c231ad386b2ba43259e2fdf7b5473b84

Sharing

Copy URL Twitter E-mail

General

Target

c231ad386b2ba43259e2fdf7b5473b84
Size

369KB
MD5

c231ad386b2ba43259e2fdf7b5473b84
SHA1

d8513a16ccf1242b437fdd2482f42f21462ce50d
SHA256

77a260e309c6bee35bb96559987aa5c8bc2a97618d7c5c6ec0e14ba4f088e3a2
SHA512

8bb654fea8388a6bf9295cc5a0c662b2ea1a75be92f628ac464a5ce02ee854eeb04c154258ac2abe985efab39a56a0df32b4ce8ff807619598acd1b7a9faaea9
SSDEEP

6144:nnVZbGf3ToSV1AnWwMODahPECSsDQkOAzGEq6z11asSW7B4em2NEbqVzY/PnI:nsb/AW3ODahPEuw/uniWVdmnb8zY/PnI

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
c231ad386b2ba43259e2fdf7b5473b84

Files

c231ad386b2ba43259e2fdf7b5473b84
.exe windows:5 windows x86 arch:x86

14d615136e4968a5627e23b0bb86d096

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Imports

wintrust

CryptCATGetCatAttrInfo
mssip32DllRegisterServer
CryptCATAdminCalcHashFromFileHandle
SoftpubDefCertInit
OpenPersonalTrustDBDialog
CryptCATCDFEnumCatAttributes
WintrustAddDefaultForUsage
SoftpubLoadSignature
WVTAsn1SpcLinkEncode
WVTAsn1SpcSigInfoEncode
WTHelperGetFileName
WVTAsn1SpcSpOpusInfoDecode
CryptCATEnumerateAttr
SoftpubCleanup
WVTAsn1SpcIndirectDataContentEncode
IsCatalogFile
WVTAsn1SpcIndirectDataContentDecode
CryptCATPutAttrInfo
SoftpubLoadMessage
WinVerifyTrust
WTHelperGetFileHandle
WTHelperGetKnownUsages
mscat32DllUnregisterServer
CryptCATCatalogInfoFromContext
CryptCATAdminAcquireContext
CryptCATGetMemberInfo
CryptCATAdminReleaseCatalogContext
WVTAsn1SpcFinancialCriteriaInfoEncode
CryptSIPVerifyIndirectData
CryptCATPutMemberInfo
OfficeInitializePolicy
CryptCATCDFClose
SoftpubCheckCert
CryptSIPGetSignedDataMsg
WTHelperOpenKnownStores
CryptCATPersistStore
SoftpubFreeDefUsageCallData

user32

SetMenu
GetTaskmanWindow
PrivateExtractIconExA
DrawTextExA
ValidateRgn
GetClipboardSequenceNumber
RegisterClipboardFormatA
SetSystemMenu
LoadKeyboardLayoutEx
DeleteMenu
AttachThreadInput
GetInternalWindowPos
DlgDirSelectExW
ChildWindowFromPointEx
ClientToScreen
DdeKeepStringHandle
LockSetForegroundWindow
CharUpperW
ReasonCodeNeedsComment
LoadLocalFonts
GetAsyncKeyState
SendIMEMessageExW
ChangeDisplaySettingsW
DisplayExitWindowsWarnings
UpdateWindow
OpenDesktopW
DrawTextA
MapVirtualKeyA
DdeDisconnect
IsGUIThread
DragDetect
SetWindowContextHelpId
SetClipboardViewer

