aed34925ea7936d3fe42699e984d0e79a6ed89393bf1fe1f8df75555ec2c721e

Sharing

Copy URL Twitter E-mail

General

Target

aed34925ea7936d3fe42699e984d0e79a6ed89393bf1fe1f8df75555ec2c721e
Size

585KB
MD5

71cc2734c4d799c69009b94d59d27970
SHA1

760eb5e363b66ff1ac52a2eba08be3e269aaa09a
SHA256

aed34925ea7936d3fe42699e984d0e79a6ed89393bf1fe1f8df75555ec2c721e
SHA512

92d712db1030b6b4975dcca26438faade012abe68f06df3554bfda6c1c9da5639b06c82987ec96fa76bf9aad0df987dac4bb15aba4a046b3edc8b4aa758ea614
SSDEEP

12288:LU/9bMnjCir6JZHmmYmX9LDjDbNj1rAVLfptAR6DfNRQa4gz99e995sslss3sns+:cZRZDjnNj1mLTA+1+5sslss3snsx1msO

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
aed34925ea7936d3fe42699e984d0e79a6ed89393bf1fe1f8df75555ec2c721e

Files

aed34925ea7936d3fe42699e984d0e79a6ed89393bf1fe1f8df75555ec2c721e
.exe windows:5 windows x86 arch:x86

929aeb4e95bed1b730dfa35676ec64e8

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

D:\work\KMRCM5.5\Bin\KMWATCH.pdb

Imports

kernel32

EnterCriticalSection
GetPrivateProfileStringA
GetLocalTime
Process32FirstW
ProcessIdToSessionId
WritePrivateProfileStringA
GetSystemInfo
GetModuleFileNameA
GetLastError
WTSGetActiveConsoleSessionId
CreateToolhelp32Snapshot
DeleteCriticalSection
DeleteFileA
ExitProcess
CreateMutexW
GetCurrentProcessId
GetModuleFileNameW
TerminateProcess
LeaveCriticalSection
GetVersionExW
Sleep
OpenProcess
InitializeCriticalSection
GetTickCount
LocalFileTimeToFileTime
CloseHandle
GetCurrentDirectoryW
MultiByteToWideChar
CreateFileW
ReadFile
GetFileAttributesW
WideCharToMultiByte
WriteFile
SetFileTime
CreateDirectoryW
SystemTimeToFileTime
Process32NextW
SetEndOfFile
GetFullPathNameW
SetEnvironmentVariableA
GetTimeZoneInformation
WriteConsoleW
LCMapStringW
CompareStringW
GetStringTypeW
OutputDebugStringW
SystemTimeToTzSpecificLocalTime
GetDriveTypeW
FindFirstFileExW
FindClose
FlushFileBuffers
SetStdHandle
ReadConsoleW
FreeEnvironmentStringsW
GetEnvironmentStringsW
QueryPerformanceCounter
GetConsoleMode
GetConsoleCP
RtlUnwind
HeapSize
RaiseException
GetModuleHandleW
GetStartupInfoW
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
GetCurrentProcess
InitializeCriticalSectionAndSpinCount
SetFilePointer
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetCPInfo
GetOEMCP
GetACP
IsValidCodePage
AreFileApisANSI
GetModuleHandleExW
SetLastError
SleepEx
VerifyVersionInfoA
VerSetConditionMask
WaitForSingleObject
FormatMessageA
PeekNamedPipe
WaitForMultipleObjects
GetFileType
GetStdHandle
FreeLibrary
GetProcAddress
LoadLibraryA
ExpandEnvironmentStringsA
HeapFree
HeapAlloc
IsDebuggerPresent
IsProcessorFeaturePresent
EncodePointer
DecodePointer
GetCommandLineA
HeapReAlloc
GetSystemTimeAsFileTime
CreateThread
GetCurrentThreadId
ExitThread
LoadLibraryExW
FileTimeToLocalFileTime
GetFileInformationByHandle
FileTimeToSystemTime
SetFilePointerEx
GetProcessHeap

user32

wsprintfW
MessageBoxW

advapi32

CryptCreateHash
CryptEncrypt
CryptReleaseContext
CryptImportKey
CryptAcquireContextA
RegisterServiceCtrlHandlerW
SetServiceStatus
QueryServiceStatus
StartServiceW
ChangeServiceConfig2W
OpenServiceW
StartServiceCtrlDispatcherW
OpenSCManagerW
CloseServiceHandle
CreateServiceW
OpenProcessToken
CreateProcessAsUserA
CryptDestroyHash
CryptGetHashParam
CryptHashData
CryptDestroyKey

shell32

SHFileOperationA
SHCreateDirectoryExA

wtsapi32

WTSFreeMemory
WTSEnumerateSessionsW
WTSQueryUserToken
WTSQuerySessionInformationA

ws2_32

getaddrinfo
freeaddrinfo
sendto
socket
closesocket
getpeername
getsockopt
htons
bind
ntohs
getsockname
setsockopt
WSAIoctl
send
recv
select
WSAGetLastError
__WSAFDIsSet
WSASetLastError
WSAStartup
WSACleanup
gethostname
ioctlsocket
listen
accept
recvfrom
connect

wldap32

ord30
ord200
ord211
ord35
ord26
ord33
ord301
ord27
ord41
ord46
ord50
ord79
ord60
ord22
ord32
ord143

shlwapi

PathFileExistsA
StrStrIW
PathFileExistsW
PathAppendA
PathAppendW

Sections

.text
Size: 330KB - Virtual size: 330KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 98KB - Virtual size: 98KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 6KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 134KB - Virtual size: 134KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 15KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

929aeb4e95bed1b730dfa35676ec64e8

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

user32

advapi32

shell32

wtsapi32

ws2_32

wldap32

shlwapi

Sections

.text Size: 330KB - Virtual size: 330KB

.rdata Size: 98KB - Virtual size: 98KB

.data Size: 6KB - Virtual size: 13KB

.rsrc Size: 134KB - Virtual size: 134KB

.reloc Size: 15KB - Virtual size: 14KB

.text
Size: 330KB - Virtual size: 330KB

.rdata
Size: 98KB - Virtual size: 98KB

.data
Size: 6KB - Virtual size: 13KB

.rsrc
Size: 134KB - Virtual size: 134KB

.reloc
Size: 15KB - Virtual size: 14KB