e039ec682b376733dc95fa8f7533ac3a

Sharing

Copy URL Twitter E-mail

General

Target

e039ec682b376733dc95fa8f7533ac3a
Size

862KB
MD5

e039ec682b376733dc95fa8f7533ac3a
SHA1

67db0e86c73900b535cefd02a6597f0996ddcd20
SHA256

5cd22a2667bb2ee0dc2312d6645e76b9e3e90e472b72eb14cf450d721f04eb6c
SHA512

e66e6f9d5e22d5217903d5d6840d3e780e03f1f8ca9384285e8b1d213e0456098e2125bf4ee991938358aa46b1a3683158cc17dd1feea9ad2ce5834017204a9e
SSDEEP

24576:xh2MeKo+2iPYta1ErhwiRy12P1U6dRY+tY+5jMJztXk:YO2iV8+iYodU6d71jMJz9k

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
e039ec682b376733dc95fa8f7533ac3a

Files

e039ec682b376733dc95fa8f7533ac3a
.exe windows:5 windows x86 arch:x86

5fcaa8c33b615bb16a8418eb76a8f7a9

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

EnumTimeFormatsA
EnumUILanguagesW
GetModuleFileNameW
LZOpenFileW
GetSystemTime
ReadConsoleOutputAttribute
CancelWaitableTimer
WriteConsoleInputA
Heap32ListFirst
LoadLibraryA
EnumResourceNamesW
EnterCriticalSection
SetCriticalSectionSpinCount
Thread32Next
CreateRemoteThread
GetNumberOfConsoleFonts
GetCommandLineA
ReadFileEx
GetSystemDefaultLCID
LocalFree
VirtualAlloc
_lclose
RequestWakeupLatency
GetModuleHandleW
IsValidCodePage
GetConsoleAliasW
Module32FirstW
Heap32Next
GetThreadTimes
SetClientTimeZoneInformation
GetCommProperties
InitializeSListHead
WriteFileEx
WTSGetActiveConsoleSessionId
RtlFillMemory
lstrcatA
GetEnvironmentStringsA
GetConsoleProcessList
GlobalFlags
MoveFileWithProgressW

user32

CheckMenuRadioItem
OemToCharA
GetClassNameW
SetMenuDefaultItem
CopyImage
TrackPopupMenuEx
TileWindows
SetSystemMenu
LoadAcceleratorsW
GetWindowRgn
GetLastInputInfo
CreatePopupMenu
EnableScrollBar
SwitchToThisWindow
DrawIconEx
MonitorFromPoint
DispatchMessageA
NotifyWinEvent
MessageBoxIndirectW
IsCharLowerW
ChangeDisplaySettingsA
SetTaskmanWindow
DestroyMenu
DrawCaptionTempA
GetKeyNameTextA
OffsetRect
SetWindowContextHelpId
ShowStartGlass
SubtractRect
WCSToMBEx
PeekMessageA
QuerySendMessage
ReleaseCapture

ntdll

_alloca_probe
__toascii
ZwModifyBootEntry
RtlFreeHandle
NtDeleteObjectAuditAlarm
RtlGetVersion
RtlFindMostSignificantBit
RtlConvertUlongToLargeInteger
RtlSecondsSince1980ToTime
RtlFindLeastSignificantBit
RtlDestroyProcessParameters
NtRenameKey
LdrInitializeThunk
ZwSecureConnectPort
iscntrl
LdrLoadAlternateResourceModule
DbgQueryDebugFilterState
RtlNumberGenericTableElementsAvl
KiUserExceptionDispatcher
wcscat
ZwQuerySection
ZwQuerySemaphore
NtOpenKeyedEvent
NtReleaseSemaphore
RtlLocalTimeToSystemTime
NtWaitForKeyedEvent

shlwapi

PathUnExpandEnvStringsA
StrToIntW
UrlEscapeW
SHEnumValueA
StrCmpNIW
PathRemoveExtensionW
StrChrNW
PathMatchSpecA
SHReleaseThreadRef
SHCreateShellPalette
StrToIntExW
PathIsURLW
AssocQueryStringByKeyA
UrlCanonicalizeA
StrCSpnIW
StrDupW
SHGetInverseCMAP
StrSpnA
StrRetToBufA
PathMakePrettyW
AssocQueryStringW
SHOpenRegStreamA
SHCopyKeyA
StrCatW
PathIsSameRootW
StrRetToStrW
PathIsDirectoryEmptyA
SHRegDuplicateHKey

winipsec

EnumQMSAs
SetMMFilter
DeleteMMAuthMethods
GetTransportFilter
CloseTransportFilterHandle
AddMMPolicy
SetTunnelFilter
GetMMPolicy
GetMMFilter
DeleteTunnelFilter
SetMMPolicy
AddTransportFilter
AddMMAuthMethods
GetMMAuthMethods
DeleteQMPolicy
OpenMMFilterHandle
SPDApiBufferFree
OpenTunnelFilterHandle
EnumMMPolicies
OpenTransportFilterHandle
CloseMMFilterHandle
GetQMPolicyByID
AddQMPolicy
GetQMPolicy
GetTunnelFilter
SetTransportFilter
GetMMPolicyByID
DeleteTransportFilter
DeleteMMPolicy
MatchTransportFilter
EnumMMFilters
AddMMFilter
DeleteMMFilter
EnumMMAuthMethods
MatchMMFilter
EnumTunnelFilters

rtm

RtmDeregisterEntity
RtmDeregisterFromChangeNotification
MgmGroupEnumerationGetNext
RtmCreateNextHopEnum
RtmGetListEnumRoutes
RtmWriteInstanceConfig
RtmDeleteEnumHandle
MgmAddGroupMembershipEntry
RtmBlockMethods
RtmReleaseNextHops
RtmRegisterForChangeNotification
MgmDeRegisterMProtocol
MgmDeleteGroupMembershipEntry
RtmInvokeMethod
RtmGetChangedDests
DestroyTable
RtmReferenceHandles
RtmGetChangeStatus
RtmDeleteRouteTable
RtmGetNextRoute
MgmGetNextMfeStats
RtmHoldDestination
RtmDeregisterClient
RtmDeleteRouteToDest
MgmDeInitialize
RtmGetNextHopInfo
RtmCloseEnumerationHandle
RtmGetEnumNextHops
RtmLockNextHop
RtmGetInstances
RtmGetNextHopPointer
MgmInitialize
MgmGetFirstMfeStats
InsertIntoTable
RtmGetEnumRoutes
RtmDeleteRoute
RtmAddNextHop

Sections

.text
Size: 440KB - Virtual size: 440KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 335KB - Virtual size: 335KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 83KB - Virtual size: 1.5MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 1024B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

5fcaa8c33b615bb16a8418eb76a8f7a9

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

ntdll

shlwapi

winipsec

rtm

Sections

.text Size: 440KB - Virtual size: 440KB

.rdata Size: 335KB - Virtual size: 335KB

.data Size: 83KB - Virtual size: 1.5MB

.rsrc Size: 1024B - Virtual size: 1024B

.reloc Size: 1KB - Virtual size: 1KB

.text
Size: 440KB - Virtual size: 440KB

.rdata
Size: 335KB - Virtual size: 335KB

.data
Size: 83KB - Virtual size: 1.5MB

.rsrc
Size: 1024B - Virtual size: 1024B

.reloc
Size: 1KB - Virtual size: 1KB