423dcbfbcd8492f1a2d555199caba8df3374f35541f388ccff6516d5cc8690e1

Sharing

Copy URL Twitter E-mail

General

Target

423dcbfbcd8492f1a2d555199caba8df3374f35541f388ccff6516d5cc8690e1
Size

65KB
MD5

f7bc9e24a88f63b21ddb7e3d3c2a4855
SHA1

40da44637774ac47a658ed53a50d2df90f783251
SHA256

423dcbfbcd8492f1a2d555199caba8df3374f35541f388ccff6516d5cc8690e1
SHA512

74db442a4948c847fc1926a9c430cb53fa9964b2a57e60c9e9b09f28a46ced0dfe61bc5c6734abecc64a1aa6bd4ef80909af80d1cb14afbb1147321f9b610b3a
SSDEEP

1536:Sz1uFS7W8NNKFWSNG1A+S7qTSpBZEATmgZRm:SUFS7W8DKMaKA+S7qTkZk

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
423dcbfbcd8492f1a2d555199caba8df3374f35541f388ccff6516d5cc8690e1

Files

423dcbfbcd8492f1a2d555199caba8df3374f35541f388ccff6516d5cc8690e1
.exe windows:5 windows x86 arch:x86

53a84dfb8d1b71001518394adc41fdbc

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

ufat

?IsValidLastAccessTime@FAT_DIRENT@@QBEEXZ
??0CLUSTER_CHAIN@@QAE@XZ
?Initialize@EA_SET@@QAEEPAVMEM@@PAVLOG_IO_DP_DRIVE@@PAVFAT_SA@@PBVFAT@@KK@Z
?Initialize@REAL_FAT_SA@@UAEEPAVLOG_IO_DP_DRIVE@@PAVMESSAGE@@E@Z
?Initialize@FAT_DIRENT@@QAEEPAXE@Z
??0FAT_DIRENT@@QAE@XZ
?QueryAllocatedClusters@FAT@@QBEKXZ
?FreeChain@FAT@@QAEXK@Z
??1FAT_SA@@UAE@XZ
?Read@REAL_FAT_SA@@UAEEPAVMESSAGE@@@Z
?SearchForDirEntry@FATDIR@@QAEPAXPBVWSTRING@@@Z
?Initialize@CLUSTER_CHAIN@@QAEEPAVMEM@@PAVLOG_IO_DP_DRIVE@@PAVFAT_SA@@PBVFAT@@KK@Z
??1EA_HEADER@@UAE@XZ
?QueryName@FAT_DIRENT@@QBEEPAVWSTRING@@@Z
?Initialize@FAT_DIRENT@@QAEEPAX@Z
??0ROOTDIR@@QAE@XZ
?Initialize@EA_HEADER@@QAEEPAVMEM@@PAVLOG_IO_DP_DRIVE@@PAVFAT_SA@@PBVFAT@@KK@Z
?InitFATChkDirty@REAL_FAT_SA@@QAEEPAVLOG_IO_DP_DRIVE@@PAVMESSAGE@@@Z
??0FILEDIR@@QAE@XZ
ChkdskEx

snmpapi

SnmpUtilOidFree
SnmpSvcGetUptimeFromTime
SnmpUtilPrintAsnAny
SnmpUtilUnicodeToAnsi
SnmpUtilUnicodeToUTF8
SnmpUtilOctetsCpy
SnmpUtilOctetsCmp
SnmpSvcGetUptime
SnmpTfxQuery
SnmpUtilAsnAnyCpy
SnmpUtilMemReAlloc
SnmpTfxOpen
SnmpUtilMemAlloc
SnmpUtilOidCpy
SnmpUtilMemFree
SnmpUtilOidNCmp
SnmpUtilOidCmp
SnmpSvcSetLogType
SnmpUtilPrintOid
SnmpUtilVarBindCpy
SnmpSvcAddrIsIpx
SnmpUtilAnsiToUnicode
SnmpUtilAsnAnyFree
SnmpUtilOctetsFree
SnmpSvcInitUptime
SnmpTfxClose
SnmpSvcSetLogLevel
SnmpUtilIdsToA

