c28c470251c35861462d734b9ecbc458

Sharing

Copy URL

Twitter E-mail

General

Target

c28c470251c35861462d734b9ecbc458
Size

60KB
MD5

c28c470251c35861462d734b9ecbc458
SHA1

0da46885cf6809ef9f50f49ab28aff1eee0af8d6
SHA256

1ecf3eb3322c82702f0a6e3482468c894ab215d2a899a4cd4f4bafb7b69723cc
SHA512

e6fad3b67d96eadc23ab27c8131caf0799146124a316e0f5d4147be0c20c79d6d31a84b4fba0c9fe4fd744c1fd132ed683e06018db7508789db1181b48b3ca12
SSDEEP

1536:D1DcVPqIp8gJpUfg7erQAZziWNjGq6s93kQ83z35t8Hf:xDcsgJ+fg7e1ziWNjGgL8DW

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
c28c470251c35861462d734b9ecbc458

Files

c28c470251c35861462d734b9ecbc458
.exe windows:5 windows x86 arch:x86

3583466d86275038baed7c36fdf327bc

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

ifsutil

?QueryMemberCount@TLINK@@QBEGXZ
?Initialize@SECRUN@@QAEEPAVMEM@@PAVIO_DP_DRIVE@@VBIG_INT@@K@Z
?EnableVolumeCompression@IFS_SYSTEM@@SGEPBVWSTRING@@@Z
?CheckAndAdd@NUMBER_SET@@QAEEVBIG_INT@@PAE@Z
?Verify@IO_DP_DRIVE@@QAEEVBIG_INT@@0@Z
?AddNext@NUMBER_SET@@QAEEVBIG_INT@@@Z
?AddVolumeName@MOUNT_POINT_MAP@@QAEEPAVWSTRING@@0@Z
?GetData@TLINK@@QAEAAVBIG_INT@@PAX@Z
?QueryMediaByte@DP_DRIVE@@QBEEXZ
?Add@NUMBER_SET@@QAEEVBIG_INT@@@Z
?RestoreThreadExecutionState@@YGXJK@Z
?QueryParents@DIGRAPH@@QBEEKPAVNUMBER_SET@@@Z
?GetMessageW@IO_DP_DRIVE@@QAEPAVMESSAGE@@XZ
?SendSonyMSTestUnitReadyCmd@DP_DRIVE@@QAEEPAU_SENSE_DATA@@@Z
?QueryDriveHandle@DP_DRIVE@@QBEPAXXZ
?DosDriveNameToNtDriveName@IFS_SYSTEM@@SGEPBVWSTRING@@PAV2@@Z
?QueryCompressedInteger@BIG_INT@@QBEXPAE0@Z
?PushEntry@AUTOREG@@SGEPBVWSTRING@@@Z
?AddStart@NUMBER_SET@@QAEEVBIG_INT@@@Z
?Initialize@SPARSE_SET@@QAEEXZ
?GetData@TLINK@@QAEAAVBIG_INT@@G@Z
?DismountVolume@IFS_SYSTEM@@SGEPBVWSTRING@@@Z
?QueryNtfsSupportInfo@DP_DRIVE@@SGJPAXPAE@Z
??1SPARSE_SET@@UAE@XZ
?GetCannedSecurityDescriptor@CANNED_SECURITY@@QAEPAXW4_CANNED_SECURITY_TYPE@@PAK@Z
?SendSonyMSModeSenseCmd@DP_DRIVE@@QAEEPAUSONY_MS_MODE_SENSE_DATA@@@Z

