016cfb75b6ff0da9c1118b94afb1a52975e346d703c8e2a9e68a457b63077cc9N

Sharing

Copy URL Twitter E-mail

General

Target

016cfb75b6ff0da9c1118b94afb1a52975e346d703c8e2a9e68a457b63077cc9N
Size

404KB
MD5

f3a124df5190e131310867965c31d1e0
SHA1

8dd2625e37e80798e8a4a48eb9385126522fed2a
SHA256

016cfb75b6ff0da9c1118b94afb1a52975e346d703c8e2a9e68a457b63077cc9
SHA512

9bec23cc07b0da981df0fce268cb98bf5150b53dd1663745856b01c451bafea91592dde19331f2e7e8441f65272cc53f06a1754dec50bb1da525599129aef4a6
SSDEEP

12288:yy+FjWGBebgJkI9+ptyCJQfEaIo/1KSyd:YWEebg9WtyqXtoASo

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
016cfb75b6ff0da9c1118b94afb1a52975e346d703c8e2a9e68a457b63077cc9N

Files

016cfb75b6ff0da9c1118b94afb1a52975e346d703c8e2a9e68a457b63077cc9N
.exe windows:5 windows x86 arch:x86

5a7662c381cb13c1b525334273bd0c1a

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

crtdll

ungetwc
_except_handler2
_isnan
_wcsset
_wcslwr
wcspbrk
srand
wcsncat
_mbctype
_wcsdup
_tell
_toupper
iswcntrl
div
_ultow
fread
_CIexp
sqrt
_mbslen
__mb_cur_max_dll
strxfrm
gets
strtoul
_tempnam
_strdup
_sopen
_ungetch
_rotl
__toascii
longjmp
_tzname

imagehlp

SymUnloadModule
SymGetModuleInfoW64
SymRegisterFunctionEntryCallback
UnMapAndLoad
SymFunctionTableAccess
FindDebugInfoFile
SymGetModuleBase64
EnumerateLoadedModules64
SymFromName
BindImage
ImageDirectoryEntryToDataEx
ImagehlpApiVersionEx
GetTimestampForLoadedLibrary
RemovePrivateCvSymbolic
UnDecorateSymbolName
FindExecutableImage
ImageRvaToVa
CheckSumMappedFile
SymGetLineFromName64
SymEnumerateSymbolsW64
SymGetTypeFromName
GetImageConfigInformation
BindImageEx
ImageAddCertificate
FindDebugInfoFileEx
ImageEnumerateCertificates
SymGetOptions

kernel32

GetModuleFileNameW
QueryDosDeviceW
GetLastError
GlobalAddAtomA
GetTimeZoneInformation
HeapCompact
GlobalMemoryStatus
CreateActCtxA
GetExitCodeThread
GetTickCount
SetComPlusPackageInstallStatus
DeleteFileA
SetProcessWorkingSetSize
FindResourceExW
MoveFileExW
VerLanguageNameW
FlushInstructionCache
SetConsoleMenuClose
GlobalGetAtomNameW
GetFileAttributesA
UpdateResourceA
DeviceIoControl
VirtualAlloc
GetDefaultCommConfigW
MoveFileExA
RegisterConsoleOS2
AllocConsole
Module32Next
GetConsoleCursorInfo
IsDebuggerPresent
SetComputerNameExW
GetLogicalDriveStringsW
GetNumaNodeProcessorMask
WriteConsoleOutputCharacterA
GetStartupInfoW
LoadLibraryA
GlobalWire
EnumerateLocalComputerNamesW
GlobalAlloc
FindActCtxSectionStringW
LocalAlloc
GetPrivateProfileStructA
GetProfileSectionW

