c5b89de8c45a78ffdc7828daa1920ddf

Sharing

Copy URL Twitter E-mail

General

Target

c5b89de8c45a78ffdc7828daa1920ddf
Size

60KB
MD5

c5b89de8c45a78ffdc7828daa1920ddf
SHA1

3a90e18c1cdde85befd1c10adb204a7d0ac74b44
SHA256

bf0fd20daf55ef3a0d1dbdf869c9d9bd4225f91f11fac0d04648fb3b4a7b6607
SHA512

2b22be5e6ede8100b24409bc546393ad1807f9e77879cc6021f61b208f071d27a240cfe2c9d1f3ce64afb426962dac1eb32d6a99618276e36365b8bb690eb3c8
SSDEEP

1536:6Wpqz/WlzV7CnJaFsr1pAFFUTh6cOMeAOJz2G6/O:3IziBCnKqKyh/P5Szx

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
c5b89de8c45a78ffdc7828daa1920ddf

Files

c5b89de8c45a78ffdc7828daa1920ddf
.exe windows:5 windows x86 arch:x86

304148b4f6d2caf2b4be82fc2e5a0b48

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

rtm

MgmGroupEnumerationStart
RtmUpdateAndUnlockRoute
EnumOverTable
RtmGetEntityInfo
RtmLockRoute
RtmAddRouteToDest
RtmGetEnumDests
CheckTable
MgmGetFirstMfe
RtmGetListEnumRoutes
RtmGetInstanceInfo
RtmRegisterEntity
RtmWriteInstanceConfig
RtmWriteAddressFamilyConfig
RtmReleaseDestInfo
RtmIsBestRoute
RtmBlockDeleteRoutes
RtmReadInstanceConfig
RtmCreateRouteListEnum
RtmReleaseChangedDests
RtmCloseEnumerationHandle
RtmBlockConvertRoutesToStatic
RtmReleaseNextHops
MgmAddGroupMembershipEntry
RtmCreateRouteList
RtmLookupIPDestination
RtmGetRouteInfo
RtmIsMarkedForChangeNotification
MgmRegisterMProtocol
RtmDeleteEnumHandle

msvcirt

??_Estrstream@@UAEPAXI@Z
??_8stdiostream@@7Bistream@@@
??4strstreambuf@@QAEAAV0@ABV0@@Z
?put@ostream@@QAEAAV1@D@Z
??0fstream@@QAE@ABV0@@Z
??0iostream@@IAE@XZ
??4exception@@QAEAAV0@ABV0@@Z
??6ostream@@QAEAAV0@J@Z
??_7ostream@@6B@
??4istream_withassign@@QAEAAVistream@@ABV1@@Z
?x_statebuf@ios@@0PAJA
?x_curindex@ios@@0HA
??4ostrstream@@QAEAAV0@ABV0@@Z
?gcount@istream@@QBEHXZ
?allocate@streambuf@@IAEHXZ
??0exception@@QAE@XZ
?rdbuf@istrstream@@QBEPAVstrstreambuf@@XZ
??6ostream@@QAEAAV0@I@Z
??_Gistream@@UAEPAXI@Z
??_8strstream@@7Bostream@@@
?get@istream@@QAEAAV1@PAEHD@Z
??1ifstream@@UAE@XZ
??0Iostream_init@@QAE@XZ
??4iostream@@IAEAAV0@PAVstreambuf@@@Z
??1stdiobuf@@UAE@XZ
??0iostream@@IAE@ABV0@@Z

rasman

RasInitializeNoWait
RasRpcConnectServer
RasRpcDeleteEntry
RasGetCustomScriptDll
RasPortGetInfo
RasServerPortClose
RasFreeBuffer
RasAddConnectionPort
RasRpcRemoteRasDeleteEntry
RasRpcEnumConnections
RasSetAddressDisable
RasPortRetrieveUserData
RasRpcRemoteGetUserPreferences
RasPortConnectComplete
RasCompressionSetInfo
RasGetUserCredentials
RasPortReceiveEx
RasDestroyConnection
RasIsTrustedCustomDll
RasRpcRemoteGetSystemDirectory
RasDeviceGetInfo
RasRegisterPnPEvent
RasGetEapUserInfo

msdart

??0CSmallSpinLock@@QAE@XZ
?SetDefaultSpinCount@CFakeLock@@SGXG@Z
?sm_pfnSetCriticalSectionSpinCount@CCriticalSection@@0P6GKPAU_RTL_CRITICAL_SECTION@@K@ZA
??1CCritSec@@QAE@XZ
?Last@CDoubleList@@QBEQAVCListEntry@@XZ
MpHeapFree
?_Lock@CSpinLock@@AAEXXZ
?_DeleteIf@CLKRLinearHashTable@@AAEKP6G?AW4LK_PREDICATE@@PBXPAX@Z1AAW42@@Z
?IsWriteUnlocked@CCritSec@@QBE_NXZ
?_LockSpin@CReaderWriterLock@@AAEX_N@Z
?SetDefaultSpinAdjustmentFactor@CReaderWriterLock2@@SGXN@Z
?ReadUnlock@CFakeLock@@QAEXXZ
?ConvertExclusiveToShared@CReaderWriterLock@@QAEXXZ
?GetDefaultSpinCount@CReaderWriterLock3@@SGGXZ
?WriteLock@CFakeLock@@QAEXXZ
?CheckTable@CLKRHashTable@@QBEHXZ
?DeleteRecord@CLKRLinearHashTable@@QAE?AW4LK_RETCODE@@PBX@Z
?_IsLocked@CSpinLock@@ABE_NXZ
?WriteLock@CReaderWriterLock2@@QAEXXZ
??1CReaderWriterLock3@@QAE@XZ
?_WriteLockSpin@CReaderWriterLock3@@AAEXXZ
?WriteUnlock@CSpinLock@@QAEXXZ

