d54116c87765c8a522e11e8b8aeeef70N

Sharing

Copy URL Twitter E-mail

General

Target

d54116c87765c8a522e11e8b8aeeef70N
Size

860KB
MD5

d54116c87765c8a522e11e8b8aeeef70
SHA1

c67898b4cdc19548b20859e2dbcc4e4cb2ca50f8
SHA256

84633b4cf367bf508d394f63baad44f2066b7a5c66f8f1179edacdfe4a7359b6
SHA512

2f043854d8d049cdd8144abcb40fb2708c96602110f803d75c9e5d46fbccff22220663a75dc30fc997b27d83cfc481be0927d2fe6ee135cc0e108a9b89b1f456
SSDEEP

12288:wuJFN2Oi906yWvrBmimp2KD8QcsU+AUBSOloyuhiwuEAraU6Fs/Yji2b:VCOieIFmioDq+AiBSEwfpU60YG2b

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
d54116c87765c8a522e11e8b8aeeef70N

Files

d54116c87765c8a522e11e8b8aeeef70N
.exe windows:5 windows x86 arch:x86

3b35abfa87353aa8ba8f5d91340ce821

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

SetProcessWorkingSetSize
GetConsoleCommandHistoryA
GetSystemDefaultLCID
SetConsoleCP
IsBadStringPtrA
OpenConsoleW
CreateFileW
SetSystemTime
GetStringTypeW
DeleteTimerQueue
DebugBreak
VirtualAlloc
LCMapStringW
SetLastConsoleEventActive
OpenSemaphoreA
LZCopy
SystemTimeToFileTime
GetCommModemStatus
GlobalFree
GetUserDefaultLCID
FreeLibrary
IsBadHugeWritePtr
IsValidCodePage
OpenProfileUserMapping
ExpandEnvironmentStringsA
GetLongPathNameA
GetAtomNameA
DeleteFileA
LeaveCriticalSection
GetConsoleTitleW
ActivateActCtx
IsValidLocale
EnumUILanguagesW
CancelWaitableTimer
FlushViewOfFile
CmdBatNotification
FileTimeToLocalFileTime
GetModuleHandleW
WriteConsoleW
GetEnvironmentVariableW
HeapReAlloc
FindNextFileA
MapViewOfFileEx
EnterCriticalSection
SetCommMask
SetThreadLocale
IsDebuggerPresent
EnumResourceTypesW
GetConsoleAliasesLengthW
LoadLibraryA
HeapAlloc
GetCurrentDirectoryA

msdart

?ReadOrWriteLock@CCritSec@@QAE_NXZ
?Size@CLKRHashTable@@QBEKXZ
??1CFakeLock@@QAE@XZ
?IsReadLocked@CReaderWriterLock@@QBE_NXZ
?_LockSpin@CSmallSpinLock@@AAEXXZ
?ConvertExclusiveToShared@CLKRLinearHashTable@@QBEXXZ
?DeleteKey@CLKRLinearHashTable@@QAE?AW4LK_RETCODE@@K@Z
?ReadLock@CReaderWriterLock@@QAEXXZ
?IsWriteUnlocked@CFakeLock@@QBE_NXZ
?ConvertExclusiveToShared@CReaderWriterLock@@QAEXXZ
?SetSpinCount@CCritSec@@SGKPAPAVCCriticalSection@@K@Z
??4CSmallSpinLock@@QAEAAV0@ABV0@@Z
?ReadUnlock@CCritSec@@QAEXXZ
mpRealloc
?IsWriteLocked@CLKRHashTable@@QBE_NXZ
?DeleteIf@CLKRLinearHashTable@@QAEKP6G?AW4LK_PREDICATE@@PBXPAX@Z1@Z
?ReadLock@CReaderWriterLock2@@QAEXXZ
?DeleteRecord@CLKRHashTable@@QAE?AW4LK_RETCODE@@PBX@Z
?_H0@CLKRLinearHashTable@@CGKKK@Z
?SetDefaultSpinCount@CReaderWriterLock@@SGXG@Z
?ConvertSharedToExclusive@CReaderWriterLock3@@QAEXXZ
MPInitializeCriticalSectionAndSpinCount
?ReadOrWriteUnlock@CReaderWriterLock3@@QAEX_N@Z
?SetSpinCount@CReaderWriterLock@@QAE_NG@Z
?Clear@CLKRLinearHashTable@@QAEXXZ
?DeleteRecord@CLKRLinearHashTable@@QAE?AW4LK_RETCODE@@PBX@Z
?SetDefaultSpinAdjustmentFactor@CReaderWriterLock2@@SGXN@Z
MpHeapCreate
?_DeleteRecord@CLKRLinearHashTable@@AAE?AW4LK_RETCODE@@PBXK@Z
?_WriteLockSpin@CReaderWriterLock3@@AAEXXZ
?ValidSignature@CLKRHashTable@@QBE_NXZ
?IsReadUnlocked@CReaderWriterLock3@@QBE_NXZ
?_BucketAddress@CLKRLinearHashTable@@ABEKK@Z
?ReadUnlock@CReaderWriterLock2@@QAEXXZ
?sm_dblDfltSpinAdjFctr@CSmallSpinLock@@1NA
?ReadLock@CLKRHashTable@@QBEXXZ
FXMemDetach

