3dce0aed60715009bc0eddf92fa13a27aace564035743626ba4cd5f64848485eN

Sharing

Copy URL Twitter E-mail

General

Target

3dce0aed60715009bc0eddf92fa13a27aace564035743626ba4cd5f64848485eN
Size

896KB
MD5

185288521d3ddc2f2ca3cc82890c4730
SHA1

da7b7fc580dc522210ab981bec4715a7339874d8
SHA256

3dce0aed60715009bc0eddf92fa13a27aace564035743626ba4cd5f64848485e
SHA512

6b292afb31cab0b85dec67b4d77c68e5526cd10e096bb62fecf54e7e9385128b1ba2b9b15f26443210090ed0789747621ff666696d435fa6c5da3b514c5320b1
SSDEEP

24576:n8/uBJyGUyj5Hro1nVaRYmwJfXhuMkDzIEYOKt:8rVyj501VMYmCQXYPt

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
3dce0aed60715009bc0eddf92fa13a27aace564035743626ba4cd5f64848485eN

Files

3dce0aed60715009bc0eddf92fa13a27aace564035743626ba4cd5f64848485eN
.exe windows:4 windows x86 arch:x86

25db35830e84bab31f434a965123754d

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED

Imports

advapi32

WmiNotificationRegistrationW
StartServiceCtrlDispatcherW
GetTraceEnableLevel
RegQueryMultipleValuesW
GetTokenInformation
AddAuditAccessAce
RegOpenKeyW
AbortSystemShutdownA
GetKernelObjectSecurity
InitializeSid
InitializeAcl
GetSidLengthRequired
GetSecurityDescriptorOwner
RegNotifyChangeKeyValue
GetServiceDisplayNameA
InitializeSecurityDescriptor
SetPrivateObjectSecurity
GetSidIdentifierAuthority
CryptHashData
GetWindowsAccountDomainSid
LookupAccountSidA

mpr

WNetAddConnection2W
WNetEnumResourceA
WNetGetUniversalNameW
WNetGetConnectionW
WNetCloseEnum
WNetCancelConnection2W
WNetGetProviderNameW
WNetOpenEnumA
WNetOpenEnumW
WNetGetUserA
WNetGetUserW
WNetEnumResourceW

msvcrt

getchar
_stat
_XcptFilter
_i64toa
_mbsupr
wcstok
_sopen
_wrename
__getmainargs
_locking
_endthread
_memicmp
strlen
sqrt
_wsystem
_itoa
_set_error_mode
islower
wcspbrk
isspace
__badioinfo
__p__environ
strcat
__p__commode

secur32

LsaLogonUser
LsaRegisterLogonProcess
LsaConnectUntrusted
FreeCredentialsHandle
LsaCallAuthenticationPackage
GetUserNameExW
EncryptMessage
LsaFreeReturnBuffer
EnumerateSecurityPackagesW
InitializeSecurityContextW
GetComputerObjectNameW
AcceptSecurityContext
QuerySecurityPackageInfoW
AcquireCredentialsHandleW
DeleteSecurityContext
LsaDeregisterLogonProcess
LsaGetLogonSessionData
DecryptMessage
ApplyControlToken
QueryContextAttributesW
TranslateNameW
LsaLookupAuthenticationPackage
InitSecurityInterfaceW
QuerySecurityContextToken
LsaUnregisterPolicyChangeNotification
LsaRegisterPolicyChangeNotification

crypt32

CertResyncCertificateChainEngine

winspool.drv

DeletePrinterConnectionW
EnumPortsA
EnumPrintersW
EnumPrintersA
SetPrinterW
OpenPrinterW
AbortPrinter
GetPrinterA
EndPagePrinter
WritePrinter
SetPrinterDataW
GetPrinterDriverA
EnumPortsW

userenv

LoadUserProfileW
GetAppliedGPOListW
FreeGPOListW
GetUserProfileDirectoryW
UnregisterGPNotification
GetUserProfileDirectoryA
GetProfileType
DeleteProfileW
RsopResetPolicySettingStatus
UnloadUserProfile
ProcessGroupPolicyCompletedEx
RegisterGPNotification
RsopSetPolicySettingStatus
EnterCriticalPolicySection
CreateEnvironmentBlock
ExpandEnvironmentStringsForUserW
LeaveCriticalPolicySection
RefreshPolicy
GetAllUsersProfileDirectoryW
GetDefaultUserProfileDirectoryW
GetProfilesDirectoryW
DestroyEnvironmentBlock
ForceSyncFgPolicy
ProcessGroupPolicyCompleted

netapi32

DsGetDcNameW
NetGroupDelUser
NetAlertRaiseEx
NetUserModalsSet
I_NetServerReqChallenge
DsRoleFreeMemory
NetUnjoinDomain
NetUserSetInfo
NetApiBufferFree
NetWkstaGetInfo
NetWkstaTransportEnum
NetRegisterDomainNameChangeNotification
NetShareDel
DsRoleGetPrimaryDomainInformation
I_NetServerAuthenticate
NetUseGetInfo
NetUserGetLocalGroups
NetRemoteTOD
NetServiceInstall
NetServiceEnum
NetServerGetInfo
NetGetAnyDCName
NetGroupDel
NetServerEnum
Netbios

kernel32

ContinueDebugEvent
IsProcessorFeaturePresent
CloseProfileUserMapping
CreateSemaphoreW
ShowConsoleCursor
MapUserPhysicalPagesScatter
DeleteFileA
FindResourceW
GetProcessPriorityBoost
ResetEvent
CreateFileW
GetLongPathNameW
SystemTimeToTzSpecificLocalTime
SetHandleInformation
SetFileAttributesA
PrepareTape
Module32NextW
GetStringTypeW
SignalObjectAndWait
GlobalFindAtomW
EnumResourceNamesW
GetSystemDefaultLangID
GetCommModemStatus
BackupWrite
VirtualUnlock
WriteConsoleInputW
GetEnvironmentStringsA
GetCompressedFileSizeW
GetDriveTypeA
OpenWaitableTimerA
EnumResourceLanguagesW
GetOEMCP
DeleteAtom
lstrcatW
CancelIo
VirtualAlloc
OpenFileMappingA
GetConsoleCP
GetBinaryTypeW
GetModuleHandleA

Sections

.text
Size: 69KB - Virtual size: 516KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 172KB - Virtual size: 261KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.edata
Size: 374KB - Virtual size: 557KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 118KB - Virtual size: 291KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 160KB - Virtual size: 159KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 492B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

25db35830e84bab31f434a965123754d

Headers

DLL Characteristics

File Characteristics

Imports

advapi32

mpr

msvcrt

secur32

crypt32

winspool.drv

userenv

netapi32

kernel32

Sections

.text Size: 69KB - Virtual size: 516KB

.rdata Size: 172KB - Virtual size: 261KB

.edata Size: 374KB - Virtual size: 557KB

.rdata Size: 118KB - Virtual size: 291KB

.rsrc Size: 160KB - Virtual size: 159KB

.reloc Size: 512B - Virtual size: 492B

.text
Size: 69KB - Virtual size: 516KB

.rdata
Size: 172KB - Virtual size: 261KB

.edata
Size: 374KB - Virtual size: 557KB

.rdata
Size: 118KB - Virtual size: 291KB

.rsrc
Size: 160KB - Virtual size: 159KB

.reloc
Size: 512B - Virtual size: 492B