e7130556afe15984b763dfbec3418d69d2f4eb4350ec56e8fc2a07eed6df4477

Sharing

Copy URL

Twitter E-mail

General

Target

e7130556afe15984b763dfbec3418d69d2f4eb4350ec56e8fc2a07eed6df4477
Size

404KB
MD5

5951e61006a816edd4f2fdfcc7a70ea2
SHA1

f142479b66cb33e7c3c6ea4680ba83dfa3667b24
SHA256

e7130556afe15984b763dfbec3418d69d2f4eb4350ec56e8fc2a07eed6df4477
SHA512

1bd325ee0fa860f674eace3d604b92479fa972c614b963601a053d7cc0208dc0ae32a1a636b567e1089a997aa7dcb0cddf6a32e5c31a8c7d2957608a47520529
SSDEEP

12288:udIuFl4VJ1p1w9X/WUQO1tEVXBjvrEH7m:wPKNp1w9X/WU9EV1rEH7m

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
e7130556afe15984b763dfbec3418d69d2f4eb4350ec56e8fc2a07eed6df4477

Files

e7130556afe15984b763dfbec3418d69d2f4eb4350ec56e8fc2a07eed6df4477
.exe windows:4 windows x86 arch:x86

4f7e80b12e14587fc3c198bdef27ceee

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_AGGRESIVE_WS_TRIM
IMAGE_FILE_32BIT_MACHINE

PDB Paths

I:\VS70Builds\3077\vsbuilt\retail\Bin\i386\opt\mdm.pdb

Imports

ole32

CoRevokeClassObject
CoRegisterClassObject
CoTaskMemAlloc
CoTaskMemRealloc
StringFromGUID2
CoDisconnectObject
CoUninitialize
CoRevertToSelf
CoInitializeSecurity
CoCreateGuid
CLSIDFromString
CoGetClassObject
CoGetCallContext
StringFromIID
CoCreateInstance
CoSetProxyBlanket
CoInitializeEx
CoImpersonateClient
CoQueryProxyBlanket
StringFromCLSID
CoTaskMemFree

oleaut32

SysFreeString
SysAllocStringLen
SysAllocString
SafeArrayDestroy
SafeArrayUnaccessData
SafeArrayAccessData
VarBstrCat
VariantClear
VariantInit
VarUI4FromStr
RegisterTypeLi
UnRegisterTypeLi
LoadTypeLi
SysStringByteLen
SysAllocStringByteLen
SafeArrayCreate

version

GetFileVersionInfoA
VerQueryValueA
GetFileVersionInfoSizeA

rpcrt4

RpcStringFreeA
RpcBindingFromStringBindingA
RpcStringBindingComposeA
NdrClientCall
RpcBindingSetAuthInfoA

shlwapi

PathFindExtensionA

advapi32

RegOpenKeyExW
QueryServiceStatus
LookupAccountSidA
PrivilegeCheck
IsValidSecurityDescriptor
DuplicateTokenEx
AddAce
GetSecurityDescriptorLength
GetUserNameA
InitializeSecurityDescriptor
SetSecurityDescriptorOwner
SetSecurityDescriptorGroup
SetSecurityDescriptorSacl
MakeAbsoluteSD
SetSecurityDescriptorDacl
MakeSelfRelativeSD
InitializeAcl
AddAccessAllowedAce
AddAccessDeniedAce
AllocateAndInitializeSid
FreeSid
RegConnectRegistryA
RegSetKeySecurity
LookupAccountNameA
GetAclInformation
GetAce
DuplicateToken
GetSidLengthRequired
InitializeSid
GetSidSubAuthority
AccessCheck
GetSecurityDescriptorOwner
GetSecurityDescriptorGroup
GetSecurityDescriptorDacl
GetSecurityDescriptorSacl
EqualSid
GetSecurityDescriptorControl
GetLengthSid
CopySid
IsValidSid
LookupAccountSidW
RegCreateKeyA
RegEnumValueA
RegQueryValueExA
StartServiceCtrlDispatcherA
RegisterServiceCtrlHandlerA
ControlService
DeleteService
SetThreadToken
RegDeleteKeyA
RegCloseKey
RegOpenKeyExA
RegEnumKeyA
SetServiceStatus
AdjustTokenPrivileges
OpenProcessToken
LookupPrivilegeValueA
GetTokenInformation
OpenThreadToken
RegDeleteValueA
RegCreateKeyExA
RegSetValueExA
RegQueryInfoKeyA
RegEnumKeyExA
DeregisterEventSource
ReportEventA
RegisterEventSourceA
CloseServiceHandle
ChangeServiceConfigA
OpenServiceA
CreateServiceA
OpenSCManagerA
RegQueryValueExW

