721d2e153e6e57d7f83dbf8530eb2f8ea2aba22aa27556752278c70f9855b098

Sharing

Copy URL

Twitter E-mail

General

Target

721d2e153e6e57d7f83dbf8530eb2f8ea2aba22aa27556752278c70f9855b098
Size

340KB
MD5

6f02cb8ba9acb86ddbebde3a735e178a
SHA1

ce70b776becdbc794d28e21d3653e5069da1131f
SHA256

721d2e153e6e57d7f83dbf8530eb2f8ea2aba22aa27556752278c70f9855b098
SHA512

ca002a9423748d4dba521043efb79759cdb14806b5cd81431d267304f6e058c28977ca7c373a88ff3f2694a877f676a8fe71417b478c7bf5446beaf6c20694cf
SSDEEP

6144:YfoiDGhBoBr6Hcrm+PJ0hCwFEAsuUatcyl562boD1tkcCDkDQ1xm0jiEaus:Y5DGcBr6BS3wFEgLBbokY

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
721d2e153e6e57d7f83dbf8530eb2f8ea2aba22aa27556752278c70f9855b098

Files

721d2e153e6e57d7f83dbf8530eb2f8ea2aba22aa27556752278c70f9855b098
.exe windows:4 windows x86 arch:x86

f8eb8ae78bab0cd4274c8e491c5b69e3

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

WriteConsoleW
SetEndOfFile
UnmapViewOfFile
OpenFileMappingA
MapViewOfFile
CloseHandle
GlobalAlloc
GlobalLock
GetLastError
GlobalHandle
GlobalUnlock
GlobalFree
SetEnvironmentVariableA
CompareStringW
GetConsoleOutputCP
WriteConsoleA
CreateFileA
FlushFileBuffers
SetStdHandle
HeapReAlloc
VirtualAlloc
InitializeCriticalSection
LoadLibraryA
GetLocaleInfoA
GetStringTypeW
GetStringTypeA
LCMapStringW
MultiByteToWideChar
LCMapStringA
GetConsoleMode
GetConsoleCP
RtlUnwind
LeaveCriticalSection
EnterCriticalSection
GetCurrentProcessId
QueryPerformanceCounter
VirtualFree
HeapCreate
HeapDestroy
DeleteCriticalSection
GetFileType
SetHandleCount
GetEnvironmentStringsW
WideCharToMultiByte
FreeEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsA
GetModuleFileNameA
GetStdHandle
ExitProcess
GetCurrentThreadId
SetLastError
TlsFree
TlsSetValue
TlsAlloc
TlsGetValue
GetProcAddress
GetModuleHandleA
IsValidCodePage
GetOEMCP
GetACP
InterlockedDecrement
InterlockedIncrement
GetCPInfo
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
CreateThread
ResumeThread
ExitThread
GetTimeZoneInformation
GetStartupInfoA
GetVersionExA
CompareStringA
GetCommandLineA
GetSystemTimeAsFileTime
GetTickCount
ReleaseMutex
Sleep
FormatMessageA
WaitForMultipleObjects
HeapSize
LocalLock
LocalUnlock
OpenEventA
LocalAlloc
CreateMutexA
OpenMutexA
LocalFree
WaitForSingleObject
ResetEvent
SetEvent
CreateEventA
OutputDebugStringA
FindFirstFileA
FindNextFileA
FindClose
CreateFileMappingA
GetProcessHeap
HeapAlloc
HeapFree
WriteFile
SetFilePointer
ReadFile

user32

GetActiveWindow
IsWindowEnabled
WaitMessage
GetClientRect
ReleaseDC
UpdateWindow
SetTimer
KillTimer
GetWindowLongA
GetDC
ShowWindow
MessageBoxA
MsgWaitForMultipleObjects
FindWindowA
GetSystemMetrics
GetMessageA
TranslateMessage
LoadIconA
GetWindowRect
PostMessageA
wvsprintfA
SendMessageA
CreateWindowExA
DefWindowProcA
LoadCursorA
RegisterClassA
DestroyWindow
wsprintfA
EnableWindow
PostQuitMessage
PeekMessageA
DispatchMessageA

