de4e69265738250bded67dccbc60c324

Sharing

Copy URL Twitter E-mail

General

Target

de4e69265738250bded67dccbc60c324
Size

40KB
MD5

de4e69265738250bded67dccbc60c324
SHA1

3df9694f638e00943e502bb13fb07fb864cbc89c
SHA256

35f5e0975b83e718f202b188de04bfc1cafe3009cff30055701f2ece2566bf56
SHA512

45415cb51b351eb6d00c413e2aafeca82758f29d797282abe9ffd3a8f2fee22767e9f48ef269616bdca90b43788d5e82c27e1ad257841d6dca7bc62f0f86cd38
SSDEEP

768:IRGMyxH+ObVbMhZrEDlByXLmQBqWfBTlKIUia0fNF7S9qBWIshe2Cn:IgMqH+ObVb6r8lBwmUbcb9ysqBtoefn

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
de4e69265738250bded67dccbc60c324

Files

de4e69265738250bded67dccbc60c324
.exe windows:5 windows x86 arch:x86

b98a5c713f589cd9400479cd78e8acb9

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

OutputDebugStringW
GetLocaleInfoW
GetConsoleAliasesA
GetVolumePathNameW
LoadLibraryA
GetSystemDirectoryW
CloseConsoleHandle
GlobalFindAtomW
VirtualAlloc
GlobalFix
OpenConsoleW
DefineDosDeviceA
PostQueuedCompletionStatus
EnumResourceNamesA
_lopen
SetFilePointer
lstrcmpiW
LCMapStringA
OpenEventA
ReleaseActCtx
LZInit
IsValidCodePage
AttachConsole
SetCalendarInfoW
VerifyVersionInfoA
WaitNamedPipeW
WritePrivateProfileStringA
GetDateFormatW

security

AcquireCredentialsHandleW
ExportSecurityContext
EnumerateSecurityPackagesW
QuerySecurityPackageInfoA
QueryCredentialsAttributesA
QueryCredentialsAttributesW
QueryContextAttributesA
AcceptSecurityContext
DeleteSecurityPackageA
UnsealMessage
InitializeSecurityContextA
ImportSecurityContextA
AcquireCredentialsHandleA
AddSecurityPackageA
FreeContextBuffer
ImportSecurityContextW
RevertSecurityContext
SealMessage
InitSecurityInterfaceA
DeleteSecurityPackageW
EncryptMessage
VerifySignature
AddSecurityPackageW
FreeCredentialsHandle

dssenh

CPGetKeyParam
CPHashSessionKey
CPDecrypt
CPReleaseContext
CPGenKey
CPAcquireContext
CPImportKey
CPGetUserKey
CPGenRandom
CPVerifySignature
CPDeriveKey
CPCreateHash
CPEncrypt
CPDuplicateKey
CPSetKeyParam
CPSignHash
CPSetProvParam
CPGetHashParam
CPDuplicateHash
CPExportKey
CPGetProvParam
CPDestroyHash
CPHashData
CPSetHashParam

netapi32

I_NetDfsIsThisADomainName
NetReplExportDirEnum
NetErrorLogWrite
NetUseEnum
NetGroupEnum
DsGetDcNameWithAccountA
NetDfsRemoveFtRootForced
DsMergeForestTrustInformationW
DsRoleCancel
NetUnjoinDomain
NetMessageNameEnum
NetAlertRaiseEx
I_NetLogonSamLogonWithFlags
NetUserDel
NetDfsGetClientInfo
NetGetJoinableOUs
I_NetDatabaseSync2
NetpOpenConfigData
DsDeregisterDnsHostRecordsA
NetEnumerateComputerNames
NetDfsRename
NetpGetConfigDword
NetDfsGetDcAddress

esent

JetGetTableInfo
JetResetSessionContext
JetConvertDDL
JetSetColumns
JetIdle
JetRestore2
JetGetBookmark
JetMakeKey
JetExternalRestore2
JetBeginExternalBackupInstance
JetSetDatabaseSize
JetInit2
JetUpdate
JetEndExternalBackupInstance2
JetDBUtilities
JetAttachDatabaseWithStreaming
JetCreateTableColumnIndex
JetDupSession
JetStopServiceInstance

crtdll

_statusfp
_pctype_dll
wctomb
sprintf
realloc
pow
_mbsrev
tmpnam
_get_osfhandle
_clearfp
asin
_ismbbkpunct
_swab
clock
_control87
ftell
setvbuf

Sections

.text
Size: 30KB - Virtual size: 30KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1KB - Virtual size: 31KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

b98a5c713f589cd9400479cd78e8acb9

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

security

dssenh

netapi32

esent

crtdll

Sections

.text Size: 30KB - Virtual size: 30KB

.rdata Size: 5KB - Virtual size: 5KB

.data Size: 1KB - Virtual size: 31KB

.rsrc Size: 1KB - Virtual size: 1KB

.text
Size: 30KB - Virtual size: 30KB

.rdata
Size: 5KB - Virtual size: 5KB

.data
Size: 1KB - Virtual size: 31KB

.rsrc
Size: 1KB - Virtual size: 1KB