5de2b91c9a4219cff7bab0fada08f5a08e681d7d185d26d10919b3f5f8d6f8d9

Sharing

Copy URL Twitter E-mail

General

Target

5de2b91c9a4219cff7bab0fada08f5a08e681d7d185d26d10919b3f5f8d6f8d9
Size

80KB
MD5

53aae55b28844d9a2e4453776ae8bc78
SHA1

8c3212dad7e1cbc77ef809b5ab73e3796c20d7f9
SHA256

5de2b91c9a4219cff7bab0fada08f5a08e681d7d185d26d10919b3f5f8d6f8d9
SHA512

afe2cda83a726cc9291c3dabfee7d3dd0c5352ba19375a903bb660f082b865c74df8098d7971d68e7d9811e611bc772cd4df9065f2ce5774c0acdf3d45d25a9f
SSDEEP

1536:YJqonQwpmkwkuMBo91nsAu035Rr9IOEVnToIf43Sg2nn:AHQwpjTcsAu0JRr3E9TBfZg2n

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
5de2b91c9a4219cff7bab0fada08f5a08e681d7d185d26d10919b3f5f8d6f8d9

Files

5de2b91c9a4219cff7bab0fada08f5a08e681d7d185d26d10919b3f5f8d6f8d9
.dll windows:4 windows x86 arch:x86

ef3470d319d29c87c44cbded20b5ca32

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

FindFirstFileA
FindNextFileA
WideCharToMultiByte
FindClose
WaitForSingleObject
DeleteCriticalSection
InitializeCriticalSection
GetVersionExA
CloseHandle
GetCurrentThreadId
GetTickCount
QueryPerformanceCounter
ExitProcess
GetSystemTimeAsFileTime
GetCurrentProcessId

ole32

CoInitializeEx
CoCreateInstance

stringm

??4CStringM@@QAEABV0@ABV0@@Z
?FreeExtra@CStringM@@QAEXXZ
?Empty@CStringM@@QAEXXZ
?GetAllocLength@CStringM@@QBEHXZ
?GetBuffer@CStringM@@QAEPADH@Z
?Format@CStringM@@QAAXPBDZZ
??YCStringM@@QAEABV0@ABV0@@Z
??H@YA?AVCStringM@@ABV0@0@Z
?MakeLower@CStringM@@QAEXXZ
??H@YA?AVCStringM@@ABV0@PBD@Z
?Replace@CStringM@@QAEHPBD0@Z
??0CStringM@@QAE@ABV0@@Z
?MakeUpper@CStringM@@QAEXXZ
??4CStringM@@QAEABV0@PBD@Z
??1CStringM@@QAE@XZ
??YCStringM@@QAEABV0@PBD@Z
??0CStringM@@QAE@PBD@Z
?_EmptyString@CStringM@@0PBDB

sdcore

?SelfTrace@@YA_N_NPBDZZ

msvcp71

?_Nomemory@std@@YAXXZ

msvcr71

__CxxFrameHandler
_access
strstr
??_V@YAXPAX@Z
strrchr
wcscat
wcscpy
_wtoi
_beginthreadex
malloc
realloc
fwrite
memset
_callnewh
??1type_info@@UAE@XZ
__dllonexit
_onexit
?terminate@@YAXXZ
_initterm
_adjust_fdiv
__CppXcptFilter
__security_error_handler
free
_except_handler3
_stricmp
??3@YAXPAX@Z
_strdup

Exports

Exports

??0iis_admin_c@@QAE@_N@Z
??1iis_admin_c@@UAE@XZ
DetectAsp
GetAsp

Sections

.text
Size: 40KB - Virtual size: 37KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 20KB - Virtual size: 18KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 820B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 8KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

ef3470d319d29c87c44cbded20b5ca32

Headers

File Characteristics

Imports

kernel32

ole32

stringm

sdcore

msvcp71

msvcr71

Exports

Exports

Sections

.text Size: 40KB - Virtual size: 37KB

.rdata Size: 20KB - Virtual size: 18KB

.data Size: 4KB - Virtual size: 820B

.rsrc Size: 4KB - Virtual size: 1KB

.reloc Size: 8KB - Virtual size: 4KB

.text
Size: 40KB - Virtual size: 37KB

.rdata
Size: 20KB - Virtual size: 18KB

.data
Size: 4KB - Virtual size: 820B

.rsrc
Size: 4KB - Virtual size: 1KB

.reloc
Size: 8KB - Virtual size: 4KB