4f57e9db571f0f9629c5318e7dbf3a2706df76d30b63444275bb7a9db04b8f19

Sharing

Copy URL

Twitter E-mail

General

Target

4f57e9db571f0f9629c5318e7dbf3a2706df76d30b63444275bb7a9db04b8f19
Size

2.0MB
MD5

2b7aace729293b92b0b86784ea80758b
SHA1

60ae14e0d0de9acd3f208e77cbce5af66ebbbbc0
SHA256

4f57e9db571f0f9629c5318e7dbf3a2706df76d30b63444275bb7a9db04b8f19
SHA512

d218e10485d1285cd858d629b6f13e6bc6c54450d4c872f4b0e06e2107c3811e04be6c7a635df36c52e67d4c50ef555adcb643b8f44638b67f6e569e362c2a00
SSDEEP

49152:VX7o2PuIIrHxPwsAS97yY+kVcUALNiXicJFFRGNzj3:VrtUZA7wRGpj3

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
4f57e9db571f0f9629c5318e7dbf3a2706df76d30b63444275bb7a9db04b8f19

Files

4f57e9db571f0f9629c5318e7dbf3a2706df76d30b63444275bb7a9db04b8f19
.exe windows:5 windows x86 arch:x86

5a8160b625bf3e278523b2b58072848f

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

C:\cygwin\home\nightly\distact-build-area\FNP-11.13.1\tier1\flexnet\master\build\_release-Windows-ipv6.NT4-i686-main\lmgrd.exe.pdb

Imports

kernel32

LeaveCriticalSection
EnterCriticalSection
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
IsDebuggerPresent
SetConsoleCtrlHandler
FreeLibrary
InterlockedExchange
LoadLibraryA
InitializeCriticalSectionAndSpinCount
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
HeapAlloc
VirtualAlloc
GetSystemTimeAsFileTime
RtlUnwind
HeapSize
GetLocaleInfoA
LCMapStringA
MultiByteToWideChar
LCMapStringW
GetStringTypeA
GetStringTypeW
GetTimeFormatA
GetDateFormatA
GetTimeZoneInformation
CompareStringA
CompareStringW
SetEnvironmentVariableA
GetTickCount
GetCurrentProcessId
HeapReAlloc
QueryPerformanceCounter
HeapFree
VirtualFree
HeapCreate
InterlockedDecrement
GetCurrentThreadId
SetLastError
InterlockedIncrement
TlsFree
TlsSetValue
TlsAlloc
TlsGetValue
DeleteCriticalSection
GetStartupInfoA
GetFileType
SetHandleCount
GetEnvironmentStringsW
GetLastError
WideCharToMultiByte
FreeEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsA
GetModuleFileNameA
GetStdHandle
CloseHandle
LocalFree
LocalAlloc
WaitForSingleObject
GenerateConsoleCtrlEvent
WaitForMultipleObjects
CreateProcessA
AllocConsole
CreateEventA
SetEvent
GetExitCodeProcess
SetConsoleTitleA
GetWindowsDirectoryA
CreateProcessW
GetCommandLineW
GetStartupInfoW
GetVersionExA
GetEnvironmentVariableA
GetEnvironmentVariableW
GetVersion
SetErrorMode
SetHandleInformation
lstrlenA
ResetEvent
FormatMessageA
GetProcessTimes
ReleaseMutex
CreateMutexA
GetModuleHandleA
GetLocalTime
FindFirstFileW
FindFirstFileA
FindNextFileW
FindNextFileA
FindClose
GetVolumeInformationA
GetDriveTypeA
CreateThread
InitializeCriticalSection
SetNamedPipeHandleState
WaitNamedPipeA
CreateFileA
SleepEx
ReadFile
DeviceIoControl
FileTimeToSystemTime
FileTimeToLocalFileTime
CreateDirectoryW
GetDriveTypeW
CreateFileW
MoveFileA
MoveFileW
GetFileAttributesW
DeleteFileA
DeleteFileW
ExitThread
ResumeThread
DuplicateHandle
GetConsoleCP
GetConsoleMode
FlushFileBuffers
SetStdHandle
SetFilePointer
GetFullPathNameA
GetFileInformationByHandle
PeekNamedPipe
GetCurrentDirectoryA
GetFullPathNameW
SetEndOfFile
GetProcessHeap
SetEnvironmentVariableW
GetFileAttributesA
CreatePipe
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
WriteFile
ExitProcess
GetProcAddress
Sleep
GetModuleHandleW
SetUnhandledExceptionFilter
GetCommandLineA

