0939b2136a9d4a526e2c7ada51b86e7fa9ff3abd4616a306a2211a1d58c2730eN

Sharing

Copy URL Twitter E-mail

General

Target

0939b2136a9d4a526e2c7ada51b86e7fa9ff3abd4616a306a2211a1d58c2730eN
Size

367KB
MD5

fd697edd027631b8f9d4dccd7371bda0
SHA1

65eb62084a8962d12fb33cedf83831ec5a0c3756
SHA256

0939b2136a9d4a526e2c7ada51b86e7fa9ff3abd4616a306a2211a1d58c2730e
SHA512

f187641b9232d1485881d32f3936e8a764f5f7c117e6a6f332c3b83b05a44e52b7a2aabf29df44d82b7ad447fd395894d5f4782b8c7239e8f47720eb6f872111
SSDEEP

6144:URPm4SdVsa22zQtU2Cjzpfx3oOeheAvYbmWbLqMCQTd8ptWR9QJ:MneGgwU2C5x3TeYmWbLqMCiUtWM

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
0939b2136a9d4a526e2c7ada51b86e7fa9ff3abd4616a306a2211a1d58c2730eN

Files

0939b2136a9d4a526e2c7ada51b86e7fa9ff3abd4616a306a2211a1d58c2730eN
.exe windows:5 windows x86 arch:x86

26b95ceca57dff3190db26f11936419a

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Imports

msdart

??1CLKRLinearHashTable@@QAE@XZ
?WriteLock@CReaderWriterLock@@QAEXXZ
?ReadOrWriteLock@CSpinLock@@QAE_NXZ
?DeleteKey@CLKRHashTable@@QAE?AW4LK_RETCODE@@K@Z
?ReadLock@CFakeLock@@QAEXXZ
?IsUsable@CLKRHashTable@@QBE_NXZ
UMSEnterCSWraper
?TryWriteLock@CReaderWriterLock3@@QAE_NXZ
SetMemHook
?IsLocked@CLockedSingleList@@QBE_NXZ
?IsWriteUnlocked@CReaderWriterLock@@QBE_NXZ
?SetDefaultSpinCount@CCritSec@@SGXG@Z
?ConvertExclusiveToShared@CLKRHashTable@@QBEXXZ
?ReadUnlock@CSpinLock@@QAEXXZ
?SetSpinCount@CReaderWriterLock2@@QAE_NG@Z
??1CSingleList@@QAE@XZ
?_TryWriteLock2@CReaderWriterLock3@@AAE_NXZ
?sm_dblDfltSpinAdjFctr@CCritSec@@1NA
?IsWriteLocked@CSpinLock@@QBE_NXZ
?SetTableLockSpinCount@CLKRLinearHashTable@@QAEXG@Z
?_Contract@CLKRLinearHashTable@@AAE?AW4LK_RETCODE@@XZ
?_Unlock@CSpinLock@@AAEXXZ
?RemoveTail@CDoubleList@@QAEQAVCListEntry@@XZ
?sm_dblDfltSpinAdjFctr@CReaderWriterLock2@@1NA
??0CSingleList@@QAE@XZ
MPCSInitialize
?TryWriteLock@CFakeLock@@QAE_NXZ
?Apply@CLKRHashTable@@QAEKP6G?AW4LK_ACTION@@PBXPAX@Z1W4LK_LOCKTYPE@@@Z
?Clear@CLKRLinearHashTable@@QAEXXZ
?SetSpinCount@CFakeLock@@QAE_NG@Z
?sm_llGlobalList@CLKRHashTable@@0VCLockedDoubleList@@A

iphlpapi

GetUdpStatistics
_PfRemoveGlobalFilterFromInterface@8
GetNumberOfInterfaces
IcmpCloseHandle
IcmpSendEcho2
SendARP
GetIpAddrTable
GetTcpStatisticsEx
GetRTTAndHopCount
_PfRebindFilters@8
GetIfTable
_PfTestPacket@20
AllocateAndGetIpAddrTableFromStack
_PfGetInterfaceStatistics@16
SetTcpEntry
InternalGetIpForwardTable
NotifyAddrChange
NhGetInterfaceNameFromGuid
Icmp6SendEcho2
GetBestInterface
AddIPAddress
_PfRemoveFilterHandles@12
NTTimeToNTPTime
SetIpForwardEntry
CreateIpForwardEntry
DeleteIpForwardEntry
_PfRemoveFiltersFromInterface@20
_PfDeleteInterface@4
InternalSetIpNetEntry
GetAdapterIndex
GetIpStatistics
SetAdapterIpAddress
SetIfEntry
CreateIpNetEntry
GetAdaptersInfo
GetUniDirectionalAdapterInfo
GetIcmpStatistics

