f3c89d61e7f08cfe93e10cbd129e163709b32941745c50063e55573cd4dc6edeN

General

Target

f3c89d61e7f08cfe93e10cbd129e163709b32941745c50063e55573cd4dc6edeN
Size

8KB
MD5

c98ef7782eab9ddd7ce5d25bcaa2fcf0
SHA1

e98d026b1bd8917e0c97a24d84ba13e48bee728c
SHA256

f3c89d61e7f08cfe93e10cbd129e163709b32941745c50063e55573cd4dc6ede
SHA512

8dadea9fdb72901df6ecdd5f9804c40f2ce36e1951d6294ba7000d15c7b751055fd9a4d4e4f2eb294139e459a9b661c0b91b3c1b1f882a67eef3994efbf43b60
SSDEEP

192:XHno9yzvLetM4lLmsF+H8HepTcII2Xu4AlYjX80wSGlP13:XHno9yGttK6e8+y2+4S+X80+1

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/sisbkup.dll

Files

f3c89d61e7f08cfe93e10cbd129e163709b32941745c50063e55573cd4dc6edeN
.cab
sisbkup.dll
.dll windows:5 windows x86 arch:x86

b2be0b069b068ab4914f5ba24fc9e1fe

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

sisbkup.pdb

Imports

msvcrt

wcsrchr
??3@YAXPAX@Z
free
??2@YAPAXI@Z
__CxxFrameHandler
malloc
_except_handler3
?terminate@@YAXXZ
_adjust_fdiv
_initterm
wcslen
memmove

ntdll

NtCreateFile
NtQueryDirectoryFile
RtlNtStatusToDosError
NtQueryInformationFile
NtSetInformationFile

rpcrt4

UuidToStringW
RpcStringFreeW
UuidFromStringW

kernel32

CloseHandle
DisableThreadLibraryCalls
Sleep
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
GetSystemTimeAsFileTime
GetCurrentProcessId
GetCurrentThreadId
GetTickCount
QueryPerformanceCounter
ReadFile
SetEndOfFile
GetFileAttributesW
SetFileAttributesW
DeleteCriticalSection
EnterCriticalSection
LeaveCriticalSection
SetLastError
GetDiskFreeSpaceW
InitializeCriticalSection
DeviceIoControl
SetFilePointer
GetLastError
WriteFile
CreateFileW

Exports

Exports

SisCSFilesToBackupForLink
SisCreateBackupStructure
SisCreateRestoreStructure
SisFreeAllocatedMemory
SisFreeBackupStructure
SisFreeRestoreStructure
SisRestoredCommonStoreFile
SisRestoredLink

Sections

.text
Size: 13KB - Virtual size: 13KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 832B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 668B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

b2be0b069b068ab4914f5ba24fc9e1fe

Headers

File Characteristics

PDB Paths

Imports

msvcrt

ntdll

rpcrt4

kernel32

Exports

Exports

Sections

.text Size: 13KB - Virtual size: 13KB

.data Size: 512B - Virtual size: 832B

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 1024B - Virtual size: 668B

.text
Size: 13KB - Virtual size: 13KB

.data
Size: 512B - Virtual size: 832B

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 1024B - Virtual size: 668B