wsock32

closesocket
WSAGetLastError
socket
connect
select
__WSAFDIsSet
getsockname
htons
getprotobyname
ioctlsocket
inet_addr
recv
gethostbyname
WSACleanup
WSAStartup
sendto
ntohl
recvfrom
listen
bind
accept
shutdown
ntohs
send
inet_ntoa
getsockopt
htonl
setsockopt

user32

CreateDialogIndirectParamA
DialogBoxIndirectParamA
SendMessageA
GetSystemMetrics
GetWindowRect
EnableWindow
GetActiveWindow
MessageBoxA
wsprintfA
GetClientRect
ScreenToClient
MoveWindow
ShowWindow
SetWindowTextA
SetFocus
GetFocus
GetParent
EndDialog
GetDlgItemTextA
GetDlgItemTextW
SetDlgItemTextA
MessageBeep
GetDlgItem
GetWindowLongA

advapi32

ReportEventA
EqualSid
AllocateAndInitializeSid
GetTokenInformation
OpenProcessToken
SetServiceStatus
StartServiceCtrlDispatcherA
RegCloseKey
RegOpenKeyExA
RegisterServiceCtrlHandlerA
SetSecurityDescriptorDacl
InitializeSecurityDescriptor
RegQueryValueExA
RegisterEventSourceA
DeregisterEventSource
FreeSid
RegQueryValueExW
RegSetValueExA
RegSetValueExW
GetUserNameA
GetUserNameW
RegDeleteValueA
RegCreateKeyExA
RegEnumValueA
CloseServiceHandle
QueryServiceStatus
OpenServiceA
OpenSCManagerA
StartServiceA
RegEnumKeyExA
RegQueryInfoKeyA

netapi32

Netbios

comctl32

ord17

comdlg32

GetOpenFileNameA

rpcrt4

UuidCreate

oleaut32

SysAllocStringLen
SysFreeString
SysAllocString
VariantClear
VariantInit
SysStringLen

ole32

CoCreateInstance
CoSetProxyBlanket
CoUninitialize
CoInitializeSecurity
CoInitializeEx

dhcpcsvc

DhcpRequestParams

ws2_32

freeaddrinfo
getnameinfo
getaddrinfo

shell32

ord680

shlwapi

PathRemoveBackslashW

Sections

.text
Size: 372KB - Virtual size: 371KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.textidx
Size: 911KB - Virtual size: 911KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 47KB - Virtual size: 46KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 137KB - Virtual size: 187KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.fnp_dir
Size: 512B - Virtual size: 100B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.fnp_mar
Size: 512B - Virtual size: 1B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 604KB - Virtual size: 608KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

5a8160b625bf3e278523b2b58072848f

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

wsock32

user32

advapi32

netapi32

comctl32

comdlg32

rpcrt4

oleaut32

ole32

dhcpcsvc

ws2_32

shell32

shlwapi

Sections

.text Size: 372KB - Virtual size: 371KB

.textidx Size: 911KB - Virtual size: 911KB

.rdata Size: 47KB - Virtual size: 46KB

.data Size: 137KB - Virtual size: 187KB

.fnp_dir Size: 512B - Virtual size: 100B

.fnp_mar Size: 512B - Virtual size: 1B

.rsrc Size: 2KB - Virtual size: 1KB

.reloc Size: 604KB - Virtual size: 608KB

.text
Size: 372KB - Virtual size: 371KB

.textidx
Size: 911KB - Virtual size: 911KB

.rdata
Size: 47KB - Virtual size: 46KB

.data
Size: 137KB - Virtual size: 187KB

.fnp_dir
Size: 512B - Virtual size: 100B

.fnp_mar
Size: 512B - Virtual size: 1B

.rsrc
Size: 2KB - Virtual size: 1KB

.reloc
Size: 604KB - Virtual size: 608KB