d5468bd46a1870d547ad2cf03e43bc3e

Sharing

Copy URL Twitter E-mail

General

Target

d5468bd46a1870d547ad2cf03e43bc3e
Size

144KB
MD5

d5468bd46a1870d547ad2cf03e43bc3e
SHA1

8fe68bf0697a9cbd513cc32dd2f09a73daa0274d
SHA256

c42332c45df1ad78bdaab5f2a006b1704f07e2deeef60d2b09079b7a406ee76b
SHA512

7ac35ab87b9156ab00eebff46da10f90389d994f8a3fe6f5699fdfd52ca9ccd0d4dbaa6ee3ca6a0f2b46f764056c229159e78abeb3bbd00fb020dadfe0111080
SSDEEP

3072:iOssgEyOo+R076D/sPMFJ6wyt+rs3f//buTaQ3YxVl:C+RrtQlP/61mVl

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
d5468bd46a1870d547ad2cf03e43bc3e

Files

d5468bd46a1870d547ad2cf03e43bc3e
.exe windows:5 windows x86 arch:x86

99f36e36b60be5c71324241da8d098ae

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

wsock32

getpeername
rcmd
GetTypeByNameA
WSARecvEx
inet_network
WSACancelBlockingCall
WSAAsyncGetServByPort
GetNameByTypeA
WSASetLastError
WSAAsyncGetProtoByName
send
GetNameByTypeW
sethostname
WSACancelAsyncRequest
GetAddressByNameA
EnumProtocolsW
gethostbyaddr
shutdown
SetServiceW
inet_addr
accept
dn_expand
WSAGetLastError
WSASetBlockingHook
ntohs
WSAAsyncGetHostByAddr
WSAAsyncSelect
sendto
getnetbyname
WSAIsBlocking
WSAAsyncGetProtoByNumber
__WSAFDIsSet
WSApSetPostRoutine
GetAddressByNameW
ntohl
WSAAsyncGetHostByName
getsockopt
htons
GetServiceW

msvcirt

?unbuffered@streambuf@@IBEHXZ
??0strstream@@QAE@XZ
?getline@istream@@QAEAAV1@PADHD@Z
??5istream@@QAEAAV0@AAC@Z
??_Dstrstream@@QAEXXZ
??_7exception@@6B@
?binary@filebuf@@2HB
?pptr@streambuf@@IBEPADXZ
??_Eostream_withassign@@UAEPAXI@Z
??0ifstream@@QAE@PBDHH@Z
??_Gstrstreambuf@@UAEPAXI@Z
??_Eios@@UAEPAXI@Z
??1istream_withassign@@UAE@XZ
?seekoff@streambuf@@UAEJJW4seek_dir@ios@@H@Z
??1ios@@UAE@XZ
?rdbuf@strstream@@QBEPAVstrstreambuf@@XZ
?lock@ios@@QAAXXZ
??0ostream@@IAE@ABV0@@Z
?seekp@ostream@@QAEAAV1@J@Z
??5istream@@QAEAAV0@AAD@Z
?width@ios@@QAEHH@Z
??0fstream@@QAE@PBDHH@Z
?tellg@istream@@QAEJXZ
??0strstreambuf@@QAE@P6APAXJ@ZP6AXPAX@Z@Z
??_8istream_withassign@@7B@

msvcrt20

??_7ostream_withassign@@6B@
??4stdiobuf@@QAEAAV0@ABV0@@Z
??_8istream@@7B@
??_Estreambuf@@UAEPAXI@Z
_execle
_adj_fdiv_m32i
putchar
_ungetch
??_7ostrstream@@6B@
_strerror
??0Iostream_init@@QAE@AAVios@@H@Z
_mbsncat
??0iostream@@IAE@XZ
??_Distream_withassign@@QAEXXZ
_adj_fprem
??0ofstream@@QAE@PBDHH@Z
_cgets
??6ostream@@QAEAAV0@P6AAAV0@AAV0@@Z@Z
_mbsicoll
wcsncmp
?put@ostream@@QAEAAV1@C@Z
??0istream_withassign@@QAE@ABV0@@Z
_local_unwind2
??_7istream_withassign@@6B@
tolower
??_8ofstream@@7B@
_wsplitpath
?get@istream@@QAEAAV1@PAEHD@Z
_memicmp
strncmp
??6ostream@@QAEAAV0@H@Z
??4ostream_withassign@@QAEAAVostream@@ABV1@@Z
?setlock@ios@@QAAXXZ