query

?ReleaseRead@CPropertyStore@@AAEXAAVCReadWriteLockRecord@@@Z
?IsCatalogInactive@CCatalogAdmin@@QAEHXZ
?SkipDouble@CMemDeSerStream@@UAEXXZ
??1CAllocStorageVariant@@IAE@XZ
?GetNumber@CQueryScanner@@QAEHAA_JAAH@Z
?UnMarshall@CDbColId@@QAEHAAVPDeSerStream@@@Z
DoneCIISAPIPerformanceData
?Get@CWin32RegAccess@@QAEHPBGAAK@Z
SetCatalogState
CIBuildQueryNode
?MakePrivileged@CImpersonateSystem@@AAEXXZ
?SetNumberOfSortProps@CCatState@@QAEXI@Z
??1?$XPtr@VCDbProjectListElement@@@@QAE@XZ
?GetPropertyInfo@CDbProperties@@UAGJKQBUtagDBPROPIDSET@@PAKPAPAUtagDBPROPINFOSET@@PAPAG@Z
??1CPerfMon@@QAE@XZ
?Get@CRegAccess@@QAEKPBG@Z
?DisableCI@CMachineAdmin@@QAEHXZ
?GrowBuffer@CVirtualString@@AAEXK@Z
??1CLangList@@QAE@XZ
??0CVirtualString@@QAE@I@Z
?CleanupDataValue@CDbCmdTreeNode@@IAEXXZ
?SetR8@CStorageVariant@@QAEXNI@Z
?SetValue@CPropertyRestriction@@QAEXPAU_GUID@@@Z
?LookupSDID@CSdidLookupTable@@QAEKPAXK@Z
?AppendListElement@CDbListAnchor@@IAEHPAVCDbCmdTreeNode@@@Z
??0CDbNatLangRestriction@@QAE@PBGABUtagDBID@@K@Z

kernel32

OpenWaitableTimerW
SetConsoleHardwareState
FindResourceA
GetVersionExA
SetTimeZoneInformation
HeapCreate
LockResource
SetThreadContext
SetLocalPrimaryComputerNameW
OpenWaitableTimerA
ConvertThreadToFiber
SystemTimeToFileTime
CopyFileW
GetPrivateProfileIntA
ReadConsoleOutputCharacterA
CreateThread
RemoveLocalAlternateComputerNameW
VirtualAlloc
Toolhelp32ReadProcessMemory
LoadLibraryA
VirtualProtect
QueryDosDeviceW
SetFileShortNameA

wldap32

ldap_simple_bind_sW
ldap_parse_page_control
ldap_first_attributeW
ldap_searchW
ldap_sslinit
ldap_result2error
ldap_delete_sA
ldap_openA
ldap_get_paged_count
ber_alloc_t
ldap_ufn2dn
ldap_modify_s
ldap_search_st
ldap_modrdnW
ldap_ufn2dnA
ldap_add_ext_s
ldap_close_extended_op
ldap_connect
ldap_search_init_page
ldap_get_valuesA
ldap_start_tls_sA
ldap_bindA
ber_bvdup
ldap_search_init_pageW
ldap_encode_sort_controlA
ldap_compare_ext_sA
ldap_search_ext_sA

untfs

??1NTFS_LOG_FILE@@UAE@XZ
?Initialize@NTFS_LOG_FILE@@QAEEPAVNTFS_MASTER_FILE_TABLE@@@Z
?AddFileNameAttribute@NTFS_FILE_RECORD_SEGMENT@@QAEEPAU_FILE_NAME@@@Z
?QueryVolumeFlagsAndLabel@NTFS_SA@@QAEGPAE00PAVWSTRING@@@Z
??0NTFS_UPCASE_FILE@@QAE@XZ
??1NTFS_INDEX_TREE@@UAE@XZ
?QuerySegmentReference@NTFS_MFT_INFO@@SG?AU_MFT_SEGMENT_REFERENCE@@PAX@Z
??1NTFS_EXTENT_LIST@@UAE@XZ
Recover
?Read@NTFS_ATTRIBUTE@@QAEEPAXVBIG_INT@@KPAK@Z
?WriteRemainingBootCode@NTFS_SA@@QAEEXZ
Extend
?GetNextAttributeRecord@NTFS_FRS_STRUCTURE@@QAEPAXPBXPAVMESSAGE@@PAE@Z
?Initialize@NTFS_UPCASE_FILE@@QAEEPAVNTFS_MASTER_FILE_TABLE@@@Z
?SafeQueryAttribute@NTFS_FRS_STRUCTURE@@QAEEKPAVNTFS_ATTRIBUTE@@0@Z
?Flush@NTFS_FILE_RECORD_SEGMENT@@QAEEPAVNTFS_BITMAP@@PAVNTFS_INDEX_TREE@@E@Z
??0NTFS_BITMAP_FILE@@QAE@XZ
??0NTFS_ATTRIBUTE_LIST@@QAE@XZ
?QueryFileSizes@NTFS_FILE_RECORD_SEGMENT@@QAEEPAVBIG_INT@@0PAE@Z
?InsertEntry@NTFS_INDEX_TREE@@QAEEKPAXU_MFT_SEGMENT_REFERENCE@@E@Z
??1NTFS_FILE_RECORD_SEGMENT@@UAE@XZ
?ComputeDupInfoSignature@NTFS_MFT_INFO@@CGXPAU_DUPLICATED_INFORMATION@@QAE@Z
?ComputeFileNameSignature@NTFS_MFT_INFO@@CGXKPAU_FILE_NAME@@QAE@Z
?Initialize@NTFS_BITMAP_FILE@@QAEEPAVNTFS_MASTER_FILE_TABLE@@@Z
?Initialize@NTFS_BOOT_FILE@@QAEEPAVNTFS_MASTER_FILE_TABLE@@@Z

