9b6103b47e16ea28f6adf34dc870208ea7517e5a435eb03f2cf8725d14e1d4cf

Sharing

Copy URL Twitter E-mail

General

Target

9b6103b47e16ea28f6adf34dc870208ea7517e5a435eb03f2cf8725d14e1d4cf
Size

66KB
MD5

48b77975e87690fc4fac64082ac3395c
SHA1

6be82d072769326d64b603651606d2d6eb18a90d
SHA256

9b6103b47e16ea28f6adf34dc870208ea7517e5a435eb03f2cf8725d14e1d4cf
SHA512

4b346eacf43bb140374782422e29be0858fc116b8cb4de96969e2b1ae1c2a3efc779b10491be233ff1028c6d57c79cfc08b89a359c69dbb350a3c36841903912
SSDEEP

1536:qS25nVEaGkCfJAxM69qZIVdqIEP03FXhdDDsQ8cNQS6qFC:qS25DCfyxM6sSx9DsQ8cNQu

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
9b6103b47e16ea28f6adf34dc870208ea7517e5a435eb03f2cf8725d14e1d4cf

Files

9b6103b47e16ea28f6adf34dc870208ea7517e5a435eb03f2cf8725d14e1d4cf
.exe windows:6 windows x86 arch:x86

99dd435c5b410a1c613cfdc1fc1a93ff

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

C:\VC15\Win32\httpd-2.4\support\Release\rotatelogs.pdb

Imports

vcruntime140

strchr
_except_handler4_common
wcschr
strrchr
memcpy
memset
memchr
memmove

api-ms-win-crt-runtime-l1-1-0

_seh_filter_exe
_set_app_type
__p___argc
_register_onexit_function
_initialize_onexit_table
_initialize_narrow_environment
_configure_narrow_argv
_get_initial_narrow_environment
_exit
exit
__p___argv
strerror
_c_exit
_register_thread_local_exe_atexit_callback
_initterm
terminate
_errno
_controlfp_s
_initterm_e
_crt_atexit
_cexit

api-ms-win-crt-convert-l1-1-0

atoi

api-ms-win-crt-stdio-l1-1-0

_close
__p__commode
_set_fmode
__acrt_iob_func
__stdio_common_vfprintf

api-ms-win-crt-heap-l1-1-0

free
realloc
_set_new_mode
malloc

api-ms-win-crt-environment-l1-1-0

__p__wenviron
getenv
__p__environ

api-ms-win-crt-string-l1-1-0

isdigit
strncmp
islower
isalpha
toupper
_strnicmp
_stricmp
wcsncmp
isspace

api-ms-win-crt-math-l1-1-0

modf
__setusermatherr

api-ms-win-crt-time-l1-1-0

strftime

api-ms-win-crt-locale-l1-1-0

_configthreadlocale

wsock32

ntohl
WSACleanup
WSAStartup

kernel32

GetExitCodeProcess
FormatMessageA
FreeEnvironmentStringsW
InitializeSListHead
QueryPerformanceCounter
GetModuleHandleW
IsDebuggerPresent
IsProcessorFeaturePresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
UnlockFileEx
UnlockFile
LockFileEx
LockFile
GetDriveTypeW
GetDriveTypeA
GetCurrentDirectoryW
ReleaseMutex
SetEvent
GetCurrentProcess
LoadLibraryA
GetProcAddress
GetVersionExA
GetCurrentThreadId
TerminateProcess
WaitForMultipleObjects
OpenProcess
CreateProcessW
GetCommandLineW
GetCurrentProcessId
DeleteCriticalSection
LeaveCriticalSection
EnterCriticalSection
InitializeCriticalSection
SetHandleInformation
GetHandleInformation
LocalFree
GetFullPathNameW
GetFileType
GetFileSizeEx
GetFileAttributesExW
FindFirstFileW
FindClose
CreateDirectoryW
SetEndOfFile
CreateEventA
PeekNamedPipe
WriteFile
ReadFile
CreateHardLinkW
WaitForSingleObject
CancelIo
DeviceIoControl
GetOverlappedResult
GetLastError
CloseHandle
SetFilePointer
GetFileInformationByHandle
DeleteFileW
CreateFileW
SetStdHandle
GetStdHandle
GetTimeZoneInformation
SystemTimeToFileTime
FileTimeToSystemTime
SystemTimeToTzSpecificLocalTime
GetSystemTimeAsFileTime
Sleep
SetLastError
GlobalFree
TlsFree
TlsAlloc
GetEnvironmentStringsW

advapi32

FreeSid
GetEffectiveRightsFromAclW
RevertToSelf
AllocateAndInitializeSid
ImpersonateLoggedOnUser
CreateProcessAsUserW
GetSecurityInfo
GetNamedSecurityInfoW
GetNamedSecurityInfoA

shell32

CommandLineToArgvW

Sections

.text
Size: 45KB - Virtual size: 44KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 14KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

99dd435c5b410a1c613cfdc1fc1a93ff

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

vcruntime140

api-ms-win-crt-runtime-l1-1-0

api-ms-win-crt-convert-l1-1-0

api-ms-win-crt-stdio-l1-1-0

api-ms-win-crt-heap-l1-1-0

api-ms-win-crt-environment-l1-1-0

api-ms-win-crt-string-l1-1-0

api-ms-win-crt-math-l1-1-0

api-ms-win-crt-time-l1-1-0

api-ms-win-crt-locale-l1-1-0

wsock32

kernel32

advapi32

shell32

Sections

.text Size: 45KB - Virtual size: 44KB

.rdata Size: 14KB - Virtual size: 14KB

.data Size: 512B - Virtual size: 9KB

.rsrc Size: 2KB - Virtual size: 2KB

.reloc Size: 2KB - Virtual size: 2KB

.text
Size: 45KB - Virtual size: 44KB

.rdata
Size: 14KB - Virtual size: 14KB

.data
Size: 512B - Virtual size: 9KB

.rsrc
Size: 2KB - Virtual size: 2KB

.reloc
Size: 2KB - Virtual size: 2KB