kernel32

WriteConsoleOutputCharacterW
ReadConsoleInputA
BaseDumpAppcompatCache
SwitchToThread
GetCommMask
BackupWrite
DeleteCriticalSection
GetFileSize
GetNumaProcessorNode
GetConsoleInputExeNameW
FindFirstFileExA
ReplaceFileW
GetConsoleNlsMode
SetLocalTime
SetEvent
LoadLibraryA
SetLocalPrimaryComputerNameA
ReadConsoleOutputCharacterA
TerminateJobObject
SetConsoleCursor
FileTimeToDosDateTime
SetInformationJobObject
GlobalReAlloc
QueryDosDeviceA
CopyFileExW
CallNamedPipeA
ReadConsoleInputExA
WritePrivateProfileStructW
lstrcatA
GetProcessShutdownParameters
GlobalMemoryStatusEx
RequestWakeupLatency
Heap32Next
GetConsoleAliasExesW
CreateHardLinkA
GetStringTypeW
SetProcessPriorityBoost
VerSetConditionMask
HeapCreate
CreateHardLinkW
EnumTimeFormatsW
WriteConsoleInputA
GetUserGeoID
GetSystemTimeAsFileTime
GetVolumeNameForVolumeMountPointW
VirtualAlloc
SetCommBreak
OpenWaitableTimerW
EnumResourceLanguagesW
GetTickCount
GetSystemTime

msvcrt

_ecvt
_execlpe
_mbscmp
tmpnam
_mbschr
_spawnle
??_Eexception@@UAEPAXI@Z
_ismbbalnum
_CIsinh
_tzset
wcsncmp
_wexecv
_mbsncmp
_osplatform
_ismbcl1
_findnext64
_beginthread
??1exception@@UAE@XZ
_safe_fdiv
_mbsnbcat
_wspawnvp
__doserrno
$I10_OUTPUT
_pclose
??0bad_cast@@QAE@ABQBD@Z

ifsutil

?SendSonyMSInquiryCmd@DP_DRIVE@@QAEEPAUSONY_MS_INQUIRY_DATA@@@Z
?Initialize@SPARSE_SET@@QAEEXZ
?QueryParentsWithChildren@DIGRAPH@@QBEEPAVNUMBER_SET@@K@Z
?GetSortedNext@TLINK@@QAEPAXPAX@Z
?IsArcSystemPartition@IFS_SYSTEM@@SGEPBVWSTRING@@PAE@Z
?FileSetAttributes@IFS_SYSTEM@@SGEPBVWSTRING@@KPAK@Z
?ReverseCopy@INTSTACK@@QAEEPAV1@@Z
??1INTSTACK@@UAE@XZ
?Write@SECRUN@@UAEEXZ
?ComputeVolId@SUPERAREA@@SGKK@Z
?QueryRecommendedMediaType@DP_DRIVE@@QBE?AW4_MEDIA_TYPE@@XZ
?GetMessageW@SUPERAREA@@QAEPAVMESSAGE@@XZ
?CheckAndAdd@NUMBER_SET@@QAEEVBIG_INT@@PAE@Z
?GetData@TLINK@@QAEAAVBIG_INT@@G@Z
??1SUPERAREA@@UAE@XZ
?QuerySize@TLINK@@QBEGXZ
?Initialize@DIGRAPH@@QAEEK@Z
??0CANNED_SECURITY@@QAE@XZ
?GetDrive@SUPERAREA@@QAEPAVIO_DP_DRIVE@@XZ
?QueryMediaByte@DP_DRIVE@@QBEEXZ
?QueryNtfsTime@IFS_SYSTEM@@SGXPAT_LARGE_INTEGER@@@Z
?Recover@VOL_LIODPDRV@@QAEEPBVWSTRING@@PAVMESSAGE@@@Z
?SendSonyMSTestUnitReadyCmd@DP_DRIVE@@QAEEPAU_SENSE_DATA@@@Z
?GetNextDataSlot@TLINK@@QAEAAVBIG_INT@@XZ
?QueryContainingRange@NUMBER_SET@@QBEEVBIG_INT@@PAV2@1@Z
?IsATformat@DP_DRIVE@@QBEEXZ

shell32

SHGetMalloc

user32

MessageBoxA
EndDialog

Sections

.text
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 15KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 19KB - Virtual size: 62KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 19KB - Virtual size: 18KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 228B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

304148b4f6d2caf2b4be82fc2e5a0b48

Headers

DLL Characteristics

File Characteristics

Imports

rtm

msvcirt

rasman

msdart

kernel32

msvcrt

ifsutil

shell32

user32

Sections

.text Size: 5KB - Virtual size: 4KB

.rdata Size: 15KB - Virtual size: 14KB

.data Size: 19KB - Virtual size: 62KB

.rsrc Size: 19KB - Virtual size: 18KB

.reloc Size: 512B - Virtual size: 228B

.text
Size: 5KB - Virtual size: 4KB

.rdata
Size: 15KB - Virtual size: 14KB

.data
Size: 19KB - Virtual size: 62KB

.rsrc
Size: 19KB - Virtual size: 18KB

.reloc
Size: 512B - Virtual size: 228B