b92babec75124ebf4bbc4075fc2afcc4

Sharing

Copy URL

Twitter E-mail

General

Target

b92babec75124ebf4bbc4075fc2afcc4
Size

85KB
MD5

b92babec75124ebf4bbc4075fc2afcc4
SHA1

2ed3d571e341af0ecf17bae05c7256bcd35354ba
SHA256

4a96466a7701e4a62402ee853f31912e4525d988f106b906a538fff3ac6b5e19
SHA512

903c1a163a72292ee5f14e4b1010696fbefc8eec15b0a253f6377d92e483ca0eac810c64bfc731112d8dfe3dfb486c30b8e8ddd5d40051b557a98c98fb5d81f7
SSDEEP

1536:Dt/eYWjLk6/4vtbE0JPfR2Ul4La3J3L97oNRIXMdkn3JREtIOwr9ltKv86s+mY:pOEFvtR2USLiJ3L6NRBo5RECD3Y

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
b92babec75124ebf4bbc4075fc2afcc4

Files

b92babec75124ebf4bbc4075fc2afcc4
.exe windows:5 windows x86 arch:x86

4cad9552b3a6e9e9d870ef0f2cac771e

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetCurrentThreadId
OpenJobObjectA
GetVersionExA
TerminateThread
GetSystemTimeAsFileTime
UnregisterWaitEx
GetStartupInfoA
GetProcessHeaps
VirtualAlloc
MoveFileA
HeapAlloc
GetCurrentProcessId
HeapCreate
AddVectoredExceptionHandler
LoadLibraryA
QueryPerformanceCounter
GetCommTimeouts
BaseInitAppcompatCacheSupport
GetTickCount

expsrv

rtcInStr
__vbaOnError
rtcNPV
rtcCurrentDirBstr
__vbaVarEqv
__vbaMidStmtBstr
__vbaVarSetUnk
__vbaVarTextCmpLt
__vbaExceptHandler
__vbaStrVarCopy
__vbaVarCmpEq
_adj_fdiv_m32
__vbaVarInt
rtcSpaceVar
rtcInStrRev
rtcGetHostLCID
__vbaVarTstLt
__vbaFpCy
__vbaAryUnlock
__vbaUI1I2
__vbaNextEachCollObj
__vbaUI1Cy
__vbaCyForInit

cmutil

?GPPB@CIniW@@QBEHPBG0H@Z
GetOSVersion
?CIniA_DeleteEntryFromReg@CIniA@@IBEHPAUHKEY__@@PBD1@Z
??4CRandom@@QAEAAV0@ABV0@@Z
??1CIniA@@QAE@XZ
?SetEntry@CIniA@@QAEXPBD@Z
??0CRandom@@QAE@XZ
?DeInit@CmLogFile@@QAEJXZ
?Clear@CIniW@@QAEXXZ
?IsEnabled@CmLogFile@@QAEHXZ
?SetEntryFromIdx@CIniA@@QAEXK@Z
?OpenFile@CmLogFile@@AAEJXZ
IsLogonAsSystem
CmStrStrW

olecli32

LeObjectLong
PbCreateLinkFromClip
ErrReconnect
CheckNetDrive
OleRegisterClientDoc
LeChangeData
ErrActivate
OleUpdate
OleDelete
LeQueryProtocol
OleExecute

winmm

midiOutSetVolume
joyReleaseCapture
waveInGetErrorTextA
midiInPrepareHeader
mixerSetControlDetails
waveOutGetVolume
mciGetDriverData
joyGetDevCapsW
midiStreamOut
joyGetDevCapsA
mmioDescend
auxGetDevCapsW
mciGetDeviceIDFromElementIDA
midiOutGetNumDevs
midiOutMessage
mod32Message
joyGetThreshold

user32

MsgWaitForMultipleObjectsEx
DlgDirListComboBoxW
GetForegroundWindow
GetTaskmanWindow
SendNotifyMessageA
DialogBoxIndirectParamW
MapVirtualKeyExW
CreateIconIndirect
GetClipCursor
LoadImageW
CharPrevW

Sections

.text
Size: 34KB - Virtual size: 34KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 14KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 15KB - Virtual size: 67KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 20KB - Virtual size: 19KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 292B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

4cad9552b3a6e9e9d870ef0f2cac771e

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

expsrv

cmutil

olecli32

winmm

user32

Sections

.text Size: 34KB - Virtual size: 34KB

.rdata Size: 14KB - Virtual size: 13KB

.data Size: 15KB - Virtual size: 67KB

.rsrc Size: 20KB - Virtual size: 19KB

.reloc Size: 512B - Virtual size: 292B

.text
Size: 34KB - Virtual size: 34KB

.rdata
Size: 14KB - Virtual size: 13KB

.data
Size: 15KB - Virtual size: 67KB

.rsrc
Size: 20KB - Virtual size: 19KB

.reloc
Size: 512B - Virtual size: 292B