6b43840c46fade4f2085f5b591ed9ff0549cec49a60afbdd2fb2d347db097007

Sharing

Copy URL Twitter E-mail

General

Target

6b43840c46fade4f2085f5b591ed9ff0549cec49a60afbdd2fb2d347db097007
Size

400KB
MD5

f043c50a537ba776e0d1dd42423e2808
SHA1

1c0bb2a112322148cc73210705901f30aa8d6903
SHA256

6b43840c46fade4f2085f5b591ed9ff0549cec49a60afbdd2fb2d347db097007
SHA512

45eba50b67e56bcdadd6f1e737a3e685abbb5fda2dc0378e9ef3dc9d00bc2c65e6fef3c138602e8169a80d23d03f63d5d6060c38f79432658d3df84fc377ca7e
SSDEEP

12288:OHsEjxLDavg3JmwxY1kzE+QIrZoftjNB:wsA+vSoqYAQmZoftn

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
6b43840c46fade4f2085f5b591ed9ff0549cec49a60afbdd2fb2d347db097007

Files

6b43840c46fade4f2085f5b591ed9ff0549cec49a60afbdd2fb2d347db097007
.exe windows:6 windows x86 arch:x86

694c04ae56a246b706e5c7a3ac98a25e

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

D:\build\ob\bora-23775571\bora\build\build\vmnat\release\win32\vmnat.pdb

Imports

api-ms-win-crt-stdio-l1-1-0

__p__commode
_wfopen
__stdio_common_vsprintf
__stdio_common_vsscanf
rewind
ftell
fseek
clearerr
_set_fmode
__stdio_common_vfprintf
fgets
fclose
__acrt_iob_func

api-ms-win-crt-heap-l1-1-0

malloc
_set_new_mode
realloc
calloc
free

api-ms-win-crt-runtime-l1-1-0

terminate
_controlfp_s
_crt_atexit
_register_onexit_function
_errno
_initialize_onexit_table
__p___argc
__p___wargv
_c_exit
exit
_seh_filter_exe
_set_app_type
_configure_wide_argv
_initialize_wide_environment
_get_wide_winmain_command_line
_initterm
_initterm_e
_exit
abort
_cexit
_register_thread_local_exe_atexit_callback

api-ms-win-crt-utility-l1-1-0

srand
rand

api-ms-win-crt-convert-l1-1-0

_fcvt_s
_ecvt_s
wcrtomb
strtoul
atoi

api-ms-win-crt-string-l1-1-0

isdigit
_strnicmp
_stricmp
strncmp
strncat
islower
_strlwr
_strupr
tolower
isalnum
_strdup
strncpy
wcsncmp
isspace

api-ms-win-crt-locale-l1-1-0

_configthreadlocale
localeconv

api-ms-win-crt-math-l1-1-0

__setusermatherr

api-ms-win-crt-filesystem-l1-1-0

_waccess
_wunlink
_wstat64

api-ms-win-crt-environment-l1-1-0

getenv

vcruntime140

wcsrchr
memchr
strstr
strrchr
__current_exception
__current_exception_context
memset
strchr
_except_handler4_common
memmove
memcpy

shfolder

SHGetFolderPathW

kernel32

GetStartupInfoW
IsDebuggerPresent
InitializeSListHead
GetCurrentProcessId
IsProcessorFeaturePresent
TerminateProcess
SetUnhandledExceptionFilter
UnhandledExceptionFilter
CreateFileA
VerifyVersionInfoW
GetProductInfo
GetNativeSystemInfo
VerSetConditionMask
GetModuleHandleExW
GetCurrentProcess
DeleteCriticalSection
ReadFile
WriteFile
CloseHandle
GetLastError
DeviceIoControl
ResetEvent
CreateEventA
WaitForMultipleObjects
GetSystemTimeAsFileTime
WaitForSingleObject
CreateThread
GetCurrentThreadId
TerminateThread
CreatePipe
InitializeCriticalSection
EnterCriticalSection
LeaveCriticalSection
SetEvent
CreateFileW
GetFileAttributesA
OutputDebugStringW
MapViewOfFile
UnmapViewOfFile
GetModuleFileNameW
CreateFileMappingA
GetVersionExA
MultiByteToWideChar
WideCharToMultiByte
GetACP
Sleep
QueryPerformanceCounter
SetLastError
FormatMessageW
GetModuleHandleW
CreateDirectoryW
DeleteFileW

user32

CreateWindowExW
DispatchMessageA
GetMessageA
DestroyWindow
PeekMessageA
MsgWaitForMultipleObjects
PostMessageA
PostThreadMessageA

advapi32

RegisterEventSourceA
RegCloseKey
CloseServiceHandle
RegisterServiceCtrlHandlerA
SetServiceStatus
SetSecurityDescriptorDacl
InitializeSecurityDescriptor
ReportEventW
DeregisterEventSource
RegSetValueExW
OpenServiceW
OpenSCManagerW
RegQueryValueExW
RegOpenKeyExW
StartServiceCtrlDispatcherA

ws2_32

WSAStartup
WSAGetLastError
WSAAsyncSelect
inet_pton
WSAIoctl
setsockopt
inet_addr
socket
closesocket
ntohs
htons
htonl
inet_ntop
ioctlsocket
bind
getsockopt
recvfrom
accept
connect
sendto
recv
getsockname
listen
select
send
shutdown
ntohl
getpeername
WSACreateEvent

iphlpapi

GetAdaptersAddresses
NotifyAddrChange
GetAdaptersInfo
CancelIPChangeNotify

dnsapi

DnsFree
DnsQuery_A

Sections

.text
Size: 249KB - Virtual size: 249KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 82KB - Virtual size: 82KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 49KB - Virtual size: 74KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 16KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

694c04ae56a246b706e5c7a3ac98a25e

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

api-ms-win-crt-stdio-l1-1-0

api-ms-win-crt-heap-l1-1-0

api-ms-win-crt-runtime-l1-1-0

api-ms-win-crt-utility-l1-1-0

api-ms-win-crt-convert-l1-1-0

api-ms-win-crt-string-l1-1-0

api-ms-win-crt-locale-l1-1-0

api-ms-win-crt-math-l1-1-0

api-ms-win-crt-filesystem-l1-1-0

api-ms-win-crt-environment-l1-1-0

vcruntime140

shfolder

kernel32

user32

advapi32

ws2_32

iphlpapi

dnsapi

Sections

.text Size: 249KB - Virtual size: 249KB

.rdata Size: 82KB - Virtual size: 82KB

.data Size: 49KB - Virtual size: 74KB

.rsrc Size: 2KB - Virtual size: 1KB

.reloc Size: 16KB - Virtual size: 15KB

.text
Size: 249KB - Virtual size: 249KB

.rdata
Size: 82KB - Virtual size: 82KB

.data
Size: 49KB - Virtual size: 74KB

.rsrc
Size: 2KB - Virtual size: 1KB

.reloc
Size: 16KB - Virtual size: 15KB