ntdll

NtReadFile
RtlUniform
NtWaitForMultipleObjects
ZwWaitForSingleObject
RtlGetCompressionWorkSpaceSize
RtlLocalTimeToSystemTime
NtAlertThread
_memccpy
NtSetInformationObject
ZwResetEvent
RtlTraceDatabaseUnlock
ZwOpenSemaphore
NtOpenProcess
RtlTimeToTimeFields
RtlCreateAndSetSD
ZwWriteFile
NtQueryInformationProcess
RtlQuerySecurityObject
NtQueryAttributesFile
NtResetEvent
tolower
RtlCreateUnicodeString
RtlSetCurrentEnvironment
pow
RtlImageRvaToVa
LdrAccessResource

dmdskmgr

?SetUIState@CTaskData@@QAEXK@Z
?GetSizeString@CDMNodeObj@@QAEXAAVCString@@@Z
?IsMember@CDMNodeObj@@QAEHPAV1@@Z
?GetPort@CDMNodeObj@@QAEHXZ
?HasExtendedPartition@CDMNodeObj@@QAEHXZ
?IsFTVolume@CDMNodeObj@@QAEHXZ
?CanHaveGPT@CDMNodeObj@@QAEHXZ
?GetColorRef@CDMNodeObj@@QAEKXZ
?EnumVolumeMembers@CDMNodeObj@@QAEXPAPAJAAJ@Z
?GetIconId@CDMNodeObj@@QAEIH@Z
?GetFileSystemType@CDMNodeObj@@QAEHXZ
?ContainsRealSystemPartition@CDMNodeObj@@QAEHXZ
?EnumVolumes@CTaskData@@QAEXAAKPAPAJ@Z
?GetFileSystemTypes@CTaskData@@QAEXAAKPAPAUifilesysteminfo@@@Z
?GetImageNum@CDMNodeObj@@QAEHXZ
?IsSecureSystemPartition@CTaskData@@QAEHXZ
?GetRegionColorStructPtr@CTaskData@@QAEXPAPAU_REGION_COLORS@@AAH@Z
?namecmp@@YGHPBG0@Z
?GetIVolumeClientVersion@CTaskData@@QAEFXZ
?GetDiskInfoFromVolCookie@CTaskData@@QAEXJAAHAAKPAPAJKH@Z
?GetName@CDMNodeObj@@QAEXAAVCString@@@Z
?GetRegionInfo@CDMNodeObj@@QAEHAAUregioninfoex@@@Z
?GetLdmObjectId@CDMNodeObj@@QAE_JXZ
?GetLongName@CDMNodeObj@@QAEXAAVCString@@H@Z
?IsNEC_98Disk@CDMNodeObj@@QAEHXZ
?IsFakeVolume@CDMNodeObj@@QAEHXZ
?IsUpgradeable@CDMNodeObj@@QAEHXZ
?GetExtraRegionStatus@CDMNodeObj@@QAEHAAVCString@@H@Z
LoadPropertyPageData
DllRegisterServer

