6923e9b964fdf9af415b116936856435666d83eff05b5652065ac031bacfe598

Sharing

Copy URL

Twitter E-mail

General

Target

6923e9b964fdf9af415b116936856435666d83eff05b5652065ac031bacfe598
Size

484KB
MD5

8277e7e3232616248c79e002bf49cdba
SHA1

af78cec0f9f1fec140686de2b95e11ea2d5833f5
SHA256

6923e9b964fdf9af415b116936856435666d83eff05b5652065ac031bacfe598
SHA512

d677f49e2c21ba69ebc3366df190312e1ea774641bdd72aba69b0d97ffa731a03bdd0e82e5377ad226f136aeae83b69e3fc6cd4ec66f7c8adde644fe7207ac4d
SSDEEP

12288:QZafzoo7FQHOOpYAJ8qdqSo3WVGptjISIsesd29YZKdWk:QR3gUGISDeW20k

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
6923e9b964fdf9af415b116936856435666d83eff05b5652065ac031bacfe598

Files

6923e9b964fdf9af415b116936856435666d83eff05b5652065ac031bacfe598
.exe windows:5 windows x86 arch:x86

7a05048a621e54cb272b66e54e0f9a5d

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

ws2_32

inet_addr
connect
WSAEnumNetworkEvents
getsockname
WSAEventSelect
WSAResetEvent
ntohl
WSACloseEvent
shutdown
closesocket
WSASetEvent
socket
htons
htonl
bind
listen
select
recv
send
accept
ntohs
inet_ntoa
WSAGetLastError
WSACleanup
WSACreateEvent
WSAWaitForMultipleEvents
WSAStartup

lems

lems_read
lems_logging
lems_local_conn
lems_init
lems_set_keepalive_tick_count
lems_set_timeout
lems_shutdown
lems_close
lems_open
lems_set_callback
lems_enable_ACK_req
lems_write

kernel32

ReadFile
WriteFile
SetFilePointer
FlushFileBuffers
SetEndOfFile
GetCurrentProcess
GetFullPathNameA
CreateFileA
GlobalAddAtomA
GlobalFlags
GetVersionExA
lstrcmpW
GlobalDeleteAtom
GlobalFindAtomA
FileTimeToLocalFileTime
GetFileAttributesA
DeleteFileA
GetLocaleInfoA
GetCPInfo
GetOEMCP
GetCurrentDirectoryA
SetEnvironmentVariableA
SetCurrentDirectoryA
RtlUnwind
ExitProcess
GetDriveTypeA
GetCommandLineA
GetStartupInfoA
HeapFree
GetTimeZoneInformation
GetSystemTimeAsFileTime
TerminateProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
ExitThread
CreateThread
GetConsoleCP
GetConsoleMode
HeapAlloc
VirtualAlloc
HeapReAlloc
HeapSize
GetStdHandle
InitializeCriticalSectionAndSpinCount
GetACP
IsValidCodePage
GetStringTypeA
GetStringTypeW
LCMapStringA
LCMapStringW
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
SetHandleCount
GetFileType
HeapCreate
VirtualFree
QueryPerformanceCounter
GetTickCount
SetStdHandle
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
GetLocaleInfoW
GetUserDefaultLCID
EnumSystemLocalesA
IsValidLocale
GetExitCodeProcess
CreateProcessA
GetProcessHeap
CompareStringW
GetCurrentThreadId
FileTimeToSystemTime
lstrcmpA
GlobalGetAtomNameA
TlsFree
LocalReAlloc
TlsSetValue
TlsAlloc
GlobalHandle
GlobalReAlloc
TlsGetValue
InterlockedDecrement
InterlockedIncrement
GetModuleHandleA
GetModuleHandleW
CompareStringA
GetCurrentProcessId
SetLastError
GlobalFree
GlobalAlloc
GlobalLock
GlobalUnlock
FormatMessageA
MultiByteToWideChar
GetExitCodeThread
FindFirstFileA
FindNextFileA
FindClose
SetEvent
CloseHandle
CreateEventA
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
InitializeCriticalSection
ReleaseMutex
CreateMutexA
OpenMutexA
WaitForSingleObject
Sleep
GetModuleFileNameA
lstrlenA
WritePrivateProfileStringA
GetPrivateProfileStringA
GetPrivateProfileIntA
RaiseException
LoadLibraryA
GetLastError
InterlockedExchange
FreeLibrary
GetProcAddress
LocalFree
LocalAlloc
WideCharToMultiByte
LoadResource
LockResource
SizeofResource
FindResourceA
lstrcmpiA
ResetEvent

