991f22e79d55e8942de40af73a66002e777be7401fb693941713704993742b3c

Sharing

Copy URL Twitter E-mail

General

Target

991f22e79d55e8942de40af73a66002e777be7401fb693941713704993742b3c
Size

256KB
MD5

8ade68719d0c1a7ac049245dc1673294
SHA1

488bf3fdbee692034da62b19cc6c42a816dc034c
SHA256

991f22e79d55e8942de40af73a66002e777be7401fb693941713704993742b3c
SHA512

a864cf1290accd60d93ee34310cc150e574c10b8024fbf9d517c534466c671202382ba9cdc867ad664d9f7561c4ac080a77c5d89226786b9bf42226c6cc59440
SSDEEP

3072:mNOoyX6jqFpCnKkAldJwTOZwcfNPl7ZqVG3XljFl1bcSaRRMHpEc9plMnLMt5Yj4:m/ipKurjlJMSSO6cZ8r4

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
991f22e79d55e8942de40af73a66002e777be7401fb693941713704993742b3c

Files

991f22e79d55e8942de40af73a66002e777be7401fb693941713704993742b3c
.exe windows:5 windows x86 arch:x86

ccc2ecc090fb3019aafc29f52a88d53d

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

d:\SUN\sun\Server\AuthSystem\_binv90\AuthAgent.pdb

Imports

kernel32

GetPrivateProfileStringA
GetPrivateProfileIntA
GetLocalTime
SetCurrentDirectoryA
GetModuleFileNameA
SetEnvironmentVariableA
CompareStringW
CompareStringA
SetEndOfFile
CreateProcessA
GetExitCodeProcess
WriteConsoleW
GetConsoleOutputCP
GetStringTypeW
GetStringTypeA
SetFilePointer
GetLocaleInfoA
CloseHandle
CreateMutexA
OpenMutexA
QueryPerformanceFrequency
QueryPerformanceCounter
GetTickCount
Sleep
WriteFile
InitializeCriticalSection
LeaveCriticalSection
EnterCriticalSection
GetStdHandle
CreateDirectoryA
SetConsoleTitleA
WriteConsoleA
FreeConsole
SetConsoleMode
ReadConsoleInputA
SetConsoleScreenBufferSize
SetConsoleWindowInfo
GetConsoleScreenBufferInfo
GetConsoleMode
AllocConsole
CreateFileA
FlushFileBuffers
HeapAlloc
GetProcessHeap
IsBadReadPtr
HeapFree
GetCurrentThreadId
InterlockedIncrement
InterlockedDecrement
InterlockedExchange
DeleteCriticalSection
LocalFree
FormatMessageA
ReadFile
SetUnhandledExceptionFilter
GetLastError
GetCurrentThread
GetCurrentProcess
GetCurrentProcessId
GetProcAddress
LoadLibraryA
WaitForSingleObject
PostQueuedCompletionStatus
InterlockedCompareExchange
CreateIoCompletionPort
WaitForMultipleObjects
SuspendThread
ResumeThread
CreateEventA
SetEvent
InitializeCriticalSectionAndSpinCount
GetQueuedCompletionStatus
RtlUnwind
TerminateProcess
UnhandledExceptionFilter
IsDebuggerPresent
RaiseException
GetCommandLineA
GetSystemTimeAsFileTime
PeekConsoleInputA
GetNumberOfConsoleInputEvents
GetFileAttributesA
SetStdHandle
GetFileType
ExitThread
CreateThread
GetModuleHandleW
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
SetLastError
VirtualFree
VirtualAlloc
HeapReAlloc
HeapCreate
ExitProcess
SetHandleCount
GetStartupInfoA
HeapSize
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
GetModuleHandleA
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
WideCharToMultiByte
GetEnvironmentStringsW
LCMapStringA
MultiByteToWideChar
LCMapStringW
GetConsoleCP
GetTimeZoneInformation

ws2_32

WSASend
send
closesocket
WSASocketA
setsockopt
WSARecv
recv
WSAGetLastError
htonl
inet_ntoa
WSAStartup
WSACleanup
inet_addr
socket
bind
listen
gethostname
connect
gethostbyname
htons
WSAIoctl

solarlog

??1SolarLog@@QAE@XZ
?Create@SolarLog@@QAEHPAD0@Z
??0SolarLog@@QAE@XZ
?LOG@SolarLog@@QAEHPAEK@Z

dbghelp

SymCleanup
SymGetLineFromAddr64
SymFromAddr
StackWalk
SymFunctionTableAccess
SymGetModuleBase
SymInitialize
SymSetOptions

ole32

CoInitializeEx
CoUninitialize

Sections

.text
Size: 201KB - Virtual size: 200KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 42KB - Virtual size: 41KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 11KB - Virtual size: 500KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 436B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

ccc2ecc090fb3019aafc29f52a88d53d

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

ws2_32

solarlog

dbghelp

ole32

Sections

.text Size: 201KB - Virtual size: 200KB

.rdata Size: 42KB - Virtual size: 41KB

.data Size: 11KB - Virtual size: 500KB

.rsrc Size: 512B - Virtual size: 436B

.text
Size: 201KB - Virtual size: 200KB

.rdata
Size: 42KB - Virtual size: 41KB

.data
Size: 11KB - Virtual size: 500KB

.rsrc
Size: 512B - Virtual size: 436B