esent

JetEscrowUpdate
JetIntersectIndexes
JetOpenTempTable
JetGetDatabaseInfo
JetOpenFile
JetSetCurrentIndex2
JetEnumerateColumns
JetFreeBuffer
JetRenameTable
JetMakeKey
JetSetCurrentIndex4
JetInit@4
JetSetColumnDefaultValue
JetConvertDDL
JetCommitTransaction@8
JetCreateDatabase
JetGetLS
JetGetBookmark
JetStopService
JetStopBackup
JetTruncateLogInstance
JetCreateDatabase2
JetIdle
JetCloseTable@8
JetGetVersion
JetDelete

adsldpc

SchemaGetPropertyInfo
SchemaClose
LdapGetSchemaObjectCount
ADSIOpenDSObject
LdapReadAttribute2
LdapTypeToAdsTypeDNWithString
ADsSetSearchPreference
LdapFirstAttribute
ADsGetFirstRow
LdapReadAttributeFast
LdapSearchInitPage
LdapCreatePageControl
LdapModifyExtS
ADSIFreeColumn
ADsHelperGetCurrentRowMessage
LdapcSetStickyServer
LdapSearchST
GetDefaultServer
LdapModDnS
LdapFirstEntry
ADSIGetNextColumnName
LdapGetSyntaxIdOfAttribute
ADSICloseDSObject
LdapCountEntries
ADsCreateDSObject
LdapTypeBinaryToString
BuildADsParentPathFromObjectInfo2
LdapValueFree
LdapInitializeSearchPreferences
ADSIDeleteDSObject
LdapCacheAddRef
AdsTypeToLdapTypeCopyTime
LdapControlsFree

odbccr32

ReleaseCLStmtResources
SQLExecDirect
SQLSetConnectAttr
SQLParamOptions
SQLSetStmtAttr
SQLExtendedFetch
SQLGetData
SQLBindParameter
SQLGetStmtAttr
SQLSetDescField
SQLBindCol
SQLGetDescRec
SQLCancel
SQLFreeHandle
SQLSetDescRec
SQLBulkOperations
SQLRowCount
SQLFetchScroll
SQLSetPos
SQLNumParams
SQLCloseCursor
SQLSetStmtOption
SQLEndTran
SQLSetConnectOption
SQLSetScrollOptions
SQLFetch
SQLMoreResults
SQLGetStmtOption
SQLParamData
SQLTransact
SQLFreeStmt
SQLGetDescField
SQLPutData
SQLPrepare
SQLNativeSql
SQLExecute
SQLGetInfo

msvcrt

_putwch
_daylight
rand
__setusermatherr
_lseek
??_U@YAPAXI@Z
_fsopen
_time64
_wopen
_aligned_offset_realloc
??_V@YAXPAX@Z
_strtime
_waccess
wcschr
_getdllprocaddr
wcstol
_getdrives
_pctype
??1bad_typeid@@UAE@XZ
_wsetlocale
_fcvt
wcsrchr
fflush
_wtoi
_winmajor
??_Eexception@@UAEPAXI@Z
_i64toa
__pxcptinfoptrs
_getche
_strlwr
wscanf
_mbclen
_strnicoll
_assert
fwscanf
__p__iob
_ungetwch
time
_HUGE
__CxxRegisterExceptionObject
??0__non_rtti_object@@QAE@ABV0@@Z
_ismbstrail

user32

EndDialog

Sections

.text
Size: 22KB - Virtual size: 21KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 39KB - Virtual size: 39KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 322KB - Virtual size: 801KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 19KB - Virtual size: 19KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

5a7662c381cb13c1b525334273bd0c1a

Headers

File Characteristics

Imports

crtdll

imagehlp

kernel32

esent

adsldpc

odbccr32

msvcrt

user32

Sections

.text Size: 22KB - Virtual size: 21KB

.rdata Size: 39KB - Virtual size: 39KB

.data Size: 322KB - Virtual size: 801KB

.rsrc Size: 19KB - Virtual size: 19KB

.text
Size: 22KB - Virtual size: 21KB

.rdata
Size: 39KB - Virtual size: 39KB

.data
Size: 322KB - Virtual size: 801KB

.rsrc
Size: 19KB - Virtual size: 19KB