b68d653556ef143d3878d1c59334b3b6

Sharing

Copy URL Twitter E-mail

General

Target

b68d653556ef143d3878d1c59334b3b6
Size

857KB
MD5

b68d653556ef143d3878d1c59334b3b6
SHA1

0bfb0c48a877cfa4109f4612e29d4df63fc60f72
SHA256

39e077e5dc9faea4ffd3c70226af8d6e8f52511a6946dcae17417c64b0b32a5b
SHA512

08ca8ef686039520aeb00a0f7fff2816a25d8e40d5a2cd9760133838014eda505489b996a0328830c719b02e628b78d9946ec28f98aa97c706c802743601bf15
SSDEEP

24576:DoOc/quMr7w5NrgnXenHvzZ/u2H3vkweNAVwci4P0v:DL9lw5NUXetW2P2I0

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
b68d653556ef143d3878d1c59334b3b6

Files

b68d653556ef143d3878d1c59334b3b6
.exe windows:5 windows x86 arch:x86

efa84d4d4a81f3cf9d109dfd944dc652

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

ifsutil

?QueryVolumeName@MOUNT_POINT_MAP@@QAEEPAVWSTRING@@0@Z
?EnableVolumeCompression@IFS_SYSTEM@@SGEPBVWSTRING@@@Z
?FileSetAttributes@IFS_SYSTEM@@SGEPBVWSTRING@@KPAK@Z
?IsFrontEndPresent@AUTOREG@@SGEPBVWSTRING@@0@Z
?DoesIntersectSet@NUMBER_SET@@QBEEVBIG_INT@@0@Z
??0LOG_IO_DP_DRIVE@@QAE@XZ
?Remove@NUMBER_SET@@QAEEPBV1@@Z
?Initialize@DIGRAPH@@QAEEK@Z
?QueryMediaByte@DP_DRIVE@@QBEEXZ
?IsATformat@DP_DRIVE@@QBEEXZ
?DeleteEntry@AUTOREG@@SGEPBVWSTRING@@0@Z
?AddNext@NUMBER_SET@@QAEEVBIG_INT@@@Z
?QueryCanonicalNtDriveName@IFS_SYSTEM@@SGEPBVWSTRING@@PAV2@@Z
?QueryFileSystemName@IFS_SYSTEM@@SGEPBVWSTRING@@PAV2@PAJ1@Z
?QueryCompressedInteger@BIG_INT@@QBEXPAE0@Z
?GetMessageW@SUPERAREA@@QAEPAVMESSAGE@@XZ
?AddEdge@DIGRAPH@@QAEEKK@Z
?EnableVolumeUpgrade@IFS_SYSTEM@@SGEPBVWSTRING@@@Z
?Recover@VOL_LIODPDRV@@QAEEPBVWSTRING@@PAVMESSAGE@@@Z
?Initialize@SPARSE_SET@@QAEEXZ
?QueryNtfsTime@IFS_SYSTEM@@SGXPAT_LARGE_INTEGER@@@Z
?Initialize@LOG_IO_DP_DRIVE@@QAEEPBVWSTRING@@PAVMESSAGE@@EG@Z
??0SUPERAREA@@IAE@XZ
?IsArcSystemPartition@IFS_SYSTEM@@SGEPBVWSTRING@@PAE@Z

esent

JetBeginTransaction
JetGetTableInfo
JetOSSnapshotPrepare
JetCloseDatabase
JetGetLogInfoInstance2
JetCreateDatabase2
JetUnregisterCallback
JetResetSessionContext
JetSetColumnDefaultValue
JetTerm@4
JetGetDatabaseFileInfo
JetCloseFileInstance
JetEndSession
JetGetCursorInfo
JetRetrieveTaggedColumnList
JetGetDatabaseInfo
JetRenameTable
JetGetLogInfoInstance
JetAttachDatabase
JetEnableMultiInstance
JetIndexRecordCount
JetDetachDatabase
JetOpenFile
JetGetAttachInfo
JetGetCurrentIndex

uxtheme

GetThemeAppProperties
GetThemeIntList
SetThemeAppProperties
GetThemePosition
GetThemeColor
SetWindowTheme
GetThemeInt
GetThemeSysBool
GetThemeSysFont
EnableThemeDialogTexture
HitTestThemeBackground
GetThemeSysSize
GetThemeTextMetrics
GetThemeFilename
GetThemeRect
GetThemeBool
IsThemePartDefined
GetThemeTextExtent
GetThemeMetric
IsThemeBackgroundPartiallyTransparent

kernel32

FindResourceA
LCMapStringW
GetVersionExA
OpenWaitableTimerW
GlobalSize
LocalHandle
GetConsoleInputExeNameW
LoadLibraryA
GetEnvironmentStringsW
DeleteFileA
DeleteCriticalSection
SetComputerNameExA
QueryPerformanceFrequency
GlobalHandle
SetSystemTimeAdjustment
HeapCreate
GlobalMemoryStatus
CreateTapePartition
GetSystemWow64DirectoryA
FormatMessageA
VirtualAlloc

msisip

MsiSIPGetSignedDataMsg
MsiSIPIsMyTypeOfFile
MsiSIPRemoveSignedDataMsg
MsiSIPPutSignedDataMsg
MsiSIPVerifyIndirectData
MsiSIPCreateIndirectData

sqlunirl

_RegEnumKeyEx_@32
_GetMenuString_@20
_GetClassName_@12
_tsystem
_NDdeIsValidAppTopicList_@4
_LoadKeyboardLayout_@8
_FindExecutable_@12
_GetServiceKeyName_@16
_GetLogicalDriveStrings_@8
AllocConvertMultiSZNameToA
_GetDateFormat_@24
_SHGetPathFromIDList_@8
_GetServiceDisplayName_@16
_GetAtomName_@12
_GetShortPathName_@12
_RemoveDirectory_@4
_EnumDependentServices_@24

Sections

.text
Size: 748KB - Virtual size: 747KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 99KB - Virtual size: 99KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 5KB - Virtual size: 1.4MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

efa84d4d4a81f3cf9d109dfd944dc652

Headers

DLL Characteristics

File Characteristics

Imports

ifsutil

esent

uxtheme

kernel32

msisip

sqlunirl

Sections

.text Size: 748KB - Virtual size: 747KB

.rdata Size: 99KB - Virtual size: 99KB

.data Size: 5KB - Virtual size: 1.4MB

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 1KB - Virtual size: 1KB

.text
Size: 748KB - Virtual size: 747KB

.rdata
Size: 99KB - Virtual size: 99KB

.data
Size: 5KB - Virtual size: 1.4MB

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 1KB - Virtual size: 1KB