aed4584863417e6f5b5769e1cfd366ec90e9e8df9e87e3c977212a12a7410530

Sharing

Copy URL

Twitter E-mail

General

Target

aed4584863417e6f5b5769e1cfd366ec90e9e8df9e87e3c977212a12a7410530
Size

796KB
MD5

ecf496cfed962afd923d73576633a810
SHA1

62f53ef7db3f013f56271d65fb5177f29f215941
SHA256

aed4584863417e6f5b5769e1cfd366ec90e9e8df9e87e3c977212a12a7410530
SHA512

65cc989d2f47644d83de43c212ec20a5b68be5d34f679989bd801b893c7f69ff42ca148a93a14eae4023e8d30719b15f331f0b2aaad6584e47f674677b9637bf
SSDEEP

12288:MBim9Tnts08FbKuPcA8NAc1l/XkGaZKoRQIpRX2/0Ak2ng/Zi66wNdufAdNo:o/nts0Q9K/0ooRQIxAk2wi0N/A

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
aed4584863417e6f5b5769e1cfd366ec90e9e8df9e87e3c977212a12a7410530

Files

aed4584863417e6f5b5769e1cfd366ec90e9e8df9e87e3c977212a12a7410530
.dll windows:5 windows x64 arch:x64

e8eb55b0c30a51d6debf49c2415612ee

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

TTPnpins.pdb

Imports

advapi32

SaferCreateLevel
RegEnumValueW

comdlg32

GetSaveFileNameW

setupapi

CM_Get_Sibling_Ex

Exports

Exports

LogonIdFromWinStationNameA
LogonIdFromWinStationNameW
RemoteAssistancePrepareSystemRestore
ServerGetInternetConnectorStatus
ServerLicensingClose
ServerLicensingDeactivateCurrentPolicy
ServerLicensingFreePolicyInformation
ServerLicensingGetAvailablePolicyIds
ServerLicensingGetPolicy
ServerLicensingGetPolicyInformationA
ServerLicensingGetPolicyInformationW
ServerLicensingLoadPolicy
ServerLicensingOpenA
ServerLicensingOpenW
ServerLicensingSetPolicy
ServerLicensingUnloadPolicy
ServerQueryInetConnectorInformationA
ServerQueryInetConnectorInformationW
ServerSetInternetConnectorStatus
WinStationActivateLicense
WinStationAutoReconnect
WinStationBroadcastSystemMessage
WinStationCheckAccess
WinStationCheckLoopBack
WinStationCloseServer
WinStationConnectA
WinStationConnectCallback
WinStationConnectEx
WinStationConnectW
WinStationDisconnect
WinStationEnumerateA
WinStationEnumerateExW
WinStationEnumerateLicenses
WinStationEnumerateProcesses
WinStationEnumerateW
WinStationEnumerate_IndexedA
WinStationEnumerate_IndexedW
WinStationFreeConsoleNotification
WinStationFreeGAPMemory
WinStationFreeMemory
WinStationFreePropertyValue
WinStationFreeUserCertificates
WinStationFreeUserCredentials
WinStationGenerateLicense
WinStationGetAllProcesses
WinStationGetAllSessionsW
WinStationGetConnectionProperty
WinStationGetDeviceId
WinStationGetInitialApplication
WinStationGetLanAdapterNameA
WinStationGetLanAdapterNameW
WinStationGetLoggedOnCount
WinStationGetMachinePolicy
WinStationGetProcessSid
WinStationGetRestrictedLogonInfo
WinStationGetSessionIds
WinStationGetTermSrvCountersValue
WinStationGetUserCertificates
WinStationGetUserCredentials
WinStationGetUserProfile
WinStationInstallLicense
WinStationIsHelpAssistantSession
WinStationIsSessionPermitted
WinStationIsSessionRemoteable
WinStationNameFromLogonIdA
WinStationNameFromLogonIdW
WinStationNegotiateSession
WinStationNtsdDebug
WinStationOpenServerA
WinStationOpenServerExA
WinStationOpenServerExW
WinStationOpenServerW
WinStationQueryAllowConcurrentConnections
WinStationQueryEnforcementCore
WinStationQueryInformationA
WinStationQueryInformationW
WinStationQueryLicense
WinStationQueryLogonCredentialsW
WinStationQuerySessionVirtualIP
WinStationQueryUpdateRequired
WinStationRedirectErrorMessage
WinStationRedirectLogonBeginPainting
WinStationRedirectLogonError
WinStationRedirectLogonMessage
WinStationRedirectLogonStatus
WinStationRegisterConsoleNotification
WinStationRegisterConsoleNotificationEx
WinStationRegisterNotificationEvent
WinStationRemoveLicense
WinStationRenameA
WinStationRenameW
WinStationReportUIResult
WinStationReset
WinStationRevertFromServicesSession
WinStationSendMessageA
WinStationSendMessageW
WinStationSendWindowMessage
WinStationServerPing
WinStationSetAutologonPassword
WinStationSetInformationA
WinStationSetInformationW
WinStationSetPoolCount
WinStationShadow
WinStationShadowStop
WinStationShutdownSystem
WinStationSwitchToServicesSession
WinStationSystemShutdownStarted
WinStationSystemShutdownWait
WinStationTerminateProcess
WinStationUnRegisterConsoleNotification
WinStationUnRegisterNotificationEvent
WinStationUserLoginAccessCheck
WinStationVerify
WinStationVirtualOpen
WinStationVirtualOpenEx
WinStationWaitSystemEvent
_NWLogonQueryAdmin
_NWLogonSetAdmin
_WinStationAnnoyancePopup
_WinStationBeepOpen
_WinStationBreakPoint
_WinStationCallback
_WinStationCheckForApplicationName
_WinStationFUSCanRemoteUserDisconnect
_WinStationGetApplicationInfo
_WinStationNotifyDisconnectPipe
_WinStationNotifyLogoff
_WinStationNotifyLogon
_WinStationNotifyNewSession
_WinStationOpenSessionDirectory
_WinStationReInitializeSecurity
_WinStationReadRegistry
_WinStationSessionInitialized
_WinStationShadowTarget
_WinStationShadowTarget2
_WinStationShadowTargetSetup
_WinStationUpdateClientCachedCredentials
_WinStationUpdateSettings
_WinStationUpdateUserConfig
_WinStationWaitForConnect

