702a6b57651b5833ef005ea2e12cbbd7cfcf77b8ed7758003d92a9736cd11c82N

Sharing

Copy URL

Twitter E-mail

General

Target

702a6b57651b5833ef005ea2e12cbbd7cfcf77b8ed7758003d92a9736cd11c82N
Size

827KB
MD5

fde824a553973145aacb62813ceb47a0
SHA1

1bf96e104c48f41c3f9452dfe30123183a45bcdc
SHA256

702a6b57651b5833ef005ea2e12cbbd7cfcf77b8ed7758003d92a9736cd11c82
SHA512

37634d113d052ab6cf63835d1aef16df9b85b295e8c80d690dc8bcd2d680d00cadc42f5b406523d5c6575aeaf22b94c607566fe2c810ac7fe9a5d49b0fbe3b3b
SSDEEP

24576:S5YEhgLaza0DUg4TbXvF3C+kz+iwz3jt0OqBWCN:ScLazaiUrlyjC/jtuW

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
702a6b57651b5833ef005ea2e12cbbd7cfcf77b8ed7758003d92a9736cd11c82N

Files

702a6b57651b5833ef005ea2e12cbbd7cfcf77b8ed7758003d92a9736cd11c82N
.exe windows:5 windows x86 arch:x86

575c24763d949e54f04af1b966c8722d

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

ntdll

RtlCompareUnicodeString
_aulldiv
ZwQueryIntervalProfile
NtSetHighWaitLowEventPair
RtlAreAllAccessesGranted
strlen
RtlZeroMemory
NtWaitHighEventPair
ZwNotifyChangeDirectoryFile
RtlStringFromGUID
RtlFindNextForwardRunClear
LdrAccessResource
CsrCaptureTimeout
NtTerminateThread
NtCompressKey
_stricmp
_itoa
_ltoa
NtCreateThread
NtWaitForMultipleObjects
DbgUiGetThreadDebugObject
RtlGetElementGenericTable
NtCreateToken
RtlPcToFileHeader
ZwGetDevicePowerState
RtlLookupAtomInAtomTable
RtlCreateProcessParameters
RtlActivateActivationContextEx
RtlFirstEntrySList
NtSaveMergedKeys
ZwDeleteAtom
RtlLockHeap
ZwResumeThread
ZwOpenObjectAuditAlarm
NtSetVolumeInformationFile
vDbgPrintExWithPrefix
NtUnlockVirtualMemory
RtlAddActionToRXact

printui

vDocumentDefaults
DllGetClassObject
vPrinterPropPages
PnPInterface
ConnectToPrinterDlg
ShowErrorMessageSC
bFolderGetPrinter
PrintNotifyTray_Exit
bFolderEnumPrinters
DllCanUnloadNow
DocumentPropertiesWrap
bFolderRefresh
DllMain
PrinterPropPageProvider
PrintNotifyTray_Init
ConstructPrinterFriendlyName
RegisterPrintNotify
ShowErrorMessageHR
bPrinterSetup
PrintUIEntryW
vServerPropPages
UnregisterPrintNotify
vQueueCreate

kernel32

SetEnvironmentVariableW
FlushViewOfFile
GetLongPathNameA
FreeResource
TlsGetValue
FindVolumeClose
SetComputerNameExA
QueryPerformanceCounter
BaseUpdateAppcompatCache
ScrollConsoleScreenBufferW
GetStringTypeW
WriteConsoleOutputCharacterA
GetSystemTimeAsFileTime
Beep
CancelDeviceWakeupRequest
WriteConsoleInputVDMW
EnumSystemGeoID
SetConsoleOS2OemFormat
VirtualAlloc
GetCurrentProcessId
GetPriorityClass
HeapLock
FindResourceExA
LoadLibraryExA
_lread
PrepareTape
FindFirstFileExA
GlobalReAlloc
SetConsoleIcon
MoveFileExW
RequestDeviceWakeup
LoadLibraryA
SetFileApisToOEM
EnumDateFormatsExW
HeapReAlloc
GetCompressedFileSizeW
SetCommMask
ActivateActCtx
HeapSetInformation
WriteConsoleOutputAttribute
WriteFileGather

