b55960b6e2b12ae3c467977d49dc10b7

Sharing

Copy URL

Twitter E-mail

General

Target

b55960b6e2b12ae3c467977d49dc10b7
Size

180KB
MD5

b55960b6e2b12ae3c467977d49dc10b7
SHA1

a932cf610c9795c5a951cc98fcfe5ee17adfb285
SHA256

c06409e0c6810494f108d9a1c9f27c651dfc777d377f66d4d70a70542cedeec6
SHA512

73c265bfe464142ff44e502b94cd919409d36da42286bd1d3e9aad6e9e47ba31efa3183fc4b7f3df0e0322179006c01f92b37f15faf42451616b81ba95dcd059
SSDEEP

3072:Ver2cyzAJV/ocnEvLPCd9qPf21JQ2BfcUtl5xUNxCzdxqTMI:Vu2DzAnwcOqd9ee1dRwT

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
b55960b6e2b12ae3c467977d49dc10b7

Files

b55960b6e2b12ae3c467977d49dc10b7
.exe windows:4 windows x86 arch:x86

e0404d97f192e644641d25e96fccdcda

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

PDB Paths

C:\Dur\Hyd.pdb

Imports

dbghelp

MiniDumpWriteDump

wintrust

WinVerifyTrust

rasapi32

RasGetConnectStatusW
RasEnumConnectionsW
RasHangUpW

tapi32

lineShutdown
lineTranslateAddressW
lineRedirectW
lineTranslateDialogW
lineInitializeExW

kernel32

FreeEnvironmentStringsW
SetEnvironmentVariableA
CompareStringW
CompareStringA
GetLocaleInfoW
HeapSize
SetConsoleCtrlHandler
LCMapStringW
LCMapStringA
GetSystemTimeAsFileTime
GetCurrentProcessId
GetTickCount
GetTimeZoneInformation
GetSystemInfo
QueryPerformanceCounter
CreateFileW
GetWindowsDirectoryW
GetSystemTime
OpenProcess
GetVersionExW
GetModuleHandleW
GetDateFormatW
SizeofResource
DeviceIoControl
WaitForSingleObject
LoadLibraryW
WriteConsoleW
CloseHandle
CreatePipe
RtlUnwind
GetModuleHandleA
GetStartupInfoW
GetVersionExA
TlsAlloc
SetLastError
GetCurrentThreadId
GetLastError
GetCurrentThread
TlsFree
TlsSetValue
TlsGetValue
GetProcAddress
ExitProcess
TerminateProcess
GetCurrentProcess
WriteFile
GetStdHandle
GetModuleFileNameA
UnhandledExceptionFilter
GetModuleFileNameW
FreeEnvironmentStringsA
MultiByteToWideChar
GetEnvironmentStrings
GetEnvironmentStringsW
GetCommandLineA
GetCommandLineW
SetHandleCount
GetFileType
GetStartupInfoA
DeleteCriticalSection
HeapDestroy
HeapCreate
VirtualFree
HeapFree
GetStringTypeA
GetStringTypeW
GetTimeFormatA
GetDateFormatA
GetCPInfo
LeaveCriticalSection
FatalAppExitA
EnterCriticalSection
HeapAlloc
GetUserDefaultLCID
GetLocaleInfoA
EnumSystemLocalesA
IsValidLocale
IsValidCodePage
GetACP
GetOEMCP
SetUnhandledExceptionFilter
IsBadReadPtr
IsBadWritePtr
IsBadCodePtr
LoadLibraryA
InitializeCriticalSection
VirtualAlloc
HeapReAlloc
InterlockedExchange
VirtualQuery
WideCharToMultiByte
VirtualProtect

Sections

.text
Size: 64KB - Virtual size: 61KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 60KB - Virtual size: 57KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 48KB - Virtual size: 635KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

e0404d97f192e644641d25e96fccdcda

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

dbghelp

wintrust

rasapi32

tapi32

kernel32

Sections

.text Size: 64KB - Virtual size: 61KB

.rdata Size: 60KB - Virtual size: 57KB

.data Size: 48KB - Virtual size: 635KB

.rsrc Size: 4KB - Virtual size: 1KB

.text
Size: 64KB - Virtual size: 61KB

.rdata
Size: 60KB - Virtual size: 57KB

.data
Size: 48KB - Virtual size: 635KB

.rsrc
Size: 4KB - Virtual size: 1KB