ntdll

RtlDosSearchPath_U
NtModifyBootEntry
_CIsqrt
NtOpenProcessToken
fabs
NtSetSystemPowerState
LdrFindResource_U
RtlDeleteElementGenericTableAvl
ZwSetBootEntryOrder
ZwQueryVirtualMemory
RtlAppendStringToString
RtlDebugPrintTimes
RtlDumpResource
iswdigit
ZwReleaseMutant
_aullshr
LdrShutdownProcess
NtDeleteKey
NtDeviceIoControlFile
__isascii
NtQueryMultipleValueKey
RtlUshortByteSwap
_splitpath
NtSetHighEventPair
NtLockProductActivationKeys
CsrCaptureMessageMultiUnicodeStringsInPlace
CsrClientConnectToServer
RtlLargeIntegerNegate
_strcmpi
ZwSetThreadExecutionState
RtlSizeHeap
ZwResumeProcess
RtlCopySidAndAttributesArray
RtlUnwind
ZwCompareTokens
RtlGetNtProductType
NtMapUserPhysicalPagesScatter
ZwSetInformationFile
RtlAreAllAccessesGranted
ZwSetEaFile
NtAdjustPrivilegesToken
RtlSelfRelativeToAbsoluteSD
RtlLargeIntegerAdd
PfxRemovePrefix
RtlCreateTimer
RtlLengthRequiredSid
RtlQueueWorkItem
RtlCreateBootStatusDataFile
ZwRemoveIoCompletion
RtlCompressBuffer
RtlLengthSecurityDescriptor
ZwWaitForKeyedEvent
RtlCaptureStackBackTrace
NtAcceptConnectPort
RtlGetCurrentPeb
RtlpNtSetValueKey
ispunct
RtlInitNlsTables
_ftol
memmove
RtlAppendUnicodeToString
NtReplyWaitReplyPort
RtlWriteRegistryValue
RtlIpv4StringToAddressA
NtSetDebugFilterState
RtlpNtEnumerateSubKey
RtlCopySid
RtlFirstFreeAce
RtlIpv6AddressToStringA
RtlAllocateAndInitializeSid
isupper
RtlMultiAppendUnicodeStringBuffer
ZwGetPlugPlayEvent
_memicmp
ZwCreateJobObject
RtlFreeUnicodeString
RtlGetControlSecurityDescriptor
RtlQueryProcessBackTraceInformation
RtlMoveMemory
RtlSetSaclSecurityDescriptor

odbc32

SQLDescribeParam
OpenODBCPerfData
CollectODBCPerfData
SQLCloseCursor
SQLProcedureColumns
SQLDataSources
SQLExecDirectW
SQLFreeStmt
CursorLibLockDesc
SQLGetInfoW
SQLGetConnectOptionA
PostODBCComponentError
ODBCGetTryWaitValue
SQLTablesA
SQLSetStmtAttr
SearchStatusCode
SQLAllocConnect
SQLColumnsW
SQLDataSourcesA
SQLNativeSqlW
SQLGetStmtAttrW
SQLGetDiagFieldW
SQLConnectA
SQLGetDescRecA
SQLGetConnectAttr
SQLColumnPrivileges
g_hHeapMalloc
SQLGetConnectAttrA
SQLSpecialColumnsA
SQLSetDescField
SQLFetchScroll
SQLGetConnectOptionW
SQLGetStmtAttrA

kernel32

_hread
LocalUnlock
GetConsoleAliasesA
DefineDosDeviceW
RegisterConsoleVDM
GetNumberFormatA
GetTapePosition
GetDateFormatA
Process32NextW
DosPathToSessionPathA
VerifyVersionInfoW
FindFirstFileA
SetCalendarInfoW
GetSystemTimeAdjustment
EnumSystemLocalesW
GlobalFlags
GetProfileSectionA
GlobalHandle
SetHandleContext
SetConsolePalette
SetComputerNameA
BackupWrite
lstrcatA
GetSystemTimeAsFileTime
lstrcpyA
GlobalGetAtomNameW
EscapeCommFunction
LoadLibraryExA
ConvertFiberToThread
QueryPerformanceFrequency
SetVolumeLabelW
LoadLibraryA
PrivMoveFileIdentityW
CreateNamedPipeW
VirtualAllocEx
GetSystemPowerStatus
FindResourceExA
VirtualAlloc
GetTimeZoneInformation
SetConsoleWindowInfo
GetComputerNameExA
TransmitCommChar
HeapLock
TransactNamedPipe

Sections

.text
Size: 139KB - Virtual size: 139KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 123KB - Virtual size: 123KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 70KB - Virtual size: 432KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 34KB - Virtual size: 34KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 1024B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

14d615136e4968a5627e23b0bb86d096

Headers

File Characteristics

Imports

wintrust

user32

ntdll

odbc32

kernel32

Sections

.text Size: 139KB - Virtual size: 139KB

.rdata Size: 123KB - Virtual size: 123KB

.data Size: 70KB - Virtual size: 432KB

.rsrc Size: 34KB - Virtual size: 34KB

.reloc Size: 1024B - Virtual size: 1024B

.text
Size: 139KB - Virtual size: 139KB

.rdata
Size: 123KB - Virtual size: 123KB

.data
Size: 70KB - Virtual size: 432KB

.rsrc
Size: 34KB - Virtual size: 34KB

.reloc
Size: 1024B - Virtual size: 1024B