e1175f3cc9b2e4d8a7c9439b3380cc93

Sharing

Copy URL

Twitter E-mail

General

Target

e1175f3cc9b2e4d8a7c9439b3380cc93
Size

42KB
MD5

e1175f3cc9b2e4d8a7c9439b3380cc93
SHA1

069d1012e7d2dc40831ab693970bff3bfe2ce2da
SHA256

077393f40430ac2975c1c871dbb19d3300e5ffb77e64d6e13f18a6933fe31deb
SHA512

27b32143e434115a51408c3eb8c6e94637d211df9231f87c1f29c389a8f7d365614ba8a479101dd5e8cbd4dc65af07da1578ebc28939ff4fd2aa97527d89d3eb
SSDEEP

768:a7awDA2iPRmVjI9aJTpmxbeZsmdkioT0qRNoArUV0DWikQ2m:OawhiJmVjKaJTpDZfdknRoArUiSikNm

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
e1175f3cc9b2e4d8a7c9439b3380cc93

Files

e1175f3cc9b2e4d8a7c9439b3380cc93
.exe windows:5 windows x86 arch:x86

266a2ecb111bf045599acef55ea991b1

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

QueryMemoryResourceNotification
UnhandledExceptionFilter
Process32First
ReadConsoleW
GetComputerNameExW
VirtualAlloc
SetThreadUILanguage
RegisterWowExec
GetNumberOfConsoleMouseButtons
GetStartupInfoW
SetConsoleInputExeNameW
LockFile
SetSystemTime
GetModuleHandleA
LocalLock
GetModuleHandleW
SignalObjectAndWait
GetTempFileNameW
GetSystemWindowsDirectoryA
BackupWrite
GetPrivateProfileStringW
LoadLibraryA
MoveFileWithProgressW
ProcessIdToSessionId
SetConsoleTextAttribute

dnsapi

DnsQueryExA
DnsNameCopy
DnsModifyRecordsInSet_W
NetInfo_Copy
DnsUpdateTest_UTF8
Dns_SkipToRecord
DnsGetBufferLengthForStringCopy
DnsValidateName_UTF8
DnsUtf8ToUnicode
DnsReleaseContextHandle
Dns_ResetNetworkInfo
Dns_AllocateMsgBuf
Dns_ReadPacketName
DnsGetDomainName
Dns_SetRecordDatalength
DnsQueryConfigAllocEx
DnsCreateStandardDnsNameCopy
DnsStatusString
Dns_UpdateLibEx
DnsGetPrimaryDomainName_A
DnsWriteQuestionToBuffer_UTF8
DnsNotifyResolverEx
Dns_CloseSocket
DnsGetLastFailedUpdateInfo
DnsFree
DnsDhcpSrvRegisterInit
BreakRecordsIntoBlob
DnsRegisterClusterAddress
DnsRecordCompare

ntdsapi

DsFreeSpnArrayW
DsReplicaVerifyObjectsA
DsReplicaConsistencyCheck
DsWriteAccountSpnA
DsCrackNamesA
DsListDomainsInSiteA
DsClientMakeSpnForTargetServerA
DsRemoveDsServerW
DsServerRegisterSpnA
DsFreeSchemaGuidMapW
DsListSitesW
DsClientMakeSpnForTargetServerW
DsUnquoteRdnValueA
DsListInfoForServerA
DsCrackNamesW
DsListSitesA
DsCrackSpn2A
DsReplicaAddW
DsCrackSpnW
DsGetDomainControllerInfoW
DsBindWithSpnA
DsReplicaAddA
DsFreePasswordCredentials
DsReplicaUpdateRefsW
DsAddSidHistoryW
DsQuoteRdnValueA
DsMakeSpnA
DsCrackSpn3W
DsRemoveDsServerA

wintrust

CryptCATCDFEnumMembersByCDFTagEx
WintrustAddActionID
TrustIsCertificateSelfSigned
GenericChainCertificateTrust
WTHelperGetProvPrivateDataFromChain
DriverInitializePolicy
WVTAsn1SpcMinimalCriteriaInfoDecode
WinVerifyTrustEx
CryptCATCDFEnumCatAttributes
CryptCATEnumerateAttr
AddPersonalTrustDBPages
SoftpubCheckCert
CryptCATCDFEnumMembers
WVTAsn1SpcPeImageDataEncode
IsCatalogFile
mssip32DllUnregisterServer
WintrustCertificateTrust
CryptCATCDFEnumAttributesWithCDFTag
CryptCATCDFClose
GenericChainFinalProv
WVTAsn1SpcIndirectDataContentDecode
MsCatConstructHashTag

crtdll

fscanf
vfprintf
_ctype
_getpid
_wtoi
_ismbblead
_ismbcspace
_mbsdup
_control87
_stat
_mbccpy
_putw
_strupr
_execvp
isprint
_unloaddll
_gcvt
_matherr
ldiv
_cexit
_fcloseall
_creat
_ismbbprint
__iscsymf

schannel

QueryContextAttributesW
InitializeSecurityContextA
UnsealMessage
QuerySecurityPackageInfoW
AcceptSecurityContext
SslLoadCertificate
SslFreeCertificate
VerifySignature
FreeCredentialsHandle
EnumerateSecurityPackagesA
DeleteSecurityContext
SslGenerateRandomBits
SslGetMaximumKeySize
SslCrackCertificate
SealMessage
QuerySecurityPackageInfoA
ImpersonateSecurityContext
QueryContextAttributesA
AcquireCredentialsHandleA
SslEmptyCacheW
FreeContextBuffer
EnumerateSecurityPackagesW

odbccu32

SQLSetPos
SQLGetDescField
SQLPrepare
SQLNumParams
SQLGetStmtAttr
SQLExtendedFetch
SQLSetStmtAttr
SQLBindParameter
SQLEndTran
SQLBindCol
SQLCloseCursor
SQLFetch
SQLRowCount
SQLParamData
SQLTransact
SQLFreeStmt
ReleaseCLStmtResources
SQLSetDescField
SQLExecDirect
SQLNativeSql
SQLPutData
SQLGetStmtOption
SQLSetConnectAttr

Sections

.text
Size: 1024B - Virtual size: 666B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 12KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 18KB - Virtual size: 53KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 9KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 68B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

266a2ecb111bf045599acef55ea991b1

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

dnsapi

ntdsapi

wintrust

crtdll

schannel

odbccu32

Sections

.text Size: 1024B - Virtual size: 666B

.rdata Size: 12KB - Virtual size: 12KB

.data Size: 18KB - Virtual size: 53KB

.rsrc Size: 9KB - Virtual size: 9KB

.reloc Size: 512B - Virtual size: 68B

.text
Size: 1024B - Virtual size: 666B

.rdata
Size: 12KB - Virtual size: 12KB

.data
Size: 18KB - Virtual size: 53KB

.rsrc
Size: 9KB - Virtual size: 9KB

.reloc
Size: 512B - Virtual size: 68B