99e710012393441f48f601633afc0d6178728a1f55669dbfcd1645a481ba0310

Sharing

Copy URL Twitter E-mail

General

Target

99e710012393441f48f601633afc0d6178728a1f55669dbfcd1645a481ba0310
Size

2.3MB
MD5

8afe415878df3b444a2b5e0470362b87
SHA1

596cd815c774f35e933f3c01fb63ce5145ece7ed
SHA256

99e710012393441f48f601633afc0d6178728a1f55669dbfcd1645a481ba0310
SHA512

5de28d6193949689a50174da6b05cce53fb55707e93a861ebda76a7c8e62f291400ea818bc0074da0dd70f233179d5086cbf3505d490be55be579f9851e5723b
SSDEEP

49152:z+k9Tl+Y0f81w6pw2v0JfKdFmHSiiGOPx7Nro5c:zl+1f8O6WLJfJHj07Nr3

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
99e710012393441f48f601633afc0d6178728a1f55669dbfcd1645a481ba0310

Files

99e710012393441f48f601633afc0d6178728a1f55669dbfcd1645a481ba0310
.exe windows x86

dda5663acc781275bd0d43aeb7e54d30

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

advapi32

OpenProcessToken
CreateProcessAsUserW
RegCloseKey
RegCreateKeyW
RegDeleteValueW
RegOpenKeyExW
RegSetValueExW
ChangeServiceConfig2W
CloseServiceHandle
ControlService
CreateServiceW
DeleteService
OpenSCManagerW
OpenServiceW
QueryServiceStatus
StartServiceW
RevertToSelf
EqualSid
GetLengthSid
InitializeAcl
GetAclInformation
AddAce
GetAce
AddAccessAllowedAce
InitializeSecurityDescriptor
GetSecurityDescriptorControl
SetSecurityDescriptorDacl
GetSecurityDescriptorDacl
SetFileSecurityW
GetFileSecurityW
LookupAccountNameW
RegCreateKeyExW
RegDeleteKeyW
RegQueryValueExW
RegEnumKeyW
RegOpenKeyW
CryptEnumProvidersA
CryptSignHashA
CryptDestroyHash
CryptCreateHash
CryptDecrypt
CryptExportKey
CryptGetUserKey
CryptGetProvParam
CryptSetHashParam
CryptDestroyKey
CryptReleaseContext
CryptAcquireContextA
ReportEventA
RegisterEventSourceA
DeregisterEventSource
RegQueryValueExA
RegFlushKey
DuplicateTokenEx
GetSidSubAuthorityCount
GetSidSubAuthority
SetTokenInformation
ImpersonateLoggedOnUser
LookupAccountSidW
GetTokenInformation

ole32

CoCreateInstance
CoTaskMemFree
CoInitialize
CoInitializeEx
CoUninitialize

shell32

SHGetPathFromIDListW
SHGetSpecialFolderPathW
SHGetSpecialFolderLocation
SHGetFolderPathW
ShellExecuteExW
SHChangeNotify

shlwapi

PathFileExistsW
SHDeleteKeyW
SHGetValueW
SHSetValueW
SHDeleteValueW

userenv

CreateEnvironmentBlock
DestroyEnvironmentBlock

user32

MessageBoxA
GetUserObjectInformationW
GetProcessWindowStation
PostMessageW
FindWindowW
wsprintfA
wsprintfW
LoadStringW