oleaut32

VarCyFromI8
VarBoolFromI2
VarR8FromI2
SysAllocString
VarR8FromI4
BSTR_UserUnmarshal
VARIANT_UserFree
VarBoolFromUI1
CreateErrorInfo
SafeArrayGetUBound
VarCyMulI4
VarCyFromUI1
VarI2FromR8
SafeArrayDestroyData
LPSAFEARRAY_UserMarshal
VarDecCmp
VarUI2FromUI8
VarR4FromUI4
RegisterTypeLib
VarI4FromUI2
VarUI2FromI8
SafeArrayLock
VarCyFromR8
VarI2FromCy
VarUI4FromDisp
VarUI1FromI8
VarI1FromUI1
VarNeg
VarUdateFromDate
VarCat
BSTR_UserSize
VarR4FromDate
DosDateTimeToVariantTime
VarR4FromUI8
VarBstrFromR4
VarUI2FromUI1
VarI8FromUI4

msvcrt

__DestructExceptionObject
_abnormal_termination
rand
fwrite
pow
_ismbchira
_errno
__threadhandle
_aligned_offset_malloc
_local_unwind2
_mbbtombc
_Getdays
__CxxDetectRethrow
_ismbcalpha
??4__non_rtti_object@@QAEAAV0@ABV0@@Z
??0exception@@QAE@XZ
_wperror
strchr
_strlwr
_wspawnl
_ltow
wctomb
vwprintf
?_query_new_mode@@YAHXZ
iswprint
_tzname
_ismbcspace
_read
_heapset
__set_app_type
_wexecv
exp
_adj_fdivr_m64
??_7__non_rtti_object@@6B@
_putch
??_Eexception@@UAEPAXI@Z
__initenv
_wspawnv
_cexit

cmutil

CmIsDigitW
?Init@CRandom@@QAEXK@Z
?Banner@CmLogFile@@QAEXXZ
?GetRegPath@CIniA@@QBEPBDXZ
??4CRandom@@QAEAAV0@ABV0@@Z
CmBuildFullPathFromRelativeW
?CIniW_DeleteEntryFromReg@CIniW@@IBEHPAUHKEY__@@PBG1@Z
?GetPrimaryRegPath@CIniW@@QBEPBGXZ
CmLoadImageW
?SetPrimaryFile@CIniW@@QAEXPBG@Z
?GPPS@CIniA@@QBEPADPBD00@Z
CmFree
CmRealloc
CmAtolW
?SetICSDataPath@CIniW@@QAEXPBG@Z
CmConvertRelativePathW
??1CmLogFile@@QAE@XZ
?GetHInst@CIniA@@QBEPAUHINSTANCE__@@XZ
?WPPB@CIniW@@QAEXPBG0H@Z
??_FCIniA@@QAEXXZ
?WPPS@CIniW@@QAEXPBG00@Z
?SetParams@CmLogFile@@QAEJHKPBG@Z
?SetPrimaryRegPath@CIniA@@QAEXPBD@Z
CmFmtMsgW
GetOSVersion
?SetFile@CIniA@@QAEXPBD@Z
CmLoadIconA
?GPPI@CIniA@@QBEKPBD0K@Z
?WPPI@CIniA@@QAEXPBD0K@Z
?SetEntryFromIdx@CIniW@@QAEXK@Z
?SetHInst@CIniA@@QAEXPAUHINSTANCE__@@@Z
?CIniA_WriteEntryToReg@CIniA@@IBEHPAUHKEY__@@PBD1PBEKK@Z
CmLoadSmallIconW
?GetFile@CIniW@@QBEPBGXZ
ReleaseBold

msdart

?TryReadLock@CSmallSpinLock@@QAE_NXZ
?IsReadLocked@CCritSec@@QBE_NXZ
?RemoveEntry@CDoubleList@@SGXQAVCListEntry@@@Z
?SetDefaultSpinCount@CReaderWriterLock3@@SGXG@Z
?sm_wDefaultSpinCount@CSmallSpinLock@@1GA
MpHeapValidate
??0CLockedDoubleList@@QAE@XZ
?SetDefaultSpinAdjustmentFactor@CSmallSpinLock@@SGXN@Z
?RemoveEntry@CLockedDoubleList@@QAEXQAVCListEntry@@@Z
?_RemoveThisFromGlobalList@CLKRHashTable@@AAEXXZ
?_LockSpin@CReaderWriterLock2@@AAEX_N@Z
?IsWriteUnlocked@CReaderWriterLock3@@QBE_NXZ
?IsReadLocked@CReaderWriterLock3@@QBE_NXZ
?SetSpinCount@CCritSec@@QAE_NG@Z
?sm_pfnSetCriticalSectionSpinCount@CCriticalSection@@0P6GKPAU_RTL_CRITICAL_SECTION@@K@ZA
?IsReadUnlocked@CLKRLinearHashTable@@QBE_NXZ
?IsReadLocked@CReaderWriterLock@@QBE_NXZ
?IsWriteLocked@CReaderWriterLock3@@QBE_NXZ
?TryReadLock@CCritSec@@QAE_NXZ
?HeadNode@CDoubleList@@QBEQBVCListEntry@@XZ
?ConvertSharedToExclusive@CReaderWriterLock@@QAEXXZ
?ReadLock@CSmallSpinLock@@QAEXXZ
?Apply@CLKRLinearHashTable@@QAEKP6G?AW4LK_ACTION@@PBXPAX@Z1W4LK_LOCKTYPE@@@Z
?IsUsable@CLKRLinearHashTable@@QBE_NXZ
?_CalcKeyHash@CLKRHashTable@@ABEKK@Z
??4CSingleList@@QAEAAV0@ABV0@@Z
??4CReaderWriterLock3@@QAEAAV0@ABV0@@Z
?WriteLock@CFakeLock@@QAEXXZ
?IsWriteLocked@CLKRHashTable@@QBE_NXZ
?IsEmpty@CLockedDoubleList@@QBE_NXZ
?SetSpinCount@CReaderWriterLock2@@QAE_NG@Z
?GetDefaultSpinCount@CSmallSpinLock@@SGGXZ
?ReadUnlock@CFakeLock@@QAEXXZ
?SetTableLockSpinCount@CLKRHashTable@@QAEXG@Z
?WriteLock@CLKRHashTable@@QAEXXZ
?ReadUnlock@CReaderWriterLock2@@QAEXXZ
??0CCritSec@@QAE@XZ
?HeadNode@CLockedDoubleList@@QBEQBVCListEntry@@XZ
MPInitializeCriticalSection
IrtlTrace
?TryWriteLock@CSmallSpinLock@@QAE_NXZ
?SetTableLockSpinCount@CLKRLinearHashTable@@QAEXG@Z
?Size@CLKRLinearHashTable@@QBEKXZ
?IsWriteLocked@CCritSec@@QBE_NXZ

