d42916491d1e2c832325b85dfc9ae0a52bd602961dbb0af001a576b61fddfbf6

Sharing

Copy URL

Twitter E-mail

General

Target

d42916491d1e2c832325b85dfc9ae0a52bd602961dbb0af001a576b61fddfbf6
Size

1.3MB
MD5

e61d91ae6fff74330de9d901c252a870
SHA1

57981b2e737b1a111e45578d2821351e7f7b3abb
SHA256

d42916491d1e2c832325b85dfc9ae0a52bd602961dbb0af001a576b61fddfbf6
SHA512

007eb38cf50cd14467f7991b86debe015c2949cb193224cbcb4b97e418328015e9107455c393a77810b08667d71611a1d2dc4a288da699d1000cb26188c8c3df
SSDEEP

24576:YQRYnk1LhK1f+OgabwpxuR4TPutMAEDyV2H4l8C:YehK15bwpoRIP88yV2H4l8C

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
d42916491d1e2c832325b85dfc9ae0a52bd602961dbb0af001a576b61fddfbf6

Files

d42916491d1e2c832325b85dfc9ae0a52bd602961dbb0af001a576b61fddfbf6
.exe windows:4 windows x86 arch:x86

41a31166479ccdf539565d3b87437b57

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

K:\base\mti\csa\vc\muxd.pdb

Imports

msvcr80

strtoul
fwrite
memchr
_setmode
ftell
fputs
signal
_strdup
_fileno
_getch
_except_handler4_common
_unlock
__dllonexit
_encode_pointer
_lock
vfprintf
_decode_pointer
_amsg_exit
__getmainargs
_cexit
_exit
_XcptFilter
_ismbblead
_acmdln
_initterm
_initterm_e
_configthreadlocale
__setusermatherr
_adjust_fdiv
__p__commode
__p__fmode
__set_app_type
_crt_debugger_hook
?terminate@@YAXXZ
_invoke_watson
_controlfp_s
wcsstr
isxdigit
qsort
_time64
isalpha
isdigit
exit
isupper
isprint
fgets
feof
ferror
memmove
_stricmp
isspace
setvbuf
fflush
printf
srand
rand
_umask
_getcwd
_getpid
_isatty
perror
_rmdir
_close
_stat32
_open
_unlink
fopen
_difftime32
_ftime32
_gmtime32
_mktime32
_beginthread
_errno
wcscmp
wcslen
wcstombs
mbstowcs
fscanf
_time32
_localtime32
fseek
mblen
_putenv
realloc
abort
setlocale
free
calloc
getenv
malloc
strstr
towupper
iswctype
strcpy
strcat
towlower
strlen
tolower
strcmp
_snprintf
vsprintf
fprintf
__iob_func
putc
_vsnprintf
atoi
memset
strchr
strncpy
strspn
strpbrk
strncmp
fclose
fread
strerror
memcpy
__argv
__argc
sscanf
sprintf
_onexit

wsock32

inet_addr

kernel32

UnhandledExceptionFilter
TerminateProcess
GetStartupInfoA
InterlockedCompareExchange
InterlockedExchange
FlushConsoleInputBuffer
GetFileType
GetVersionExA
GlobalMemoryStatus
QueryPerformanceCounter
GlobalFree
GlobalAlloc
GetFileSize
SetFilePointer
WriteFile
FlushFileBuffers
GetPrivateProfileStringA
GetVolumeInformationA
GetTempPathA
SetUnhandledExceptionFilter
GetVersion
GetComputerNameA
GetCurrentThread
FindNextFileA
GetFileAttributesA
FindFirstFileA
FindClose
GetSystemTimeAsFileTime
CreateFileA
GetStdHandle
CreateProcessA
LoadLibraryExA
GetCurrentThreadId
GetCurrentProcess
FormatMessageA
GetTickCount
Sleep
SetLastError
GetEnvironmentStringsW
WideCharToMultiByte
FreeEnvironmentStringsW
LoadLibraryA
GetProcAddress
FreeLibrary
GetModuleHandleA
CreateMutexA
CreateSemaphoreA
CreateFileMappingA
OpenProcess
ReleaseSemaphore
MapViewOfFile
OpenMutexA
OpenEventA
OpenFileMappingA
UnmapViewOfFile
CloseHandle
ReleaseMutex
SetEvent
CreateEventA
GetCurrentProcessId
WaitForSingleObject
GetLastError
IsDebuggerPresent
GetFullPathNameA
WaitForMultipleObjects

user32

GetWindowLongA
TrackPopupMenu
DialogBoxParamA
GetThreadDesktop
GetUserObjectInformationA
GetProcessWindowStation
CloseDesktop
OpenInputDesktop
GetUserObjectInformationW
GetDesktopWindow
SetMessageQueue
LoadCursorA
GetWindowThreadProcessId
CreateWindowExA
ShowWindow
LoadIconA
UnregisterClassA
AppendMenuA
DestroyMenu
PeekMessageA
TranslateMessage
DispatchMessageA
MsgWaitForMultipleObjects
GetMessageA
KillTimer
GetMessageTime
RegisterWindowMessageA
SetTimer
DefWindowProcA
SetForegroundWindow
RegisterClassA
SetWindowLongA
GetCursorPos
PostMessageA
EndDialog
SetWindowTextA
SetDlgItemTextA
PostQuitMessage
wsprintfA
MessageBoxA
DestroyWindow
IsWindow
CreatePopupMenu
FindWindowA

advapi32

AllocateLocallyUniqueId
SetSecurityDescriptorDacl
InitializeSecurityDescriptor
LookupAccountSidA
GetTokenInformation
OpenProcessToken
GetSecurityDescriptorOwner
GetKernelObjectSecurity
AreAllAccessesGranted
AccessCheck
OpenThreadToken
RevertToSelf
ImpersonateSelf
GetFileSecurityA
GetUserNameA
DeregisterEventSource
ReportEventA
RegisterEventSourceA

shell32

Shell_NotifyIconA

rpcrt4

UuidCreate
RpcStringFreeA
UuidToStringA

Sections

.text
Size: 608KB - Virtual size: 604KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 168KB - Virtual size: 165KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 504KB - Virtual size: 668KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

41a31166479ccdf539565d3b87437b57

Headers

File Characteristics

PDB Paths

Imports

msvcr80

wsock32

kernel32

user32

advapi32

shell32

rpcrt4

Sections

.text Size: 608KB - Virtual size: 604KB

.rdata Size: 168KB - Virtual size: 165KB

.data Size: 504KB - Virtual size: 668KB

.rsrc Size: 4KB - Virtual size: 1KB

.text
Size: 608KB - Virtual size: 604KB

.rdata
Size: 168KB - Virtual size: 165KB

.data
Size: 504KB - Virtual size: 668KB

.rsrc
Size: 4KB - Virtual size: 1KB