de13a07e0ccc7b203af9d54c8fd1348c

Sharing

Copy URL Twitter E-mail

General

Target

de13a07e0ccc7b203af9d54c8fd1348c
Size

132KB
MD5

de13a07e0ccc7b203af9d54c8fd1348c
SHA1

cbc4b29f0388ee0edc7ec5ca5f41410148cb1053
SHA256

480337aba6b8d41652d53eec6f2aed0a730058c12b219ef9f40cd341bd4d2032
SHA512

09a5f53fcd7a4f5ea5c35669e27dc595e5867eb0cc81f2047a31c3d219f4660ed87db025fd71eb144164f19a7d907d4b45ed1dce1abbd27d66418d7e5544e684
SSDEEP

1536:3r83LfLnn2RQZjQofWAeoJ/DRW1A+CkJrMoAByfHs9d4n3l9a+wawEZSRYIPqCyd:UifAoJotyfMKE0IP2M7sHSO7

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
de13a07e0ccc7b203af9d54c8fd1348c

Files

de13a07e0ccc7b203af9d54c8fd1348c
.exe windows:5 windows x86 arch:x86

38324cf0441ddfa7dbeec718800d19c6

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

PDB Paths

f:\Saazondemand\RemoteControlAgent\Tunnel Stuff\MY Stuff\Dot Net\Rmhlpdsk\Rmhlpdsk\Release\RMHLPDSK.pdb

Imports

ws2_32

inet_ntoa
inet_addr
WSAStartup

kernel32

CreateMutexA
LocalFree
FormatMessageA
InterlockedExchange
GetACP
GetLocaleInfoA
GetThreadLocale
GetVersionExA
RaiseException
InitializeCriticalSection
DeleteCriticalSection
GetPrivateProfileStringA
CreateProcessA
lstrcmpiA
WritePrivateProfileStringA
TerminateProcess
TerminateThread
InterlockedIncrement
InterlockedDecrement
CreateThread
GetExitCodeProcess
GetExitCodeThread
lstrlenW
GetModuleHandleA
MultiByteToWideChar
GetModuleFileNameA
LeaveCriticalSection
EnterCriticalSection
WideCharToMultiByte
FreeLibrary
SizeofResource
LoadResource
FindResourceA
LoadLibraryExA
lstrcpynA
IsDBCSLeadByte
GetCurrentProcess
GetCurrentThreadId
SetCurrentDirectoryA
lstrcpyW
GetProcAddress
LoadLibraryA
ReadFile
SetEnvironmentVariableA
CompareStringW
CompareStringA
FlushFileBuffers
SetStdHandle
LCMapStringW
LCMapStringA
IsBadCodePtr
WaitForSingleObject
ReleaseMutex
CloseHandle
lstrcpyA
lstrcatA
CreateFileA
GetFileSize
DeleteFileA
SetFilePointer
WriteFile
GetLastError
SetFileAttributesA
lstrlenA
CreateDirectoryA
GetEnvironmentStrings
GetLocalTime
FreeEnvironmentStringsA
UnhandledExceptionFilter
GetStdHandle
IsBadReadPtr
GetStringTypeW
GetStringTypeA
GetFileType
SetHandleCount
GetEnvironmentStringsW
GetCPInfo
GetOEMCP
SetUnhandledExceptionFilter
IsBadWritePtr
VirtualFree
HeapCreate
HeapDestroy
TlsGetValue
TlsSetValue
RtlUnwind
ExitProcess
GetTimeFormatA
GetDateFormatA
GetSystemTimeAsFileTime
HeapFree
HeapAlloc
VirtualProtect
VirtualAlloc
GetSystemInfo
VirtualQuery
HeapReAlloc
HeapSize
GetStartupInfoA
GetCommandLineA
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
GetTimeZoneInformation
TlsAlloc
SetLastError
TlsFree
FreeEnvironmentStringsW

user32

GetMessageA
TranslateMessage
CharNextA
PostThreadMessageA
SetTimer
KillTimer
DispatchMessageA
TranslateAcceleratorA

advapi32

OpenServiceA
ImpersonateLoggedOnUser
RevertToSelf
OpenSCManagerA
CloseServiceHandle
QueryServiceStatus
OpenProcessToken
RegSetValueExA
RegEnumKeyExA
RegQueryInfoKeyA
RegDeleteValueA
RegCreateKeyExA
RegDeleteKeyA
RegQueryValueExA
RegOpenKeyExA
RegCloseKey
LookupPrivilegeValueA
AdjustTokenPrivileges

ole32

CoCreateInstance
CoTaskMemFree
CoTaskMemAlloc
CoTaskMemRealloc
OleRun
CLSIDFromProgID
CLSIDFromString
CoInitialize
CoUninitialize

oleaut32

SysAllocString
VariantInit
DispCallFunc
VariantClear
VarUI4FromStr
SysStringLen
SysStringByteLen
SysAllocStringByteLen
SysFreeString
GetErrorInfo

Sections

.text
Size: 96KB - Virtual size: 92KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 20KB - Virtual size: 19KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

38324cf0441ddfa7dbeec718800d19c6

Headers

File Characteristics

PDB Paths

Imports

ws2_32

kernel32

user32

advapi32

ole32

oleaut32

Sections

.text Size: 96KB - Virtual size: 92KB

.rdata Size: 20KB - Virtual size: 19KB

.data Size: 8KB - Virtual size: 13KB

.rsrc Size: 4KB - Virtual size: 2KB

.text
Size: 96KB - Virtual size: 92KB

.rdata
Size: 20KB - Virtual size: 19KB

.data
Size: 8KB - Virtual size: 13KB

.rsrc
Size: 4KB - Virtual size: 2KB