85935ef60d691837d0cfe87c71d7baead6c4cd690a9876b698a2a19ebad97675N

Sharing

Copy URL

Twitter E-mail

General

Target

85935ef60d691837d0cfe87c71d7baead6c4cd690a9876b698a2a19ebad97675N
Size

88KB
MD5

525d76be852f0c201d4e543030958f40
SHA1

65f3aa8783b8c875c4f0785d3a3d096636308d21
SHA256

85935ef60d691837d0cfe87c71d7baead6c4cd690a9876b698a2a19ebad97675
SHA512

c8c0ba14c71ab3f7a916b61fb1ff7616448ab1c6679d75c66cdcef9363b78df88ac73fad3a283d87a333a4ca58b6429dae9122912d72f56d16a872ada0d389f8
SSDEEP

1536:xqeB0vGN9P6g8QkoSOEnDn968hCGDmJVUo1eQZQpzMMlBUD7HWjo2S/ZHhGXM3zi:x8v20g8CyzhxkVUMZQg3gz+Z88i

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/w32time.dll

Files

85935ef60d691837d0cfe87c71d7baead6c4cd690a9876b698a2a19ebad97675N
.cab
w32time.dll
.dll regsvr32 windows:5 windows x86 arch:x86

6625b9a31dc503f9b01a7fce0cb83bbc

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

w32time.pdb

Imports

msvcrt

swprintf
wcscat
?terminate@@YAXXZ
wcscspn
wcstoul
??3@YAXPAX@Z
wcscmp
malloc
??1type_info@@UAE@XZ
_adjust_fdiv
_initterm
free
_except_handler3
ceil
??0exception@@QAE@XZ
?what@exception@@UBEPBDXZ
memmove
_ultow
??1exception@@UAE@XZ
_wcsnicmp
wcsstr
?_set_se_translator@@YAP6AXIPAU_EXCEPTION_POINTERS@@@ZP6AXI0@Z@Z
__CxxFrameHandler
qsort
_wcsicmp
_vsnwprintf
wcschr
wcsncpy
wcscpy
??2@YAPAXI@Z
_resetstkoflw
wcslen
??0exception@@QAE@ABV0@@Z
_CxxThrowException

msvcp60

??0bad_alloc@std@@QAE@ABV01@@Z
??0bad_alloc@std@@QAE@PBD@Z
??1bad_alloc@std@@UAE@XZ

ntdll

NtSetSystemTime
NtClose
NtWaitForSingleObject
NtOpenEvent
NtCreateEvent
RtlInitUnicodeString
RtlImageNtHeader
RtlFreeHeap
RtlAllocateHeap
RtlAcquireResourceExclusive
RtlAcquireResourceShared
RtlReleaseResource
RtlInitializeResource
RtlConvertExclusiveToShared
RtlConvertSharedToExclusive
RtlDeleteResource
RtlNtStatusToDosError

kernel32

DisableThreadLibraryCalls
SetUnhandledExceptionFilter
UnhandledExceptionFilter
TerminateProcess
GetSystemTimeAsFileTime
GetCurrentProcessId
QueryPerformanceCounter
QueryPerformanceFrequency
GetOverlappedResult
LoadLibraryW
GetProcAddress
EnterCriticalSection
TryEnterCriticalSection
LeaveCriticalSection
InitializeCriticalSection
LocalFree
DeleteCriticalSection
LocalAlloc
GetLastError
CreateTimerQueueTimer
DeleteTimerQueueTimer
ChangeTimerQueueTimer
CloseHandle
FormatMessageW
InterlockedIncrement
InterlockedDecrement
WaitForSingleObject
GetCurrentThreadId
WriteFile
CreateEventW
GetFileSizeEx
CreateFileW
GetSystemTimeAdjustment
GetModuleFileNameW
GetModuleHandleW
SetHandleInformation
UnregisterWaitEx
UnregisterWait
RegisterWaitForSingleObject
SetEvent
GetTickCount
QueueUserWorkItem
SetTimeZoneInformation
GetTimeZoneInformation
GetCurrentProcess
WaitForMultipleObjects
FreeLibrary
SetSystemTimeAdjustment
SetSystemTime
GetSystemTime
SetThreadPriority
GetCurrentThread
CreateThread
ResetEvent
GetExitCodeThread
Sleep

