f07caa119b64da19c5649df5244b255ce0285b3d519e9559afbd92be023f19f9

Sharing

Copy URL Twitter E-mail

General

Target

f07caa119b64da19c5649df5244b255ce0285b3d519e9559afbd92be023f19f9
Size

159KB
MD5

1daa5858e53935acf1af5181914e649e
SHA1

a9e93a8f9ca19e9ab25b72749ab1ae91f427a120
SHA256

f07caa119b64da19c5649df5244b255ce0285b3d519e9559afbd92be023f19f9
SHA512

2c8ba9e522b090933231c5b4827f3eabb883709e2c68e348012ca00c30ca54b6bd5a316a36e92f733dba67863a93fa52393c11003d99121baeef07632225681b
SSDEEP

3072:Qd4tTmIog9wr/55NHPtcTZNijv92+4Ny7OdzW:QpxNOT2T92JNy7OdC

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
f07caa119b64da19c5649df5244b255ce0285b3d519e9559afbd92be023f19f9

Files

f07caa119b64da19c5649df5244b255ce0285b3d519e9559afbd92be023f19f9
.exe windows:5 windows x86 arch:x86

654ff9955056770706a7bc560b32e63a

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

PDB Paths

llsmgr.pdb

Imports

mfc42u

ord2570
ord4392
ord3577
ord616
ord2574
ord4396
ord3365
ord3635
ord693
ord5261
ord4992
ord2506
ord6048
ord1767
ord4401
ord5276
ord4419
ord3592
ord641
ord324
ord2290
ord2294
ord5977
ord6896
ord2634
ord537
ord2644
ord4704
ord1662
ord4616
ord2606
ord927
ord4124
ord858
ord925
ord4199
ord5855
ord2637
ord6451
ord793
ord656
ord2859
ord1197
ord1144
ord2520
ord2810
ord1817
ord4233
ord4690
ord3053
ord3060
ord6332
ord2502
ord2534
ord5239
ord1739
ord5573
ord3167
ord5649
ord2391
ord4381
ord3449
ord3193
ord6171
ord4617
ord4420
ord338
ord652
ord4414
ord815
ord686
ord4269
ord4480
ord2546
ord2504
ord5727
ord3917
ord1089
ord2388
ord3341
ord5296
ord5298
ord4074
ord4692
ord5303
ord5285
ord5710
ord3733
ord384
ord561
ord2717
ord810
ord1172
ord1143
ord5496
ord4604
ord986
ord520
ord2089
ord5712
ord5713
ord1196
ord1202
ord942
ord6279
ord6350
ord3658
ord1937
ord4268
ord5256
ord4078
ord2769
ord3621
ord2406
ord3568
ord2855
ord4215
ord2576
ord3649
ord2430
ord2858
ord1637
ord2371
ord3393
ord3728
ord2579
ord4400
ord3389
ord3724
ord804
ord4583
ord4582
ord4893
ord4364
ord4886
ord4335
ord4884
ord4525
ord4539
ord4537
ord4520
ord4213
ord4518
ord4958
ord4955
ord4103
ord5236
ord3743
ord1719
ord4426
ord813
ord802
ord5639
ord1001
ord5605
ord535
ord6211
ord2092
ord2111
ord4502
ord5597
ord6266
ord3490
ord5783
ord283
ord922
ord4294
ord2857
ord542
ord560
ord2115
ord4458
ord2508
ord361
ord6330
ord4436
ord3605
ord3714
ord2362
ord2284
ord2356
ord4118
ord3090
ord4442
ord1834
ord4237
ord2715
ord2382
ord3054
ord5094
ord5097
ord4461
ord4298
ord3345
ord5006
ord975
ord5468
ord3398
ord2874
ord2873
ord4146
ord4072
ord5233
ord5278
ord2641
ord1658
ord5248
ord4421
ord796
ord674
ord554
ord529
ord366
ord807
ord4430
ord4718
ord4989
ord4143
ord5867
ord2486
ord2619
ord2618
ord5879
ord2112
ord5996
ord2109
ord4451
ord1899
ord4253
ord5155
ord5156
ord5154
ord4899
ord4942
ord4352
ord4371
ord4848
ord5283
ord4829
ord768
ord715
ord415
ord489
ord5616
ord5601
ord4970
ord1900
ord4254
ord4709
ord1683
ord5284
ord4433
ord2046
ord4425
ord771
ord497
ord1008
ord4439
ord2287
ord4736
ord1145
ord2293
ord692
ord5568
ord2910
ord6024
ord5949
ord3093
ord1764
ord6362
ord2405
ord2016
ord4214
ord2573
ord4395
ord3634
ord5947
ord4472
ord3087
ord4282
ord6898
ord2015
ord2403
ord609
ord1569
ord567
ord3569
ord4621
ord3397
ord3076
ord5273
ord2116
ord2438
ord5257
ord1720
ord5059
ord3744
ord6372
ord2047
ord2640
ord4435
ord4831
ord3793
ord5286
ord4347
ord6370
ord5157
ord2377
ord5237
ord4390
ord1768
ord4073
ord6051
ord2567
ord4370
ord5593
ord1081
ord4847
ord4229
ord2863
ord538
ord290
ord414
ord2615
ord1203
ord1165
ord823
ord825
ord6137
ord1226
ord540
ord861
ord4155
ord1594
ord3232
ord1220
ord4016
ord800
ord713
ord614
ord4418
ord4075
ord3074
ord3820
ord3826
ord3825
ord2971
ord2980
ord3257
ord3131
ord4459
ord3254
ord3142
ord2977
ord2478
ord4221
ord1791
ord4523
ord6037

