalpha
fputc
_getcwd
_ismbcsymbol
_ismbcl0
_mbscat
exp
_ismbcl1
strcmp
_strnset
wcschr
_chsize
clock
_execv
fprintf
_mbsrchr
ungetc
_wcsnicmp
strchr
iswctype
_fgetwchar
_CItan
_yn
atexit

iphlpapi

FlushIpNetTable
InternalGetTcpTable
InternalDeleteIpForwardEntry
GetTcpTable
NhpAllocateAndGetInterfaceInfoFromStack
_PfTestPacket@20
_PfRemoveGlobalFilterFromInterface@8
SetTcpEntry
AddIPAddress
IpRenewAddress
SetAdapterIpAddress
GetUniDirectionalAdapterInfo
InternalGetIpNetTable
GetNetworkParams
DeleteProxyArpEntry
InternalSetIfEntry
CreateIpForwardEntry
GetPerAdapterInfo
_PfBindInterfaceToIndex@16
Icmp6ParseReplies
GetUdpStatistics
SetIpForwardEntry
IcmpCloseHandle
_PfSetLogBuffer@28
InternalGetIpForwardTable
InternalGetIpAddrTable
InternalCreateIpNetEntry
DeleteIpForwardEntry
GetFriendlyIfIndex
CreateIpNetEntry
IcmpCreateFile
_PfUnBindInterface@4
InternalSetIpForwardEntry
AllocateAndGetIpAddrTableFromStack
NhGetInterfaceNameFromGuid
_PfAddFiltersToInterface@24
GetBestInterface

kernel32

SetCommState
LZOpenFileW
GetTimeFormatW
LocalAlloc
ReadFileEx
OutputDebugStringA
GetProcessAffinityMask
GetConsoleAliasW
GetConsoleKeyboardLayoutNameA
GetSystemTimeAsFileTime
WriteConsoleInputA
ExitProcess
DeleteVolumeMountPointA
MapUserPhysicalPagesScatter
lstrcmpi
GetNumberOfConsoleFonts
CancelTimerQueueTimer
GetPrivateProfileStringW
FindAtomW
GetConsoleInputExeNameW
VirtualAlloc
lstrcpyn
GetOverlappedResult
SetProcessWorkingSetSize
GetVolumeInformationA
RtlUnwind
FindFirstChangeNotificationW
GetCurrentProcessId
LockResource
GetSystemDefaultLCID
CreateSemaphoreW
GetFirmwareEnvironmentVariableW
GetEnvironmentStringsW
DelayLoadFailureHook
LoadLibraryA
WaitForMultipleObjects
AddAtomW
EnumerateLocalComputerNamesA
DuplicateHandle
IsBadReadPtr
GetOEMCP
GetACP
GetModuleHandleExA
EnumSystemCodePagesW
GetConsoleAliasesW
FindActCtxSectionStringA
HeapCreate
GetConsoleProcessList
EnumDateFormatsExW
UnregisterWait
UnhandledExceptionFilter

iassvcs

IASAdler32
IASAllocateUniqueID
IASSetMaxNumberOfThreads
IASSetMaxThreadIdle
IASGetDictionary
IASGetHostByName
IASRequestThread
IASVariantChangeType
IASUninitialize
IASGetLocalDictionary
IASInitialize
IASRegisterComponent
DllGetClassObject
IASRadiusCrypt
IASReportEvent

Sections

.text
Size: 352KB - Virtual size: 352KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 186KB - Virtual size: 186KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 321KB - Virtual size: 1.7MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 1024B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

d0938fdf3db861db9241af07a5656a67

Headers

DLL Characteristics

File Characteristics

Imports

oleaut32

dhcpcsvc

crtdll

iphlpapi

kernel32

iassvcs

Sections

.text Size: 352KB - Virtual size: 352KB

.rdata Size: 186KB - Virtual size: 186KB

.data Size: 321KB - Virtual size: 1.7MB

.rsrc Size: 2KB - Virtual size: 2KB

.reloc Size: 1024B - Virtual size: 1024B

.text
Size: 352KB - Virtual size: 352KB

.rdata
Size: 186KB - Virtual size: 186KB

.data
Size: 321KB - Virtual size: 1.7MB

.rsrc
Size: 2KB - Virtual size: 2KB

.reloc
Size: 1024B - Virtual size: 1024B