b7786e940c540ec2650a19735c9bd32d

Sharing

Copy URL

Twitter E-mail

General

Target

b7786e940c540ec2650a19735c9bd32d
Size

242KB
MD5

b7786e940c540ec2650a19735c9bd32d
SHA1

7124ea42094556de475204497d82f7c252e6cea0
SHA256

703bbb34d964b5aaa6557561075118edeae7b4536ba96b00e7f11a6294fa90a4
SHA512

05ef0a77090ae8c2b23c07c9e0c380ee8ff9864f870c8dcea50c1201c284b7793c9930af27836063b6c9bcaa1d3da214700f4f2562d3610a018700a637d461ce
SSDEEP

6144:dFB2fiDv6glRq2QtRwuQ7S4+QCDmDraBNHGU54dqhs/dHW:dFBDv6glJQ8S4+QCKDrINmUehd2

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
b7786e940c540ec2650a19735c9bd32d

Files

b7786e940c540ec2650a19735c9bd32d
.exe windows:5 windows x86 arch:x86

f3102c53bd74c83ba94e2d17174f7390

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

traffic

TcOpenInterfaceW
TcDeregisterClient
TcModifyFlow
TcEnumerateInterfaces
TcSetFlowW
TcSetInterface
TcAddFlow
TcQueryFlowA
TcGetFlowNameA
TcCloseInterface
TcOpenInterfaceA
TcQueryFlowW
TcQueryInterface
TcGetFlowNameW
TcRegisterClient
TcDeleteFlow
TcDeleteFilter
TcEnumerateFlows
TcAddFilter

mprapi

MprAdminMIBBufferFree
MprConfigInterfaceGetInfo
MprConfigGetFriendlyName
MprConfigTransportDelete
MprAdminIsDomainRasServer
MprConfigInterfaceTransportGetInfo
MprAdminDeviceEnum
RasPrivilegeAndCallBackNumber
MprConfigServerDisconnect
MprAdminServerGetCredentials
MprConfigServerConnect
MprConfigServerRestore
MprConfigInterfaceEnum
MprAdminUserClose
MprAdminInterfaceConnect
MprAdminMIBEntryGetFirst
MprConfigInterfaceTransportEnum
MprAdminInterfaceDeviceSetInfo
MprAdminInterfaceGetCredentials
MprConfigTransportCreate
MprInfoBlockFind
MprAdminInterfaceSetCredentialsEx

dbghelp

MiniDumpReadDumpStream
SymEnumerateSymbols64
ImageRvaToSection
SymLoadModule64
SymSetSearchPath
SymEnumSourceFiles
FindExecutableImageEx
SymUnloadModule64
SymGetLineFromName64
MapDebugInformation
omap
SymGetLineFromName
ImagehlpApiVersion
SearchTreeForFile
ExtensionApiVersion
SymEnumerateSymbolsW
UnDecorateSymbolName
SymGetLineFromAddr64
SymSetOptions
SymFromName
SymMatchString
MiniDumpWriteDump
SymGetTypeFromName
SymFromAddr
SymGetSymFromAddr64
SymGetLineNext
SymMatchFileName
MakeSureDirectoryPathExists

kernel32

ReadFileEx
GetConsoleTitleW
Module32FirstW
GetFileAttributesA
FlushConsoleInputBuffer
SetConsoleScreenBufferSize
LZRead
CreateJobObjectW
CompareFileTime
OpenFileMappingW
RegisterConsoleIME
GetStartupInfoW
DeleteTimerQueueEx
InterlockedExchange
SetProcessPriorityBoost
GlobalAlloc
GetConsoleHardwareState
GetLocalTime
GetProfileStringW
GetStartupInfoA
lstrcpynA
GlobalLock
CreateFileW
LoadLibraryW
GetModuleHandleW
GetVolumeInformationA
GetNumberOfConsoleFonts
AreFileApisANSI
OpenSemaphoreA
SetFileApisToOEM
GetFileSize