rasapi32

RasValidateEntryNameA
RasSetEntryDialParamsW
RasSetCustomAuthDataA
RasAutoDialSharedConnection
RasGetCredentialsW
RasEnumEntriesA
RasSetAutodialParamA
RasEnumAutodialAddressesW
DDMGetPhonebookInfo
RasSetSubEntryPropertiesW
RasGetAutodialEnableA
RasGetAutodialParamA
RasGetEntryDialParamsA
RasScriptInit
DwEnumEntryDetails
RasGetCredentialsA
RasDeleteEntryA
RasSetOldPassword
RasQuerySharedAutoDial
RasRenameEntryW
RasGetHport
RasGetSubEntryHandleW
RasGetSubEntryPropertiesW
RasClearLinkStatistics
RasSetCredentialsA
RasGetProjectionInfoW
RasDeleteSubEntryW
RasValidateEntryNameW
RasSetEapUserDataA
RasGetAutodialEnableW
RasEditPhonebookEntryA
RasEnumAutodialAddressesA
RasEnumConnectionsW
RasDeleteEntryW
RasSetAutodialEnableA

kernel32

SetNamedPipeHandleState
GetStringTypeExA
CreateMemoryResourceNotification
GetFileAttributesA
GetNumaAvailableMemoryNode
SetCommState
CreatePipe
GetModuleHandleA
GetThreadPriorityBoost
WritePrivateProfileSectionA
WaitNamedPipeW
LZRead
VirtualAlloc
DisconnectNamedPipe
GetWindowsDirectoryW
OpenWaitableTimerA
DeviceIoControl
OpenJobObjectA
LeaveCriticalSection
CreateDirectoryExW
EnumTimeFormatsA
SetFilePointerEx
SetConsoleDisplayMode
SetConsoleIcon
IsDBCSLeadByteEx
DeleteCriticalSection
BindIoCompletionCallback
WritePrivateProfileStringW
LoadLibraryA
DeleteTimerQueueEx
SearchPathW
QueryActCtxW
SetProcessShutdownParameters
GetConsoleAliasesLengthA
SetThreadPriority
lstrlenA
EnterCriticalSection
SetVolumeLabelA
GetMailslotInfo
SetLocalPrimaryComputerNameW
OpenWaitableTimerW

user32

PostQuitMessage
RegisterClassA
DefWindowProcA

Sections

.text
Size: 57KB - Virtual size: 56KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 76KB - Virtual size: 75KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 11KB - Virtual size: 134KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 984B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

99f36e36b60be5c71324241da8d098ae

Headers

DLL Characteristics

File Characteristics

Imports

wsock32

msvcirt

msvcrt20

oleaut32

msvcrt

cmutil

msdart

rasapi32

kernel32

user32

Sections

.text Size: 57KB - Virtual size: 56KB

.rdata Size: 76KB - Virtual size: 75KB

.data Size: 11KB - Virtual size: 134KB

.rsrc Size: 3KB - Virtual size: 2KB

.reloc Size: 1024B - Virtual size: 984B

.text
Size: 57KB - Virtual size: 56KB

.rdata
Size: 76KB - Virtual size: 75KB

.data
Size: 11KB - Virtual size: 134KB

.rsrc
Size: 3KB - Virtual size: 2KB

.reloc
Size: 1024B - Virtual size: 984B