0fefb18cb97d6ee23874a3be0090cb728bb3d027dcb6da874bc33442a93b9655

Sharing

Copy URL Twitter E-mail

General

Target

0fefb18cb97d6ee23874a3be0090cb728bb3d027dcb6da874bc33442a93b9655
Size

319KB
MD5

0da1bf5c09e75124dac22c80cc042bb3
SHA1

90d50f4e275306a23790dd20f63c1acbb04349d8
SHA256

0fefb18cb97d6ee23874a3be0090cb728bb3d027dcb6da874bc33442a93b9655
SHA512

72f480a7a9faa1afe5832aeb856960909890e11bc3b0905afeaa31a83fded25e268613dc2a26e3dd8d0416a000350ae6a87c432e0713d5b76a1cc4e53211e62f
SSDEEP

6144:rMVBeXx9++o7jCpfF3/pQUP+OVB1fw2ezgaePvEEnYv/DUYY:rhhY+o/oDT+ONfw2t

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
0fefb18cb97d6ee23874a3be0090cb728bb3d027dcb6da874bc33442a93b9655

Files

0fefb18cb97d6ee23874a3be0090cb728bb3d027dcb6da874bc33442a93b9655
.exe windows:5 windows x86 arch:x86

a1e1211d8d2e2a2aa3de6d953987ae69

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

PDB Paths

nlbmgr.pdb

Imports

mfc42u

ord693
ord6735
ord5155
ord5156
ord5154
ord4899
ord4942
ord4352
ord4371
ord5283
ord4829
ord3694
ord768
ord489
ord2294
ord6896
ord3993
ord6898
ord5977
ord3087
ord6195
ord324
ord4704
ord3991
ord3297
ord4970
ord823
ord2637
ord4848
ord6003
ord3870
ord4736
ord3281
ord4219
ord2644
ord1662
ord5949
ord3093
ord1817
ord4414
ord1165
ord1143
ord5214
ord3658
ord296
ord617
ord4690
ord3053
ord3060
ord6332
ord2502
ord2534
ord5239
ord5736
ord1739
ord5573
ord3167
ord5649
ord4947
ord4852
ord4817
ord2391
ord4381
ord3449
ord3193
ord6076
ord6171
ord3360
ord4617
ord4420
ord652
ord2088
ord384
ord338
ord800
ord4155
ord540
ord798
ord1989
ord5461
ord1197
ord5188
ord533
ord6371
ord4480
ord2546
ord2504
ord5727
ord3917
ord1089
ord5193
ord2388
ord3341
ord5296
ord5298
ord2717
ord4074
ord4692
ord5303
ord5285
ord5710
ord4616
ord3733
ord561
ord815
ord4269
ord5297
ord986
ord520
ord5208
ord1834
ord4237
ord2715
ord2382
ord3054
ord5094
ord5097
ord4298
ord3345
ord5006
ord975
ord5468
ord3398
ord2874
ord2873
ord4146
ord4072
ord5233
ord5278
ord3793
ord1658
ord4430
ord3635
ord794
ord796
ord807
ord674
ord527
ord529
ord554
ord366
ord5996
ord2109
ord4451
ord5248
ord2371
ord6116
ord5906
ord3476
ord3911
ord2244
ord4407
ord1683
ord2520
ord5284
ord4433
ord2046
ord3381
ord4425
ord3695
ord771
ord497
ord498
ord4282
ord4709
ord1934
ord4267
ord616
ord609
ord1172
ord4847
ord4215
ord2576
ord3649
ord2430
ord2858
ord1637
ord2859
ord813
ord4583
ord4582
ord4893
ord4364
ord4886
ord4526
ord5070
ord4335
ord4343
ord4717
ord4884
ord4525
ord4539
ord4537
ord4520
ord4523
ord4518
ord4958
ord4955
ord4103
ord5236
ord3743
ord1719
ord5255
ord3394
ord4426
ord3729
ord303
ord3867
ord2857
ord6266
ord858
ord3494
ord2507
ord355
ord1008
ord6172
ord6403
ord927
ord1833
ord4236
ord784
ord4527
ord4334
ord4341
ord4883
ord4957
ord4954
ord6050
ord5277
ord1718
ord5256
ord2083
ord4294
ord364
ord6330
ord5031
ord1841
ord4239
ord2575
ord4397
ord5249
ord3366
ord3636
ord3356
ord2403
ord2015
ord4213
ord2570
ord4392
ord3577
ord6024
ord2567
ord4390
ord3569
ord2634
ord4118
ord861
ord3296
ord3365
ord4396
ord2574
ord656
ord825
ord567
ord3605
ord5276
ord4347
ord6370
ord5157
ord2377
ord5237
ord1569
ord4418
ord3397
ord5286
ord1768
ord6051
ord6511
ord641
ord3592
ord4419
ord4621
ord4075
ord3074
ord3820
ord3826
ord3825
ord2971
ord3076
ord2980
ord3257
ord3131
ord4459
ord3254
ord3142
ord2977
ord5273
ord2116
ord2438
ord5257
ord1720
ord5059
ord3744
ord6372
ord2047
ord2640
ord4435
ord4421
ord4831
ord4401
ord1767
ord4073
ord6048
ord2506
ord4992
ord4370
ord5261
ord4229
ord2641
ord4253

