c51305b3d9d9f9a6b5867fdfde5770cd

Sharing

Copy URL Twitter E-mail

General

Target

c51305b3d9d9f9a6b5867fdfde5770cd
Size

64KB
MD5

c51305b3d9d9f9a6b5867fdfde5770cd
SHA1

3f39b7222cf93cbe48c4e732e83874a69d2fe13a
SHA256

bc8463444c51b042c638d689c23b7a8eb218130887c5ea07ecb594ecc82ecc6a
SHA512

e6c4fd16707f2e035b77461578546f783bac7c5bb0434c113da0bd01eb0ac5cf408dd503e803c1110e55976f953e31a2371a79a24c6ae52273e2fac52f9d3dfe
SSDEEP

1536:zuxz1xAA92x9uvAO631VkwLc3/0/5ODx7q8LjCDHPxDUdTQj:0Ad7u7gb1j/Et9jS5aQ

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
c51305b3d9d9f9a6b5867fdfde5770cd

Files

c51305b3d9d9f9a6b5867fdfde5770cd
.exe windows:5 windows x86 arch:x86

fa730b597bd584468f09f87456b2d0df

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

SetConsoleIcon
SetTapePosition
LocalHandle
LocalFileTimeToFileTime
ReadConsoleW
GetCurrentProcessId
_hwrite
GetCurrentThreadId
GetProcAddress
MapViewOfFile
CreateSemaphoreW
GetTickCount
IsBadStringPtrA
VerifyConsoleIoHandle
GetFirmwareEnvironmentVariableW
LoadLibraryW
lstrcpynW
QueryPerformanceCounter
SetComputerNameA
GetStartupInfoW
Heap32ListFirst
LoadLibraryA
RegisterWaitForSingleObject
lstrlenA
FindFirstVolumeA
GetCurrencyFormatW
SetVolumeLabelA
CreateConsoleScreenBuffer
GetModuleHandleW
GetCalendarInfoA
VirtualAlloc
InterlockedExchangeAdd

msvcp60

??8std@@YA_NABV?$complex@M@0@0@Z
?compare@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEHIIABV12@@Z
??1?$money_get@DV?$istreambuf_iterator@DU?$char_traits@D@std@@@std@@@std@@UAE@XZ
??_7?$basic_streambuf@GU?$char_traits@G@std@@@std@@6B@
??1?$numpunct@G@std@@UAE@XZ
??5std@@YAAAV?$basic_istream@DU?$char_traits@D@std@@@0@AAV10@AAD@Z
?close@?$basic_ofstream@DU?$char_traits@D@std@@@std@@QAEXXZ
??0_Timevec@std@@QAE@PAX@Z
?open@?$basic_ofstream@DU?$char_traits@D@std@@@std@@QAEXPBDH@Z
?open@?$basic_filebuf@DU?$char_traits@D@std@@@std@@QAEPAV12@PBDH@Z
?id@?$time_get@GV?$istreambuf_iterator@GU?$char_traits@G@std@@@std@@@std@@2V0locale@2@A
?truename@?$numpunct@G@std@@QBE?AV?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@2@XZ
?quiet_NaN@?$numeric_limits@N@std@@SANXZ
??4?$basic_ostream@GU?$char_traits@G@std@@@std@@QAEAAV01@ABV01@@Z
??_7?$basic_ios@DU?$char_traits@D@std@@@std@@6B@
?not_eof@?$char_traits@D@std@@SAHABH@Z
?find_last_not_of@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QBEIGI@Z
??4?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@D@Z
?do_neg_format@?$_Mpunct@G@std@@MBE?AUpattern@money_base@2@XZ
??1ctype_base@std@@UAE@XZ
_LPoly
??4?$allocator@X@std@@QAEAAV01@ABV01@@Z

ntdll

RtlNewInstanceSecurityObject
RtlGetCurrentDirectory_U
vDbgPrintExWithPrefix
ZwReplyWaitReceivePort
RtlUnicodeToCustomCPN
RtlImageRvaToVa
ZwCreateKey
RtlAddAce
ZwAllocateUserPhysicalPages
ZwUnloadKeyEx
RtlWalkHeap
NtGetPlugPlayEvent
_alldiv
NtCreateEvent
ZwListenPort
RtlSetThreadIsCritical
RtlCopyLuid
ZwQueryInformationJobObject
RtlSubtreePredecessor
NtReleaseSemaphore
ZwNotifyChangeKey
ZwQueryIntervalProfile
ZwFreeUserPhysicalPages
RtlRevertMemoryStream
RtlIntegerToUnicodeString
NtSaveMergedKeys
RtlEnlargedUnsignedDivide
ZwMakePermanentObject
ZwFlushKey
ZwAlertResumeThread

pdh

PdhLookupPerfNameByIndexA
PdhGetLogFileTypeA
PdhBrowseCountersW
PdhSelectDataSourceA
PdhTranslate009CounterA
PdhGetFormattedCounterValue
PdhAdd009CounterA
PdhOpenLogA
PdhGetCounterInfoA
PdhAdd009CounterW
PdhBrowseCountersHW
PdhTranslateLocaleCounterA
PdhOpenLogW
PdhGetRawCounterArrayW
PdhBrowseCountersA
PdhVerifySQLDBA
PdhRelogW
PdhOpenQueryW
PdhEnumObjectItemsA
PdhMakeCounterPathA
PdhSetQueryTimeRange
PdhEnumObjectsW
PdhEnumLogSetNamesA
PdhEnumObjectsHA
PdhOpenQuery
PdhEnumObjectItemsW
PdhVbGetCounterPathFromList

