bb01f45660ab8afd031a6c76ac81fae3

Sharing

Copy URL Twitter E-mail

General

Target

bb01f45660ab8afd031a6c76ac81fae3
Size

845KB
MD5

bb01f45660ab8afd031a6c76ac81fae3
SHA1

9e290861cbab8ad37e40841355a11af70a3009c7
SHA256

21a760e5834a98e59f17bbcc32c8a18d97a94d228fb11e346e7e51b68c6a8738
SHA512

9dd0c59704c024f2cacebfbb533c77d305649b8c9bab0cf33e0c7338362ff8bef0f8b5a8f9c31e7dc3fba443ad113cdc25659f35ce8f36f7731931a345e2375c
SSDEEP

24576:FmuXzLHrn2uy6xboidI2ikQXEipHTWSeJ:8ujLD2uy6xU92i/pHs

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
bb01f45660ab8afd031a6c76ac81fae3

Files

bb01f45660ab8afd031a6c76ac81fae3
.exe windows:5 windows x86 arch:x86

1d834ab28a025430bf0f54c66e3b4543

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

WriteProcessMemory
LocalFree
OpenMutexW
EndUpdateResourceA
HeapValidate
GetConsoleAliasExesA
FindFirstVolumeMountPointW
EnumSystemGeoID
LockFile
OpenWaitableTimerA
InterlockedFlushSList
GetPrivateProfileSectionNamesW
CompareStringA
LocalAlloc
ReadFileEx
DelayLoadFailureHook
GetSystemTimeAsFileTime
GetConsoleNlsMode
_lopen
PeekNamedPipe
LoadLibraryA
VirtualAlloc
SetCalendarInfoW
QueryDosDeviceW
WideCharToMultiByte
FillConsoleOutputCharacterW

ifsutil

??0LOG_IO_DP_DRIVE@@QAE@XZ
?Initialize@VOL_LIODPDRV@@IAEEPBVWSTRING@@0PAVSUPERAREA@@PAVMESSAGE@@E@Z
?IsEntryPresent@AUTOREG@@SGEPBVWSTRING@@@Z
?Read@SECRUN@@UAEEXZ
?IsATformat@DP_DRIVE@@QBEEXZ
??1DP_DRIVE@@UAE@XZ
?Initialize@READ_WRITE_CACHE@@QAEEPAVIO_DP_DRIVE@@K@Z
?QueryPageSize@IFS_SYSTEM@@SGKXZ
?Add@NUMBER_SET@@QAEEPBV1@@Z
??1INTSTACK@@UAE@XZ
?AddNext@NUMBER_SET@@QAEEVBIG_INT@@@Z
??0MOUNT_POINT_MAP@@QAE@XZ
?DosDriveNameToNtDriveName@IFS_SYSTEM@@SGEPBVWSTRING@@PAV2@@Z
?RemoveAll@SPARSE_SET@@QAEEXZ
?DumpHashTable@SPARSE_SET@@QAEXXZ
??1SECRUN@@UAE@XZ
??1SPARSE_SET@@UAE@XZ
?SendSonyMSInquiryCmd@DP_DRIVE@@QAEEPAUSONY_MS_INQUIRY_DATA@@@Z
?Add@NUMBER_SET@@QAEEVBIG_INT@@0@Z
?GetFirst@TLINK@@QAEPAXXZ
?IsFrontEndPresent@AUTOREG@@SGEPBVWSTRING@@0@Z
?Write@IO_DP_DRIVE@@QAEEVBIG_INT@@KPAX@Z
?Set@BIG_INT@@QAEXEPBE@Z
??1VOL_LIODPDRV@@UAE@XZ

cryptui

LocalEnroll
CryptUIFreeViewSignaturesPagesA
CryptUIGetViewSignaturesPagesW
CryptUIDlgFreeCAContext
CryptUIWizExport
CryptUIFreeCertificatePropertiesPagesA
CryptUIWizFreeCertRequestNoDS
CryptUIWizCertRequest
CryptUIDlgViewSignerInfoA
CryptUIDlgSelectCA
CryptUIDlgViewContext
CryptUIGetViewSignaturesPagesA
CryptUIDlgViewCTLA
WizardFree
CryptUIStartCertMgr
LocalEnrollNoDS
RetrievePKCS7FromCA
CryptUIDlgViewCTLW
CryptUIDlgSelectCertificateFromStore
CryptUIDlgViewCRLW
CryptUIDlgViewCertificateW
CryptUIGetCertificatePropertiesPagesA
CryptUIDlgViewCertificatePropertiesA
CryptUIFreeCertificatePropertiesPagesW
CryptUIWizImport

perfdisk

OpenDiskObject
CollectDiskObjectData
CloseDiskObject

Sections

.text
Size: 738KB - Virtual size: 738KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 99KB - Virtual size: 99KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 1.5MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 980B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

1d834ab28a025430bf0f54c66e3b4543

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

ifsutil

cryptui

perfdisk

Sections

.text Size: 738KB - Virtual size: 738KB

.rdata Size: 99KB - Virtual size: 99KB

.data Size: 4KB - Virtual size: 1.5MB

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 1024B - Virtual size: 980B

.text
Size: 738KB - Virtual size: 738KB

.rdata
Size: 99KB - Virtual size: 99KB

.data
Size: 4KB - Virtual size: 1.5MB

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 1024B - Virtual size: 980B