12021e6bf61a14cc8ba94b5c4e56230ba723c280be982c7cf37c09723526e967N

Sharing

Copy URL Twitter E-mail

General

Target

12021e6bf61a14cc8ba94b5c4e56230ba723c280be982c7cf37c09723526e967N
Size

22KB
MD5

ea0aa7ca8724059f2eec58fed5847a40
SHA1

7521776e7a7d81078ded4c6500d04af615c7dd19
SHA256

12021e6bf61a14cc8ba94b5c4e56230ba723c280be982c7cf37c09723526e967
SHA512

58c32138a4409bba6c3090b50bdf1cc114953ea6744868688f4b035caf4a29e9bafd290f4412f74da047ee0cddd528c5eb4dfd77245a39cbff14d1a64f9a5755
SSDEEP

384:fjQvMLe+at5G8utE228XEzwG7jYwcHR24CpCzr8jdDBC/bWvvjtx1d99cDTh/oLx:LQvSeBB7228tGorR24CpCzr8jduwtXWc

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/loghours.dll

Files

12021e6bf61a14cc8ba94b5c4e56230ba723c280be982c7cf37c09723526e967N
.cab
loghours.dll
.dll windows:5 windows x86 arch:x86

c9cc704374face510ca7737f3f31607a

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GetProcAddress
LoadLibraryW
IsBadWritePtr
GetModuleHandleA
QueryPerformanceCounter
GetTickCount
FreeLibrary
GetCurrentProcessId
GetSystemTimeAsFileTime
TerminateProcess
GetCurrentProcess
SetUnhandledExceptionFilter
LocalFree
GetTimeFormatW
MulDiv
LocalAlloc
GetTimeZoneInformation
GetLocaleInfoW
GetCurrentThreadId
GetLastError
Sleep

mfc42u

ord5727
ord3917
ord1089
ord5193
ord2388
ord3341
ord5296
ord5298
ord2717
ord4074
ord4692
ord5303
ord5285
ord5710
ord2977
ord3142
ord3254
ord4459
ord3131
ord3257
ord2980
ord3076
ord2971
ord3825
ord3826
ord3820
ord3074
ord4075
ord4616
ord4418
ord3733
ord561
ord815
ord823
ord6051
ord4073
ord1768
ord4401
ord5237
ord2377
ord5157
ord6370
ord4347
ord5286
ord3793
ord4831
ord4435
ord2640
ord2047
ord6372
ord3744
ord5059
ord1720
ord5257
ord2438
ord2116
ord5273
ord3397
ord4621
ord3716
ord567
ord795
ord2567
ord4390
ord3569
ord609
ord641
ord2294
ord2634
ord5261
ord4370
ord4992
ord2506
ord6048
ord1767
ord5276
ord4419
ord3592
ord2455
ord1644
ord6466
ord3658
ord3621
ord2406
ord3688
ord3568
ord1634
ord2855
ord3566
ord4294
ord3133
ord2854
ord2859
ord2371
ord1863
ord1941
ord4270
ord2504
ord5783
ord283
ord4128
ord4292
ord2559
ord535
ord5568
ord2914
ord2606
ord2820
ord861
ord858
ord3084
ord818
ord755
ord2746
ord2810
ord6168
ord5869
ord1143
ord5785
ord470
ord5784
ord472
ord4312
ord5977
ord2615
ord5945
ord6211
ord6193
ord3087
ord6237
ord324
ord4229
ord2478
ord3998
ord6195
ord4704
ord5949
ord4219
ord4847
ord600
ord1240
ord1173
ord1165
ord1571
ord1250
ord1248
ord1563
ord1194
ord342
ord1179
ord1570
ord1568
ord1115
ord269
ord826
ord800
ord4155
ord540
ord825
ord4269
ord6371
ord4480
ord2546
ord538

msvcrt

malloc
_except_handler3
?terminate@@YAXXZ
_onexit
__dllonexit
free
_purecall
wcsncpy
wcscmp
_wtoi
memmove
_wsetlocale
??1type_info@@UAE@XZ
_adjust_fdiv
__CxxFrameHandler
_initterm

user32

EndPaint
BeginPaint
SetCursorPos
GetSystemMetrics
LoadImageW
DrawIconEx
DestroyIcon
SendMessageW
GetParent
EnableWindow
IsWindow
CopyRect
IsRectEmpty
PtInRect
SetRect
InflateRect
OffsetRect
IntersectRect
FillRect
FrameRect
DrawFocusRect
GetClientRect
ClientToScreen
ScreenToClient
GetDC
ReleaseDC
UpdateWindow
InvalidateRect
GetCapture
SetCapture
GetFocus
DrawTextExW
GetSysColor
ReleaseCapture

gdi32

CreatePatternBrush
GetBkColor
GetTextColor
PatBlt
GetTextExtentPoint32W
CreateBitmap

oleaut32

SysAllocString

ole32

CoDisconnectObject

Exports

Exports

ConnectionScheduleDialog
ConnectionScheduleDialogEx
DialinHoursDialog
DialinHoursDialogEx
DirSyncScheduleDialog
DirSyncScheduleDialogEx
LogonScheduleDialog
LogonScheduleDialogEx
ReplicationScheduleDialog
ReplicationScheduleDialogEx

Sections

.text
Size: 38KB - Virtual size: 38KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 6KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

c9cc704374face510ca7737f3f31607a

Headers

File Characteristics

Imports

kernel32

mfc42u

msvcrt

user32

gdi32

oleaut32

ole32

Exports

Exports

Sections

.text Size: 38KB - Virtual size: 38KB

.data Size: 1024B - Virtual size: 9KB

.rsrc Size: 6KB - Virtual size: 5KB

.reloc Size: 4KB - Virtual size: 4KB

.text
Size: 38KB - Virtual size: 38KB

.data
Size: 1024B - Virtual size: 9KB

.rsrc
Size: 6KB - Virtual size: 5KB

.reloc
Size: 4KB - Virtual size: 4KB