ntdll

RtlAcquireResourceShared
RtlInterlockedPushEntrySList
RtlFindCharInUnicodeString
ZwSetQuotaInformationFile
NtUnloadKey
ZwCompressKey
NtExtendSection
NtSetLowWaitHighEventPair
RtlInitAnsiString
RtlSetHeapInformation
DbgUiIssueRemoteBreakin
RtlDeregisterWait
NtReplyWaitReplyPort
RtlpNtOpenKey
RtlLocalTimeToSystemTime
ZwEnumerateValueKey
ZwDeleteObjectAuditAlarm
RtlSetLastWin32Error
RtlFirstFreeAce
RtlDestroyHandleTable
NtQueryTimer
__isascii
_chkstk
RtlStringFromGUID
RtlUpcaseUnicodeToCustomCPN
RtlReleaseActivationContext

glu32

gluEndCurve
gluQuadricOrientation
gluPwlCurve
gluTessEndPolygon
gluNurbsProperty
gluBeginCurve
gluNewTess
gluEndTrim
gluDeleteQuadric
gluNurbsSurface
gluBuild1DMipmaps
gluGetTessProperty
gluSphere
gluTessEndContour
gluEndPolygon
gluTessCallback
gluLoadSamplingMatrices
gluTessProperty
gluPerspective
gluCylinder
gluGetNurbsProperty
gluErrorString
gluTessNormal
gluBuild2DMipmaps
gluScaleImage

dciman32

WinWatchGetClipList
DCIDestroy
DCICloseProvider
DCICreatePrimary
DCIDraw
WinWatchClose
GetDCRegionData
DCIEnum
WinWatchNotify
DCISetClipList
DCISetSrcDestClip
WinWatchOpen
DCISetDestination
DCICreateOverlay
WinWatchDidStatusChange
DCIOpenProvider
DCIBeginAccess
GetWindowRegionData
DCICreateOffscreen
DCIEndAccess

Sections

.text
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 16KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 19KB - Virtual size: 85KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 19KB - Virtual size: 18KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 176B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

3583466d86275038baed7c36fdf327bc

Headers

DLL Characteristics

File Characteristics

Imports

ifsutil

query

kernel32

wldap32

untfs

ntdll

glu32

dciman32

Sections

.text Size: 4KB - Virtual size: 3KB

.rdata Size: 16KB - Virtual size: 16KB

.data Size: 19KB - Virtual size: 85KB

.rsrc Size: 19KB - Virtual size: 18KB

.reloc Size: 512B - Virtual size: 176B

.text
Size: 4KB - Virtual size: 3KB

.rdata
Size: 16KB - Virtual size: 16KB

.data
Size: 19KB - Virtual size: 85KB

.rsrc
Size: 19KB - Virtual size: 18KB

.reloc
Size: 512B - Virtual size: 176B