query

?InsertChild@CDbCmdTreeNode@@IAEXPAV1@@Z
??0CCiAdminParams@@QAE@PAVCLangList@@@Z
_LoadBHIFilter@16
?Release@CImpersonateRemoteAccess@@QAEXXZ
?GetString@CMemDeSerStream@@UAEPADXZ
?AddCachedProperty@CCatalogAdmin@@QAEXABVCFullPropSpec@@KKKH@Z
?GetFileName@CPathParser@@QBEHPAGAAK@Z
?BeginTransaction@CPropStoreManager@@QAEKXZ
?AppendListElement@CDbListAnchor@@IAEHGABUtagDBID@@@Z
?Clone@CDbCmdTreeNode@@QBEPAV1@H@Z
?GetProperties@CDbProperties@@UAGJKQBUtagDBPROPIDSET@@PAKPAPAUtagDBPROPSET@@@Z
?AddArg@CEventItem@@QAEXPBG@Z
?MinPageInUse@CPhysStorage@@QAEHAAK@Z
?GetCGIVariableW@CWebServer@@QAEHPBGAAV?$XArray@G@@AAK@Z
?InitIterator@CStaticPropertyList@@UAEXXZ
?Commit@CRcovStrmMDTrans@@QAEXXZ
?Read@CRcovStrmTrans@@QAEKPAXK@Z
??1CImpersonateSystem@@QAE@XZ
?SkipDouble@CMemDeSerStream@@UAEXXZ
?SetR4@CStorageVariant@@QAEXMI@Z
?SetLPWSTR@CStorageVariant@@QAEXPBGI@Z
?Marshall@CDbProp@@QBEXAAVPSerStream@@@Z
?AddToWorkQueue@CFwAsyncWorkItem@@QAEXXZ
?CleanupDataValue@CDbCmdTreeNode@@IAEXXZ
?My_wcstoui64@@YA_KPBGPAPAGH@Z
??1CDbProp@@QAE@XZ
?QueryInterface@CEnumWorkid@@UAGJABU_GUID@@PAPAX@Z
?GetI4@CAllocStorageVariant@@QBEJI@Z

netapi32

I_BrowserResetStatistics
NetUserEnum
NetErrorLogClear
NetWkstaUserSetInfo
NetDfsAddStdRootForced
NetDfsSetInfo
NetWkstaTransportAdd
NetUserGetLocalGroups
NetShareCheck
NetWkstaTransportEnum
NetFileEnum
NetpGetConfigBool
DsRoleAbortDownlevelServerUpgrade
NetpwPathCompare
NetServiceEnum
NetapipBufferAllocate
NetAuditRead
I_NetlogonComputeClientDigest
NetApiBufferAllocate
NetGetDisplayInformationIndex
NetDfsManagerInitialize
NetLocalGroupAddMember
NetShareGetInfo
NetWkstaSetInfo
NetEnumerateTrustedDomains

kernel32

HeapCreate
CancelDeviceWakeupRequest
GetModuleHandleW
GetThreadPriority
GetProcAddress
FindResourceExA
CommConfigDialogW
HeapSetInformation
GetStartupInfoA
WritePrivateProfileStringA
IsProcessInJob
GetCommandLineA
VirtualAlloc
SetHandleContext
GetConsoleAliasExesA
ReleaseActCtx
GetConsoleAliasExesLengthA
SetVolumeLabelA
HeapFree
SetEnvironmentVariableA
LZClose
SetConsoleCP
LoadLibraryA
SwitchToThread
IsProcessorFeaturePresent

crtdll

_commit
sscanf
sin
_wtoi
_mbclen
_spawnvpe
clock
fabs
_mbsnicmp
fmod
_fcvt
_mbsset
rewind
_getch
_osminor_dll
iscntrl
wcstol
_mbsnbcat
putc
_spawnl
_getdllprocaddr
_get_osfhandle
_chmod
_CIacos
atof
floor
_assert

Sections

.text
Size: 9KB - Virtual size: 8KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 21KB - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 14KB - Virtual size: 55KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 19KB - Virtual size: 19KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 388B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

53a84dfb8d1b71001518394adc41fdbc

Headers

DLL Characteristics

File Characteristics

Imports

ufat

snmpapi

ntdll

dmdskmgr

query

netapi32

kernel32

crtdll

Sections

.text Size: 9KB - Virtual size: 8KB

.rdata Size: 21KB - Virtual size: 20KB

.data Size: 14KB - Virtual size: 55KB

.rsrc Size: 19KB - Virtual size: 19KB

.reloc Size: 512B - Virtual size: 388B

.text
Size: 9KB - Virtual size: 8KB

.rdata
Size: 21KB - Virtual size: 20KB

.data
Size: 14KB - Virtual size: 55KB

.rsrc
Size: 19KB - Virtual size: 19KB

.reloc
Size: 512B - Virtual size: 388B