kernel32

GetExitCodeThread
InitializeCriticalSection
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
SetEvent
WaitForSingleObject
CreateEventW
LoadLibraryW
GetSystemDirectoryW
GetSystemWow64DirectoryW
GetCurrentProcessId
LocalAlloc
LocalFree
GetCurrentProcess
GetLastError
GetModuleHandleW
FindClose
FindFirstFileW
FindNextFileW
GetLogicalDriveStringsW
OutputDebugStringW
CopyFileW
MoveFileExW
GetLocalTime
GetModuleFileNameW
GetFileTime
SystemTimeToTzSpecificLocalTime
FileTimeToSystemTime
CreateFileW
GetVersionExW
DeviceIoControl
InitializeCriticalSectionAndSpinCount
ResetEvent
WaitForSingleObjectEx
IsProcessorFeaturePresent
IsDebuggerPresent
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetStartupInfoW
TerminateProcess
QueryPerformanceCounter
GetCurrentThreadId
GetSystemTimeAsFileTime
InitializeSListHead
GetLongPathNameW
GetExitCodeProcess
WriteFile
GetTickCount
GetTempPathW
GetFileAttributesW
GetPrivateProfileIntW
TerminateThread
CreateDirectoryW
RemoveDirectoryW
SetFileAttributesW
GlobalAlloc
GlobalFree
lstrlenW
lstrcpyW
UnmapViewOfFile
CreateProcessW
QueryDosDeviceW
DecodePointer
HeapReAlloc
HeapSize
RaiseException
GetFileSize
ReadFile
MultiByteToWideChar
WideCharToMultiByte
GetSystemInfo
GetFileAttributesExW
ReleaseMutex
CreateMutexW
GetVolumeInformationW
GetWindowsDirectoryW
FreeResource
LockResource
LoadResource
SizeofResource
FindResourceW
OutputDebugStringA
SetPriorityClass
FindFirstFileA
FindNextFileA
ExpandEnvironmentStringsA
CreateFileA
VerSetConditionMask
VerifyVersionInfoW
ReadConsoleInputA
GlobalMemoryStatus
FlushConsoleInputBuffer
SystemTimeToFileTime
GetSystemTime
CreateThread
GetPrivateProfileStringW
Process32NextW
Process32FirstW
CreateToolhelp32Snapshot
DeleteFileW
CloseHandle
Sleep
OpenProcess
GetFullPathNameW
GetCurrentDirectoryW
GetDriveTypeW
GetNativeSystemInfo
SetLastError
GetProcessHeap
HeapFree
HeapAlloc
VirtualProtect
VirtualFree
FlushViewOfFile
FreeLibraryAndExitThread
ExitThread
OpenFileMappingW
MapViewOfFile
IsBadReadPtr
LoadLibraryA
VirtualAlloc
GetProcAddress
FreeLibrary
ReadProcessMemory
WritePrivateProfileStringW
PeekNamedPipe
WaitForMultipleObjects
VerifyVersionInfoA
GetSystemDirectoryA
GetModuleHandleA
SleepEx
GetFileAttributesExA
FormatMessageA
SwitchToThread
QueryPerformanceFrequency
SetEndOfFile
FlushFileBuffers
GetConsoleCP
SetConsoleMode
SetStdHandle
SetConsoleCtrlHandler
SetEnvironmentVariableA
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineW
GetCommandLineA
GetCPInfo
GetOEMCP
IsValidCodePage
FindFirstFileExW
SetFilePointerEx
ReadConsoleW
GetConsoleMode
GetTimeZoneInformation
EnumSystemLocalesW
GetUserDefaultLCID
IsValidLocale
GetLocaleInfoW
LCMapStringW
CompareStringW
GetStringTypeW
WriteConsoleW
GetFileType
GetACP
GetStdHandle
GetModuleHandleExW
ExitProcess
LoadLibraryExW
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
EncodePointer
RtlUnwind

oleaut32

SysAllocString
SysFreeString
SysStringLen

crypt32

CertEnumCertificatesInStore
CertDuplicateCertificateContext
CertGetCertificateContextProperty
CryptQueryObject
CertGetNameStringW
CertFreeCertificateContext
CertFindCertificateInStore
CertCloseStore
CryptMsgGetParam
CryptMsgClose
CertOpenStore

psapi

GetProcessImageFileNameW
GetModuleFileNameExW
EnumProcessModules

wininet

InternetQueryOptionW
HttpQueryInfoW
InternetCloseHandle
InternetOpenW
InternetSetOptionW
InternetOpenUrlW
InternetReadFile

wldap32

ord26
ord41
ord27
ord32
ord33
ord35
ord79
ord30
ord50
ord200
ord301
ord143
ord217
ord46
ord60
ord211
ord22

ws2_32

recv
__WSAFDIsSet
send
WSAGetLastError
select
bind
gethostname
ioctlsocket
sendto
recvfrom
listen
accept
freeaddrinfo
getaddrinfo
WSACleanup
WSAStartup
WSAIoctl
setsockopt
ntohs
htons
shutdown
htonl
gethostbyname
getservbyname
getsockopt
getsockname
socket
WSASetLastError
getpeername
connect
closesocket

version

VerQueryValueW
GetFileVersionInfoW
GetFileVersionInfoSizeW

Sections

.text
Size: 1.6MB - Virtual size: 1.6MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 446KB - Virtual size: 446KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 46KB - Virtual size: 70KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 495KB - Virtual size: 494KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

dda5663acc781275bd0d43aeb7e54d30

Headers

DLL Characteristics

File Characteristics

Imports

advapi32

ole32

shell32

shlwapi

userenv

user32

kernel32

oleaut32

crypt32

psapi

wininet

wldap32

ws2_32

version

Sections

.text Size: 1.6MB - Virtual size: 1.6MB

.rdata Size: 446KB - Virtual size: 446KB

.data Size: 46KB - Virtual size: 70KB

.rsrc Size: 495KB - Virtual size: 494KB

.text
Size: 1.6MB - Virtual size: 1.6MB

.rdata
Size: 446KB - Virtual size: 446KB

.data
Size: 46KB - Virtual size: 70KB

.rsrc
Size: 495KB - Virtual size: 494KB