msvcrt

_initterm
__setusermatherr
_adjust_fdiv
__p__commode
__p__fmode
__set_app_type
_except_handler3
fputwc
ftell
_wfullpath
fseek
fwrite
__dllonexit
_onexit
??1type_info@@UAE@XZ
?terminate@@YAXXZ
_controlfp
__wgetmainargs
_wcmdln
exit
_cexit
_XcptFilter
_exit
_c_exit
_wtol
time
wcsncat
fclose
wcstok
wcstoul
_purecall
_wcsnicmp
memmove
wprintf
printf
localtime
_tzset
wcsrchr
wcschr
wcsspn
_wcsicmp
_CxxThrowException
wcscmp
swscanf
free
_vsnwprintf
wcsncpy
__CxxFrameHandler
wcslen
_wcsdup
_wfsopen
_wspawnlp
wcsstr
??0exception@@QAE@ABV0@@Z
_wtoi
_wgetenv
fflush

msvcp60

??0?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@ABV01@@Z
??1?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@XZ
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBDABV?$allocator@D@1@@Z
??0?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@ABV?$allocator@G@1@@Z
??4?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAEAAV01@ABV01@@Z
??0?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@PBGABV?$allocator@G@1@@Z
?c_str@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QBEPBGXZ
??0out_of_range@std@@QAE@ABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@1@@Z
??1_Winit@std@@QAE@XZ
??1out_of_range@std@@UAE@XZ
??0out_of_range@std@@QAE@ABV01@@Z
??0logic_error@std@@QAE@ABV01@@Z
??0_Lockit@std@@QAE@XZ
??1_Lockit@std@@QAE@XZ
??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ
??1Init@ios_base@std@@QAE@XZ
??0_Winit@std@@QAE@XZ
??0Init@ios_base@std@@QAE@XZ

advapi32

RegCloseKey
RegQueryValueExW
TraceEvent
RegCreateKeyExW
GetTraceEnableFlags
GetTraceEnableLevel
GetTraceLoggerHandle
RegisterTraceGuidsW
UnregisterTraceGuids
AdjustTokenPrivileges
OpenProcessToken
LookupPrivilegeValueW
SystemFunction041
SystemFunction040
RegSetValueExW

kernel32

EnterCriticalSection
LeaveCriticalSection
lstrcmpiW
InterlockedIncrement
LocalFree
InterlockedDecrement
Sleep
GetComputerNameExW
GetTickCount
QueueUserWorkItem
GetCurrentThreadId
GetLastError
GetFileAttributesW
FormatMessageW
InitializeCriticalSection
lstrlenW
LocalAlloc
TryEnterCriticalSection
SetLastError
LockResource
LoadResource
FindResourceW
QueryPerformanceCounter
GetCurrentProcessId
GetSystemTimeAsFileTime
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetStartupInfoW
DeleteCriticalSection
WideCharToMultiByte
FreeLibrary
CloseHandle
GetProcAddress
LoadLibraryW
GetTimeFormatW
GetDateFormatW
MultiByteToWideChar

user32

LoadIconW
WinHelpW
GetClientRect
EnableWindow
PostMessageW
SendMessageW
CheckDlgButton
PostQuitMessage
LoadStringW
GetDlgItemInt
ShowWindow
SetDlgItemInt
SetFocus
GetActiveWindow
IsWindowEnabled
SendDlgItemMessageW
GetDlgItem
GetKeyState
GetAsyncKeyState
GetDlgItemTextW
GetWindowLongW
SetWindowLongW
IsDlgButtonChecked
PeekMessageW
GetParent
KillTimer
SetTimer
ClientToScreen
DrawMenuBar
GetMenu
LoadMenuW
GetSubMenu
EnableMenuItem
SetDlgItemTextW
GetWindowRect
MessageBoxW

ole32

CoUninitialize
CoInitializeEx
CoTaskMemFree
CoCreateInstance
CLSIDFromString
CoSetProxyBlanket

oleaut32

SysStringLen
SysFreeString
SysAllocStringByteLen
SafeArrayUnaccessData
SafeArrayDestroy
SafeArrayCreateVector
SafeArrayPutElement
SafeArrayGetUBound
SafeArrayAccessData
VariantChangeType
SysAllocString
VariantInit
VariantClear

ws2_32

inet_addr
inet_ntoa
WSAGetLastError
gethostbyname
WSACleanup
WSAStartup
htonl

comctl32

ImageList_ReplaceIcon

credui

CredUIPromptForCredentialsW

icmp

IcmpSendEcho2
IcmpCreateFile

Exports

Exports

??4WLBS_REG_PARAMS@@QAEAAU0@ABU0@@Z

Sections

.text
Size: 244KB - Virtual size: 243KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 5KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 69KB - Virtual size: 133KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

a1e1211d8d2e2a2aa3de6d953987ae69

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

mfc42u

msvcrt

msvcp60

advapi32

kernel32

user32

ole32

oleaut32

ws2_32

comctl32

credui

icmp

Exports

Exports

Sections

.text Size: 244KB - Virtual size: 243KB

.data Size: 5KB - Virtual size: 6KB

.rsrc Size: 69KB - Virtual size: 133KB

.text
Size: 244KB - Virtual size: 243KB

.data
Size: 5KB - Virtual size: 6KB

.rsrc
Size: 69KB - Virtual size: 133KB