b9fbdcca09708ee1a06051811034fc3e

Sharing

Copy URL Twitter E-mail

General

Target

b9fbdcca09708ee1a06051811034fc3e
Size

861KB
MD5

b9fbdcca09708ee1a06051811034fc3e
SHA1

3943f5d879fb048b29802048e973229ec699cbd2
SHA256

5c5e303a311ef6a3ff791795e1c578a62edfded7fc7e0f404e7b1cadc841d2a8
SHA512

4daa652c2b8fe4cc0d8ddc27e8adf5615eb8afd76a7d1ad47df4533adc581202cd715dc72cfa26d61a62bfd1eac26b7433f438aa559c4ffdd9536d97b718ddaa
SSDEEP

12288:ocxYkfjCBdnLrxUXRI7RF/v4880xOBev8RmntzftkvlRbpJky8kPmmUUHlMBwmkK:vRCBdb/v1xO40oV1krbkjOlMm9zqy

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
b9fbdcca09708ee1a06051811034fc3e

Files

b9fbdcca09708ee1a06051811034fc3e
.exe windows:5 windows x86 arch:x86

9e116fecc3328b65badd2a240e41eb15

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

activeds

ADsEncodeBinaryData
AllocADsMem
FreeADsMem
ConvertSecDescriptorToVariant
AllocADsStr
ADsGetLastError
ReallocADsMem
BinarySDToSecurityDescriptor
ADsBuildEnumerator
SecurityDescriptorToBinarySD
ADsEnumerateNext
ADsDecodeBinaryData
ADsOpenObject
AdsFreeAdsValues
ADsFreeEnumerator
ADsBuildVarArrayStr
ReallocADsStr
AdsTypeToPropVariant
AdsTypeToPropVariant2
FreeADsStr
ADsBuildVarArrayInt
PropVariantToAdsType2
ConvertSecurityDescriptorToSecDes
ADsSetLastError
ADsGetObject
DllGetClassObject

iphlpapi

NTTimeToNTPTime
GetIpErrorString
GetIpNetTable
InternalGetIpForwardTable
_PfCreateInterface@24
_PfUnBindInterface@4
GetIfEntry
DeleteIpNetEntry
InternalCreateIpNetEntry
InternalDeleteIpForwardEntry
GetUniDirectionalAdapterInfo
GetUdpStatistics
EnableRouter
GetBestRoute
GetBestInterface
register_icmp
SetIfEntry
IcmpSendEcho
IpRenewAddress
AllocateAndGetIpAddrTableFromStack
CreateIpForwardEntry
InternalSetIfEntry
GetTcpStatisticsEx
_PfRebindFilters@8
_PfMakeLog@4
GetInterfaceInfo
InternalDeleteIpNetEntry
_PfBindInterfaceToIndex@16
SetIpStatistics
InternalGetUdpTable
GetIpStatisticsEx
SetIpTTL
_PfRemoveFilterHandles@12
UnenableRouter
RestoreMediaSense
GetNumberOfInterfaces
InternalSetIpNetEntry
InternalGetTcpTable
_PfGetInterfaceStatistics@16
_PfDeleteInterface@4
GetAdaptersAddresses
_PfAddFiltersToInterface@24
DeleteIpForwardEntry
InternalSetTcpEntry
_PfBindInterfaceToIPAddress@12
GetPerAdapterInfo
GetIpAddrTable
NhGetInterfaceNameFromDeviceGuid
SendARP
_PfRemoveFiltersFromInterface@20
GetAdaptersInfo
GetUdpStatisticsEx
IcmpCloseHandle
SetAdapterIpAddress
NhpAllocateAndGetInterfaceInfoFromStack
NotifyRouteChange
GetIfTable
Icmp6SendEcho2
SetTcpEntry
GetTcpTable
GetRTTAndHopCount
do_echo_rep
GetNetworkParams
_PfRemoveGlobalFilterFromInterface@8
GetUdpTable
SetIpNetEntry
DisableMediaSense
GetIpForwardTable
GetIpStatistics
CreateIpNetEntry
GetFriendlyIfIndex
DeleteIPAddress
NhGetInterfaceNameFromGuid
FlushIpNetTable
GetTcpStatistics
do_echo_req

kernel32

SetConsolePalette
InvalidateConsoleDIBits
CreateSemaphoreW
CreateJobObjectW
GetCommandLineW
EnumTimeFormatsA
ScrollConsoleScreenBufferA
QueryDosDeviceW
DeleteFileA
CallNamedPipeW
RemoveDirectoryA
QueryPerformanceCounter
LoadLibraryA
RtlUnwind
CreateDirectoryExW
EnumTimeFormatsW
LoadResource
lstrcmp
GetNumberOfConsoleFonts
GlobalUnWire
GetUserGeoID
GetACP
GlobalAlloc
GetCurrentActCtx
FoldStringW
HeapWalk
SystemTimeToFileTime
FindFirstFileExW
CreateEventW
VirtualAlloc
SetConsoleOS2OemFormat
GetLocaleInfoW
AssignProcessToJobObject
CompareFileTime
IsBadWritePtr
FindResourceA
GetNumaProcessorNode
SetMailslotInfo
ExpandEnvironmentStringsA
AddLocalAlternateComputerNameW
OpenSemaphoreW
GetHandleInformation
GetOEMCP
GetAtomNameW
AllocateUserPhysicalPages
DeleteTimerQueue

ntdll

_allshl
NtResumeThread
LdrFindEntryForAddress
_memccpy
RtlPrefixString
ZwDebugActiveProcess
NtSetInformationKey
RtlAreAnyAccessesGranted
ZwCreatePagingFile
ZwWaitLowEventPair
isprint
iswdigit
RtlApplicationVerifierStop
ZwQueryInformationProcess
cos
RtlExtendedLargeIntegerDivide
ZwDisplayString
LdrProcessRelocationBlock
ZwSetBootOptions
LdrFindResourceEx_U
RtlLargeIntegerSubtract
strcat
ZwCreatePort
NtImpersonateClientOfPort
NtTranslateFilePath
RtlSystemTimeToLocalTime
ZwCreateProcessEx
NtOpenJobObject
RtlGetControlSecurityDescriptor
ZwDeleteFile
NtCreateProfile
NtSetValueKey
RtlGetUserInfoHeap
RtlPushFrame
ZwSetInformationProcess
NtListenPort
NtSetThreadExecutionState
RtlValidateProcessHeaps
NtClose
vDbgPrintEx
NtSetInformationDebugObject
ZwQueryDefaultLocale
ZwDeleteValueKey
RtlSetTimeZoneInformation

Sections

.text
Size: 382KB - Virtual size: 382KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 362KB - Virtual size: 362KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 113KB - Virtual size: 1.6MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 1024B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 1024B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

9e116fecc3328b65badd2a240e41eb15

Headers

DLL Characteristics

File Characteristics

Imports

activeds

iphlpapi

kernel32

ntdll

Sections

.text Size: 382KB - Virtual size: 382KB

.rdata Size: 362KB - Virtual size: 362KB

.data Size: 113KB - Virtual size: 1.6MB

.rsrc Size: 1024B - Virtual size: 1024B

.reloc Size: 1024B - Virtual size: 1024B

.text
Size: 382KB - Virtual size: 382KB

.rdata
Size: 362KB - Virtual size: 362KB

.data
Size: 113KB - Virtual size: 1.6MB

.rsrc
Size: 1024B - Virtual size: 1024B

.reloc
Size: 1024B - Virtual size: 1024B