2afcde7e515322c7a3a6e57ad9139f5262a878d5679d809cff7ef9ea9bcc7d2b

Sharing

Copy URL Twitter E-mail

General

Target

2afcde7e515322c7a3a6e57ad9139f5262a878d5679d809cff7ef9ea9bcc7d2b
Size

3.5MB
MD5

8ff0c7fd87775ac429750a688b59f74c
SHA1

5b81edefd3b584a9601b474882d95fdd8162efab
SHA256

2afcde7e515322c7a3a6e57ad9139f5262a878d5679d809cff7ef9ea9bcc7d2b
SHA512

72fbb6fe3e1d3e0e8f56137f9a6438539106bccb463ed487c6a0e3d68d8b6fa36f18ab17ff8bbf2cbc3c25e83c769a60c12500248a96365b5cb2b038ac5e0ec8
SSDEEP

49152:qCGZVT/0vmIgEcuvfVZZkRNHDvsyT7yUJOZQqLXBuEKGbBl0nJLa9/7yqBgL+uL:q9GvrgagY0GTyq4

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2afcde7e515322c7a3a6e57ad9139f5262a878d5679d809cff7ef9ea9bcc7d2b

Files

2afcde7e515322c7a3a6e57ad9139f5262a878d5679d809cff7ef9ea9bcc7d2b
.exe windows:5 windows x86 arch:x86

a4acc7ee5a08057af528bdd2cac6dff7

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

D:\depot\bas\720_REL\src\opt\ntintel\sec\ssf\NTssfrfc.pdb

Imports

msvcr90

_heapchk
realloc
isupper
memmove
_errno
strpbrk
strspn
_vsnprintf
_localtime64
calloc
fputs
asctime
abort
_fileno
_strdup
?_type_info_dtor_internal_method@type_info@@QAEXXZ
_controlfp_s
_invoke_watson
?terminate@@YAXXZ
_crt_debugger_hook
__lconv_init
_except_handler4_common
_decode_pointer
_onexit
_lock
__dllonexit
_unlock
__set_app_type
_encode_pointer
__p__fmode
__p__commode
_adjust_fdiv
__setusermatherr
_configthreadlocale
_initterm_e
_initterm
_set_invalid_parameter_handler
__initenv
_XcptFilter
_exit
_cexit
__getmainargs
_amsg_exit
_finite
srand
fputc
bsearch
??2@YAPAXI@Z
__CxxFrameHandler3
??3@YAXPAX@Z
_purecall
isspace
perror
setlocale
wctomb
strcat_s
sprintf_s
strncpy_s
strcpy_s
strtok
_getpid
_ftime64
_splitpath
strncat
_mktime64
_endthreadex
mbstowcs
_stricmp
_stat64i32
qsort
strtoul
rewind
fscanf
_difftime64
_putenv
wcstombs
isgraph
remove
putc
_unlink
rename
___mb_cur_max_func
vfprintf
strftime
fwrite
_get_osfhandle
atol
isalpha
strrchr
tolower
vsprintf
_fstat64i32
fseek
ftell
memchr
strerror
rand
isprint
fclose
fgets
strchr
toupper
strncmp
sscanf
sprintf
getenv
atoi
malloc
strncpy
strstr
_mktemp
fopen
memcpy
free
memset
__iob_func
exit
printf
fprintf
fflush
_time64
_ctime64
strtol
_CxxThrowException

ole32

CoCreateGuid

rpcrt4

UuidCreateSequential

oleaut32

VariantClear

kernel32

GetSystemTimeAsFileTime
GetTickCount
SetUnhandledExceptionFilter
UnhandledExceptionFilter
VirtualQuery
OpenFileMappingA
MapViewOfFileEx
VirtualProtect
VirtualAlloc
VirtualFree
InterlockedExchange
SetThreadAffinityMask
QueryPerformanceCounter
QueryPerformanceFrequency
WideCharToMultiByte
InterlockedCompareExchange
GetProcessHeap
HeapAlloc
HeapFree
IsDebuggerPresent
GetCommandLineW
GlobalFree
GetSystemDirectoryA
GetPrivateProfileStringA
GetLocalTime
GetThreadContext
GetVersion
ExitProcess
LocalAlloc
ReadProcessMemory
GetTimeZoneInformation
GetEnvironmentVariableA
TerminateProcess
GetSystemInfo
GetComputerNameA
TlsGetValue
TlsSetValue
TlsFree
TlsAlloc
CreateSemaphoreA
ResumeThread
WaitForMultipleObjects
MapViewOfFile
UnmapViewOfFile
CreatePipe
GetStdHandle
SetStdHandle
ReadFile
DuplicateHandle
WaitForSingleObject
GetCurrentProcess
GetCurrentProcessId
GetCurrentThread
GetCurrentThreadId
GetProcAddress
FreeLibrary
SetErrorMode
LoadLibraryA
GetModuleFileNameA
InterlockedDecrement
SleepEx
InterlockedIncrement
CreateFileMappingA
SetHandleInformation
GetVersionExA
Sleep
GetWindowsDirectoryA
LeaveCriticalSection
DeleteCriticalSection
InitializeCriticalSection
EnterCriticalSection
CreateProcessA
GetLastError
CloseHandle
FormatMessageA
LocalFree

advapi32

GetUserNameA
RegOpenKeyExA
RegQueryValueExA
RegCloseKey

ws2_32

WSASetLastError
WSAEnumProtocolsA
WSAStartup
gethostname
WSACleanup
socket
WSASocketA
bind
getservbyname
WSAIoctl
ntohs
accept
send
getservbyport
sendto
recv
ioctlsocket
getsockname
getpeername
getsockopt
setsockopt
select
WSADuplicateSocketA
connect
gethostbyaddr
WSASend
htons
htonl
inet_ntoa
gethostbyname
WSAGetLastError
inet_addr
listen
closesocket

iphlpapi

GetAdaptersInfo

shell32

ShellExecuteA
CommandLineToArgvW

dbghelp

SymGetLineFromAddr64
SymGetModuleInfo64
SymGetSymFromAddr64
StackWalk64
SymFunctionTableAccess64
SymGetModuleBase64
SymInitialize
SymSetOptions
SymGetOptions
SymCleanup

version

VerQueryValueA
GetFileVersionInfoSizeA
GetFileVersionInfoA

Sections

.text
Size: 1.0MB - Virtual size: 1.0MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 2.2MB - Virtual size: 2.2MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 300KB - Virtual size: 841KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 512B - Virtual size: 9B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 39KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

a4acc7ee5a08057af528bdd2cac6dff7

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

msvcr90

ole32

rpcrt4

oleaut32

kernel32

advapi32

ws2_32

iphlpapi

shell32

dbghelp

version

Sections

.text Size: 1.0MB - Virtual size: 1.0MB

.rdata Size: 2.2MB - Virtual size: 2.2MB

.data Size: 300KB - Virtual size: 841KB

.tls Size: 512B - Virtual size: 9B

.rsrc Size: 2KB - Virtual size: 39KB

.text
Size: 1.0MB - Virtual size: 1.0MB

.rdata
Size: 2.2MB - Virtual size: 2.2MB

.data
Size: 300KB - Virtual size: 841KB

.tls
Size: 512B - Virtual size: 9B

.rsrc
Size: 2KB - Virtual size: 39KB