df7420075332ae181ab4f80f2db4aad6

Sharing

Copy URL Twitter E-mail

General

Target

df7420075332ae181ab4f80f2db4aad6
Size

868KB
MD5

df7420075332ae181ab4f80f2db4aad6
SHA1

b3cab4d8717f40380dd4fd869c41c9f62a12c816
SHA256

e7e08795fb88e97e5fa8e9ad66482ed88d775f3e187ae93ac2f5c9c8dd3cf6f8
SHA512

f1118d2aa31dc6de285d7568c0eb0ebe8dd1596f068fb6b08144b822118ea16d71fa836c41b4037017ebb4e6ca9a6bb0ef69f888254e2300556540738c58f338
SSDEEP

24576:gJG3K+vhNjF+8LZSHJCfVtS+aB8ai7WCluDXa5WY:gIKIhDlLZmJCfbS+h/7WCoDXa5T

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
df7420075332ae181ab4f80f2db4aad6

Files

df7420075332ae181ab4f80f2db4aad6
.exe windows:5 windows x86 arch:x86

99abf67756f518e60515b7872ce04038

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

CreateMailslotA
TlsGetValue
GetConsoleWindow
SetCalendarInfoA
DeleteAtom
FreeResource
LeaveCriticalSection
GetConsoleScreenBufferInfo
GetCurrentActCtx
PeekConsoleInputW
lstrlenA
EnterCriticalSection
NlsGetCacheUpdateCount
LoadLibraryA
VirtualAlloc
LocalHandle
MoveFileExA
GetProfileIntA
GetConsoleSelectionInfo
HeapValidate
QueryActCtxW
GetCurrentThread
GetVersion
GetCurrentProcess
GetProcessIoCounters
FindActCtxSectionGuid
CreateTimerQueueTimer
DeleteCriticalSection
GetEnvironmentStringsA
UnmapViewOfFile
SetProcessWorkingSetSize
MoveFileExW
InterlockedIncrement
lstrcpynA
LocalFlags
CallNamedPipeA
GetConsoleTitleA
CreateJobObjectW
GetProcessShutdownParameters
_hwrite
GetLongPathNameA

resutils

ClusWorkerTerminate
ResUtilSetBinaryValue
ResUtilGetResourceName
ResUtilAddUnknownProperties
ResUtilSetPropertyParameterBlock
ResUtilVerifyPrivatePropertyList
ResUtilSetPropertyTable
ResUtilGetResourceNameDependency
ResUtilGetPropertySize
ResUtilVerifyService
ResUtilEnumResourcesEx
ResUtilSetPropertyTableEx
ResUtilGetBinaryValue
ResUtilGetDwordValue
ResUtilFindDependentDiskResourceDriveLetter
ResUtilGetSzProperty
ResUtilGetPropertyFormats
ResUtilGetProperties
ResUtilSetMultiSzValue
ResUtilFindExpandedSzProperty
ResUtilGetResourceDependencyByName
ResUtilGetMultiSzProperty
ResUtilStopService
ResUtilGetSzValue
ResUtilFindBinaryProperty
ResUtilIsResourceClassEqual
ResUtilSetExpandSzValue
ClusWorkerStart

msvcrt40

_set_error_mode
_adjust_fdiv
_ismbckata
__argc
__p__winminor
?is_open@fstream@@QBEHXZ
??3@YAXPAX@Z
_ecvt
_mbsnbset
?setmode@fstream@@QAEHH@Z
??0bad_cast@@QAE@ABQBD@Z
__p__wenviron
?init@ios@@IAEXPAVstreambuf@@@Z
_mbsnbcat
strerror
_unloaddll
?seekg@istream@@QAEAAV1@JW4seek_dir@ios@@@Z
??4Iostream_init@@QAEAAV0@ABV0@@Z
_CIexp
?flags@ios@@QBEJXZ
?setf@ios@@QAEJJJ@Z
_c_exit
?_set_new_handler@@YAP6AHI@ZP6AHI@Z@Z
??0ostream_withassign@@QAE@ABV0@@Z
??2@YAPAXI@Z
??9type_info@@QBEHABV0@@Z
??0strstreambuf@@QAE@PADH0@Z
??_8istrstream@@7B@
??_Eios@@UAEPAXI@Z
??_Efstream@@UAEPAXI@Z
getc
toupper
?flush@ostream@@QAEAAV1@XZ
??0strstream@@QAE@XZ
_CIatan2
_write
?pbase@streambuf@@IBEPADXZ
calloc
??_Gistream@@UAEPAXI@Z
system
?lock@ios@@QAAXXZ
??_Gofstream@@UAEPAXI@Z
??1strstream@@UAE@XZ
??5istream@@QAEAAV0@P6AAAVios@@AAV1@@Z@Z
_wtoi