mfcsubs

??H@YG?AVCString@@DABV0@@Z
?SpanIncluding@CString@@QBE?AV1@PBG@Z
?Lock@CCriticalSection@@UAEHK@Z
?Format@CString@@QAAXIZZ
??4CString@@QAEABV0@PBE@Z
?InitHashTable@CMapStringToPtr@@QAEXIH@Z
??1CMapStringToPtr@@UAE@XZ
??1CCriticalSection@@UAE@XZ
??8@YG_NPBGABVCString@@@Z
?GetNextAssoc@CMapStringToPtr@@QBEXAAPAU__POSITION@@AAVCString@@AAPAX@Z
?AfxExtractSubString@@YGHAAVCString@@PBGHG@Z
?Collate@CString@@QBEHPBG@Z
??0CString@@QAE@PBG@Z
?SetAt@CString@@QAEXHG@Z
??0CMapStringToPtr@@QAE@H@Z
?IsEmpty@CString@@QBEHXZ
??O@YG_NPBGABVCString@@@Z
?TrimLeft@CString@@QAEXXZ
?data@CPlex@@QAEPAXXZ
?RemoveAt@CStringArray@@QAEXHH@Z
??0CObject@@IAE@XZ
?Append@CStringArray@@QAEHABV1@@Z
??ACStringArray@@QAEAAVCString@@H@Z
?UnlockBuffer@CString@@QAEXXZ
??YCString@@QAEABV0@PBG@Z
??H@YG?AVCString@@ABV0@PBG@Z
?Mid@CString@@QBE?AV1@H@Z
?GetStartPosition@CMapStringToPtr@@QBEPAU__POSITION@@XZ

wldap32

ber_free
ber_bvfree
ldap_extended_operation_sW
ldap_delete_sA
ldap_control_free
ldap_simple_bindW
ldap_parse_sort_controlA
ldap_free_controlsW
ldap_get_values_lenW
LdapUnicodeToUTF8
ldap_simple_bind_s
ldap_count_valuesA
ldap_delete_ext_sW
ldap_search_st
ldap_parse_resultW
ldap_parse_result
ldap_initA
ldap_parse_sort_controlW
ldap_modrdn_sA
ldap_escape_filter_elementA
ldap_dn2ufnW
ldap_value_free
ldap_get_option
ldap_err2string

hhsetup

?AddLocation@CCollection@@QAEPAVCLocation@@PBG000PAK@Z
??4CLocation@@QAEAAV0@ABV0@@Z
?AddRef@CCollection@@QAEXXZ
?HandleCollectionEntry@CCollection@@AAEKPAVCParseXML@@PAD@Z
?GetVolume@CLocation@@QAEPADXZ
?DeleteFolder@CCollection@@QAEKPAVCFolder@@@Z
?SetId@CLocation@@QAEXPBG@Z
?Open@CCollection@@QAEKPBG@Z
??0CPointerList@@QAE@XZ
?GetRefTitleCount@CCollection@@QAEKXZ
?GetColNo@CCollection@@QAEKXZ
?DeleteChildren@CCollection@@AAEXPAPAVCFolder@@@Z
?SetPath@CLocation@@QAEXPBD@Z
?GetTail@CFIFOString@@QAEKPAPAD@Z
?AllocCopyValue@CCollection@@AAEKPAVCParseXML@@PADPAPAD@Z
?MergeKeywords@CCollection@@QAEHPAD@Z
?GetTitleW@CFolder@@QAEPBGXZ
?SetId@CTitle@@QAEXPBD@Z
??4CCollection@@QAEAAV0@ABV0@@Z
?SetOrder@CFolder@@QAEXK@Z
?GetSampleLocationW@CCollection@@QAEPBGXZ
?Add@CPointerList@@QAEPAUListItem@@PAX@Z
??4CFIFOString@@QAEAAV0@ABV0@@Z
?HandleFolder@CCollection@@AAEKPAVCParseXML@@PAD@Z
?SetTitle@CFolder@@QAEXPBD@Z
?Save@CCollection@@QAEKXZ
?bIsVisable@CFolder@@QAEHXZ
?AddLocationHistory@CTitle@@QAEKKPBG00PBVCLocation@@00H@Z

Sections

.text
Size: 164KB - Virtual size: 164KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 9KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 65KB - Virtual size: 64KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

f3102c53bd74c83ba94e2d17174f7390

Headers

File Characteristics

Imports

traffic

mprapi

dbghelp

kernel32

mfcsubs

wldap32

hhsetup

Sections

.text Size: 164KB - Virtual size: 164KB

.rdata Size: 9KB - Virtual size: 8KB

.data Size: 65KB - Virtual size: 64KB

.rsrc Size: 1KB - Virtual size: 1KB

.text
Size: 164KB - Virtual size: 164KB

.rdata
Size: 9KB - Virtual size: 8KB

.data
Size: 65KB - Virtual size: 64KB

.rsrc
Size: 1KB - Virtual size: 1KB