da2b284b7fb96e5c6b4a19948e9ef90af8a49f2ec5dce366089dec2dbee9d91aN

Sharing

Copy URL Twitter E-mail

General

Target

da2b284b7fb96e5c6b4a19948e9ef90af8a49f2ec5dce366089dec2dbee9d91aN
Size

832KB
MD5

1de214b43946a7c1c4694efe95196be0
SHA1

33b4e430a122bcf6b225e710a0853ed9b1030a29
SHA256

da2b284b7fb96e5c6b4a19948e9ef90af8a49f2ec5dce366089dec2dbee9d91a
SHA512

05c0d15779aaedd9f4c4592714b0376a3ad5addf9e0f5ab1b5fd6c2e5a758b99c74392e25514cbfb11b696857f1d1b8b5052f75f6155588521b1aced66d4e6e9
SSDEEP

24576:yMFu7Qp3y+Y0VOm584zfDcz7Xl5wO2GEDVyGgyFlrUP:TGQpzY0lzSbwHpDUGgy/gP

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
da2b284b7fb96e5c6b4a19948e9ef90af8a49f2ec5dce366089dec2dbee9d91aN

Files

da2b284b7fb96e5c6b4a19948e9ef90af8a49f2ec5dce366089dec2dbee9d91aN
.exe windows:5 windows x86 arch:x86

2db018b41c94fa8aa4f77f5cf66085a5

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

BackupWrite
CreateMutexW
OpenSemaphoreA
SetTapeParameters
WriteProfileStringA
LoadLibraryExW
GetVersionExA
GetConsoleDisplayMode
CreateFileW
OpenMutexW
FindNextFileA
GetConsoleCP
IsSystemResumeAutomatic
ReadConsoleOutputAttribute
InterlockedExchangeAdd
GetShortPathNameA
ConvertFiberToThread
IsBadWritePtr
GetSystemWow64DirectoryA
GetNamedPipeInfo
OutputDebugStringW
CreateWaitableTimerA
FatalAppExitA
HeapSize
GetCurrentActCtx
GetOEMCP
GetConsoleTitleA
GlobalDeleteAtom
RegisterWaitForSingleObjectEx
WriteFileEx
SetTimerQueueTimer
GlobalFlags
EnumResourceLanguagesW
GetConsoleAliasExesW
GetFirmwareEnvironmentVariableW
RemoveLocalAlternateComputerNameA
HeapCreate
lstrcmpi
SetLocaleInfoA
CancelIo
WriteProfileSectionW
EnumSystemLocalesA
SetNamedPipeHandleState
GetShortPathNameW
RemoveDirectoryW
CallNamedPipeW
HeapLock
GetPrivateProfileSectionNamesA
LZRead
GetThreadSelectorEntry
LoadLibraryExA
LoadLibraryW
GetDateFormatW

regapi

RegWinStationAccessCheck
RegWinStationQueryW
RegGetTServerVersion
RegIsMachinePolicyAllowHelp
RegCdDeleteA
RegOpenServerW
RegGetUserPolicy
RegWinStationEnumerateW
RegDenyTSConnectionsPolicy
RegWinStationQuerySecurityA
RegWinStationSetSecurityW
RegWinStationQueryValueW
RegWdEnumerateA
RegBuildNumberQuery
RegDefaultUserConfigQueryW
RegWinStationQueryNumValueW
RegWinStationCreateW
RegQueryOEMId
RegConsoleShadowQueryA
RegPdEnumerateA
RegUserConfigQuery
RegUserConfigRename
RegWinStationQuerySecurityW
RegMergeUserConfigWithUserParameters
WaitForTSConnectionsPolicyChanges
RegGetMachinePolicyEx
RegCdCreateA

oleaut32

VarDateFromStr
DllRegisterServer
SafeArrayGetIID
VarUI2FromUI8
VarDateFromCy
VarUI8FromDec
VarUI2FromCy
VarDateFromR8
VarUI4FromCy
CreateStdDispatch
VarCyFromUI8
VarBstrFromI2
VarR8Pow
SafeArrayAllocData
VariantInit
VarDecAbs
VarBoolFromI8
VarFormatNumber
VarCat
VariantCopyInd
VarBoolFromUI8
VarR8FromUI8
VarUI2FromUI4
VarUI1FromR4
VarR4FromStr
SafeArrayLock

raschap

RasCpGetInfo
RasCpEnumProtocolIds
RasEapGetInfo

Sections

.text
Size: 386KB - Virtual size: 385KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 98KB - Virtual size: 97KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 197KB - Virtual size: 1.6MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 149KB - Virtual size: 148KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 888B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

2db018b41c94fa8aa4f77f5cf66085a5

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

regapi

oleaut32

raschap

Sections

.text Size: 386KB - Virtual size: 385KB

.rdata Size: 98KB - Virtual size: 97KB

.data Size: 197KB - Virtual size: 1.6MB

.rsrc Size: 149KB - Virtual size: 148KB

.reloc Size: 1024B - Virtual size: 888B

.text
Size: 386KB - Virtual size: 385KB

.rdata
Size: 98KB - Virtual size: 97KB

.data
Size: 197KB - Virtual size: 1.6MB

.rsrc
Size: 149KB - Virtual size: 148KB

.reloc
Size: 1024B - Virtual size: 888B