odbc32

SQLDisconnect
SQLColumnPrivilegesW
SQLGetTypeInfo
SQLParamData
SQLTablePrivileges
SQLProcedures
SQLDataSourcesW
PostComponentError
SQLGetDescRecA
SQLForeignKeysA
SQLExecDirectW
SQLGetStmtAttrW
SQLSpecialColumnsW
SQLGetConnectOptionA
SQLBrowseConnectW
CursorLibTransact
SQLAllocHandleStd
SQLTablePrivilegesW
ODBCSetTryWaitValue
SQLSpecialColumns
SQLPrimaryKeysA
SQLColAttributesA
SQLSetCursorName
SQLConnectW
CursorLibLockDesc
SQLAllocStmt
SQLPrimaryKeys
SQLSetDescFieldA
SQLGetConnectAttr
SQLForeignKeysW
VFreeErrors
SQLGetEnvAttr
VRetrieveDriverErrorsRowCol
SQLStatisticsA
SQLTransact
CursorLibLockDbc

wininet

InternetGetPerSiteCookieDecisionA
FindFirstUrlCacheContainerA
FindNextUrlCacheEntryExA
FtpCreateDirectoryA
RegisterUrlCacheNotification
HttpSendRequestExA
HttpSendRequestW
SetUrlCacheConfigInfoA
DllInstall
FtpFindFirstFileW
InternetSetCookieExA
GetUrlCacheConfigInfoA
FtpGetFileSize
InternetClearAllPerSiteCookieDecisions
FtpGetCurrentDirectoryA
DeleteUrlCacheEntry
InternetGoOnlineW
InternetGetCookieA
PrivacyGetZonePreferenceW
FindFirstUrlCacheGroup
FtpPutFileW
InternetSetPerSiteCookieDecisionW
InternetCrackUrlA
FindCloseUrlCache
ForceNexusLookup
GopherOpenFileW
GopherGetLocatorTypeW

ws2_32

gethostname
accept
WSAStringToAddressW
WSAAsyncGetProtoByName
WSCInstallNameSpace
WSARecvDisconnect
WSAGetServiceClassInfoA
WSAConnect
WSAAddressToStringA
WSASocketW
connect
WSAAsyncGetProtoByNumber
WSAEnumNameSpaceProvidersW
WSAAsyncSelect
WSACancelBlockingCall
WSAJoinLeaf
select
send
WSASetLastError
WSAGetServiceClassNameByClassIdW
WSADuplicateSocketA
WSAProviderConfigChange
WSAIoctl
WSAResetEvent
WSCWriteProviderOrder
WSASendDisconnect
WSANSPIoctl
ioctlsocket
sendto
listen
getprotobyname
bind

winscard

SCardConnectW
SCardListReadersW
SCardForgetReaderGroupA
SCardForgetReaderGroupW
SCardForgetCardTypeW
SCardCancel
SCardAccessStartedEvent
SCardReleaseStartedEvent
SCardIntroduceReaderA
SCardReleaseContext
SCardAddReaderToGroupW
SCardListCardsA
SCardEndTransaction
SCardLocateCardsW
SCardTransmit
ClassInstall32
SCardIntroduceCardTypeW
SCardBeginTransaction
SCardRemoveReaderFromGroupA
SCardReconnect
SCardControl
SCardForgetCardTypeA
SCardRemoveReaderFromGroupW
SCardAccessNewReaderEvent
SCardIsValidContext
SCardListInterfacesW
SCardReleaseNewReaderEvent
SCardGetCardTypeProviderNameA
SCardLocateCardsByATRW
SCardGetCardTypeProviderNameW
SCardAddReaderToGroupA
SCardListReadersA
SCardForgetReaderA
SCardGetAttrib
SCardSetCardTypeProviderNameA
SCardIntroduceReaderGroupW
SCardIntroduceReaderW
SCardStatusA
SCardListReaderGroupsA
SCardLocateCardsByATRA
SCardGetProviderIdW
SCardListCardsW
g_rgSCardT1Pci

Sections

.text
Size: 131KB - Virtual size: 131KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 306KB - Virtual size: 305KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 426KB - Virtual size: 1.8MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

99abf67756f518e60515b7872ce04038

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

resutils

msvcrt40

odbc32

wininet

ws2_32

winscard

Sections

.text Size: 131KB - Virtual size: 131KB

.rdata Size: 306KB - Virtual size: 305KB

.data Size: 426KB - Virtual size: 1.8MB

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 1KB - Virtual size: 1KB

.text
Size: 131KB - Virtual size: 131KB

.rdata
Size: 306KB - Virtual size: 305KB

.data
Size: 426KB - Virtual size: 1.8MB

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 1KB - Virtual size: 1KB