30bc5983c22e6f73d927a8d57e94effc5e428a379f50b94915921b7191bf4584N

Sharing

Copy URL

Twitter E-mail

General

Target

30bc5983c22e6f73d927a8d57e94effc5e428a379f50b94915921b7191bf4584N
Size

262KB
MD5

f0b0fd47b537188a107fd15af7f72200
SHA1

cb4dbd532d1804127e86143bf48db86fe5a09653
SHA256

30bc5983c22e6f73d927a8d57e94effc5e428a379f50b94915921b7191bf4584
SHA512

45b0aa68e60e288e9c11bc10d010bf09ad5ee03f8e17ee4effcc441316c9d0a74a728b45495c37eb8e53dbef5b5bc0c60db9de36a350ae54a75452af014eb8de
SSDEEP

6144:bWvqYDS18mTCH75i02vCsiPopU7KF3hDVaSFww/EI7iV:bWSkhmTOH2asiPopRwws

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
30bc5983c22e6f73d927a8d57e94effc5e428a379f50b94915921b7191bf4584N

Files

30bc5983c22e6f73d927a8d57e94effc5e428a379f50b94915921b7191bf4584N
.exe windows:9 windows x86 arch:x86

fbf3a4fd25e069eed24cbf6dc61ea42c

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED

Imports

user32

SetWindowTextW
IsWindowEnabled
CheckDlgButton
CreateDialogParamW
UnhookWindowsHookEx
GetDlgItemTextW
wsprintfA
DestroyWindow
SetForegroundWindow
MessageBoxA
EnableWindow
GetDlgItemInt
DialogBoxParamW
TranslateMessage
GetClientRect
IsDialogMessageW
KillTimer
AdjustWindowRectEx
MessageBoxW
SetDlgItemTextW
GetDesktopWindow

ole32

CoInitializeSecurity
CoInitialize
CoCreateInstance

pdh

PdhParseInstanceNameW
PdhVbOpenLog
PdhGetFormattedCounterArrayW
PdhCreateSQLTablesW
PdhEnumMachinesW
PdhGetLogSetGUID
PdhRelogW
PdhConnectMachineA
PdhOpenQueryA
PdhParseCounterPathA
PdhSelectDataSourceW
PdhMakeCounterPathW
PdhTranslate009CounterA
PdhOpenLogW
PdhValidatePathA
PdhBrowseCountersW
PdhIsRealTimeQuery
PdhEnumObjectsHA
PdhAdd009CounterW
PdhGetDataSourceTimeRangeA
PdhLookupPerfIndexByNameA
PdhGetLogFileSize
PdhEnumObjectItemsHW
PdhVbGetLogFileSize
PdhVbCreateCounterPathList
PdhVbAddCounter
PdhParseInstanceNameA
PdhExpandWildCardPathHA
PdhTranslateLocaleCounterA
PdhVbGetCounterPathFromList
PdhRelogA
PdhLookupPerfNameByIndexA
PdhRemoveCounter
PdhListLogFileHeaderA
PdhAddCounterW
PdhAddCounterA
PdhTranslate009CounterW
PdhListLogFileHeaderW
PdhEnumObjectsA
PdhGetDefaultPerfCounterHA
PdhVbGetOneCounterPath
PdhGetDataSourceTimeRangeW
PdhVerifySQLDBA
PdhGetDefaultPerfObjectA
PdhBrowseCountersHA
PdhCollectQueryDataEx
PdhSetLogSetRunID
PdhExpandCounterPathW

rtm

MgmGroupEnumerationStart
RtmGetNextHopPointer
RtmDeregisterFromChangeNotification
MgmReleaseInterfaceOwnership
RtmReleaseChangedDests
RtmRegisterClient
CreateTable
EnumOverTable
RtmIgnoreChangedDests
RtmUpdateAndUnlockRoute
RtmCreateNextHopEnum
RtmReleaseNextHopInfo
RtmLockRoute
RtmGetEnumRoutes
DestroyTable
RtmReleaseEntityInfo
MgmGetNextMfe
MgmGetProtocolOnInterface
RtmGetEnumNextHops
RtmFindNextHop
RtmInvokeMethod
MgmGetMfe
RtmGetMostSpecificDestination
RtmDeleteNextHop
RtmReadAddressFamilyConfig
NextMatchInTable
RtmGetListEnumRoutes
RtmLockDestination
RtmEnumerateGetNextRoute
RtmDequeueRouteChangeMessage
RtmBlockSetRouteEnable
MgmAddGroupMembershipEntry
RtmGetChangedDests
RtmMarkDestForChangeNotification
RtmAddRoute
RtmReadInstanceConfig
RtmGetEnumDests
RtmWriteInstanceConfig
RtmReleaseRoutes
MgmGroupEnumerationEnd
RtmGetRouteInfo
RtmDereferenceHandles
RtmHoldDestination
MgmInitialize
RtmCreateDestEnum
RtmGetOpaqueInformationPointer
MgmGetFirstMfe
RtmReleaseRouteInfo
RtmDeregisterClient
MgmGetMfeStats
RtmReleaseDests

advapi32

RegCloseKey
RegQueryValueExW
RegNotifyChangeKeyValue
RegCreateKeyExW
RegEnumKeyExW

comctl32

ord17

kernel32

TlsSetValue
DeleteCriticalSection
GetLocaleInfoA
GetStartupInfoW
GetSystemDirectoryW
CloseHandle
LoadLibraryW
GetTickCount
FreeEnvironmentStringsA
QueryPerformanceCounter
GetFileType
GetStringTypeA
InterlockedIncrement
GetStartupInfoA
GetModuleFileNameW
HeapFree
GetCPInfo
VirtualQuery
FlushFileBuffers
GetCurrentProcessId
SetHandleCount
VirtualAlloc
CompareFileTime
ExitThread
VirtualFree
lstrlenA
LocalFree
lstrlenW
GetCommandLineA
HeapCreate
WriteFile
CloseHandle
IsBadReadPtr
GetTickCount
IsBadWritePtr
CreateEventW
TlsGetValue
GlobalAlloc
TerminateProcess
InterlockedExchange
VirtualProtect
GetLastError
SetUnhandledExceptionFilter
GetFullPathNameW
LCMapStringW
ReadFile

Sections

.text
Size: 182KB - Virtual size: 182KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 50KB - Virtual size: 50KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 28KB - Virtual size: 552KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

fbf3a4fd25e069eed24cbf6dc61ea42c

Headers

DLL Characteristics

File Characteristics

Imports

user32

ole32

pdh

rtm

advapi32

comctl32

kernel32

Sections

.text Size: 182KB - Virtual size: 182KB

.data Size: 50KB - Virtual size: 50KB

.rsrc Size: 28KB - Virtual size: 552KB

.text
Size: 182KB - Virtual size: 182KB

.data
Size: 50KB - Virtual size: 50KB

.rsrc
Size: 28KB - Virtual size: 552KB