02905cfa1fdcf6bb316a90914b0390f2d2ca018ac7ee623ad828593c61cc92d9

Sharing

Copy URL Twitter E-mail

General

Target

02905cfa1fdcf6bb316a90914b0390f2d2ca018ac7ee623ad828593c61cc92d9
Size

53KB
MD5

b367f3db7f92123c8a7cb17d9ad1a7fe
SHA1

0dc7c15d7b6bb79c01bb8e60933e4379c6005471
SHA256

02905cfa1fdcf6bb316a90914b0390f2d2ca018ac7ee623ad828593c61cc92d9
SHA512

49f9eb9a95ce404594a04324a9b7db4981af384450fd8e11932f32c594bfd23c97853ab69fd73666f486057f97a9bc5d9f5ac59cf3eb5f1fc5a358bf5be1d911
SSDEEP

1536:OsvAQ+KTWqWLIeuFLWsvK9+Dx9lLTPLKz:OsYQ1TWqCIeuTy+DxnfK

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
02905cfa1fdcf6bb316a90914b0390f2d2ca018ac7ee623ad828593c61cc92d9

Files

02905cfa1fdcf6bb316a90914b0390f2d2ca018ac7ee623ad828593c61cc92d9
.exe windows:5 windows x86 arch:x86

769c922b455fd8858d4ee0302fc03ed6

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

FoldStringW
GetACP
GetCurrentConsoleFont
IsValidCodePage
GetThreadTimes
SetConsoleOS2OemFormat
LoadLibraryA
GetFileTime
VDMOperationStarted
BaseUpdateAppcompatCache
GetTempFileNameA
LocalAlloc
CancelIo
EnumSystemLocalesW
SetFileTime
GetCurrentThread
EnumResourceNamesA
FindFirstVolumeMountPointW
SetConsoleLocalEUDC
VirtualAlloc
ReadConsoleA
DeleteVolumeMountPointA
SetConsoleCursorInfo
SetHandleCount
SetMailslotInfo
GetCurrentProcess
ScrollConsoleScreenBufferW
GetConsoleDisplayMode
FindActCtxSectionStringA
GetCommMask
NlsGetCacheUpdateCount
GetConsoleFontInfo
GetProcessId
SetFirmwareEnvironmentVariableA
GetComputerNameW
WriteProfileStringW
GetPrivateProfileIntW

oleacc

LresultFromObject
WindowFromAccessibleObject
AccessibleObjectFromPoint
GetRoleTextW
GetOleaccVersionInfo
AccessibleObjectFromEvent
GetRoleTextA
AccessibleObjectFromWindow
IID_IAccessible
CreateStdAccessibleObject
GetStateTextA
CreateStdAccessibleProxyW
AccessibleChildren
LIBID_Accessibility
ObjectFromLresult
GetStateTextW
IID_IAccessibleHandler
CreateStdAccessibleProxyA

ntdll

RtlQueryProcessLockInformation
NtSetQuotaInformationFile
NtWaitForDebugEvent
RtlConvertUiListToApiList
NtDelayExecution
RtlLeaveCriticalSection
NtSetSystemEnvironmentValueEx
ZwSetUuidSeed
RtlRandomEx
NtGetPlugPlayEvent
ZwNotifyChangeMultipleKeys
RtlDeNormalizeProcessParams
NtQueryTimer
ZwSetInformationObject
NtCreateSymbolicLinkObject
ZwOpenThreadTokenEx
ZwMakePermanentObject
NtCreateProcess
_itoa
RtlAppendPathElement
ZwSetEvent
ZwRemoveIoCompletion
RtlSubtreePredecessor
RtlDestroyProcessParameters
ZwConnectPort
RtlFlushSecureMemoryCache
RtlPrefixString
ZwWaitForKeyedEvent
ZwAccessCheckByTypeResultListAndAuditAlarmByHandle
_ltoa

winsta

ServerLicensingClose
ServerLicensingGetPolicy
WinStationSendMessageW
WinStationNameFromLogonIdW
WinStationGetProcessSid
WinStationGenerateLicense
ServerLicensingGetAvailablePolicyIds
WinStationSendMessageA
_WinStationCheckForApplicationName
WinStationBroadcastSystemMessage
ServerLicensingOpenA
WinStationRegisterConsoleNotification
WinStationRemoveLicense
WinStationQueryInformationA
WinStationQueryUpdateRequired
WinStationSetPoolCount
_WinStationNotifyNewSession
WinStationQueryLicense
_WinStationNotifyDisconnectPipe
ServerQueryInetConnectorInformationA
WinStationSetInformationA
ServerQueryInetConnectorInformationW
WinStationSetInformationW
_WinStationNotifyLogoff
WinStationFreeGAPMemory
WinStationSendWindowMessage
_NWLogonQueryAdmin

vssapi

?Unsubscribe@CVssWriter@@QAGJXZ
?OnThawEnd@CVssJetWriter@@UAG_N_N@Z
?OnVSSShutdown@CVssWriter@@UAG_NXZ
?OnFreezeEnd@CVssJetWriter@@UAG_N_N@Z
?OnPrepareSnapshotBegin@CVssJetWriter@@UAG_NXZ
?OnBackupCompleteBegin@CVssJetWriter@@UAG_NPAVIVssWriterComponents@@@Z
?OnPostRestore@CVssWriter@@UAG_NPAVIVssWriterComponents@@@Z
?OnContinueIOOnVolume@CVssWriter@@UAG_NPAGU_GUID@@1@Z
VssFreeSnapshotProperties
IsVolumeSnapshotted
?OnAbortBegin@CVssJetWriter@@UAGXXZ
?GetCurrentVolumeArray@CVssWriter@@IBGPAPBGXZ
?IsPathAffected@CVssWriter@@IBG_NPBG@Z
?GetCurrentVolumeCount@CVssWriter@@IBGIXZ
?OnPostRestoreBegin@CVssJetWriter@@UAG_NPAVIVssWriterComponents@@@Z
?OnPrepareSnapshotEnd@CVssJetWriter@@UAG_N_N@Z
?OnPreRestoreBegin@CVssJetWriter@@UAG_NPAVIVssWriterComponents@@@Z
?Subscribe@CVssWriter@@QAGJK@Z
?AreComponentsSelected@CVssWriter@@IBG_NXZ
?OnVSSApplicationStartup@CVssWriter@@UAG_NXZ
?IsPartialFileSupportEnabled@CVssWriter@@IBG_NXZ
?GetBackupType@CVssWriter@@IBG?AW4_VSS_BACKUP_TYPE@@XZ
?GetCurrentLevel@CVssWriter@@IBG?AW4_VSS_APPLICATION_LEVEL@@XZ
?OnAbortEnd@CVssJetWriter@@UAGXXZ
?OnPostRestoreEnd@CVssJetWriter@@UAG_NPAVIVssWriterComponents@@_N@Z

Sections

.text
Size: 41KB - Virtual size: 41KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 596B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

769c922b455fd8858d4ee0302fc03ed6

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

oleacc

ntdll

winsta

vssapi

Sections

.text Size: 41KB - Virtual size: 41KB

.rdata Size: 8KB - Virtual size: 7KB

.data Size: 1024B - Virtual size: 596B

.rsrc Size: 2KB - Virtual size: 1KB

.text
Size: 41KB - Virtual size: 41KB

.rdata
Size: 8KB - Virtual size: 7KB

.data
Size: 1024B - Virtual size: 596B

.rsrc
Size: 2KB - Virtual size: 1KB