bb17a00e90a0884c700358314d80a8f6

Sharing

Copy URL

Twitter E-mail

General

Target

bb17a00e90a0884c700358314d80a8f6
Size

50KB
MD5

bb17a00e90a0884c700358314d80a8f6
SHA1

8ead47b7c24111b361a6ae5f33a1f9d1ab90c0b5
SHA256

5bff9705160eedbc6ef652afbaa21674c29e551a6ccf45813e1b5eb5ff01a38e
SHA512

2e90a692ef9f9dbdaeb84dfefe0c2980c2950627758798f7da79e57f3e2c302bcd33847224f15542225ef7a781f20a48cc54bfc582a06178a90ce3834d3368de
SSDEEP

1536:/ekJSaU2XOrB5ZGE6BtF/cKBWHh1NeKR05A:GkJHU2XOrfWNcE65

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
bb17a00e90a0884c700358314d80a8f6

Files

bb17a00e90a0884c700358314d80a8f6
.exe windows:4 windows x86 arch:x86

5e3832311cd3b826c72f0a51830fcab6

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

advapi32

InitializeSecurityDescriptor
SetSecurityDescriptorGroup
RegEnumKeyExW
RegCreateKeyExW
IsValidSecurityDescriptor
GetPrivateObjectSecurity
MapGenericMask
RegSetValueExW
GetSecurityDescriptorDacl
SetSecurityDescriptorOwner
RegOpenKeyExW
FreeSid
SetSecurityDescriptorDacl
InitializeAcl
RegCloseKey
GetSecurityDescriptorLength
RegDeleteKeyW
SetPrivateObjectSecurity
GetTokenInformation
OpenProcessToken
CreatePrivateObjectSecurityEx
AddAce
AllocateAndInitializeSid
MakeSelfRelativeSD
GetLengthSid
GetAce
DestroyPrivateObjectSecurity

dhcpcsvc

DhcpEnumClasses

ntdll

NtAddAtom

ntmsapi

SetNtmsRequestOrder
CreateNtmsMediaPoolW
CancelNtmsOperatorRequest
ReleaseNtmsCleanerSlot
EnableNtmsObject
MountNtmsMedia
DeleteNtmsLibrary
CleanNtmsDrive
CloseNtmsSession
GetNtmsObjectSecurity
GetNtmsObjectInformationW
DismountNtmsDrive
MoveToNtmsMediaPool
SetNtmsObjectInformationW
DisableNtmsObject
DeleteNtmsMediaPool
OpenNtmsSessionW
GetNtmsRequestOrder
CloseNtmsNotification
InjectNtmsMedia
CancelNtmsLibraryRequest
GetNtmsMediaPoolNameW
SetNtmsObjectSecurity
SatisfyNtmsOperatorRequest
DoEjectFromSADriveW
GetVolumesFromDriveW
EjectNtmsCleaner
WaitForNtmsNotification
SetNtmsDeviceChangeDetection
EjectNtmsMedia
DeleteNtmsRequests
DeallocateNtmsMedia
DeleteNtmsMedia
DeleteNtmsDrive
AccessNtmsLibraryDoor
InventoryNtmsLibrary
InjectNtmsCleaner
ReserveNtmsCleanerSlot
DeleteNtmsMediaType
EnumerateNtmsObject
OpenNtmsNotification
AddNtmsMediaType
DismountNtmsMedia

user32

GetWindowRect
IsWindow
OpenClipboard
CallNextHookEx
LoadBitmapW
GetParent
PostMessageW
GetDlgItem
EnableWindow
GetSystemMetrics
SetWindowsHookExW
ShowWindow
EmptyClipboard
RegisterClipboardFormatW
GetCursorPos
DestroyWindow
MessageBeep
SendMessageW
UnhookWindowsHookEx
LoadStringW
WinHelpW
CloseClipboard
ScreenToClient
GetClipboardData
LoadIconW
DestroyIcon

gdi32

DeleteObject

ole32

CoTaskMemFree
StringFromCLSID
CreateStreamOnHGlobal
CoTaskMemAlloc
ReleaseStgMedium
CoUninitialize
CoCreateInstance
CoInitializeEx

msvcrt

__RTDynamicCast
wcscmp
_purecall
_initterm
_wcsdup
_except_handler3
malloc
wcsncmp
_wtoi
_beginthreadex
free
_adjust_fdiv
wcslen
__CxxFrameHandler
wcscpy
wcsncpy
_wcsicmp
_onexit
__dllonexit

kernel32

GetCommandLineW
GetTickCount
lstrcpynW
GetModuleHandleA
LocalAlloc
IsBadReadPtr
SetLastError
SetEvent
SetUnhandledExceptionFilter
GlobalFree
GetModuleFileNameW
InterlockedDecrement
ExpandEnvironmentStringsW
CreateThread
GetLastError
TerminateProcess
SystemTimeToFileTime
FreeLibrary
lstrlenW
lstrcmpW
CloseHandle
GetTimeZoneInformation
GlobalUnlock
GetWindowsDirectoryW
LocalFree
ExitThread
SystemTimeToTzSpecificLocalTime
GetSystemTimeAsFileTime
GlobalAlloc
FormatMessageW
Sleep
LoadLibraryA
GetCurrentProcessId
WaitForSingleObject
GetDateFormatW
GetFileAttributesW
EnterCriticalSection
QueryPerformanceCounter
SetThreadPriority
OutputDebugStringA
InitializeCriticalSection
UnhandledExceptionFilter
GetCurrentThreadId
GetVersion
GetTimeFormatW
VirtualAlloc
DeleteCriticalSection
LeaveCriticalSection
GetModuleHandleW
InterlockedIncrement
lstrcpyW
GetCurrentProcess
GetVersionExW
LoadLibraryW
GetProcAddress
CreateEventW
lstrcmpiW
GetComputerNameW

Sections

.textbss
Size: - Virtual size: 1.3MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.text
Size: 512B - Virtual size: 420B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 512B - Virtual size: 32B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.idata
Size: 48KB - Virtual size: 47KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 512B - Virtual size: 448B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

5e3832311cd3b826c72f0a51830fcab6

Headers

File Characteristics

Imports

advapi32

dhcpcsvc

ntdll

ntmsapi

user32

gdi32

ole32

msvcrt

kernel32

Sections

.textbss Size: - Virtual size: 1.3MB

.text Size: 512B - Virtual size: 420B

.rdata Size: 512B - Virtual size: 32B

.idata Size: 48KB - Virtual size: 47KB

.data Size: 512B - Virtual size: 448B

.textbss
Size: - Virtual size: 1.3MB

.text
Size: 512B - Virtual size: 420B

.rdata
Size: 512B - Virtual size: 32B

.idata
Size: 48KB - Virtual size: 47KB

.data
Size: 512B - Virtual size: 448B