c53c6a68cab385f3bf249460a7c5a9f84dd13c336fd59501096b8b9638dd8db2

Sharing

Copy URL Twitter E-mail

General

Target

c53c6a68cab385f3bf249460a7c5a9f84dd13c336fd59501096b8b9638dd8db2
Size

67KB
MD5

51a783f4255627def90c9febeb0b4ab0
SHA1

dd1a57c5ed50de5ec081d45abcc8ce7c4dbc81de
SHA256

c53c6a68cab385f3bf249460a7c5a9f84dd13c336fd59501096b8b9638dd8db2
SHA512

2c88079e3d6776237a3ee7afe4b4a938c5fcae48a3f71c12a497fed95d3813f24f6378597d6c904142d2744a3268c211f3d22e372e6b05e9cea3f77116ab9384
SSDEEP

1536:KeJpQL4aF49ULx+uUMTF7iqa5VrXVRG8rV/6gl:ru4s4Q/PF7EZXVRGWVnl

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
c53c6a68cab385f3bf249460a7c5a9f84dd13c336fd59501096b8b9638dd8db2

Files

c53c6a68cab385f3bf249460a7c5a9f84dd13c336fd59501096b8b9638dd8db2
.exe windows:5 windows x86 arch:x86

fc84d8bbc723c0a7a57522957d988c46

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

PDB Paths

TlntSvr.pdb

Imports

msvcrt

__p__commode
_adjust_fdiv
__setusermatherr
_initterm
__wgetmainargs
_wcmdln
__p__fmode
_cexit
_XcptFilter
_exit
_c_exit
_itow
_purecall
__set_app_type
_controlfp
wcsncpy
wcscpy
_except_handler3
wcscat
wcsncat
wcschr
wcsrchr
_snprintf
_wcsicmp
wcslen
_snwprintf
_ltoa
wcscmp
sprintf
strchr
strtoul
strncpy
calloc
??2@YAPAXI@Z
realloc
??3@YAXPAX@Z
free
malloc
exit
_wsplitpath
_vsnwprintf
swprintf
_putws

advapi32

InitializeSecurityDescriptor
RegisterEventSourceW
StartServiceCtrlDispatcherW
RegisterServiceCtrlHandlerW
DeregisterEventSource
LookupAccountSidW
ChangeServiceConfigW
SetServiceStatus
ControlService
DeleteService
CreateServiceW
OpenSCManagerW
OpenServiceW
CryptGenRandom
RegSetKeySecurity
GetSecurityDescriptorLength
MakeSelfRelativeSD
ReportEventW
LsaOpenPolicy
LsaQueryInformationPolicy
LsaFreeMemory
LsaClose
CloseServiceHandle
GetFileSecurityW
SetFileSecurityW
CryptAcquireContextW
CryptReleaseContext
RegNotifyChangeKeyValue
AllocateAndInitializeSid
FreeSid
RegDeleteValueW
GetSecurityDescriptorDacl
SetSecurityDescriptorDacl
RegEnumKeyExW
LookupPrivilegeValueW
RegDeleteKeyW
RegQueryInfoKeyW
RegQueryValueExW
RegCloseKey
RegCreateKeyExW
RegOpenKeyExW
RegSetValueExW
CopySid
GetLengthSid
SetSecurityDescriptorOwner
SetSecurityDescriptorGroup
GetTokenInformation
OpenProcessToken
LookupAccountNameW
AddAce
GetAce
GetAclInformation
InitializeAcl
AddAccessAllowedAce
EqualSid
AdjustTokenPrivileges

kernel32

InterlockedCompareExchange
ResetEvent
WaitForMultipleObjects
SetErrorMode
InterlockedDecrement
GetSystemDirectoryW
GetACP
SetFilePointer
GetLocalTime
GetCommandLineW
Sleep
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
GetSystemTimeAsFileTime
TerminateProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetStartupInfoW
GetComputerNameW
ExpandEnvironmentStringsW
GetConsoleCP
LocalAlloc
FormatMessageW
LocalFree
CreateMutexW
CreateNamedPipeW
VirtualFree
OpenProcess
SetLastError
GetVersionExW
VirtualAlloc
lstrlenW
lstrcpyW
GetLastError
InterlockedIncrement
lstrcmpiW
MultiByteToWideChar
WideCharToMultiByte
LeaveCriticalSection
EnterCriticalSection
GetCurrentThreadId
CloseHandle
GetCurrentProcess
WaitForSingleObject
DeleteCriticalSection
InitializeCriticalSection
lstrcpynW
GetModuleFileNameW
lstrcatW
FreeLibrary
lstrlenA
SizeofResource
LoadResource
FindResourceW
LoadLibraryExW
GetFileSize
CreateFileW
GetProcAddress
LoadLibraryA
GetSystemDirectoryA
HeapFree
HeapAlloc
GetProcessHeap
CreateEventW
InterlockedExchange
ReleaseMutex
PostQueuedCompletionStatus
DuplicateHandle
GetOEMCP
SetHandleInformation
CreateIoCompletionPort
CreateProcessW
ReadFile
WriteFile
PeekNamedPipe
GetSystemTime
SetEvent
TerminateThread
GetQueuedCompletionStatus
CreateThread

user32

LoadStringW
CloseWindowStation
CloseDesktop
SetUserObjectSecurity
GetProcessWindowStation
wsprintfA
LoadStringA
MessageBoxW
CharNextW
wsprintfW

ntlsapi

NtLicenseRequestA
NtLSFreeHandle

ole32

CoRevokeClassObject
CoRegisterClassObject
CoTaskMemFree
CoInitializeEx
CoInitialize
CoUninitialize
CoInitializeSecurity
CoTaskMemRealloc
CoTaskMemAlloc

oleaut32

LoadRegTypeLi
SetErrorInfo
VarI4FromStr
LoadTypeLi
VarBstrFromDate
VarDateFromUdate
UnRegisterTypeLi
SysStringByteLen
RegisterTypeLi
SysFreeString
SysStringLen
SysAllocStringLen

netapi32

NetApiBufferFree
NetGetJoinInformation
NetLocalGroupAdd
NetServerGetInfo

ws2_32

gethostbyaddr
WSAEnumNetworkEvents
accept
WSASetEvent
WSACloseEvent
WSACleanup
shutdown
WSAResetEvent
WSADuplicateSocketW
getpeername
WSAStartup
WSACreateEvent
socket
setsockopt
bind
listen
WSAEventSelect
closesocket
WSASetLastError
getservbyport
ntohs
htons
getservbyname
htonl
inet_ntoa
gethostbyname
WSAGetLastError
inet_addr

psapi

EnumProcesses

Sections

.text
Size: 54KB - Virtual size: 53KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 512B - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 11KB - Virtual size: 75KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

fc84d8bbc723c0a7a57522957d988c46

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

msvcrt

advapi32

kernel32

user32

ntlsapi

ole32

oleaut32

netapi32

ws2_32

psapi

Sections

.text Size: 54KB - Virtual size: 53KB

.data Size: 512B - Virtual size: 5KB

.rsrc Size: 11KB - Virtual size: 75KB

.text
Size: 54KB - Virtual size: 53KB

.data
Size: 512B - Virtual size: 5KB

.rsrc
Size: 11KB - Virtual size: 75KB