dfa1ff268964a45771b5070867e1c34d

Sharing

Copy URL

Twitter E-mail

General

Target

dfa1ff268964a45771b5070867e1c34d
Size

86KB
MD5

dfa1ff268964a45771b5070867e1c34d
SHA1

af17436db40dded93bef465e16432c6d38ba50a7
SHA256

25098b7cf161a2a1001d42aefcb7957992a6a31db0ec7d1e24932d0878b7f682
SHA512

724207922e41a6db02f610641904d5382222f3f863db34cc6be6b0441545e32ab1447053ffeed5e4193bf5978f4014ca93643ae32f21f4684d7e30cd4296e3d4
SSDEEP

1536:5Bn2zVkgderKTt91GW0DNFusD6WxBQHwbhCQY6T9/M+in3hSmzTs2+fdm/DNzquz:/f8ereD1GW0DNFusHrQHuhfye2+Fmrrz

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
dfa1ff268964a45771b5070867e1c34d

Files

dfa1ff268964a45771b5070867e1c34d
.exe windows:5 windows x86 arch:x86

7a814eb6030eebb038098e5be8075779

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

imagehlp

ImageRvaToSection
UpdateDebugInfoFile
RemoveRelocations
ImagehlpApiVersion
SymInitialize
SymCleanup
SymRegisterFunctionEntryCallback64
ImageDirectoryEntryToData
SymGetSymFromName64
SymGetSymFromName
SymGetModuleBase64
RemovePrivateCvSymbolicEx
SymGetLineFromAddr64
SymGetLineNext
SearchTreeForFile
SymGetSymNext
SymGetModuleBase
GetTimestampForLoadedLibrary
SymEnumerateModules
SymEnumerateSymbolsW
EnumerateLoadedModules64

kernel32

GetProcessTimes
SetFileAttributesA
GetSystemTimeAsFileTime
GetStartupInfoA
GetConsoleKeyboardLayoutNameW
OpenSemaphoreA
ReadConsoleInputExW
VirtualAlloc
GetCurrentThreadId
GetCurrentProcessId
GetProcessHeaps
GetConsoleAliasExesW
ShowConsoleCursor
GetLastError
QueryPerformanceCounter
SetFileAttributesW
HeapCreate
WriteFileEx
GetTickCount
FindActCtxSectionStringA
OpenConsoleW
LoadLibraryA
IsProcessInJob

msvcp60

?do_narrow@?$ctype@G@std@@MBEPBGPBG0DPAD@Z
?copy@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QBEIPAGII@Z
??1messages_base@std@@UAE@XZ
?assign@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@ABV12@@Z
??4?$basic_streambuf@GU?$char_traits@G@std@@@std@@QAEAAV01@ABV01@@Z
?assign@?$char_traits@G@std@@SAXAAGABG@Z
?bad@ios_base@std@@QBE_NXZ
?_Gninc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAEPADXZ
??5?$basic_istream@DU?$char_traits@D@std@@@std@@QAEAAV01@AAG@Z
??Dstd@@YA?AV?$complex@N@0@ABNABV10@@Z
??1?$num_get@GV?$istreambuf_iterator@GU?$char_traits@G@std@@@std@@@std@@UAE@XZ
??_7length_error@std@@6B@
??Mstd@@YA_NPBDABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@@Z
?fail@ios_base@std@@QBE_NXZ
??_7domain_error@std@@6B@
??_F?$moneypunct@G$00@std@@QAEXXZ
??4?$complex@M@std@@QAEAAV01@ABV01@@Z
??1length_error@std@@UAE@XZ
??4_Num_float_base@std@@QAEAAU01@ABU01@@Z
??Kstd@@YA?AV?$complex@O@0@ABV10@ABO@Z
??0?$money_get@GV?$istreambuf_iterator@GU?$char_traits@G@std@@@std@@@std@@QAE@ABV_Locinfo@1@I@Z

setupapi

SetupDiGetClassDevsA
CM_Query_Arbitrator_Free_Size_Ex
CM_Open_DevNode_Key
SetupDiCreateDeviceInterfaceRegKeyA
UnicodeToMultiByte
SetupDiBuildClassInfoList
CM_Modify_Res_Des_Ex
CM_Register_Device_Interface_ExA
SetupGetLineTextA
CM_Get_Device_ID_ExW
SetupDiGetDeviceInterfaceDetailA
CM_Move_DevNode_Ex
pSetupHandleFailedVerification
SetupDiEnumDriverInfoW
SetupGetBinaryField
CM_Get_Device_Interface_List_SizeA
SetupQueryInfVersionInformationA
SetupDiGetClassInstallParamsA

msdart

?CheckTable@CLKRLinearHashTable@@QBEHXZ
?WriteLock@CSpinLock@@QAEXXZ
??4CSingleList@@QAEAAV0@ABV0@@Z
?_AddRefRecord@CLKRLinearHashTable@@ABEXPBXH@Z
?ReadUnlock@CLKRLinearHashTable@@QBEXXZ
?_Lock@CSpinLock@@AAEXXZ
?WriteUnlock@CSpinLock@@QAEXXZ
SetMemHook
?ConvertExclusiveToShared@CSpinLock@@QAEXXZ
?Last@CLockedDoubleList@@QAEQAVCListEntry@@XZ

msi

MsiViewFetch
MsiGetFeatureStateA
MsiProvideAssemblyA
MsiProvideComponentW
MsiCreateTransformSummaryInfoA
MsiEnumPatchesA
MsiLoadStringA
MsiNotifySidChangeA
MsiRecordClearData
MsiRecordSetStringW
MsiProvideAssemblyW
MsiRecordIsNull
MsiCollectUserInfoW

Sections

.text
Size: 33KB - Virtual size: 33KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 13KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 17KB - Virtual size: 74KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 20KB - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 260B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

7a814eb6030eebb038098e5be8075779

Headers

DLL Characteristics

File Characteristics

Imports

imagehlp

kernel32

msvcp60

setupapi

msdart

msi

Sections

.text Size: 33KB - Virtual size: 33KB

.rdata Size: 13KB - Virtual size: 12KB

.data Size: 17KB - Virtual size: 74KB

.rsrc Size: 20KB - Virtual size: 20KB

.reloc Size: 512B - Virtual size: 260B

.text
Size: 33KB - Virtual size: 33KB

.rdata
Size: 13KB - Virtual size: 12KB

.data
Size: 17KB - Virtual size: 74KB

.rsrc
Size: 20KB - Virtual size: 20KB

.reloc
Size: 512B - Virtual size: 260B