d5d212ca7f6c14ecffae2d3b76b96d08

Sharing

Copy URL

Twitter E-mail

General

Target

d5d212ca7f6c14ecffae2d3b76b96d08
Size

93KB
MD5

d5d212ca7f6c14ecffae2d3b76b96d08
SHA1

5d43c94f5bbb0d40ec416f62ea31a1114f305c07
SHA256

23f5472f61144bec22f71687aba81a561d8de67d233cebce0f80e1733f4859eb
SHA512

a15f85c442cbf89fc0f5e497c0aa16a635742db44fd16e42955b3071750b7e1222ece761bd77b81de9d4be9844219c49efc95bf3ef34b9e5f30671af668963d9
SSDEEP

1536:cj0uHIXba9d03PzAg6FvLIZVMImPgDfJHos00dbJcpcMP0C+XDwz5c1U:W0uoXbaa6pIvMIySqaJQPBh

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
d5d212ca7f6c14ecffae2d3b76b96d08

Files

d5d212ca7f6c14ecffae2d3b76b96d08
.exe windows:5 windows x86 arch:x86

ed194ce7356bdd44bf7634577251305f

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

traffic

TcSetInterface
TcDeregisterClient
TcEnumerateFlows
TcQueryInterface
TcOpenInterfaceW
TcRegisterClient
TcQueryFlowA
TcAddFlow
TcDeleteFlow
TcModifyFlow
TcCloseInterface
TcAddFilter
TcGetFlowNameW
TcSetFlowA
TcQueryFlowW
TcOpenInterfaceA
TcGetFlowNameA

kernel32

GetConsoleCommandHistoryW
GetCPInfoExW
DefineDosDeviceA
SetThreadPriority
LoadLibraryA
VirtualAlloc
GetExitCodeProcess
FindFirstChangeNotificationW
EnumCalendarInfoW
GlobalFindAtomW
EnumerateLocalComputerNamesW
LZCopy
LocalUnlock
DeleteTimerQueueTimer
ActivateActCtx
GetConsoleSelectionInfo
ReadConsoleOutputW
GetCommandLineA

mmcbase

??4?$CEventLock@UAppEvents@@@@QAEAAV0@ABV0@@Z
?Throw@SC@mmcerror@@QAEXXZ
?FormatErrorShort@@YGXVSC@mmcerror@@IPAG@Z
?FromWin32@SC@mmcerror@@QAEAAV12@J@Z
?GetCode@SC@mmcerror@@QBEJXZ
?MMCUpdateRegistry@@YGJHPBVCObjectRegParams@@PBVCControlRegParams@@@Z
?SetMainThreadID@SC@mmcerror@@SGXK@Z
?GetHWnd@SC@mmcerror@@SGPAUHWND__@@XZ
?s_dwMainThreadID@SC@mmcerror@@0KA
?FatalError@SC@mmcerror@@QBEXXZ
?InternalLastRefReleased@CMMCStrongReferences@@AAE_NXZ
?GetStringModule@@YGPAUHINSTANCE__@@XZ
?InternalAddRef@CMMCStrongReferences@@AAEKXZ
?s_pDispatcher@CConsoleEventDispatcherProvider@@0PAVCConsoleEventDispatcher@@A

msvcrt

_ismbckata
ldexp
_scalb
_mbcasemap
__DestructExceptionObject
fclose
_filelength
swscanf
_fileno
__p__commode
_callnewh
exit
__set_app_type
_mbspbrk
_adj_fprem
remove

Sections

.text
Size: 41KB - Virtual size: 40KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 25KB - Virtual size: 31KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 25KB - Virtual size: 25KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 280B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

ed194ce7356bdd44bf7634577251305f

Headers

DLL Characteristics

File Characteristics

Imports

traffic

kernel32

mmcbase

msvcrt

Sections

.text Size: 41KB - Virtual size: 40KB

.data Size: 25KB - Virtual size: 31KB

.rsrc Size: 25KB - Virtual size: 25KB

.reloc Size: 512B - Virtual size: 280B

.text
Size: 41KB - Virtual size: 40KB

.data
Size: 25KB - Virtual size: 31KB

.rsrc
Size: 25KB - Virtual size: 25KB

.reloc
Size: 512B - Virtual size: 280B