5b68d93f21d6b07ac727cb0b813615a547cbb929f9e36147f5ce9eeddbde4e98N

Sharing

Copy URL

Twitter E-mail

General

Target

5b68d93f21d6b07ac727cb0b813615a547cbb929f9e36147f5ce9eeddbde4e98N
Size

1.5MB
MD5

6603274198c7489c05e99f9c05e92500
SHA1

6f55c0aefca08578aff195c5d586fd3d8d331322
SHA256

5b68d93f21d6b07ac727cb0b813615a547cbb929f9e36147f5ce9eeddbde4e98
SHA512

9c5c3c71095385c2c788f819fd0d702e1c9d25675a1390ae861626e578f03420f4914039103ca4acd015ad1a9b9b1e0fd171182109a061ddcf5128358fc890da
SSDEEP

1536:T41cZju4JK44HL+4e5+juGGBkEhAOlAvT5TLeTz+CTD7RXZsXRUPaIn3R+:T41cZjLgNSJbOL5HM+YD7RJsXRWn3Y

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

Processes:

resource
5b68d93f21d6b07ac727cb0b813615a547cbb929f9e36147f5ce9eeddbde4e98N

Files

5b68d93f21d6b07ac727cb0b813615a547cbb929f9e36147f5ce9eeddbde4e98N
.exe windows:5 windows x86 arch:x86

03f2b64809f9b593110d7e9f2e36992a

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

c:\Users\DriverDEV\Desktop\GBL3_0426\GDI Driver\Sample\Projects\VS9\Status Monitor GUI\Win32\Release\mtstmon.pdb

Imports

ws2_32

connect
closesocket
shutdown
WSACleanup
WSAStartup
send
recv
inet_addr
htons
socket

setupapi

SetupDiGetDeviceRegistryPropertyA
SetupDiEnumDeviceInfo
SetupDiGetClassDevsA
SetupDiDestroyDeviceInfoList
SetupDiGetDeviceInterfaceDetailA
SetupDiEnumDeviceInterfaces

kernel32

SetFilePointer
FlushFileBuffers
GetConsoleMode
GetConsoleCP
SetStdHandle
InitializeCriticalSectionAndSpinCount
GetLocaleInfoA
GetStringTypeW
GetStringTypeA
LCMapStringW
MultiByteToWideChar
LCMapStringA
GetSystemTimeAsFileTime
GetCurrentProcessId
ReleaseMutex
TerminateThread
GetExitCodeThread
GetStartupInfoA
CreateThread
CreateEventA
GetModuleFileNameA
lstrcpyA
GetLastError
CreateMutexA
lstrlenA
Sleep
WaitForSingleObject
GetModuleHandleA
GetProcAddress
lstrcatA
HeapFree
HeapAlloc
GetProcessHeap
GetVersionExA
SetEvent
GetTickCount
CloseHandle
lstrcmpiA
LocalAlloc
SetLastError
CreateFileA
DeviceIoControl
ReadFile
WriteFile
QueryPerformanceCounter
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsA
ExitProcess
RtlUnwind
GetFileType
GetStdHandle
SetHandleCount
VirtualAlloc
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
VirtualFree
HeapCreate
TlsFree
TlsSetValue
TlsAlloc
TlsGetValue
GetModuleHandleW
IsValidCodePage
GetOEMCP
GetACP
LoadLibraryA
InterlockedDecrement
InterlockedIncrement
GetCPInfo
IsDebuggerPresent
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetCurrentProcess
HeapSize
LocalFree
GetCommandLineA
GetCurrentThreadId
HeapReAlloc
WideCharToMultiByte
TerminateProcess

user32

LoadStringW
SetDlgItemTextW
SetForegroundWindow
PostQuitMessage
CreatePopupMenu
GetCursorPos
SetFocus
SendMessageA
wsprintfA
DestroyMenu
SetDlgItemTextA
SendDlgItemMessageA
GetDlgItem
LoadImageA
DestroyIcon
LoadStringA
CreateDialogParamA
ShowWindow
SetWindowTextA
LoadIconA
GetMessageA
TranslateMessage
DispatchMessageA
IsDialogMessageA
CharUpperA
TrackPopupMenu
InsertMenuA

gdi32

DeleteObject

winspool.drv

OpenPrinterA
GetPrinterA
ClosePrinter

advapi32

RegCloseKey
RegQueryValueExA
RegOpenKeyExA
RegCreateKeyA

shell32

Shell_NotifyIconA

ole32

StringFromGUID2

iphlpapi

IcmpCreateFile
IcmpCloseHandle
Icmp6SendEcho2
IcmpSendEcho
Icmp6CreateFile

Sections

.text
Size: 51KB - Virtual size: 51KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 11KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1.5MB - Virtual size: 1.5MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 9KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.zero
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

03f2b64809f9b593110d7e9f2e36992a

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

ws2_32

setupapi

kernel32

user32

gdi32

winspool.drv

advapi32

shell32

ole32

iphlpapi

Sections

.text Size: 51KB - Virtual size: 51KB

.rdata Size: 11KB - Virtual size: 11KB

.data Size: 4KB - Virtual size: 11KB

.rsrc Size: 1.5MB - Virtual size: 1.5MB

.reloc Size: 9KB - Virtual size: 9KB

.zero Size: 4KB - Virtual size: 3KB

.text
Size: 51KB - Virtual size: 51KB

.rdata
Size: 11KB - Virtual size: 11KB

.data
Size: 4KB - Virtual size: 11KB

.rsrc
Size: 1.5MB - Virtual size: 1.5MB

.reloc
Size: 9KB - Virtual size: 9KB

.zero
Size: 4KB - Virtual size: 3KB