advapi32

StartServiceCtrlDispatcherA
CryptAcquireContextW
WmiQueryAllDataMultipleW
WmiDevInstToInstanceNameW
ElfReadEventLogW
RegLoadKeyW
RegDeleteKeyW
FreeSid
SystemFunction012
ConvertSecurityDescriptorToStringSecurityDescriptorA
LsaDeleteTrustedDomain
BuildTrusteeWithSidA
ConvertStringSecurityDescriptorToSecurityDescriptorA
GetManagedApplicationCategories
StartServiceCtrlDispatcherW
LsaSetInformationTrustedDomain
IsValidSid
CredEnumerateA
QueryServiceConfig2A
RegEnumValueA

oleaut32

VarBstrFromUI8
OleLoadPicturePath
DllUnregisterServer
VarUI1FromDate
VarBoolFromDec
SysStringByteLen
DllCanUnloadNow
SysAllocStringLen
VarI4FromR4
VarUI8FromDate
VariantCopy
VarI1FromUI8
VarUI4FromUI8
VarUI1FromDisp
VarAdd
VarCyMulI8
BstrFromVector
VarBstrFromCy
VariantCopyInd
VARIANT_UserFree
VarOr
SafeArrayAllocData
VarI1FromDate
VarR8FromDec
VarDateFromI2

query

?Done@CFwAsyncWorkItem@@QAEXXZ
?GetStringFromLCID@@YGXKPAG@Z
?EnumPropInfo@CEmptyPropertyList@@UAGJKPAPBGPAPAUtagDBID@@PAGPAI@Z
?GetBOOL@CAllocStorageVariant@@QBEFI@Z
?AddScope@CCatalogAdmin@@QAEXPBG0H00@Z
?GetDWORDParam@CCatalogAdmin@@QAEHPBGAAK@Z
?SetPhrase@CContentRestriction@@QAEXPBG@Z
??0CPathParser@@QAE@PBGK@Z
??0CDbContentRestriction@@QAE@PBGABUtagDBID@@KK@Z
?Get@CRegAccess@@QAEXPBGPAGI@Z
?GetFloat@CMemDeSerStream@@UAEMXZ
?WriteProperty@CPropStoreManager@@QAEJKKABVCStorageVariant@@@Z
?QueryCatalogEnum@CMachineAdmin@@QAEPAVCCatalogEnum@@XZ
?GetAllEntries@CPropertyList@@UAEJPAPAVCPropEntry@@K@Z
?ParseTree@CParseCommandTree@@QAEXPAVCDbCmdTreeNode@@@Z
?QueryInterface@CEmptyPropertyList@@UAGJABU_GUID@@PAPAX@Z
??1CScopeAdmin@@QAE@XZ
?BuildRegistryPropertiesKey@@YGXAAV?$XArray@G@@PBG@Z
DoneCIPerformanceData
??0CAllocStorageVariant@@QAE@W4VARENUM@@KAAVPMemoryAllocator@@@Z

cfgmgr32

CM_Get_Class_Key_NameW
CM_Open_Class_Key_ExA
CM_Remove_SubTree_Ex
CM_Get_Resource_Conflict_DetailsA
CM_Free_Res_Des_Ex
CM_Delete_DevNode_Key_Ex
CM_Get_Class_Registry_PropertyA
CM_Get_Class_NameA
CM_Open_DevNode_Key
CM_Locate_DevNodeW
CM_Set_HW_Prof_Flags_ExW
CM_Disable_DevNode
CM_Modify_Res_Des
CM_Unregister_Device_InterfaceA
CM_Modify_Res_Des_Ex
CM_Register_Device_Driver
CM_Get_Device_Interface_List_SizeA
CM_Add_IDA
CM_Set_HW_Prof
CM_Query_Arbitrator_Free_Data
CM_Get_Device_Interface_List_Size_ExW
CM_Get_DevNode_Registry_Property_ExW
CM_Enumerate_Classes
CM_Get_Version_Ex
CM_Register_Device_Interface_ExW
CM_Enumerate_EnumeratorsW
CM_Get_Next_Res_Des_Ex
CM_Get_DevNode_Registry_PropertyA

Sections

.text
Size: 9KB - Virtual size: 8KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 20KB - Virtual size: 19KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 14KB - Virtual size: 63KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 19KB - Virtual size: 19KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 340B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

fa730b597bd584468f09f87456b2d0df

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

msvcp60

ntdll

pdh

advapi32

oleaut32

query

cfgmgr32

Sections

.text Size: 9KB - Virtual size: 8KB

.rdata Size: 20KB - Virtual size: 19KB

.data Size: 14KB - Virtual size: 63KB

.rsrc Size: 19KB - Virtual size: 19KB

.reloc Size: 512B - Virtual size: 340B

.text
Size: 9KB - Virtual size: 8KB

.rdata
Size: 20KB - Virtual size: 19KB

.data
Size: 14KB - Virtual size: 63KB

.rsrc
Size: 19KB - Virtual size: 19KB

.reloc
Size: 512B - Virtual size: 340B