fb96a7c3db4bd949e4c91e06655afa36f138666f4d6ea7b778c55bdf9df5a6e8

Sharing

Copy URL Twitter E-mail

General

Target

fb96a7c3db4bd949e4c91e06655afa36f138666f4d6ea7b778c55bdf9df5a6e8
Size

585KB
MD5

6064f20356e89704f08165b6a5235d84
SHA1

c97a041323913409516ee1026128dd563bfbc69f
SHA256

fb96a7c3db4bd949e4c91e06655afa36f138666f4d6ea7b778c55bdf9df5a6e8
SHA512

b90fe415b26968f94dcf969d08133426d0ff91456ed42492a3757f995116c24ba50ff48ace3563fb501b4e7e58240dbeab492e0561ac350eef299b7f0338520c
SSDEEP

12288:wU/9bMnjCir6JZHmmYmX9LDjDbNj1rAVLfptAR6DfNRQa4gz99e995sslss3sns+:VZRZDjnNj1mLTA+1+5sslss3snsx1msO

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
fb96a7c3db4bd949e4c91e06655afa36f138666f4d6ea7b778c55bdf9df5a6e8

Files

fb96a7c3db4bd949e4c91e06655afa36f138666f4d6ea7b778c55bdf9df5a6e8
.exe windows:5 windows x86 arch:x86

929aeb4e95bed1b730dfa35676ec64e8

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

D:\work\KMRCM5.5\Bin\KMWATCH.pdb

Imports

kernel32

EnterCriticalSection
GetPrivateProfileStringA
GetLocalTime
Process32FirstW
ProcessIdToSessionId
WritePrivateProfileStringA
GetSystemInfo
GetModuleFileNameA
GetLastError
WTSGetActiveConsoleSessionId
CreateToolhelp32Snapshot
DeleteCriticalSection
DeleteFileA
ExitProcess
CreateMutexW
GetCurrentProcessId
GetModuleFileNameW
TerminateProcess
LeaveCriticalSection
GetVersionExW
Sleep
OpenProcess
InitializeCriticalSection
GetTickCount
LocalFileTimeToFileTime
CloseHandle
GetCurrentDirectoryW
MultiByteToWideChar
CreateFileW
ReadFile
GetFileAttributesW
WideCharToMultiByte
WriteFile
SetFileTime
CreateDirectoryW
SystemTimeToFileTime
Process32NextW
SetEndOfFile
GetFullPathNameW
SetEnvironmentVariableA
GetTimeZoneInformation
WriteConsoleW
LCMapStringW
CompareStringW
GetStringTypeW
OutputDebugStringW
SystemTimeToTzSpecificLocalTime
GetDriveTypeW
FindFirstFileExW
FindClose
FlushFileBuffers
SetStdHandle
ReadConsoleW
FreeEnvironmentStringsW
GetEnvironmentStringsW
QueryPerformanceCounter
GetConsoleMode
GetConsoleCP
RtlUnwind
HeapSize
RaiseException
GetModuleHandleW
GetStartupInfoW
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
GetCurrentProcess
InitializeCriticalSectionAndSpinCount
SetFilePointer
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetCPInfo
GetOEMCP
GetACP
IsValidCodePage
AreFileApisANSI
GetModuleHandleExW
SetLastError
SleepEx
VerifyVersionInfoA
VerSetConditionMask
WaitForSingleObject
FormatMessageA
PeekNamedPipe
WaitForMultipleObjects
GetFileType
GetStdHandle
FreeLibrary
GetProcAddress
LoadLibraryA
ExpandEnvironmentStringsA
HeapFree
HeapAlloc
IsDebuggerPresent
IsProcessorFeaturePresent
EncodePointer
DecodePointer
GetCommandLineA
HeapReAlloc
GetSystemTimeAsFileTime
CreateThread
GetCurrentThreadId
ExitThread
LoadLibraryExW
FileTimeToLocalFileTime
GetFileInformationByHandle
FileTimeToSystemTime
SetFilePointerEx
GetProcessHeap

user32

wsprintfW
MessageBoxW

advapi32

CryptCreateHash
CryptEncrypt
CryptReleaseContext
CryptImportKey
CryptAcquireContextA
RegisterServiceCtrlHandlerW
SetServiceStatus
QueryServiceStatus
StartServiceW
ChangeServiceConfig2W
OpenServiceW
StartServiceCtrlDispatcherW
OpenSCManagerW
CloseServiceHandle
CreateServiceW
OpenProcessToken
CreateProcessAsUserA
CryptDestroyHash
CryptGetHashParam
CryptHashData
CryptDestroyKey

shell32

SHFileOperationA
SHCreateDirectoryExA

wtsapi32

WTSFreeMemory
WTSEnumerateSessionsW
WTSQueryUserToken
WTSQuerySessionInformationA

ws2_32

getaddrinfo
freeaddrinfo
sendto
socket
closesocket
getpeername
getsockopt
htons
bind
ntohs
getsockname
setsockopt
WSAIoctl
send
recv
select
WSAGetLastError
__WSAFDIsSet
WSASetLastError
WSAStartup
WSACleanup
gethostname
ioctlsocket
listen
accept
recvfrom
connect

wldap32

ord30
ord200
ord211
ord35
ord26
ord33
ord301
ord27
ord41
ord46
ord50
ord79
ord60
ord22
ord32
ord143

shlwapi

PathFileExistsA
StrStrIW
PathFileExistsW
PathAppendA
PathAppendW

Sections

.text
Size: 330KB - Virtual size: 330KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 98KB - Virtual size: 98KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 6KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 134KB - Virtual size: 134KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 15KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

929aeb4e95bed1b730dfa35676ec64e8

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

user32

advapi32

shell32

wtsapi32

ws2_32

wldap32

shlwapi

Sections

.text Size: 330KB - Virtual size: 330KB

.rdata Size: 98KB - Virtual size: 98KB

.data Size: 6KB - Virtual size: 13KB

.rsrc Size: 134KB - Virtual size: 134KB

.reloc Size: 15KB - Virtual size: 14KB

.text
Size: 330KB - Virtual size: 330KB

.rdata
Size: 98KB - Virtual size: 98KB

.data
Size: 6KB - Virtual size: 13KB

.rsrc
Size: 134KB - Virtual size: 134KB

.reloc
Size: 15KB - Virtual size: 14KB