5fca190272082fdc2a02ffee7cdb22c5e1db4441bd979c425d60f00d54111f16

Sharing

Copy URL Twitter E-mail

General

Target

5fca190272082fdc2a02ffee7cdb22c5e1db4441bd979c425d60f00d54111f16
Size

193KB
MD5

8be93665cc9fb208c078d22cb61990c7
SHA1

99646135d96fa90597543aa90bbabc56611a83a5
SHA256

5fca190272082fdc2a02ffee7cdb22c5e1db4441bd979c425d60f00d54111f16
SHA512

7f0b8f603b8e2c082cfefdeb4b70149d9e3e5d22e522e8101221b1361d5eecdf4846761d5af4ca8d98b1ddfe9e2688ee838583ad3d3a02c53c3a578ec565d600
SSDEEP

3072:BSySbXcH5QiazT9MiPvyUBKDFob9Uj4k114qUVLx7wF:EySbsHyZtJPVH9U0k1eq2Lk

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
5fca190272082fdc2a02ffee7cdb22c5e1db4441bd979c425d60f00d54111f16

Files

5fca190272082fdc2a02ffee7cdb22c5e1db4441bd979c425d60f00d54111f16
.dll regsvr32 windows:5 windows x86 arch:x86

13d65c973946fce4d0962eaadf38ba2b

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

netman.pdb

Imports

advapi32

RegCreateKeyExW
DuplicateTokenEx
OpenSCManagerW
OpenServiceW
CloseServiceHandle
QueryServiceStatus
ControlService
RegNotifyChangeKeyValue
AllocateAndInitializeSid
CheckTokenMembership
FreeSid
RegEnumValueW
UnlockServiceDatabase
LockServiceDatabase
RegisterServiceCtrlHandlerExW
SetServiceStatus
RegDeleteValueW
OpenThreadToken
RegEnumKeyExW
AdjustTokenPrivileges
RegCloseKey
RegDeleteKeyW
RegQueryInfoKeyW
RegQueryValueExW
RegOpenKeyExW
RegSetValueExW
GetTokenInformation
OpenProcessToken

iphlpapi

GetAdaptersInfo

kernel32

GetSystemTimeAsFileTime
TerminateProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
RaiseException
FormatMessageW
LockResource
VerifyVersionInfoW
lstrcmpW
InterlockedExchange
Sleep
UnregisterWaitEx
RegisterWaitForSingleObject
DuplicateHandle
TryEnterCriticalSection
InitializeCriticalSectionAndSpinCount
QueueUserWorkItem
GetOverlappedResult
CreateThread
LocalFree
ResetEvent
GetPrivateProfileStringW
GetPrivateProfileSectionW
SetLastError
DeviceIoControl
LocalAlloc
WriteFile
GetStdHandle
GetSystemDefaultLCID
GetCurrentProcessId
GetTickCount
EnterCriticalSection
LeaveCriticalSection
DisableThreadLibraryCalls
lstrlenW
lstrcpyW
GetLastError
HeapFree
GetProcessHeap
HeapAlloc
HeapReAlloc
InitializeCriticalSection
DeleteCriticalSection
InterlockedIncrement
InterlockedDecrement
lstrcmpiW
MultiByteToWideChar
WideCharToMultiByte
lstrlenA
GetCurrentThreadId
CloseHandle
GetCurrentProcess
WaitForSingleObject
HeapDestroy
lstrcatW
GetModuleFileNameW
lstrcpynW
GetCurrentThread
FreeLibrary
SizeofResource
LoadResource
FindResourceW
LoadLibraryExW
CreateFileW
CreateEventW
OpenEventW
SetEvent
GetProcAddress
LoadLibraryW
DelayLoadFailureHook
InterlockedCompareExchange
LoadLibraryA
QueryPerformanceCounter

mprapi

MprAdminServerConnect
MprAdminConnectionGetInfo
MprAdminPortEnum
MprAdminBufferFree
MprAdminServerDisconnect