kernel32

FindFirstChangeNotificationW
MapUserPhysicalPagesScatter
GetVolumePathNamesForVolumeNameA
RegisterConsoleVDM
CancelWaitableTimer
GetConsoleAliasesLengthA
WritePrivateProfileSectionA
ConsoleMenuControl
LZOpenFileA
PulseEvent
OpenFileMappingA
WriteFileGather
GetLastError
BackupRead
SetUnhandledExceptionFilter
FindResourceW
GetConsoleAliasExesLengthA
TryEnterCriticalSection
ReadConsoleInputExA
GetConsoleAliasesW
GetCurrentThread
OpenConsoleW
GetEnvironmentStrings
GetModuleHandleExA
SetComputerNameExW
VirtualAlloc
SignalObjectAndWait
MoveFileExW
SetThreadUILanguage
GetEnvironmentStringsW
CreateDirectoryExW
GetProcessAffinityMask
LoadLibraryA
FindActCtxSectionStringA
IsDebuggerPresent
Heap32ListNext
HeapCreate
MapUserPhysicalPages
SetThreadExecutionState

ntdll

ZwUnloadDriver
ZwFlushVirtualMemory
RtlDoesFileExists_U
RtlGetSecurityDescriptorRMControl
RtlSetHeapInformation
NtSetInformationThread
_aullshr
RtlInterlockedFlushSList
RtlSetTimer
NtCreateIoCompletion
RtlCompactHeap
_alldvrm
RtlActivateActivationContext
ZwSetQuotaInformationFile
NtQuerySymbolicLinkObject
RtlCreateQueryDebugBuffer
NtReleaseMutant
RtlQueueApcWow64Thread
RtlGetOwnerSecurityDescriptor
RtlSetLastWin32Error
strstr
ZwSaveKeyEx
NtCreateMutant
ZwCreateKeyedEvent
ZwSetInformationProcess
iswspace
NtPulseEvent
NtQueryMutant
ZwCreateProcess
RtlIsActivationContextActive
RtlDeleteRegistryValue
RtlDllShutdownInProgress
ZwQuerySystemEnvironmentValue
NtWaitLowEventPair
RtlNumberGenericTableElements
RtlUpcaseUnicodeToMultiByteN
RtlAreAllAccessesGranted
NtSaveMergedKeys
NtFlushWriteBuffer
RtlIsTextUnicode
RtlGetNtGlobalFlags
RtlExtendedIntegerMultiply
ZwSetInformationToken
ZwSetThreadExecutionState
RtlCopySid
ZwQueryVirtualMemory
NtFsControlFile
ZwCancelIoFile
LdrLockLoaderLock
RtlIdentifierAuthoritySid
ceil
NtTraceEvent
ZwResetWriteWatch
RtlStartRXact
ZwPowerInformation
NtOpenKeyedEvent
LdrGetDllHandleEx
RtlGenerate8dot3Name
wcscat
_aullrem
RtlpNtMakeTemporaryKey
NtSetInformationDebugObject
NtQueryDirectoryFile
RtlImageRvaToVa
RtlRestoreLastWin32Error
RtlCheckForOrphanedCriticalSections
NtConnectPort
_alloca_probe
ZwWriteFileGather
KiUserApcDispatcher
RtlConvertLongToLargeInteger
NtWaitForDebugEvent
vsprintf
RtlDeleteNoSplay
ZwSuspendProcess
_ultoa
ZwCompareTokens
RtlAnsiCharToUnicodeChar
LdrAddRefDll
RtlValidateProcessHeaps

gdi32

FloodFill
GetTextCharacterExtra
GdiConvertRegion
SetWinMetaFileBits
SelectBrushLocal
RemoveFontResourceExW
GetICMProfileA
DdEntry37
GetBoundsRect
RoundRect
GdiConvertBrush
GetSystemPaletteUse
SetBkColor
GetDIBits
GdiPlayEMF
XFORMOBJ_bApplyXform
CreateMetaFileA
GetArcDirection
SetDeviceGammaRamp
GetGlyphIndicesW
FONTOBJ_pQueryGlyphAttrs
SetTextColor
SetPixel
DdEntry43
CreateBrushIndirect
EngDeleteSemaphore
GdiInitSpool
GetCharABCWidthsW
GdiPlayJournal
SetColorSpace
GetTextExtentExPointW
CreateICA
PolyTextOutA
DdEntry17
EnumMetaFile
EngWideCharToMultiByte
AnyLinkedFonts
GetClipRgn
EnumICMProfilesA
EngTextOut

Sections

.text
Size: 90KB - Virtual size: 92KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 65KB - Virtual size: 68KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 536KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 206KB - Virtual size: 208KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

26b95ceca57dff3190db26f11936419a

Headers

File Characteristics

Imports

msdart

iphlpapi

kernel32

ntdll

gdi32

Sections

.text Size: 90KB - Virtual size: 92KB

.rdata Size: 65KB - Virtual size: 68KB

.data Size: 512B - Virtual size: 536KB

.rsrc Size: 206KB - Virtual size: 208KB

.reloc Size: 4KB - Virtual size: 4KB

.text
Size: 90KB - Virtual size: 92KB

.rdata
Size: 65KB - Virtual size: 68KB

.data
Size: 512B - Virtual size: 536KB

.rsrc
Size: 206KB - Virtual size: 208KB

.reloc
Size: 4KB - Virtual size: 4KB