YpLALQNQZRPW[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

YpLALQNQZRPW.exe
Size

1.5MB
MD5

54df78c27d968a0aa42bca62f72b4bb1
SHA1

0633f522e6c5386b354ea667ed409fd4d8e1797e
SHA256

cee14f3f115f25fee9d1a66b6dd70fe44f82d411c270111791d7367f551b695b
SHA512

7ea31bbd54d21645712fbcd2138d16049df69aae410fc6eb394dddfdfe05c12169f0519ea7a3c4ffdeeba9d69803f852dd83dedb69b5dc2078f9a37ea421f964
SSDEEP

24576:J45Jz3dLoL41uF1fELPj/NgarP4MyvQ984kcN/ag0uZcmMiaB/R+Qn652kOaCiTk:kxVYczj/Ngabc6agj4BJ1eJ182IU6i

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
YpLALQNQZRPW.exe

Files

YpLALQNQZRPW.exe
.exe windows x86

f6d6d265a407095b2eec3e8277a5acb7

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE

Imports

bcrypt

BCryptGenRandom

advapi32

RegCreateKeyA
CopySid
OpenProcessToken
GetTokenInformation
RegOpenKeyExA
RegCreateKeyExA
RegSetValueExA
GetLengthSid
SystemFunction036
IsValidSid
LookupAccountSidW

ntdll

NtQuerySystemInformation
NtReadFile
NtWriteFile
RtlNtStatusToDosError
RtlUnwind

kernel32

InitializeSListHead
GetModuleHandleA
GetProcAddress
GetTempPathW
TryAcquireSRWLockExclusive
SetLastError
GetEnvironmentVariableW
SetFilePointerEx
GetCurrentThreadId
GetLogicalDrives
IsDebuggerPresent
QueryPerformanceCounter
QueryPerformanceFrequency
GetSystemTimeAsFileTime
DuplicateHandle
GetModuleHandleW
FormatMessageW
ExitProcess
CreateEventW
GetOverlappedResult
UnhandledExceptionFilter
CancelIo
CompareStringOrdinal
GetFileAttributesW
CreateNamedPipeW
CreateThread
GetCurrentThread
InitOnceBeginInitialize
TlsAlloc
InitOnceComplete
TlsFree
WriteFileEx
SetUnhandledExceptionFilter
SetHandleInformation
GetTickCount64
CopyFileExW
ReleaseSRWLockExclusive
SleepConditionVariableSRW
WakeConditionVariable
WakeAllConditionVariable
GetSystemInfo
SwitchToThread
AcquireSRWLockExclusive
TlsSetValue
CreateFileW
GetFileInformationByHandle
GetFileInformationByHandleEx
CreateDirectoryW
FindFirstFileW
FindClose
HeapReAlloc
GetProcessHeap
HeapAlloc
GetConsoleMode
GetStdHandle
MultiByteToWideChar
WriteConsoleW
GetEnvironmentStringsW
FreeEnvironmentStringsW
CreateProcessW
GetSystemDirectoryW
GetWindowsDirectoryW
GetFullPathNameW
SetThreadStackGuarantee
GetModuleFileNameW
GetProcessTimes
OpenProcess
AddVectoredExceptionHandler
GetSystemTimes
GetProcessIoCounters
GetDriveTypeW
GetVolumeInformationW
GetDiskFreeSpaceExW
WinExec
Wow64DisableWow64FsRedirection
DeviceIoControl
GetCurrentProcessId
IsProcessorFeaturePresent
GlobalMemoryStatusEx
CreateFileA
GetExitCodeProcess
WaitForSingleObject
WaitForMultipleObjects
ReadFileEx
SleepEx
GetLastError
GetCurrentProcess
Sleep
CloseHandle
HeapFree
TlsGetValue
DeleteCriticalSection
InitializeCriticalSectionAndSpinCount
FreeLibrary
LoadLibraryExW
TerminateProcess
ReadFile

user32

SetActiveWindow
SendInput
FindWindowA

ole32

CoInitializeEx
CoInitializeSecurity
CoCreateInstance
CoUninitialize
CoSetProxyBlanket

iphlpapi

GetAdaptersAddresses
GetIfTable2
FreeMibTable
GetIfEntry2

netapi32

NetUserGetLocalGroups
NetApiBufferFree
NetUserGetInfo
NetUserEnum

secur32

LsaEnumerateLogonSessions
LsaFreeReturnBuffer
LsaGetLogonSessionData

ws2_32

WSASocketW
freeaddrinfo
WSAGetLastError
connect
setsockopt
getsockname
closesocket
WSARecv
bind
listen
send
getpeername
accept
ioctlsocket
getsockopt
WSAStartup
select
recv
WSACleanup
getaddrinfo
WSASend

psapi

GetPerformanceInfo
GetModuleFileNameExW

oleaut32

VariantClear
SysAllocString
SysFreeString

pdh

PdhOpenQueryA
PdhAddEnglishCounterW
PdhCollectQueryData
PdhGetFormattedCounterValue

powrprof

CallNtPowerInformation

api-ms-win-crt-heap-l1-1-0

free
calloc
_set_new_mode
malloc

api-ms-win-crt-runtime-l1-1-0

_exit
exit
__p___argc
_initterm_e
_cexit
_configure_narrow_argv
_register_thread_local_exe_atexit_callback
_get_initial_narrow_environment
_initterm
__p___argv
_initialize_onexit_table
_register_onexit_function
_crt_atexit
_controlfp_s
terminate
_initialize_narrow_environment
abort
_set_app_type
_seh_filter_exe
_c_exit

api-ms-win-crt-math-l1-1-0

__setusermatherr

api-ms-win-crt-stdio-l1-1-0

__p__commode
_set_fmode

api-ms-win-crt-locale-l1-1-0

_configthreadlocale

api-ms-win-crt-string-l1-1-0

wcsncmp

Sections

.text
Size: 742KB - Virtual size: 741KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 773KB - Virtual size: 773KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 15KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

f6d6d265a407095b2eec3e8277a5acb7

Headers

DLL Characteristics

File Characteristics

Imports

bcrypt

advapi32

ntdll

kernel32

user32

ole32

iphlpapi

netapi32

secur32

ws2_32

psapi

oleaut32

pdh

powrprof

api-ms-win-crt-heap-l1-1-0

api-ms-win-crt-runtime-l1-1-0

api-ms-win-crt-math-l1-1-0

api-ms-win-crt-stdio-l1-1-0

api-ms-win-crt-locale-l1-1-0

api-ms-win-crt-string-l1-1-0

Sections

.text Size: 742KB - Virtual size: 741KB

.rdata Size: 773KB - Virtual size: 773KB

.data Size: 512B - Virtual size: 1KB

.reloc Size: 15KB - Virtual size: 14KB

.text
Size: 742KB - Virtual size: 741KB

.rdata
Size: 773KB - Virtual size: 773KB

.data
Size: 512B - Virtual size: 1KB

.reloc
Size: 15KB - Virtual size: 14KB