user32

WinHelpA
LoadIconA
RegisterWindowMessageA
PostQuitMessage
DestroyMenu
GetCapture
GetClassLongA
SetPropA
GetPropA
RemovePropA
GetForegroundWindow
GetTopWindow
DestroyWindow
GetMessageTime
GetMessagePos
MapWindowPoints
SetMenu
SetForegroundWindow
GetClientRect
PostMessageA
CreateWindowExA
GetClassInfoExA
GetClassInfoA
RegisterClassA
AdjustWindowRectEx
DefWindowProcA
CallWindowProcA
GetMenu
SystemParametersInfoA
IsIconic
GetWindowPlacement
SetMenuItemBitmaps
GetMenuCheckMarkDimensions
LoadBitmapA
ModifyMenuA
EnableMenuItem
CheckMenuItem
CopyRect
SetWindowPos
SetWindowLongA
IsWindow
GetDlgItem
GetFocus
GetWindow
GetDlgCtrlID
GetWindowRect
GetClassNameA
PtInRect
SetWindowTextA
SetWindowsHookExA
CallNextHookEx
DispatchMessageA
PeekMessageA
ValidateRect
ClientToScreen
GrayStringA
DrawTextExA
DrawTextA
TabbedTextOutA
GetWindowTextA
UnhookWindowsHookEx
LoadCursorA
GetSystemMetrics
GetDC
ReleaseDC
GetSysColor
GetSysColorBrush
GetWindowThreadProcessId
SendMessageA
GetParent
GetWindowLongA
GetLastActivePopup
IsWindowEnabled
EnableWindow
GetMenuState
GetMenuItemID
GetMenuItemCount
GetSubMenu
MessageBoxA
wsprintfA
GetKeyState

gdi32

PtVisible
RectVisible
TextOutA
DeleteDC
CreateBitmap
GetStockObject
DeleteObject
ScaleWindowExtEx
SetWindowExtEx
ScaleViewportExtEx
GetClipBox
SetMapMode
SetTextColor
SetBkColor
RestoreDC
SaveDC
GetDeviceCaps
SetViewportExtEx
OffsetViewportOrgEx
SetViewportOrgEx
SelectObject
Escape
ExtTextOutA

winspool.drv

OpenPrinterA
DocumentPropertiesA
ClosePrinter

advapi32

RegEnumValueA
StartServiceA
ControlService
QueryServiceStatus
SetServiceStatus
OpenServiceA
DeleteService
OpenSCManagerA
CreateServiceA
CloseServiceHandle
RegisterServiceCtrlHandlerA
RegQueryInfoKeyA
RegEnumKeyA
RegDeleteKeyA
RegDeleteValueA
RegSetValueExA
RegQueryValueExA
RegOpenKeyExA
RegCreateKeyExA
RegCloseKey
StartServiceCtrlDispatcherA

oleaut32

VariantInit
VariantChangeType
VariantClear

log4cplus

??1Logger@log4cplus@@UAE@XZ
?forcedLog@Logger@log4cplus@@QAEXHABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@PBDH@Z
?isEnabledFor@Logger@log4cplus@@QBE_NH@Z
?getInstance@Logger@log4cplus@@SA?AV12@ABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@Z
?getDefaultHierarchy@Logger@log4cplus@@SAAAVHierarchy@2@XZ
?doConfigure@PropertyConfigurator@log4cplus@@SAXABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AAVHierarchy@2@I@Z

Exports

Exports

??0DateFormatter@@QAE@ABV0@@Z
??4DateFormatter@@QAEAAV0@ABV0@@Z
??_7DateFormatter@@6B@

Sections

.text
Size: 387KB - Virtual size: 387KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 82KB - Virtual size: 81KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 11KB - Virtual size: 51KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

7a05048a621e54cb272b66e54e0f9a5d

Headers

DLL Characteristics

File Characteristics

Imports

ws2_32

lems

kernel32

user32

gdi32

winspool.drv

advapi32

oleaut32

log4cplus

Exports

Exports

Sections

.text Size: 387KB - Virtual size: 387KB

.rdata Size: 82KB - Virtual size: 81KB

.data Size: 11KB - Virtual size: 51KB

.rsrc Size: 3KB - Virtual size: 2KB

.text
Size: 387KB - Virtual size: 387KB

.rdata
Size: 82KB - Virtual size: 81KB

.data
Size: 11KB - Virtual size: 51KB

.rsrc
Size: 3KB - Virtual size: 2KB