dfd7b2c43f6d0f260216a64490a0d3d597a3e493189c6102eda343153bc0d7e0

Sharing

Copy URL Twitter E-mail

General

Target

dfd7b2c43f6d0f260216a64490a0d3d597a3e493189c6102eda343153bc0d7e0
Size

48KB
MD5

7c1b4570b41f6ae7abc7990011d56f71
SHA1

31645ec0c3d8665c02d32e57ff3a47d07da97626
SHA256

dfd7b2c43f6d0f260216a64490a0d3d597a3e493189c6102eda343153bc0d7e0
SHA512

542afb4c8bce4672c8fe10e358e4bcf0b2307fd5d0a5599969f7500daeabfec2bd78b9a523507b52b40a00983955952cad0262bb73ad4abd908917f6bc97d79e
SSDEEP

768:Gmyi6TZsq4v9GrLE8nYm8KrDXQC4jU09wPbwvOC+lVOizAmVdn1lO:Gmyh/4lf8hbzp4jUzzwv82iznn1lO

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
dfd7b2c43f6d0f260216a64490a0d3d597a3e493189c6102eda343153bc0d7e0

Files

dfd7b2c43f6d0f260216a64490a0d3d597a3e493189c6102eda343153bc0d7e0
.exe windows:5 windows x86 arch:x86

025b4a308b852cacb502c5034055ea77

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

ReadConsoleW
SetConsoleMode
GetConsoleMode
GetStdHandle
WriteFile
WideCharToMultiByte
GetConsoleOutputCP
WriteConsoleW
GetFileType
GetLastError
FormatMessageW
DeleteFileW
GetTempFileNameW
GetTempPathW
GetProcAddress
GetModuleHandleA
QueryPerformanceCounter
GetTickCount
GetCurrentThreadId
GetCurrentProcessId
GetSystemTimeAsFileTime
TerminateProcess
GetCurrentProcess
SetUnhandledExceptionFilter
LocalFree
LocalAlloc
SetThreadUILanguage
RaiseException

msvcrt

_initterm
__setusermatherr
_adjust_fdiv
__p__commode
__p__fmode
__wgetmainargs
_except_handler3
_controlfp
__winitenv
_vsnwprintf
exit
??2@YAPAXI@Z
_XcptFilter
_exit
_c_exit
fgetws
wcsncat
_itow
fread
fwrite
iswupper
towlower
fgetwc
_wcslwr
fputws
fwscanf
_memicmp
swprintf
wcscpy
wcscat
wcsstr
setlocale
fclose
_toupper
_wtoi
wcscmp
_wcsicmp
vfwprintf
fwprintf
_wfopen
fputwc
_iob
__set_app_type
wcslen
isspace
wprintf
putchar
??3@YAXPAX@Z
_cexit

wldap32

ord12
ord69
ord157
ord206
ord16
ord135
ord179
ord191
ord133
ord147
ord142
ord77
ord79
ord29
ord208
ord26
ord41
ord27
ord36
ord127
ord140
ord224
ord167
ord170
ord14
ord216
ord118
ord13
ord73

netapi32

DsRoleGetPrimaryDomainInformation
DsGetDcNameW
DsRoleFreeMemory
NetApiBufferFree

ntdll

RtlEnumerateGenericTable
RtlDeleteElementGenericTable
RtlLookupElementGenericTable
RtlInitializeGenericTable
RtlInsertElementGenericTable
RtlIsGenericTableEmpty

Sections

.text
Size: 25KB - Virtual size: 25KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 480B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 21KB - Virtual size: 53KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

025b4a308b852cacb502c5034055ea77

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

msvcrt

wldap32

netapi32

ntdll

Sections

.text Size: 25KB - Virtual size: 25KB

.data Size: 512B - Virtual size: 480B

.rsrc Size: 21KB - Virtual size: 53KB

.text
Size: 25KB - Virtual size: 25KB

.data
Size: 512B - Virtual size: 480B

.rsrc
Size: 21KB - Virtual size: 53KB