kernel32

HeapFree
VirtualProtect
VirtualAlloc
GetSystemInfo
VirtualQuery
RtlUnwind
IsBadWritePtr
HeapSize
GetOEMCP
GetCPInfo
HeapReAlloc
WriteFile
GetStdHandle
UnhandledExceptionFilter
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
SetHandleCount
GetFileType
TlsAlloc
TlsFree
TlsSetValue
TlsGetValue
HeapDestroy
HeapCreate
VirtualFree
LCMapStringA
LCMapStringW
GetStringTypeA
GetStringTypeW
IsBadReadPtr
IsBadCodePtr
SetStdHandle
FlushFileBuffers
SetEndOfFile
GetProcessHeap
GetSystemTimeAsFileTime
GetLastError
FreeLibrary
GetProcAddress
LoadLibraryW
InterlockedExchange
GetACP
GetLocaleInfoA
GetThreadLocale
GetVersionExA
MultiByteToWideChar
WideCharToMultiByte
RaiseException
InitializeCriticalSection
DeleteCriticalSection
GetVersion
lstrcmpiA
lstrlenW
lstrlenA
CloseHandle
OpenProcess
CompareStringA
CompareStringW
HeapAlloc
InterlockedIncrement
InterlockedDecrement
LoadLibraryA
GetModuleHandleA
WaitForSingleObject
CreateEventA
SetEvent
TerminateThread
CreateThread
GetCurrentThreadId
EnterCriticalSection
LeaveCriticalSection
GetComputerNameA
LocalFree
GetCurrentProcess
GetCurrentThread
lstrcpynA
lstrcpyA
GetModuleFileNameA
lstrcatA
IsDBCSLeadByte
FormatMessageA
GetFileAttributesA
SizeofResource
LoadResource
FindResourceA
LoadLibraryExA
SetUnhandledExceptionFilter
GetCommandLineA
GetCurrentProcessId
SetErrorMode
GetProcessTimes
GetPrivateProfileStringA
TerminateProcess
GetPrivateProfileSectionA
GetPrivateProfileIntA
CreateFileA
GetProfileStringA
CreateDirectoryA
WritePrivateProfileStringA
WriteProfileStringA
GetPrivateProfileSectionNamesA
GetTickCount
LocalAlloc
LockResource
CreateProcessA
InterlockedCompareExchange
SetEnvironmentVariableA
GetSystemDirectoryA
Sleep
GetModuleHandleW
LocalSize
ReadFile
SetFilePointer
SetLastError
ReadProcessMemory
FindClose
FindFirstFileA
FindResourceExA
UnmapViewOfFile
DuplicateHandle
GetModuleFileNameW
MapViewOfFile
CreateFileMappingA
CreateMutexA
ReleaseMutex
GetExitCodeProcess
CreateProcessW
GetStartupInfoA
ExitProcess
QueryPerformanceCounter

user32

wsprintfA
wsprintfW
EnumWindows
GetWindowThreadProcessId
IsWindowVisible
GetWindowTextA
DispatchMessageA
MessageBoxA
LoadStringA
CharNextA
PeekMessageA
SetTimer
GetMessageA
KillTimer
PostThreadMessageA
CharUpperA

Sections

.text
Size: 300KB - Virtual size: 297KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 12KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

4f7e80b12e14587fc3c198bdef27ceee

Headers

File Characteristics

PDB Paths

Imports

ole32

oleaut32

version

rpcrt4

shlwapi

advapi32

kernel32

user32

Sections

.text Size: 300KB - Virtual size: 297KB

.data Size: 12KB - Virtual size: 10KB

.rsrc Size: 12KB - Virtual size: 10KB

.text
Size: 300KB - Virtual size: 297KB

.data
Size: 12KB - Virtual size: 10KB

.rsrc
Size: 12KB - Virtual size: 10KB