05dcfc1bc385eea2356f1f2d8574740b5570f455226f9926487753a862ec4a36N

Sharing

Copy URL Twitter E-mail

General

Target

05dcfc1bc385eea2356f1f2d8574740b5570f455226f9926487753a862ec4a36N
Size

72KB
MD5

18edff924bd8c699b79b2e9720955970
SHA1

32748b76b2e7ae5728d33162d0b4155215006c5d
SHA256

05dcfc1bc385eea2356f1f2d8574740b5570f455226f9926487753a862ec4a36
SHA512

9deae51da70133d40db987cd11322f02de4e65a2c87220c39969ddb42dfcbb65b14530cce381f91e85f799bcad6fc72a62a0fe84722888d891899d0846b6cb99
SSDEEP

1536:NyAXivhJyLHSXuyTBN2Hc6zpc5mYxhhLrAffgA2U8TYQmCHT:sDJSyeyT6HFOHxDLrAnr2U2T

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
05dcfc1bc385eea2356f1f2d8574740b5570f455226f9926487753a862ec4a36N

Files

05dcfc1bc385eea2356f1f2d8574740b5570f455226f9926487753a862ec4a36N
.exe windows:6 windows x86 arch:x86

b1f584304d1c7f2899a954905d8318c7

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

net.pdb

Imports

advapi32

RegQueryValueExW
RegOpenKeyExW
RegSetValueExW
RegCreateKeyExW
RegCloseKey

kernel32

SetThreadUILanguage
GetCPInfo
GetConsoleOutputCP
GetLastError
HeapSetInformation
GetExitCodeProcess
WaitForSingleObject
CloseHandle
CreateProcessW
GetSystemDirectoryW
GetDriveTypeW
DelayLoadFailureHook
GetProcAddress
FreeLibrary
InterlockedCompareExchange
GetStdHandle
WriteFile
FormatMessageW
LocalFree
SetLastError
GetModuleFileNameW
PeekConsoleInputW
GetConsoleMode
SetConsoleMode
ReadConsoleW
GetFileType
UnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
GetSystemTimeAsFileTime
GetCurrentProcessId
GetCurrentThreadId
GetTickCount
QueryPerformanceCounter
GetModuleHandleA
SetUnhandledExceptionFilter
Sleep
InterlockedExchange
GetCommandLineW
LoadLibraryExA
WriteConsoleW
LoadLibraryW
GetConsoleScreenBufferInfo
LocalAlloc
WideCharToMultiByte

msvcrt

_vsnwprintf_s
free
putchar
__setusermatherr
_amsg_exit
_initterm
__p__commode
_snwprintf_s
_local_unwind4
wcstok
_wcsdup
wcsncat_s
calloc
wcscspn
wcsspn
__set_app_type
__p__fmode
_except_handler4_common
?terminate@@YAXXZ
memmove
_XcptFilter
_exit
_cexit
__getmainargs
wcsrchr
wcsncpy_s
wcsncmp
qsort
_ultow
wcspbrk
iswctype
_wcsupr
_wcsicmp
wcschr
wcscpy_s
wcscat_s
exit
sprintf_s
setlocale
_wcsnicmp
memset
_iob
_fileno
_setmode
_controlfp
malloc

netutils

NetpwNameValidate
NetApiBufferReallocate
NetApiBufferAllocate
NetapipBufferAllocate
NetpwPathType
NetApiBufferFree

browcli

NetServerEnum

samcli

NetUserGetInfo

srvcli

NetShareEnum
NetServerGetInfo

wkscli

NetUseGetInfo
NetWkstaUserGetInfo
NetWkstaGetInfo
NetUseEnum

mpr

WNetEnumResourceW
WNetAddConnection2W
WNetCancelConnection2W
WNetGetLastErrorW
WNetGetConnectionW
WNetOpenEnumW
WNetCloseEnum

iphlpapi

GetCurrentThreadCompartmentId

ntdll

RtlAllocateHeap

Sections

.text
Size: 31KB - Virtual size: 31KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 7KB - Virtual size: 49KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 30KB - Virtual size: 31KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

b1f584304d1c7f2899a954905d8318c7

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

advapi32

kernel32

msvcrt

netutils

browcli

samcli

srvcli

wkscli

mpr

iphlpapi

ntdll

Sections

.text Size: 31KB - Virtual size: 31KB

.data Size: 7KB - Virtual size: 49KB

.rsrc Size: 2KB - Virtual size: 1KB

.reloc Size: 30KB - Virtual size: 31KB

.text
Size: 31KB - Virtual size: 31KB

.data
Size: 7KB - Virtual size: 49KB

.rsrc
Size: 2KB - Virtual size: 1KB

.reloc
Size: 30KB - Virtual size: 31KB