8d89cb4ad3e14c15dedb7e7a9d4b94b0N

Sharing

Copy URL Twitter E-mail

General

Target

8d89cb4ad3e14c15dedb7e7a9d4b94b0N
Size

99KB
MD5

8d89cb4ad3e14c15dedb7e7a9d4b94b0
SHA1

81c9384e4130fbce82a39f7e69a15206b1c658f9
SHA256

c46b0e1d8b6b026796fa3ac698d122039585d0066e60c6c1c86c78ad51fc6be5
SHA512

241f97a9ac715cb8166ddcfc42123137ab6f257b57ac69a1c2b33b33e71183e8b2e33969e7b573c53f01f83e3552cb8e9dcc5693335f9b5b85fa1d76af28c0f4
SSDEEP

3072:CVU4Hz9Gpn5Nes0p8TWNVkH3CMQLzJiZbfcp6PqK0QfyTx/fH7:cz9Gx5NerpgwEyzmEWq3d

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
8d89cb4ad3e14c15dedb7e7a9d4b94b0N

Files

8d89cb4ad3e14c15dedb7e7a9d4b94b0N
.exe windows:6 windows x86 arch:x86

a6b89158b581eb88c91713204935b7fe

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

fsutil.pdb

Imports

advapi32

RegCloseKey
RegQueryValueExW
RegOpenKeyExW
RegSetValueExW
LookupAccountNameW
CloseEventLog
LookupAccountSidW
ReadEventLogW
OpenEventLogW
DecryptFileW
RegEnumKeyExW
RegEnumValueW
LsaOpenPolicy
LsaFreeMemory
LsaLookupSids
AdjustTokenPrivileges
OpenProcessToken
LookupPrivilegeValueW
FreeSid
CheckTokenMembership
AllocateAndInitializeSid

kernel32

CloseHandle
DeviceIoControl
CreateFileW
GetLastError
GetWindowsDirectoryW
SetLastError
GetProcAddress
GetModuleHandleW
DeleteFileW
SetEndOfFile
SetFilePointerEx
GetFinalPathNameByHandleW
OpenFileById
GetLogicalDriveStringsW
GetDriveTypeW
GetVolumeInformationW
GetSystemInfo
CreateHardLinkW
FindClose
FindNextFileNameW
FindFirstFileNameW
GetVersionExW
SetThreadUILanguage
HeapSetInformation
GetDateFormatW
GetTimeFormatW
FileTimeToSystemTime
CreateDirectoryW
GetVolumePathNameW
GetFullPathNameW
WaitForSingleObject
SetConsoleCtrlHandler
CreateProcessW
GetSystemDirectoryW
GetFileAttributesW
GetCurrentDirectoryW
GetVolumeNameForVolumeMountPointW
QueryDosDeviceW
GetComputerNameW
LocalFree
WriteFile
FormatMessageW
ExpandEnvironmentStringsW
FindNextFileW
FindFirstFileW
GetTempFileNameW
GetTempPathW
GetFileSizeEx
GetCurrentProcess
WideCharToMultiByte
GetConsoleOutputCP
WriteConsoleW
GetConsoleMode
GetFileType
GetStdHandle
GetDiskFreeSpaceExW
TerminateProcess
GetSystemTimeAsFileTime
GetCurrentProcessId
GetCurrentThreadId
GetTickCount
QueryPerformanceCounter
GetModuleHandleA
UnhandledExceptionFilter
SetUnhandledExceptionFilter
InterlockedCompareExchange
Sleep
InterlockedExchange

msvcrt

realloc
wcsncpy_s
_wcsdup
exit
iswspace
iswalpha
iswdigit
wprintf
__wgetmainargs
_cexit
_exit
_XcptFilter
_initterm
_amsg_exit
__setusermatherr
__p__commode
__p__fmode
__set_app_type
towupper
?terminate@@YAXXZ
_controlfp
_wcsnicmp
_errno
wcscat_s
wcscpy_s
_wcsicmp
free
malloc
memset
calloc
isalpha
_local_unwind4
setlocale
_wtoi
wcsrchr
_vsnwprintf
memcpy
toupper
isdigit
_except_handler4_common
swprintf_s

ntdll

RtlAllocateHeap
NtQuerySecurityObject
RtlTimeToTimeFields
RtlGetOwnerSecurityDescriptor
NtEnumerateTransactionObject
RtlStringFromGUID
RtlConvertSidToUnicodeString
RtlFreeUnicodeString
RtlNtStatusToDosError
NtQueryInformationFile
NtOpenFile
RtlInitUnicodeString
NtSetInformationFile
NtCreateFile
RtlDosPathNameToNtPathName_U
RtlFreeHeap
RtlGetCurrentTransaction
RtlSetCurrentTransaction
NtSetQuotaInformationFile
RtlLengthSid
NtQueryVolumeInformationFile
NtSetVolumeInformationFile
NtQueryQuotaInformationFile

ktmw32

GetTransactionInformation
CommitTransaction
RollbackTransaction
OpenTransaction

ole32

StringFromIID
CoTaskMemFree
IIDFromString

netapi32

NetShareEnum
NetApiBufferFree

Sections

.text
Size: 64KB - Virtual size: 63KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 1KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 30KB - Virtual size: 31KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

a6b89158b581eb88c91713204935b7fe

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

advapi32

kernel32

msvcrt

ntdll

ktmw32

ole32

netapi32

Sections

.text Size: 64KB - Virtual size: 63KB

.data Size: 1KB - Virtual size: 2KB

.rsrc Size: 2KB - Virtual size: 1KB

.reloc Size: 30KB - Virtual size: 31KB

.text
Size: 64KB - Virtual size: 63KB

.data
Size: 1KB - Virtual size: 2KB

.rsrc
Size: 2KB - Virtual size: 1KB

.reloc
Size: 30KB - Virtual size: 31KB