gdi32

GetTextMetricsA
GetStockObject
GetTextExtentPoint32A

dkcid32

dsvw_GetDkcRootDir
dsvw_GetDkcId

sndpstmsg

_dsvv_spini@12

svp_cmref

ord2

svp_iw32

ord5

svp_send

_Svp_ExecMultChainedDkcFuncEx@28
_Svp_SetLdevRestore@16
_Svp_SetLdevForceBlockade@12
_Svp_SetLdevBlockade@12
_Svp_ExecChainedDkcFuncCode@28
_Svp_ClearMultiChain@4
_Svp_GetMultiChain@76
_Svp_ExecMultChainedDkcFunc@24
_Svp_RegistMultiChain@84
_Svp_InitMultiChain@8
_Svp_ExecChainedDkcFuncCodeNoWait@28
_Svp_ExecMultChainedDkcFuncNoWait@24
_Svp_ReadConfigData@20
_Svp_ReadConfigForcible@8
_Svp_ReadConfig@8

svpcmn32

ord93
ord9439
ord2135
ord1011
ord3101
ord98
ord3102
ord2316
ord2308
ord106
ord200
ord129
ord1516
ord9604
ord2609
ord15330
ord2060
ord2111
ord2110
ord2010
ord111
ord2109
ord2011
ord2108
ord2084
ord9746
ord2025
ord2205
ord1916
ord5100
ord1526
ord2048
ord1531
ord2304
ord1901
ord2201
ord1904
ord1908
ord1700
ord2907
ord2211
ord2204
ord1406
ord2001
ord2103
ord2090
ord2123
ord9764
ord9761
ord9747
ord2102
ord2017
ord2117
ord127
ord1503
ord1918
ord1525
ord2215
ord9690
ord9500
ord9689
ord9502
ord2217
ord1282
ord1253
ord1283
ord1291
ord3340
ord3336
ord2028
ord2518
ord2019
ord1801
ord2018
ord1800
ord1820
ord2024
ord2092
ord9765
ord9766
ord2015
ord9671
ord3111
ord2307
ord1816
ord2303
ord2322
ord2301
ord100
ord99
ord3433
ord1289
ord2008
ord9726
ord97
ord2058
ord9603
ord9602
ord2000

svpmsg32

dsvp_MessageBox
_dsvp_PassWordWindow@12

advapi32

GetUserNameA
SetSecurityDescriptorDacl
InitializeSecurityDescriptor
FreeSid
AddAccessAllowedAce
AddAccessDeniedAce
InitializeAcl
GetLengthSid
AllocateAndInitializeSid

altfunc

ord1001

cnfhelper

dsvp_ReadConfigFile
dsvp_InitConfigLibrary
dsvp_WriteConfigFile
dsvp_ByteOrderTransfer
dsvp_WriteConfigData
dsvp_ReadConfigData

diagapi32

ord101

exclfile

ord106
ord108
ord110
ord112
ord107
ord103
ord102
ord100

logcmn32

ord41
ord42

svp_dd32

_dsvp_ClearBitmapMP@4

Sections

.text
Size: 272KB - Virtual size: 268KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 32KB - Virtual size: 30KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 24KB - Virtual size: 34KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

DSVPLOW0
Size: 4KB - Virtual size: 68B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 516B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

f8eb8ae78bab0cd4274c8e491c5b69e3

Headers

File Characteristics

Imports

kernel32

user32

gdi32

dkcid32

sndpstmsg

svp_cmref

svp_iw32

svp_send

svpcmn32

svpmsg32

advapi32

altfunc

cnfhelper

diagapi32

exclfile

logcmn32

svp_dd32

Sections

.text Size: 272KB - Virtual size: 268KB

.rdata Size: 32KB - Virtual size: 30KB

.data Size: 24KB - Virtual size: 34KB

DSVPLOW0 Size: 4KB - Virtual size: 68B

.rsrc Size: 4KB - Virtual size: 516B

.text
Size: 272KB - Virtual size: 268KB

.rdata
Size: 32KB - Virtual size: 30KB

.data
Size: 24KB - Virtual size: 34KB

DSVPLOW0
Size: 4KB - Virtual size: 68B

.rsrc
Size: 4KB - Virtual size: 516B