c103c310a94824e16ed51a7f8eba933aa0fe776b0f0acd5bcde302f2f2beba50

Sharing

Copy URL Twitter E-mail

General

Target

c103c310a94824e16ed51a7f8eba933aa0fe776b0f0acd5bcde302f2f2beba50
Size

171KB
MD5

734111d895a420662e4a2ffee808cf2a
SHA1

5588e3d7842bc04eef77f1abac7239fb241ebb6f
SHA256

c103c310a94824e16ed51a7f8eba933aa0fe776b0f0acd5bcde302f2f2beba50
SHA512

1ad57ba1cac64d206123ded8383036e098b9215d8c1358e86b0f1bdf494a118f825aaa42dd7424de412f8640a0109902c7f802316fc638af364440e10a58c72c
SSDEEP

3072:nH/J5ljCCkhgR39cfcfjzbK6PVJklt2lQBV+UdE+rECWp7hK+Oj97:fJPjCCbR3kKvbJEjBV+UdvrEFp7hK+OR

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
c103c310a94824e16ed51a7f8eba933aa0fe776b0f0acd5bcde302f2f2beba50

Files

c103c310a94824e16ed51a7f8eba933aa0fe776b0f0acd5bcde302f2f2beba50
.exe windows:6 windows x86 arch:x86

e74b53d09b3b8e273344a569047dad84

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

drvinst.pdb

Imports

msvcrt

memcpy
_except_handler4_common
_controlfp
swscanf
_initterm
__setusermatherr
__p__fmode
_cexit
_exit
exit
__set_app_type
__wgetmainargs
_amsg_exit
__p__commode
_XcptFilter
_wcsnicmp
_wcsicmp
_vsnwprintf
wcsrchr
wcschr
_resetstkoflw
memmove
_vsnprintf
toupper
?terminate@@YAXXZ
memset

ntdll

RtlFormatCurrentUserKeyPath
RtlFreeUnicodeString
NtClose
RtlInitUnicodeString
NtOpenKey
NtCreateKey
NtQueryKey
NtQueryValueKey
NtSetValueKey
RtlGetVersion
NtQueryInformationFile
NtSetInformationFile
NtQuerySystemInformation
EtwEventWrite
RtlInitUnicodeStringEx
WinSqmSetString
WinSqmEndSession
WinSqmSetDWORD
WinSqmStartSession
RtlUpcaseUnicodeString
DbgPrintEx
EtwGetTraceLoggerHandle
EtwUnregisterTraceGuids
EtwEventUnregister
EtwRegisterTraceGuidsW
EtwTraceMessage
RtlNtStatusToDosError
EtwEventRegister
NtQueryInformationProcess
EtwGetTraceEnableFlags
EtwGetTraceEnableLevel

api-ms-win-core-debug-l1-1-1

IsDebuggerPresent

api-ms-win-core-errorhandling-l1-1-1

SetUnhandledExceptionFilter
SetErrorMode
GetLastError
SetLastError
UnhandledExceptionFilter

api-ms-win-core-file-l1-2-1

GetFileAttributesExW
CompareFileTime

api-ms-win-core-handle-l1-1-0

CloseHandle
DuplicateHandle

api-ms-win-core-heap-l1-2-0

HeapSetInformation

api-ms-win-core-libraryloader-l1-2-0

LoadLibraryExW
GetModuleHandleA
GetProcAddress
GetModuleHandleW
FreeLibrary

api-ms-win-core-registry-l1-1-0

RegCloseKey
RegSetValueExW
RegOpenKeyExW
RegQueryValueExW
RegCreateKeyExW

api-ms-win-core-memory-l1-1-2

UnmapViewOfFile
MapViewOfFile

api-ms-win-core-processthreads-l1-1-2

OpenProcess
ExitProcess
GetExitCodeThread
CreateThread
OpenProcessToken
GetCurrentProcess
GetCurrentProcessId
TerminateProcess
GetCurrentThreadId

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-string-l1-1-0

CompareStringOrdinal

api-ms-win-core-synch-l1-2-0

WaitForMultipleObjectsEx
CreateEventW
WaitForSingleObject
CreateMutexW
Sleep
SetEvent
WaitForSingleObjectEx
ReleaseMutex

