668b14b1100717fea42ac75cc3a6ac478f40d4426b19edb96db9f4f6fa1e6510N

Sharing

Copy URL

Twitter E-mail

General

Target

668b14b1100717fea42ac75cc3a6ac478f40d4426b19edb96db9f4f6fa1e6510N
Size

360KB
MD5

af66049ee90d62000c8dab210fe4ad00
SHA1

a8ed1650a011bbddfc41725359c5abedb831a0c1
SHA256

668b14b1100717fea42ac75cc3a6ac478f40d4426b19edb96db9f4f6fa1e6510
SHA512

120de4fb85975f7d17f45aa26ffd66f18ffbb81d10ad61f1d84fcbf1cc69219c5676a0209f0255f38de9216ec7000ab15b2236b63a8f0555d1e87bcf13195697
SSDEEP

6144:fZliAi2g9lPVAO50+vJu6idirOExWgzjlgWstdWz6vEythy2RiUObEPJX:fZ0r150OVnjsWZytc2ErWJ

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

Processes:

resource
668b14b1100717fea42ac75cc3a6ac478f40d4426b19edb96db9f4f6fa1e6510N

Files

668b14b1100717fea42ac75cc3a6ac478f40d4426b19edb96db9f4f6fa1e6510N
.dll windows:4 windows x86 arch:x86

a545763eb28e155f0cf0bddab6b70314

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

c:\Is\Running\The.pdb

Imports

kernel32

GetCurrentConsoleFont
GetVolumePathNamesForVolumeNameW
CreateJobSet
GetLogicalDrives
GetUserGeoID
IsBadWritePtr
_hread
DeleteTimerQueueTimer
EnumCalendarInfoW
LocalCompact
GetVolumeInformationW
PrepareTape
FillConsoleOutputCharacterA
FindNextVolumeA
GetPrivateProfileStringW
RegisterWaitForSingleObjectEx
Process32FirstW
ContinueDebugEvent
SetConsoleMode
GetThreadIOPendingFlag
GetLongPathNameA
CreateFiberEx
GetTimeZoneInformation
WinExec
GetSystemWow64DirectoryA
LocalSize
GetProfileStringW
GetProcessId
DnsHostnameToComputerNameA
EndUpdateResourceA
CreateDirectoryExA
GetTapeStatus
CreateFileMappingA
FindResourceExW
FindFirstFileExA
IsValidLanguageGroup
GetNamedPipeHandleStateW
GetProfileIntW
GetShortPathNameA
CreateFileA
ReplaceFileA
GetProcessShutdownParameters
GetDateFormatA
GetSystemTime
GetComputerNameW
GetSystemInfo
DefineDosDeviceW
PeekConsoleInputA
QueryInformationJobObject
CmdBatNotification
DosPathToSessionPathA
WriteConsoleInputVDMW
WriteConsoleInputVDMA
RegisterWowExec
ExpungeConsoleCommandHistoryW
GetConsoleKeyboardLayoutNameW
GetConsoleAliasesLengthA
GetConsoleCursorMode
CreateActCtxW

user32

GetClassLongW
GetFocus

netapi32

NetMessageNameGetInfo
NetAuditClear
NetSessionGetInfo
NetScheduleJobEnum
DsValidateSubnetNameW
NetWkstaSetInfo
DsDeregisterDnsHostRecordsA
DsDeregisterDnsHostRecordsW
NetLocalGroupAddMembers
NetReplExportDirSetInfo
NetLocalGroupDelMembers
NetJoinDomain
NetServerTransportAdd
NetSetPrimaryComputerName
NetMessageNameDel
RxNetAccessGetUserPerms
NetDfsGetDcAddress
NetGroupSetUsers

compstui

SetCPSUIUserData
CommonPropertySheetUIW
CommonPropertySheetUIA

cryptdll

MD5Init
CDGenerateRandomBits
CDBuildVect
CDRegisterCheckSum
CDFindCommonCSystemWithKey
CDLocateRng
CDRegisterCSystem
CDRegisterRng
MD5Final
CDLocateCheckSum
CDLocateCSystem

iashlpr

InitializeIas
MemAllocIas
ConfigureIas
AllocateAttributes
DoRequest
ShutdownIas

Exports

Exports

ComponentsThe
InfoClusterActionOf
OCMSubcomponentsBeAnd
TheMSMQACMEWorkgroupVersion
ThisWindowsWas

Sections

.text
Size: 20KB - Virtual size: 16KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 228KB - Virtual size: 227KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 100KB - Virtual size: 101KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 1000B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

a545763eb28e155f0cf0bddab6b70314

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

user32

netapi32

compstui

cryptdll

iashlpr

Exports

Exports

Sections

.text Size: 20KB - Virtual size: 16KB

.rdata Size: 228KB - Virtual size: 227KB

.data Size: 100KB - Virtual size: 101KB

.rsrc Size: 4KB - Virtual size: 1000B

.reloc Size: 4KB - Virtual size: 1KB

.text
Size: 20KB - Virtual size: 16KB

.rdata
Size: 228KB - Virtual size: 227KB

.data
Size: 100KB - Virtual size: 101KB

.rsrc
Size: 4KB - Virtual size: 1000B

.reloc
Size: 4KB - Virtual size: 1KB