b73a0a7ad2c0771b1e2a7a1d1f37b865

Sharing

Copy URL Twitter E-mail

General

Target

b73a0a7ad2c0771b1e2a7a1d1f37b865
Size

83KB
MD5

b73a0a7ad2c0771b1e2a7a1d1f37b865
SHA1

33863b31e5a604e79b1de749eda7f81068c7f69e
SHA256

e8baa7222034c7dee1ed4e40e2af61666146425ea43ea73acafcb988b3edda3c
SHA512

322ad1a410e8a1f4e49f688ba4d1c8c88870e5f068ca8d97736ae22f766fa95f6ff970540f73dd21dec1b43277a7ac01a848722c0ff3557ccb45b3ce1ed235bb
SSDEEP

1536:sndmz8URZrlyQxY0ZqphL8DviKyuxgFVsvOsmaLLht24kmxaUV4xBcMFY:sULyQxmL82KyOg/yZC4hxlANFY

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
b73a0a7ad2c0771b1e2a7a1d1f37b865

Files

b73a0a7ad2c0771b1e2a7a1d1f37b865
.exe windows:5 windows x86 arch:x86

3d1fe0b66b2a345f968049f0672bdbaf

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetCompressedFileSizeA
HeapCreate
GetCurrentThreadId
GetStartupInfoW
CreatePipe
GetCurrentProcessId
GetComputerNameW
GetStartupInfoA
QueryPerformanceCounter
RemoveDirectoryA
GetDateFormatA
GetTickCount
FindResourceExA
RestoreLastError
VerLanguageNameW
GetPrivateProfileStructW
SetConsolePalette
GetConsoleAliasExesW
GetSystemTimeAsFileTime
DisableThreadLibraryCalls
InitializeSListHead
LoadLibraryA
EnumerateLocalComputerNamesA
GetBinaryTypeA
RtlMoveMemory
DebugBreak
GlobalGetAtomNameW
VirtualAlloc
UpdateResourceA
BaseInitAppcompatCacheSupport
GetLastError
CreateIoCompletionPort

expsrv

__vbaLenBstrB
rtcEnvironVar
rtcAtn
__vbaForEachAry
__vbaResume
__vbaLateMemStAd
rtcR8ValFromBstr
__vbaExitProc
__vbaCyI2
Zombie_GetTypeInfoCount
__vbaCySub
__vbaStrErrVarCopy
__vbaEnd
__vbaVarIndexLoadRefLock
_adj_fdivr_m64
__vbaVarXor
__vbaFreeObjList
__vbaUI1ErrVar
rtcFV
CreateIExprSrvObj
__vbaI4Var
rtcGetPresentDate
rtcImmediateIf
__vbaMidStmtBstrB
_adj_fdiv_m64
__vbaVarCmpGe
rtcSetCurrentCalendar
__vbaVarTextCmpGt

msvcrt20

gets
??1streambuf@@UAE@XZ
??_Estdiostream@@UAEPAXI@Z
_wunlink
?unlock@streambuf@@QAEXXZ
?cin@@3Vistream_withassign@@A
??6ostream@@QAEAAV0@PAVstreambuf@@@Z
?get@istream@@QAEAAV1@PADHD@Z
??0ofstream@@QAE@ABV0@@Z
?ebuf@streambuf@@IBEPADXZ
_ftol
tmpfile
?rdbuf@ostrstream@@QBEPAVstrstreambuf@@XZ
_rotl
__p__wenviron
exp
??5istream@@QAEAAV0@AAJ@Z
??_8stdiostream@@7Bostream@@@
strlen
memcpy

w32topl

ToplListNumberOfElements
ToplGraphAddVertex
ToplSTHeapExtractMin
ToplIterAdvance
ToplFree
ToplEdgeSetVtx
ToplGraphCreate
ToplScheduleCacheDestroy
ToplVertexNumberOfInEdges
ToplGetSpanningTreeEdgesForVtx
ToplMakeGraphState
ToplScheduleExportReadonly
ToplVertexGetParent
ToplListRemoveElem
ToplHeapIsElementOf

Sections

.text
Size: 33KB - Virtual size: 33KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 12KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 16KB - Virtual size: 29KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 19KB - Virtual size: 19KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 248B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

3d1fe0b66b2a345f968049f0672bdbaf

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

expsrv

msvcrt20

w32topl

Sections

.text Size: 33KB - Virtual size: 33KB

.rdata Size: 12KB - Virtual size: 11KB

.data Size: 16KB - Virtual size: 29KB

.rsrc Size: 19KB - Virtual size: 19KB

.reloc Size: 512B - Virtual size: 248B

.text
Size: 33KB - Virtual size: 33KB

.rdata
Size: 12KB - Virtual size: 11KB

.data
Size: 16KB - Virtual size: 29KB

.rsrc
Size: 19KB - Virtual size: 19KB

.reloc
Size: 512B - Virtual size: 248B