wldap32

ldap_get_next_page
ldap_modrdn2W
ldap_bind
ldap_bindW
ldap_add_sA
ldap_search_ext_sW
ber_printf
ldap_modify_ext_sW
ldap_connect
ldap_memfreeW
LdapMapErrorToWin32
LdapUnicodeToUTF8
ldap_parse_page_control
ldap_start_tls_sW
ber_skip_tag
ldap_err2stringA
ldap_extended_operation_sA
ldap_ufn2dnA
ldap_controls_freeW
ldap_init
ldap_first_attributeW
ldap_add_ext_sW
ldap_parse_vlv_controlA
ldap_delete_ext
ldap_extended_operation
ldap_create_page_controlW
ldap_free_controls
ldap_simple_bindA
ldap_search_ext
ldap_modrdn2A
ldap_rename_extW
ldap_parse_referenceW
ldap_search_s
ldap_get_values_lenA
ldap_compare_sA
ldap_control_freeW
ber_bvecfree

odbc32

SQLStatisticsW
SQLGetDiagField
SQLColAttributeA
SQLProcedureColumns
SQLExecDirect
SQLColumnPrivilegesW
SQLProceduresA
SQLGetDiagFieldA
SQLRowCount
SearchStatusCode
SQLGetConnectOptionW
OpenODBCPerfData
GetODBCSharedData
SQLGetData
SQLBindParameter
SQLDisconnect
SQLAllocHandle
ODBCInternalConnectW
SQLForeignKeys
SQLPrimaryKeysW
SQLProcedureColumnsW
ODBCSetTryWaitValue
SQLSetCursorNameW
SQLNativeSqlA
SQLGetConnectAttrW
CollectODBCPerfData
SQLSetStmtAttrA
SQLNumParams
SQLSetStmtOption
SQLForeignKeysA
SQLBrowseConnectA
SQLGetDiagRec
SQLGetConnectOptionA
SQLForeignKeysW
SQLGetDescFieldW
SQLNativeSqlW

msvcrt

_getws
_local_unwind2
clearerr
putwchar
??_U@YAPAXI@Z
_CIlog10
_cexit
_assert
_strdate
isdigit
_tell
??_7bad_cast@@6B@
_wexecle
_mbsupr
__lconv_init
___lc_handle_func
_winminor
_fgetwchar
wcscat
vfprintf
_mbsnbcoll
_mbsncpy
_wgetdcwd
_vscwprintf
exit
??0bad_typeid@@QAE@PBD@Z
strtol
__p__pctype
_rmdir
_rotl
__lc_collate_cp
??3@YAXPAX@Z
__set_app_type
__CxxUnregisterExceptionObject
isxdigit
iswctype
labs
fsetpos
__p__commode
fclose
_mbsspn
_hypot
_heapchk
malloc
modf
_chsize
_ismbbgraph
fwrite

Sections

.text
Size: 122KB - Virtual size: 121KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 108KB - Virtual size: 108KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 588KB - Virtual size: 1.9MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 7KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 452B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

575c24763d949e54f04af1b966c8722d

Headers

DLL Characteristics

File Characteristics

Imports

ntdll

printui

kernel32

wldap32

odbc32

msvcrt

Sections

.text Size: 122KB - Virtual size: 121KB

.rdata Size: 108KB - Virtual size: 108KB

.data Size: 588KB - Virtual size: 1.9MB

.rsrc Size: 7KB - Virtual size: 6KB

.reloc Size: 512B - Virtual size: 452B

.text
Size: 122KB - Virtual size: 121KB

.rdata
Size: 108KB - Virtual size: 108KB

.data
Size: 588KB - Virtual size: 1.9MB

.rsrc
Size: 7KB - Virtual size: 6KB

.reloc
Size: 512B - Virtual size: 452B