c66ea347c461716c2a5eaeeff6423109

Sharing

Copy URL

Twitter E-mail

General

Target

c66ea347c461716c2a5eaeeff6423109
Size

82KB
MD5

c66ea347c461716c2a5eaeeff6423109
SHA1

5e176d7a935edb49f7ec5b8a66f5ac6aa4dcdc6f
SHA256

970b6ac4ff6ec1dc7964c740b55145ba83582b273964ff47427c078250a2213a
SHA512

7d26486d95a687535f202f1d2bd9648413836689d69e62548898e894753281ba6ec5e3b9d9166a3c737ae4396a68246d26f75cc44cc80a52a461ab7391372153
SSDEEP

1536:SFeayrz9p4Py1o97dBw2CZHAF1qGYuTOCBWRSLKVNff/RI8rYPdeQCwG8M:koz9WPy1oBI2CHA7qGYoOCbLKVFf/R44

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
c66ea347c461716c2a5eaeeff6423109

Files

c66ea347c461716c2a5eaeeff6423109
.exe windows:5 windows x86 arch:x86

cf9b649321affc45f89b11260d9e9ff9

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

QueryPerformanceCounter
GetCurrentProcessId
SleepEx
ContinueDebugEvent
lstrcmpiW
SetClientTimeZoneInformation
UnmapViewOfFile
EnumSystemGeoID
VirtualAlloc
GetSystemTimeAsFileTime
GetTickCount
GetCurrentThreadId
SetFileAttributesA
LoadLibraryA
CreateMutexW
SetConsoleCursorInfo
ProcessIdToSessionId
GetLongPathNameW
GetProfileIntA

sqlunirl

_EnumResourceTypes_@12
_FindResource@12
_AccessCheckAndAuditAlarm_@44
_OpenFileMapping_@12
_CharLowerBuff_@8
_NDdeGetErrorString_@12
_NDdeShareDel_@12
_GetServiceDisplayName_@16
_GetCharWidthFloat_@16
_FindExecutable_@12
_GetShortPathName_@12
__lcreat_@8
_OpenDesktop_@16
_RegConnectRegistry_@12
_FindNextFile_@8
_tsystem
_GetModuleHandle_@4

msvcrt20

_beginthread
??_Dfstream@@QAEXXZ
??0ofstream@@QAE@XZ
?overflow@filebuf@@UAEHH@Z
_putw
_ismbcprint
_adj_fdiv_m64
?overflow@stdiobuf@@UAEHH@Z
_wcmdln
??0stdiobuf@@QAE@ABV0@@Z
setlocale
_wcsupr

adsldpc

GetLDAPTypeName
ConvertSidToU2Trustee
LdapGetValues
ADsCreateAttributeDefinition
AdsTypeToLdapTypeCopyDNWithString
ADSIGetNextRow
ADSIGetColumn
ADsCloseSearchHandle
LdapTypeToAdsTypeDNWithBinary
?SetExclaimnationDisabler@CLexer@@QAEXH@Z
BuildADsParentPath
GetDisplayName
FindSearchTableIndex

Sections

.text
Size: 39KB - Virtual size: 38KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 20KB - Virtual size: 28KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 20KB - Virtual size: 19KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 208B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

cf9b649321affc45f89b11260d9e9ff9

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

sqlunirl

msvcrt20

adsldpc

Sections

.text Size: 39KB - Virtual size: 38KB

.rdata Size: 2KB - Virtual size: 1KB

.data Size: 20KB - Virtual size: 28KB

.rsrc Size: 20KB - Virtual size: 19KB

.reloc Size: 512B - Virtual size: 208B

.text
Size: 39KB - Virtual size: 38KB

.rdata
Size: 2KB - Virtual size: 1KB

.data
Size: 20KB - Virtual size: 28KB

.rsrc
Size: 20KB - Virtual size: 19KB

.reloc
Size: 512B - Virtual size: 208B