c358a4484409c677aec847fa0acf1af0

Sharing

Copy URL Twitter E-mail

General

Target

c358a4484409c677aec847fa0acf1af0
Size

135KB
MD5

c358a4484409c677aec847fa0acf1af0
SHA1

3d1dce7bfdcccd170261f8c2d9ea76e7c828a754
SHA256

0dbffff52fd4c027114316e585ed39987fa1b9283a8f9dd765bf9fb9dd62e925
SHA512

56f7dc86c4d503d6006203730fafc2b264fc43f92922ae18a6f4f1528c2fad97e9f2aeff345253ab0da7328f82c2154eda3a67ed22d96581ece1279cfef5ac6a
SSDEEP

3072:RJr0e6T3YlLBvMj+DJrVWHhzeKSSxdOg3fzh4ykxNCS81MIkFYmY6gK3R6Jwq:Dwe6T3uBFJIHdxdOgbhfkxNVISYmctOq

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
c358a4484409c677aec847fa0acf1af0

Files

c358a4484409c677aec847fa0acf1af0
.exe windows:5 windows x86 arch:x86

8d3dd092ccb4be8d59629f5704651ab7

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

iasrad

DllUnregisterServer
?initialize@VSAFilter@@QAEJXZ
DllRegisterServer
?radiusToIAS@VSAFilter@@QBEJPAUIAttributesRaw@@@Z
DllGetClassObject
?shutdown@VSAFilter@@QAEJXZ

oleaut32

VarI8FromR4
VarAnd
VarI4FromUI4
VarCyFromR4
VarR4FromI8
VarR8FromBool
VarBstrFromDate
VarDecFromI8
VarUI4FromDate
OleCreatePictureIndirect
OleSavePictureFile
VarR4FromI1

kernel32

GetNextVDMCommand
QueueUserWorkItem
GetNumaProcessorNode
VDMConsoleOperation
EnumerateLocalComputerNamesW
SetConsoleOS2OemFormat
GetWindowsDirectoryW
VerLanguageNameW
ReadConsoleW
DeleteCriticalSection
GetCommState
RemoveDirectoryA
ScrollConsoleScreenBufferW
DebugSetProcessKillOnExit
GetDiskFreeSpaceExW
CreateToolhelp32Snapshot
MapUserPhysicalPagesScatter
CreateMutexW
FreeEnvironmentStringsA
LoadLibraryW
FlushFileBuffers
OutputDebugStringW
FoldStringA
GetVolumePathNamesForVolumeNameW
GlobalAlloc
CreateFileMappingA
EnumUILanguagesW
GetCommTimeouts

wsock32

WSAAsyncSelect
socket
select
WSACancelAsyncRequest
ntohl
sendto
gethostbyname
bind
WSApSetPostRoutine
inet_ntoa
closesocket
WSAGetLastError
getservbyport
GetServiceW
AcceptEx
send
getprotobynumber
TransmitFile
WSAAsyncGetServByName

w32topl

ToplGraphAddVertex
ToplScheduleDuration
ToplVertexSetId
ToplIterCreate
ToplSTHeapInit
ToplGraphRemoveVertex
ToplScheduleNumEntries
ToplHeapDestroy
ToplEdgeSetWeight

msvcirt

?getline@istream@@QAEAAV1@PAEHD@Z
?sputc@streambuf@@QAEHH@Z
??_Eiostream@@UAEPAXI@Z
??0fstream@@QAE@XZ
??_7ofstream@@6B@
??_Dostream@@QAEXXZ
?overflow@filebuf@@UAEHH@Z
?rdbuf@strstream@@QBEPAVstrstreambuf@@XZ
?underflow@stdiobuf@@UAEHXZ
??4ostream_withassign@@QAEAAV0@ABV0@@Z
??4stdiostream@@QAEAAV0@AAV0@@Z
?unsetf@ios@@QAEJJ@Z
??6ostream@@QAEAAV0@I@Z
??_Eifstream@@UAEPAXI@Z
??_Eostream_withassign@@UAEPAXI@Z

Sections

.text
Size: 27KB - Virtual size: 26KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 101KB - Virtual size: 100KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

8d3dd092ccb4be8d59629f5704651ab7

Headers

File Characteristics

Imports

iasrad

oleaut32

kernel32

wsock32

w32topl

msvcirt

Sections

.text Size: 27KB - Virtual size: 26KB

.rdata Size: 3KB - Virtual size: 2KB

.data Size: 101KB - Virtual size: 100KB

.rsrc Size: 2KB - Virtual size: 1KB

.text
Size: 27KB - Virtual size: 26KB

.rdata
Size: 3KB - Virtual size: 2KB

.data
Size: 101KB - Virtual size: 100KB

.rsrc
Size: 2KB - Virtual size: 1KB