api-ms-win-core-sysinfo-l1-2-1

GetTickCount
GetSystemTimeAsFileTime
GetWindowsDirectoryW

setupapi

pSetupDiEnumSelectedDrivers
SetupVerifyInfFileW
SetupDiSetClassInstallParamsW
SetupDiGetClassInstallParamsW
SetupDiRestartDevices
SetupDiGetActualSectionToInstallW
SetupWriteTextLogError
SetupSetFileQueueFlags
SetupDiGetClassPropertyW
SetupDiBuildDriverInfoList
pSetupStringFromGuid
SetupGetInfDriverStoreLocationW
pSetupDiGetStrongNameForDriverNode
SetupDiOpenDevRegKey
pSetupSetGlobalFlags
SetupDiSetSelectedDriverW
pSetupDiCrimsonLogDeviceInstall
SetupDiGetSelectedDriverW
SetupDiReportPnPDeviceProblem
SetupDefaultQueueCallbackW
SetupDiEnumDriverInfoW
SetupScanFileQueueW
SetupTermDefaultQueueCallback
SetupCloseFileQueue
SetupDiSetDriverInstallParamsW
SetupDiGetDriverInstallParamsW
SetupUninstallNewlyCopiedInfs
pSetupGetGlobalFlags
SetupDiSetClassPropertyW
SetupPromptReboot
SetupOpenFileQueue
SetupGetFileQueueFlags
pSetupDoLastKnownGoodBackup
SetupCommitFileQueueW
SetupDiSetDeviceInstallParamsW
SetupInitDefaultQueueCallbackEx
SetupDiInstallClassW
SetupDiGetDriverInfoDetailW
SetupSetThreadLogToken
pSetupDiBuildInfoDataFromStrongName
SetupDiGetDevicePropertyW
SetupDiCreateDeviceInfoList
SetupDiDestroyDeviceInfoList
SetupGetNonInteractiveMode
SetupGetThreadLogToken
SetupDiOpenDeviceInfoW
SetupDiReportDeviceInstallError
SetupFindFirstLineW
pSetupUninstallCatalog
SetupGetFieldCount
SetupDiGetActualModelsSectionW
SetupOpenInfFileW
SetupDiCallClassInstaller
SetupCloseInfFile
SetupDiEnumDeviceInfo
SetupDiRemoveDevice
pSetupInstallCatalog
SetupDiSetDevicePropertyW
SetupGetStringFieldW
SetupWriteTextLog
pSetupSetDriverPackageRestorePoint
SetupDiGetClassDevsW
pSetupValidateDriverPackage
SetupDiGetDeviceInstallParamsW
SetupFindNextLine
SetupDiGetDeviceInstanceIdW
pGetDriverPackageHash

kernel32

RegEnumValueW
GetSystemInfo
CreateDirectoryW
GetFileAttributesW
GetFullPathNameW
SetEndOfFile
CreateFileMappingW
SleepEx
MoveFileExW
FindClose
FindNextFileW
SetFileAttributesW
lstrcmpW
FindFirstFileW
DeleteFileW
GetFileInformationByHandle
CreateHardLinkW
SetFilePointer
FlushFileBuffers
GetFileSize
GetLocalTime
WriteFile
ResolveDelayLoadedAPI
DelayLoadFailureHook
LocalAlloc
FileTimeToLocalFileTime
GetCommandLineA
GetModuleFileNameA
GetCommandLineW
GetProcessHeap
HeapFree
HeapReAlloc
HeapAlloc
GetThreadLocale
LCMapStringW
DeviceIoControl
CreateFileW
CompareStringW
lstrlenA
WideCharToMultiByte
RaiseException
GetSystemWindowsDirectoryW
GetSystemWow64DirectoryW
lstrcmpiW
FileTimeToSystemTime
LoadLibraryW
lstrlenW
LocalFree
SetConsoleCtrlHandler

api-ms-win-security-base-l1-2-0

AllocateAndInitializeSid
CheckTokenMembership
FreeSid
GetTokenInformation
DuplicateTokenEx
GetLengthSid
InitializeAcl
AddAccessAllowedAceEx
InitializeSecurityDescriptor
SetSecurityDescriptorDacl
IsValidSid

Sections

.text
Size: 77KB - Virtual size: 76KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

e74b53d09b3b8e273344a569047dad84

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

msvcrt

ntdll

api-ms-win-core-debug-l1-1-1

api-ms-win-core-errorhandling-l1-1-1

api-ms-win-core-file-l1-2-1

api-ms-win-core-handle-l1-1-0

api-ms-win-core-heap-l1-2-0

api-ms-win-core-libraryloader-l1-2-0

api-ms-win-core-registry-l1-1-0

api-ms-win-core-memory-l1-1-2

api-ms-win-core-processthreads-l1-1-2

api-ms-win-core-profile-l1-1-0

api-ms-win-core-string-l1-1-0

api-ms-win-core-synch-l1-2-0

api-ms-win-core-sysinfo-l1-2-1

setupapi

kernel32

api-ms-win-security-base-l1-2-0

Sections

.text Size: 77KB - Virtual size: 76KB

.data Size: 512B - Virtual size: 1KB

.idata Size: 8KB - Virtual size: 7KB

.rsrc Size: 2KB - Virtual size: 1KB

.reloc Size: 6KB - Virtual size: 6KB

.text
Size: 77KB - Virtual size: 76KB

.data
Size: 512B - Virtual size: 1KB

.idata
Size: 8KB - Virtual size: 7KB

.rsrc
Size: 2KB - Virtual size: 1KB

.reloc
Size: 6KB - Virtual size: 6KB