a790b1752ac4a38d605b098c1d4d50aa8aeaf7a81aff8a48a57c42599c3e6790

Sharing

Copy URL Twitter E-mail

General

Target

a790b1752ac4a38d605b098c1d4d50aa8aeaf7a81aff8a48a57c42599c3e6790
Size

288KB
MD5

57d554e9523d7f87c1fa15404c5f34e2
SHA1

65b1bb85fe2f300aa4b4d241cc474cee3359fc0d
SHA256

a790b1752ac4a38d605b098c1d4d50aa8aeaf7a81aff8a48a57c42599c3e6790
SHA512

75685619d4b66aef9a0c022e8635e47a398cc451d5a6088fc1096b9b340821a56111ca3f766986b75f85d2fe581028d653e44bd638d380131980ab6ea00a8a4a
SSDEEP

6144:K7u5oUxzF2LrZcQk1tUeJpj/Ytzfbangu2+UvQ/KpmOq:K72XxzF2LtcQkL/YlzKMvQ/Kp

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
a790b1752ac4a38d605b098c1d4d50aa8aeaf7a81aff8a48a57c42599c3e6790

Files

a790b1752ac4a38d605b098c1d4d50aa8aeaf7a81aff8a48a57c42599c3e6790
.exe windows x64

1fabb982c8f0b7347f13353120eb0c82

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

advapi32

TraceMessage
GetTraceLoggerHandle
GetTraceEnableLevel
GetTraceEnableFlags
RegisterTraceGuidsW
UnregisterTraceGuids
ConvertStringSecurityDescriptorToSecurityDescriptorW
RegOpenKeyExW
CloseTrace
InitiateShutdownW
OpenSCManagerW
OpenServiceW
ControlService
OpenProcessToken
RegCloseKey
CloseServiceHandle
CreateWellKnownSid
CheckTokenMembership
LookupPrivilegeValueW
AdjustTokenPrivileges
StartTraceW
EnableTrace
GetTokenInformation
RegQueryValueExW
RegQueryInfoKeyW
InitializeSecurityDescriptor
SetEntriesInAclW
SetSecurityDescriptorOwner
SetSecurityDescriptorGroup
SetSecurityDescriptorDacl
DuplicateToken
DuplicateTokenEx
RegisterEventSourceW
ReportEventW
DeregisterEventSource
ControlTraceW

kernel32

FileTimeToLocalFileTime
GetTimeFormatW
GetDateFormatW
GetUserDefaultLCID
GetLocaleInfoW
FindVolumeClose
FindNextVolumeW
FindFirstVolumeW
GetWindowsDirectoryW
GetVolumeNameForVolumeMountPointW
GetVolumePathNameW
GetVolumePathNamesForVolumeNameW
ExpandEnvironmentStringsW
GetVolumeInformationW
GetDriveTypeW
MoveFileExW
DeviceIoControl
FileTimeToSystemTime
FindNextFileW
FindFirstFileW
FormatMessageW
UnhandledExceptionFilter
TerminateProcess
GetCurrentProcessId
GetCurrentThreadId
GetTickCount
QueryPerformanceCounter
GetModuleHandleW
SetUnhandledExceptionFilter
GetStartupInfoW
Sleep
InitializeCriticalSection
CreateFileW
EncodePointer
DecodePointer
GetProcAddress
DeleteCriticalSection
SetLastError
HeapSetInformation
SetErrorMode
CreateEventW
WaitForSingleObject
SetEvent
RegisterApplicationRestart
GetCurrentProcess
GlobalFree
GetCommandLineW
CreateProcessW
CreateThread
OpenProcess
GetSystemTimeAsFileTime
LoadLibraryW
FreeLibrary
GetFileAttributesW
DeleteFileW
CreateDirectoryW
SetThreadPreferredUILanguages
GetTimeZoneInformation
LoadLibraryExW
InitializeCriticalSectionAndSpinCount
EnterCriticalSection
LeaveCriticalSection
FindClose
GetLastError
LocalFree
CloseHandle