msvcrt

iswdigit
wcsncmp
_wtoi
_vsnwprintf
_vsnprintf
iswspace
_c_exit
_exit
_XcptFilter
_cexit
exit
_wcmdln
__wgetmainargs
_initterm
_adjust_fdiv
__p__commode
__p__fmode
__set_app_type
_except_handler3
??1type_info@@UAE@XZ
__dllonexit
_onexit
_controlfp
?terminate@@YAXXZ
__CxxFrameHandler
wcscmp
wcslen
_wcsicmp
__setusermatherr

advapi32

RegQueryValueExW
RegOpenKeyExA
RegQueryValueExA
RegSetValueExW
RegCreateKeyExW
RegGetValueW
RegCloseKey
RegOpenKeyExW

kernel32

TerminateProcess
GetSystemTimeAsFileTime
GetCurrentProcessId
GetCurrentThreadId
GetTickCount
QueryPerformanceCounter
GetTimeZoneInformation
GetCurrentProcess
GetLocaleInfoW
WideCharToMultiByte
lstrcmpW
UnhandledExceptionFilter
LocalFree
GetACP
GetComputerNameW
GetLastError
lstrcmpiW
OutputDebugStringW
lstrcpynW
InterlockedIncrement
GetModuleFileNameW
lstrlenW
LoadLibraryW
FormatMessageW
FreeLibrary
SetUnhandledExceptionFilter
GetStartupInfoW
LocalAlloc
FileTimeToDosDateTime
LoadLibraryA
GetProcAddress

gdi32

TranslateCharsetInfo
CreateFontIndirectW

user32

SetWindowLongW
GetWindowLongW
GetKeyState
LoadAcceleratorsW
wsprintfW
TranslateAcceleratorW
SendMessageW
EnableWindow
PostMessageW
RemoveMenu
InvalidateRect
GetParent
MessageBeep
UpdateWindow
GetClientRect
GetWindowRect
LoadMenuW
InsertMenuW
GetSubMenu
GetMenuItemID
LoadIconW
EnableMenuItem
CheckMenuItem
AppendMenuW
FillRect
SetRectEmpty
PtInRect
LoadStringW
GetFocus

llsrpc

LlsEnterpriseServerFindW
LlsGroupDeleteW
LlsUserDeleteW
LlsLocalServiceInfoSetW
LlsLocalServiceInfoGetW
LlsProductLicensesGetW
LlsGroupUserEnumW
LlsGroupUserAddW
LlsGroupUserDeleteW
LlsGroupInfoSetW
LlsGroupAddW
LlsProductLicenseEnumW
LlsProductUserEnumW
LlsProductServerEnumW
LlsUserProductDeleteW
LlsServiceInfoGetW
LlsLocalServiceEnumW
LlsServiceInfoSetW
LlsUserProductEnumW
LlsUserInfoGetW
LlsUserInfoSetW
LlsUserEnumW
LlsProductEnumW
LlsGroupEnumW
LlsLicenseEnumW
LlsFreeMemory
LlsConnectW
LlsClose

ccfapi32

CCFCertificateEnterUI
CCFCertificateRemoveUI

netapi32

NetWkstaGetInfo
NetServerEnum
NetUseDel
NetUseAdd
DsGetDcNameW
DsEnumerateDomainTrustsW
NetUserEnum
I_NetNameValidate
NetApiBufferFree

oleaut32

SysAllocStringLen
VariantClear
VariantChangeType
SysFreeString
DosDateTimeToVariantTime
VariantInit

shell32

ShellAboutW

ntdll

RtlSecondsSince1980ToTime

Sections

.text
Size: 125KB - Virtual size: 124KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 3KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 29KB - Virtual size: 93KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

654ff9955056770706a7bc560b32e63a

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

mfc42u

msvcrt

advapi32

kernel32

gdi32

user32

llsrpc

ccfapi32

netapi32

oleaut32

shell32

ntdll

Sections

.text Size: 125KB - Virtual size: 124KB

.data Size: 3KB - Virtual size: 4KB

.rsrc Size: 29KB - Virtual size: 93KB

.text
Size: 125KB - Virtual size: 124KB

.data
Size: 3KB - Virtual size: 4KB

.rsrc
Size: 29KB - Virtual size: 93KB