wsock32

WSAAsyncGetHostByName
bind
GetAcceptExSockaddrs
inet_ntoa
WSACleanup
GetServiceA
connect
SetServiceW
__WSAFDIsSet
WSAIsBlocking
GetTypeByNameA
WSAAsyncGetProtoByNumber
socket
GetNameByTypeA
WSAAsyncGetHostByAddr
WSAUnhookBlockingHook
WSAGetLastError
WSAAsyncSelect
htons
gethostname
rexec
gethostbyaddr
WSAStartup
WSARecvEx
ntohl
closesocket
send
s_perror
dn_expand
WSAAsyncGetServByName
ioctlsocket
SetServiceA
TransmitFile
shutdown
EnumProtocolsW
WSACancelAsyncRequest
ntohs
NPLoadNameSpaces
EnumProtocolsA
WSACancelBlockingCall
getsockname
accept

ntdll

ZwAccessCheckByTypeResultList
RtlNtStatusToDosErrorNoTeb
NtSetVolumeInformationFile
strcpy
RtlQueryTagHeap
RtlIsValidIndexHandle
RtlSetEnvironmentVariable
ZwMakeTemporaryObject
RtlxUnicodeStringToAnsiSize
RtlInitializeBitMap
RtlAddAccessAllowedObjectAce
RtlCompareUnicodeString
RtlSetAllBits
NtAccessCheckByType
RtlFindMessage
ZwQueryObject
RtlpNtCreateKey
PfxInsertPrefix
RtlGUIDFromString
RtlEnlargedIntegerMultiply
ZwSetEvent
LdrFlushAlternateResourceModules
RtlMultiAppendUnicodeStringBuffer
RtlCreateAndSetSD
NtEnumerateKey
NtCreateToken

lz32

GetExpandedNameA
LZStart
LZSeek
LZRead
LZOpenFileW
CopyLZFile
LZInit
LZClose
LZCopy
LZOpenFileA
LZDone
LZCloseFile

Sections

.text
Size: 456KB - Virtual size: 456KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 335KB - Virtual size: 335KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 66KB - Virtual size: 1.5MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 1024B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

3b35abfa87353aa8ba8f5d91340ce821

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

msdart

wsock32

ntdll

lz32

Sections

.text Size: 456KB - Virtual size: 456KB

.rdata Size: 335KB - Virtual size: 335KB

.data Size: 66KB - Virtual size: 1.5MB

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 1024B - Virtual size: 1024B

.text
Size: 456KB - Virtual size: 456KB

.rdata
Size: 335KB - Virtual size: 335KB

.data
Size: 66KB - Virtual size: 1.5MB

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 1024B - Virtual size: 1024B