gdi32

SetBkMode
DeleteDC
GdiFlush
SelectObject
SetLayout
CreateCompatibleDC
ExtTextOutW
SetBkColor
CreateDIBSection
GetDeviceCaps
CreateFontIndirectW
SetTextColor
DeleteObject

user32

GetDesktopWindow
GetWindowThreadProcessId
EnumWindows
MessageBoxW
SendMessageTimeoutW
EndPaint
MapWindowPoints
CopyRect
GetWindowTextW
GetWindowRect
BeginPaint
GetAncestor
GetClassNameW
GetDlgItemTextW
SetDlgItemTextW
MsgWaitForMultipleObjectsEx
DispatchMessageW
PeekMessageW
LoadStringW
SystemParametersInfoW
LoadIconW
SetForegroundWindow
CreateDialogParamW
ShowWindow
DestroyWindow
DialogBoxParamW
RegisterWindowMessageW
GetDC
ReleaseDC
SetWindowLongPtrW
PostMessageW
GetParent
GetDlgItem
GetSystemMetrics
GetSysColor
SetWindowPos
GetSysColorBrush
EndDialog
SetFocus
GetKeyState
SetWindowLongW
GetWindowLongW
UpdateWindow
GetClientRect
SetWindowTextW
SetClassLongPtrW
GetWindowLongPtrW
IsWindow
CallWindowProcW
SendMessageW
EnableWindow
DrawFrameControl
OffsetRect
InflateRect

msvcrt

wcschr
_wcsnicmp
_wcsicmp
??2@YAPEAX_K@Z
__getmainargs
__C_specific_handler
_XcptFilter
_exit
_ismbblead
_cexit
exit
_acmdln
_initterm
??3@YAXPEAX@Z
__setusermatherr
_commode
_fmode
__set_app_type
_unlock
__dllonexit
_lock
_onexit
?terminate@@YAXXZ
memset
memcmp
iswspace
_amsg_exit
_vscwprintf
memcpy
_vsnwprintf
strchr
memmove

shell32

ShellExecuteExW
SHGetStockIconInfo
CommandLineToArgvW

ole32

CoCreateInstance
CoTaskMemAlloc
CLSIDFromString
CoInitializeSecurity
CoTaskMemRealloc
CoInitializeEx
CoTaskMemFree
CoUninitialize

oleaut32

SysFreeString
SysAllocString
SysStringLen

ntdll

RtlCaptureContext
RtlLookupFunctionEntry
RtlLookupElementGenericTableAvl
RtlInsertElementGenericTableAvl
RtlInitializeGenericTableAvl
RtlEnumerateGenericTableAvl
RtlDeleteElementGenericTableAvl
WinSqmAddToStreamEx
WinSqmIncrementDWORD
WinSqmAddToStream
NtShutdownSystem
RtlGetLastNtStatus
RtlVirtualUnwind
EtwTraceMessage
RtlNtStatusToDosError

Sections

.text
Size: 177KB - Virtual size: 177KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 103KB - Virtual size: 104KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 1016B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

1fabb982c8f0b7347f13353120eb0c82

Headers

DLL Characteristics

File Characteristics

Imports

advapi32

kernel32

gdi32

user32

msvcrt

shell32

ole32

oleaut32

ntdll

Sections

.text Size: 177KB - Virtual size: 177KB

.data Size: 2KB - Virtual size: 3KB

.pdata Size: 4KB - Virtual size: 3KB

.rsrc Size: 103KB - Virtual size: 104KB

.reloc Size: 1024B - Virtual size: 1016B

.text
Size: 177KB - Virtual size: 177KB

.data
Size: 2KB - Virtual size: 3KB

.pdata
Size: 4KB - Virtual size: 3KB

.rsrc
Size: 103KB - Virtual size: 104KB

.reloc
Size: 1024B - Virtual size: 1016B