msvcrt

_snwprintf
wcsncmp
_wtoi
qsort
_except_handler3
strncpy
??0exception@@QAE@ABV0@@Z
??1exception@@UAE@XZ
_CxxThrowException
_wsplitpath
mbstowcs
?terminate@@YAXXZ
_onexit
__dllonexit
??1type_info@@UAE@XZ
_adjust_fdiv
malloc
_initterm
free
??0exception@@QAE@ABQBD@Z
_snprintf
?what@exception@@UBEPBDXZ
wcscmp
wcscat
_wcsnicmp
memmove
wcsstr
wcschr
wcstoul
_wcsicmp
wcsncpy
__CxxFrameHandler
_purecall
wcsrchr
wcscpy
wcslen
_vsnprintf

netapi32

NetApiBufferFree
NetGetJoinInformation

netshell

HrIsIpStateCheckingEnabled
HrGetExtendedStatusFromNCS

ntdll

RtlDeregisterWait
RtlInitUnicodeString
NtClose
RtlOpenCurrentUser
VerSetConditionMask
RtlRegisterWait
RtlDeregisterWaitEx
RtlGetNtProductType
RtlNtStatusToDosError
NtOpenFile

ole32

CoImpersonateClient
CoRevertToSelf
CLSIDFromString
CoSetProxyBlanket
CoUninitialize
CoInitializeEx
CoTaskMemAlloc
CoRevokeClassObject
CoRegisterClassObject
CoTaskMemFree
CoTaskMemRealloc
CoCreateInstance
IIDFromString
StringFromGUID2

oleaut32

SysFreeString
VariantClear
SysAllocString
SysAllocStringByteLen
VarI4FromStr
SafeArrayPutElement
SafeArrayCreate
SafeArrayGetElement
SafeArrayDestroy
SysStringByteLen
VariantInit

rasapi32

RasDeleteEntryW
RasSetAutodialAddressW
DwCloneEntry
RasRenameEntryW
RasEnumConnectionsW
RasHangUpW
RasGetConnectStatusW
DwEnumEntryDetails
RasValidateEntryNameW

rtutils

TracePrintfA
TraceVprintfExA
TraceRegisterExA

secur32

GetUserNameExW

shell32

SHGetFolderPathW

user32

ExitWindowsEx
LoadImageW
DestroyIcon
RegisterDeviceNotificationW
UnregisterDeviceNotification
wsprintfW
LoadStringW
MsgWaitForMultipleObjects
DispatchMessageW
PeekMessageW
CharNextW
MessageBoxW

wininet

InternetCrackUrlW

ws2_32

freeaddrinfo
WSAStartup
WSANSPIoctl
WSACleanup
WSALookupServiceEnd
WSALookupServiceNextW
getnameinfo
socket
WSAEventSelect
WSAIoctl
WSAEnumNetworkEvents
closesocket
inet_addr
WSALookupServiceBeginW
WSAGetLastError
getaddrinfo

wzcsapi

GetModeForAdapter

wzcsvc

WZCQueryGUIDNCSState
WZCTrayIconReady

Exports

Exports

DllRegisterServer
DllUnregisterServer
GetClientAdvises
HrGetPnpDeviceStatus
HrLanConnectionNameFromGuidOrPath
HrPnpInstanceIdFromGuid
HrQueryLanMediaState
HrRasConnectionNameFromGuid
NetManDiagFromCommandArgs
ProcessQueue
RasEventNotify
ServiceMain

Sections

.text
Size: 169KB - Virtual size: 169KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 11KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 9KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

13d65c973946fce4d0962eaadf38ba2b

Headers

File Characteristics

PDB Paths

Imports

advapi32

iphlpapi

kernel32

mprapi

msvcrt

netapi32

netshell

ntdll

ole32

oleaut32

rasapi32

rtutils

secur32

shell32

user32

wininet

ws2_32

wzcsapi

wzcsvc

Exports

Exports

Sections

.text Size: 169KB - Virtual size: 169KB

.data Size: 2KB - Virtual size: 1KB

.rsrc Size: 11KB - Virtual size: 11KB

.reloc Size: 9KB - Virtual size: 8KB

.text
Size: 169KB - Virtual size: 169KB

.data
Size: 2KB - Virtual size: 1KB

.rsrc
Size: 11KB - Virtual size: 11KB

.reloc
Size: 9KB - Virtual size: 8KB