7249fb8ee84e84a7681161856b2f550b1eecf4823b0056fa25e0d236e79855c7N

Sharing

Copy URL Twitter E-mail

General

Target

7249fb8ee84e84a7681161856b2f550b1eecf4823b0056fa25e0d236e79855c7N
Size

832KB
MD5

203bdb89ce494a97a5c43990782d04d0
SHA1

ff884841dd68a20379fc253de4effd40562f9a87
SHA256

7249fb8ee84e84a7681161856b2f550b1eecf4823b0056fa25e0d236e79855c7
SHA512

f9527c06cf1105a4f94e8c3ec7fb14f5d37e43d6724f049eccbaafbb3b320e7bf84ca66ef450051758a74d229fca7a544b11d2665dd6fde004dc9f9b4850b774
SSDEEP

24576:1XPx31aMqUtlZNFv4kfY02zMMAsqoA4uOO:pPx3XtNFLf6zMM1m4uD

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
7249fb8ee84e84a7681161856b2f550b1eecf4823b0056fa25e0d236e79855c7N

Files

7249fb8ee84e84a7681161856b2f550b1eecf4823b0056fa25e0d236e79855c7N
.exe windows:5 windows x86 arch:x86

5d5c1ffebee8ffe3f18a9ab4389f4df1

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

esent

JetBeginExternalBackup
JetDBUtilities
JetOpenTempTable2
JetRollback@8
JetUnregisterCallback
JetIdle
JetCreateInstance2
JetGetTableColumnInfo
JetGetDatabaseFileInfo
JetGetLogInfoInstance
JetGotoBookmark
JetMove
JetDelete@8
JetCreateTableColumnIndex
JetEscrowUpdate
JetResetCounter
JetSnapshotStart
JetPrepareUpdate@12
JetGetCounter
JetGotoSecondaryIndexBookmark
JetIntersectIndexes
JetRetrieveColumn@32
JetOpenTable
JetDeleteColumn
JetCreateTable
JetAttachDatabase
JetRestoreInstance
JetEndExternalBackupInstance
JetRetrieveColumn
JetSetColumn
JetDeleteColumn2
JetCloseTable
JetSetCurrentIndex2
JetDelete
JetBeginTransaction2
JetGetLS
JetStopService
JetSnapshotStop
JetCreateDatabase2
JetAddColumn
JetGetTableInfo
JetEndExternalBackupInstance2
JetOpenTempTable3

msvcrt

_umask
_inpd
_wcstoui64
abort
exit
_commit
_ismbstrail
strchr
wcstod
__getmainargs
__p__commode
__set_app_type
__crtGetLocaleInfoW
$I10_OUTPUT
_access
iswascii
_adj_fdiv_r

kernel32

RemoveDirectoryW
GetConsoleScreenBufferInfo
BackupRead
lstrcatA
GetLastError
LoadLibraryW
LZOpenFileW
LZStart
GetPrivateProfileStructA
SetConsoleInputExeNameW
GetTempFileNameW
PeekNamedPipe
PulseEvent
FindFirstFileW
HeapAlloc
GetUserGeoID
FormatMessageW
GetNamedPipeInfo
FindNextFileA
HeapCreate
_lclose
GetOEMCP
DelayLoadFailureHook

ntdll

ZwAccessCheckByTypeResultListAndAuditAlarm
CsrCaptureTimeout
wcsspn
ZwSetInformationProcess
NtSaveKey
ZwQueryDefaultUILanguage
ZwQueryOpenSubKeys
NtSetInformationDebugObject
ZwDuplicateToken
RtlSetLastWin32ErrorAndNtStatusFromNtStatus
RtlIpv6StringToAddressA
ZwCancelIoFile
ZwListenPort
ZwCreateTimer
NtOpenTimer
ZwQuerySemaphore
RtlMapSecurityErrorToNtStatus
RtlPushFrame
NtCreateIoCompletion
RtlReAllocateHeap
_wcslwr
toupper
RtlRandomEx
NtDebugActiveProcess
_wtoi
ZwSetInformationObject
RtlTimeToTimeFields
RtlpNtMakeTemporaryKey
RtlGetNtGlobalFlags
ZwOpenThread
strcmp
NtContinue
RtlDecompressFragment
ZwInitiatePowerAction
RtlIpv4StringToAddressA
LdrFlushAlternateResourceModules
NtOpenEvent
RtlConsoleMultiByteToUnicodeN
NtRemoveProcessDebug
ZwSetThreadExecutionState
RtlApplyRXactNoFlush
RtlDeactivateActivationContext
NtGetWriteWatch

crypt32

I_CryptAddSmartCardCertToStore
I_CryptUnregisterSmartCardStore
CryptEnumKeyIdentifierProperties
CertFreeCertificateChainEngine
I_CryptGetDefaultCryptProv
CertControlStore
CryptGetKeyIdentifierProperty
CertFreeCertificateContext
CryptGetOIDFunctionAddress
CryptSIPLoad
CertFreeCRLContext
CertFindCertificateInStore
CryptDecryptMessage
CryptMsgGetAndVerifySigner
RegEnumValueU
CertFreeCTLContext
CryptSignHashU
CertFindSubjectInCTL
CryptStringToBinaryA
CertStrToNameW
CryptMsgVerifyCountersignatureEncoded

user32

RegisterClassW
PostQuitMessage
DefWindowProcW

Sections

.text
Size: 361KB - Virtual size: 361KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 130KB - Virtual size: 130KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 173KB - Virtual size: 1.6MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 164KB - Virtual size: 164KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 820B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

5d5c1ffebee8ffe3f18a9ab4389f4df1

Headers

DLL Characteristics

File Characteristics

Imports

esent

msvcrt

kernel32

ntdll

crypt32

user32

Sections

.text Size: 361KB - Virtual size: 361KB

.rdata Size: 130KB - Virtual size: 130KB

.data Size: 173KB - Virtual size: 1.6MB

.rsrc Size: 164KB - Virtual size: 164KB

.reloc Size: 1024B - Virtual size: 820B

.text
Size: 361KB - Virtual size: 361KB

.rdata
Size: 130KB - Virtual size: 130KB

.data
Size: 173KB - Virtual size: 1.6MB

.rsrc
Size: 164KB - Virtual size: 164KB

.reloc
Size: 1024B - Virtual size: 820B