advapi32

RegOpenKeyExW
RegisterServiceCtrlHandlerExW
SetServiceStatus
StartServiceW
OpenThreadToken
PrivilegeCheck
GetTokenInformation
QueryServiceConfigW
QueryServiceStatus
RegOpenKeyExA
RegQueryValueExA
LookupAccountSidW
ConvertSidToStringSidW
I_ScSetServiceBitsW
OpenProcessToken
AdjustTokenPrivileges
RegEnumKeyExW
LookupPrivilegeValueW
LsaNtStatusToWinError
RegDeleteKeyW
DeleteService
OpenSCManagerW
CreateServiceW
OpenServiceW
ChangeServiceConfig2W
ChangeServiceConfigW
CloseServiceHandle
RegCreateKeyExW
ConvertStringSecurityDescriptorToSecurityDescriptorW
GetSecurityDescriptorDacl
SetSecurityInfo
RegSetValueExW
RegDeleteValueW
RegisterEventSourceW
ReportEventW
DeregisterEventSource
RegQueryValueExW
RegCloseKey

user32

wsprintfW

ws2_32

WSACleanup
recvfrom
sendto
WSAAddressToStringW
WSALookupServiceEnd
WSALookupServiceNextW
WSALookupServiceBeginW
WSAStartup
closesocket
WSAEventSelect
bind
setsockopt
WSAGetLastError
socket
htons

netapi32

NetLogonSetServiceBits
I_NetlogonComputeClientDigest
I_NetlogonComputeServerDigest
DsGetSiteNameW
NetLogonGetTimeServiceParentDomain
DsGetDcNameW
DsRoleFreeMemory
DsRoleGetPrimaryDomainInformation
I_NetlogonGetTrustRid
NetApiBufferFree

rpcrt4

RpcMgmtInqServerPrincNameW
RpcBindingFree
NdrClientCall2
RpcBindingFromStringBindingW
RpcServerInqDefaultPrincNameW
RpcBindingSetAuthInfoW
NdrServerCall2
RpcServerUnregisterIf
RpcRevertToSelf
RpcImpersonateClient
RpcStringFreeW
RpcServerRegisterAuthInfoW
RpcServerUseProtseqEpW
RpcServerRegisterIfEx
RpcStringBindingComposeW

iphlpapi

GetIpAddrTable
NotifyAddrChange

userenv

RegisterGPNotification
UnregisterGPNotification

secur32

LsaRegisterPolicyChangeNotification
LsaUnregisterPolicyChangeNotification

Exports

Exports

DllInstall
DllRegisterServer
DllUnregisterServer
SvchostEntry_W32Time
SvchostPushServiceGlobals
TimeProvClose
TimeProvCommand
TimeProvOpen
W32TimeBufferFree
W32TimeDcPromo
W32TimeGetNetlogonServiceBits
W32TimeQueryConfig
W32TimeQueryHardwareProviderStatus
W32TimeQueryNTPProviderStatus
W32TimeSetConfig
W32TimeSyncNow
W32TimeVerifyJoinConfig
W32TimeVerifyUnjoinConfig
W32TmServiceMain
fnW32TmRegisterServiceCtrlHandlerEx
fnW32TmSetServiceStatus

Sections

.text
Size: 184KB - Virtual size: 184KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 32KB - Virtual size: 32KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 10KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

6625b9a31dc503f9b01a7fce0cb83bbc

Headers

File Characteristics

PDB Paths

Imports

msvcrt

msvcp60

ntdll

kernel32

advapi32

user32

ws2_32

netapi32

rpcrt4

iphlpapi

userenv

secur32

Exports

Exports

Sections

.text Size: 184KB - Virtual size: 184KB

.data Size: 3KB - Virtual size: 3KB

.rsrc Size: 32KB - Virtual size: 32KB

.reloc Size: 10KB - Virtual size: 9KB

.text
Size: 184KB - Virtual size: 184KB

.data
Size: 3KB - Virtual size: 3KB

.rsrc
Size: 32KB - Virtual size: 32KB

.reloc
Size: 10KB - Virtual size: 9KB