Sections

.text
Size: 20KB - Virtual size: 19KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 524KB - Virtual size: 521KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 108KB - Virtual size: 105KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 4KB - Virtual size: 312B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_READ

.rsrc
Size: 28KB - Virtual size: 27KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 12KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Size: 4KB - Virtual size: 503B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Size: 4KB - Virtual size: 802B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Size: 4KB - Virtual size: 503B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Size: 8KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Size: 28KB - Virtual size: 27KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Size: 4KB - Virtual size: 954B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Size: 4KB - Virtual size: 431B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Size: 8KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

e8eb55b0c30a51d6debf49c2415612ee

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

advapi32

comdlg32

setupapi

Exports

Exports

Sections

.text Size: 20KB - Virtual size: 19KB

.rdata Size: 524KB - Virtual size: 521KB

.data Size: 108KB - Virtual size: 105KB

.pdata Size: 4KB - Virtual size: 312B

.rsrc Size: 28KB - Virtual size: 27KB

.reloc Size: 12KB - Virtual size: 11KB

Size: 4KB - Virtual size: 1KB

Size: 4KB - Virtual size: 1KB

Size: 4KB - Virtual size: 1KB

Size: 4KB - Virtual size: 1KB

Size: 4KB - Virtual size: 503B

Size: 4KB - Virtual size: 802B

Size: 4KB - Virtual size: 503B

Size: 4KB - Virtual size: 2KB

Size: 4KB - Virtual size: 2KB

Size: 4KB - Virtual size: 2KB

Size: 8KB - Virtual size: 4KB

Size: 28KB - Virtual size: 27KB

Size: 4KB - Virtual size: 954B

Size: 4KB - Virtual size: 431B

Size: 4KB - Virtual size: 2KB

Size: 8KB - Virtual size: 5KB

.text
Size: 20KB - Virtual size: 19KB

.rdata
Size: 524KB - Virtual size: 521KB

.data
Size: 108KB - Virtual size: 105KB

.pdata
Size: 4KB - Virtual size: 312B

.rsrc
Size: 28KB - Virtual size: 27KB

.reloc
Size: 12KB - Virtual size: 11KB