b50c62acda8c4b2e938b302fd6bb83a8

Sharing

Copy URL Twitter E-mail

General

Target

b50c62acda8c4b2e938b302fd6bb83a8
Size

135KB
MD5

b50c62acda8c4b2e938b302fd6bb83a8
SHA1

b0efb58b82ef2ce52cf14332bc56af53432fa0f7
SHA256

0a25d78543bd5c3f42c0a1d13c8d8459ae434f1524c8fb53c861fceb35dc4786
SHA512

1a5bc0a1e6a8cec1aa9f1d85cf541886abaf13afb47d0775614038468227e266fbd0247d3e7af33f1f65832c93e585437c542046b80daec3088d1b3289b34787
SSDEEP

3072:UKqzhXjqXjDFnS6Rx4fRBdDRArxMwXyJvaHNbYJC1NZu6uayft:VqlXjqTTABdFArHi1atbY01Njub

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
b50c62acda8c4b2e938b302fd6bb83a8

Files

b50c62acda8c4b2e938b302fd6bb83a8
.exe windows:5 windows x86 arch:x86

faea4d2632ff4dd7969c1e7f75cda023

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

t2embed

TTGetEmbeddingType
TTGetNewFontName
_TTCharToUnicode@24
TTRunValidationTests
_TTRunValidationTests@8
TTCharToUnicode
TTGetEmbeddedFontInfo
TTEmbedFont
_TTGetEmbeddedFontInfo@28
_TTGetEmbeddingType@8
TTIsEmbeddingEnabledForFacename
_TTDeleteEmbeddedFont@12
_TTEnableEmbeddingForFacename@8
TTEmbedFontFromFileA
_TTEmbedFontFromFileA@52
_TTIsEmbeddingEnabled@8
_TTEmbedFont@44
_TTIsEmbeddingEnabledForFacename@8
TTRunValidationTestsEx

mmcbase

?MMCUpdateRegistry@@YGJHPBVCObjectRegParams@@PBVCControlRegParams@@@Z
??1?$CEventLock@UAppEvents@@@@QAE@XZ
??4SC@mmcerror@@QAEAAV01@J@Z
?GetErrorMessage@SC@mmcerror@@QBEXIPAG@Z
??9SC@mmcerror@@QBE_NABV01@@Z
?FormatErrorIds@@YGXIVSC@mmcerror@@IPAG@Z
?GetHinst@SC@mmcerror@@SGPAUHINSTANCE__@@XZ
?Trace_@SC@mmcerror@@QBEXXZ
??4?$CEventLock@UAppEvents@@@@QAEAAV0@ABV0@@Z
??8SC@mmcerror@@QBE_NABV01@@Z
?Clear@SC@mmcerror@@QAEXXZ
?ScEmitOrPostpone@CEventBuffer@@QAE?AVSC@mmcerror@@PAUIDispatch@@JPAVCComVariant@ATL@@H@Z
?HrFromSc@@YGJABVSC@mmcerror@@@Z
?GetHWnd@SC@mmcerror@@SGPAUHWND__@@XZ
??BSC@mmcerror@@QBE_NXZ
??4CMMCStrongReferences@@QAEAAV0@ABV0@@Z

kernel32

GetComputerNameExW
DuplicateHandle
GetCurrentDirectoryW
LoadLibraryA
CancelIo
GetPrivateProfileSectionNamesW
SetFileShortNameA
FindFirstVolumeW
GetCurrentProcess
WriteTapemark
GetProfileSectionW
CreateActCtxA
GetLocaleInfoW
GetCPInfoExA
GetUserGeoID
GetCPInfo
GetVDMCurrentDirectories
TerminateJobObject
ReadFileScatter
GetBinaryTypeA
GetVolumeNameForVolumeMountPointW
WriteConsoleInputVDMA
InterlockedExchangeAdd
VirtualAlloc
ExitProcess
GetCompressedFileSizeW
FlushInstructionCache
GlobalFindAtomA
GetStringTypeExA

user32

GetMenuStringW
LoadCursorFromFileA
ArrangeIconicWindows
IsMenu
InvalidateRgn
DefFrameProcA
LoadBitmapA
EnumDisplaySettingsExA
DestroyReasons
CharLowerW
LockWindowStation
RemovePropA
EnumDisplayMonitors
CreateIconFromResource
AlignRects
MenuWindowProcW
DdeAccessData
DdeQueryStringW

syssetup

SetupInfObjectInstallActionW
AsrCreateStateFileW
AsrRestorePlugPlayRegistryData
AsrAddSifEntryW
AsrAddSifEntryA
AsrCreateStateFileA
SetupSetDisplay
AsrFreeContext
SetupChangeFontSize

certcli

CAFreeCertTypeExtensions
CARemoveCACertificateType
CACountCAs
CAEnumCertTypesForCAEx
CAGetCAExpiration
CAOIDAdd
CAFindByCertType
CACreateCertType
GetProxyDllInfo
CAOIDGetProperty
CAGetCertTypeFlagsEx
CAOIDCreateNew
CACertTypeUnregisterQuery
CAGetCertTypePropertyEx
CACreateAutoEnrollmentObjectEx
CACertTypeRegisterQuery

Sections

.text
Size: 52KB - Virtual size: 52KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 76KB - Virtual size: 208KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 448B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

faea4d2632ff4dd7969c1e7f75cda023

Headers

DLL Characteristics

File Characteristics

Imports

t2embed

mmcbase

kernel32

user32

syssetup

certcli

Sections

.text Size: 52KB - Virtual size: 52KB

.rdata Size: 4KB - Virtual size: 3KB

.data Size: 76KB - Virtual size: 208KB

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 512B - Virtual size: 448B

.text
Size: 52KB - Virtual size: 52KB

.rdata
Size: 4KB - Virtual size: 3KB

.data
Size: 76KB - Virtual size: 208KB

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 512B - Virtual size: 448B