2_AutoRuns9[.]0[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

2_AutoRuns9.0.exe
Size

572KB
MD5

55b36ae7f25fc84827698c7bf7254be9
SHA1

48b7d02f47ca5bf1cd9baf8c662991527bd5d790
SHA256

5c72390b1a68bf590722098e69cf10a3723e4a6ba9e40a826d0c400427d349fa
SHA512

4ad05bb87d552795f32caae57e32218b54a6647c997c37f14a74ff7234279c2292fa4e029e3e64e1ab3fe054895593228b16d5520045e07c0615bdfbb654db26
SSDEEP

12288:5s8mwbRF8bz+syN1V71oi50301SkkXK25:xdu/CCd01AXX5

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2_AutoRuns9.0.exe

Files

2_AutoRuns9.0.exe
.exe windows x86

0171a76ef7f7325ca68b73ab3767f62e

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

version

GetFileVersionInfoA
GetFileVersionInfoSizeA
VerQueryValueA

comctl32

ImageList_Add
ord17
ImageList_Draw
CreateToolbarEx
ImageList_Create
ImageList_Remove
ImageList_ReplaceIcon

ws2_32

WSCDeinstallProvider
WSAStartup
WSCEnumProtocols
WSCGetProviderPath

kernel32

GlobalUnlock
GlobalLock
GlobalAlloc
Sleep
OpenProcess
MultiByteToWideChar
LeaveCriticalSection
EnterCriticalSection
ReleaseSemaphore
WaitForSingleObject
ExitThread
InterlockedIncrement
FreeLibrary
GetCommandLineA
InterlockedDecrement
CreateSemaphoreA
InitializeCriticalSection
TlsAlloc
SearchPathA
FindClose
FindNextFileA
FindFirstFileA
GetUserDefaultLCID
InterlockedExchange
SetConsoleCtrlHandler
GetSystemTimeAsFileTime
GetCurrentProcessId
QueryPerformanceCounter
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsA
SetLastError
GetConsoleCP
GetFileType
SetHandleCount
GetStringTypeW
GetStringTypeA
LCMapStringW
LCMapStringA
IsValidCodePage
GetOEMCP
GetACP
GetCPInfo
HeapSize
GetStdHandle
WriteFile
ExitProcess
HeapCreate
HeapDestroy
VirtualAlloc
VirtualFree
FatalAppExitA
DeleteCriticalSection
GetCurrentThread
GetCurrentThreadId
TlsFree
GetStartupInfoA
GetVersionExA
RaiseException
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
TerminateProcess
CreateThread
ResumeThread
HeapReAlloc
HeapAlloc
RtlUnwind
lstrlenW
GetProcessHeap
HeapFree
DeleteFileA
GetPrivateProfileStringA
WriteProfileStringA
WritePrivateProfileStringA
GetProfileStringA
CreateDirectoryA
SetFileAttributesA
MoveFileA
RemoveDirectoryA
IsValidLocale
SetStdHandle
FlushFileBuffers
WriteConsoleA
GetConsoleOutputCP
CreateProcessA
GetFileSize
GetFileTime
FileTimeToLocalFileTime
FileTimeToSystemTime
GetDateFormatA
GetTimeFormatA
GetFileAttributesA
GetModuleHandleA
LocalAlloc
lstrcmpA
LocalFree
FormatMessageA
GetVersion
MulDiv
lstrcpyA
lstrlenA
lstrcatA
GetTickCount
CreateFileA
ReadFile
SetFilePointer
GetWindowsDirectoryA
ExpandEnvironmentStringsA
SetEnvironmentVariableA
TlsSetValue
LoadLibraryA
GetProcAddress
GetLocaleInfoA
GetNumberFormatA
GetModuleFileNameA
GetCurrentProcess
GetLastError
CloseHandle
WideCharToMultiByte
TlsGetValue
WriteConsoleW
GetLocaleInfoW
GetTimeZoneInformation
SetEndOfFile
CompareStringA
CompareStringW
GetConsoleMode
EnumSystemLocalesA

user32

LoadAcceleratorsA
GetMessageA
TranslateAcceleratorA
IsDialogMessageA
TranslateMessage
DispatchMessageA
SetMenuItemInfoA
DrawMenuBar
LoadStringA
DrawIconEx
InvalidateRgn
ReleaseCapture
MapWindowPoints
ModifyMenuA
GetSysColorBrush
ChildWindowFromPoint
PostQuitMessage
CreateDialogParamA
GetClassNameA
BeginDeferWindowPos
EnumChildWindows
EndDeferWindowPos
RegisterClassExA
LoadImageA
RegisterWindowMessageA
DialogBoxIndirectParamA
InflateRect
OffsetRect
UnionRect
PtInRect
BeginPaint
DrawFrameControl
EndPaint
SetPropA
GetWindowLongA
SetWindowLongA
EnableWindow
EndDialog
TrackPopupMenu
EnableMenuItem
DeleteMenu
GetPropA
GetSubMenu
InsertMenuA
SetDlgItemTextA
EnumDisplaySettingsA
FindWindowA
GetWindowThreadProcessId
SetForegroundWindow
FindWindowExA
WaitForInputIdle
CloseClipboard
OpenClipboard
EmptyClipboard
SetClipboardData
GetMenu
CheckMenuItem
SetWindowTextA
DestroyIcon
LoadIconA
DialogBoxParamA
SetWindowPos
GetWindowRect
IsIconic
IsZoomed
GetDlgItem
SetTimer
GetParent
GetCursorPos
CreateWindowExA
CallWindowProcA
GetSysColor
GetClientRect
GetSystemMetrics
IntersectRect
InvalidateRect
GetFocus
GetDC
DrawTextA
ReleaseDC
MoveWindow
ShowWindow
ClientToScreen
ScreenToClient
DestroyWindow
DefWindowProcA
MessageBoxA
PostMessageA
SetFocus
LoadCursorA
SetCursor
SendMessageA
DeferWindowPos

gdi32

SetTextColor
SelectObject
GetTextExtentPoint32A
ExtTextOutA
SetBkColor
CreateFontIndirectA
DeleteDC
GetTextMetricsA
GetDeviceCaps
CreateCompatibleDC
GetObjectA
CreateSolidBrush
EndDoc
EndPage
StartPage
StartDocA
SetMapMode
GetStockObject
SetBkMode
DeleteObject

comdlg32

FindTextA
GetSaveFileNameA
ChooseFontA
PrintDlgA
GetOpenFileNameA

advapi32

GetTokenInformation
RegLoadKeyA
RegUnLoadKeyA
RegDeleteKeyA
RegCreateKeyA
RegQueryValueExA
RegOpenKeyA
RegSetValueExA
AllocateAndInitializeSid
EqualSid
FreeSid
OpenProcessToken
OpenSCManagerA
OpenServiceA
CloseServiceHandle
DeleteService
RegEnumKeyA
RegQueryValueA
LookupAccountSidA
RegEnumValueA
RegQueryInfoKeyA
RegCreateKeyExA
LookupPrivilegeValueA
RegCloseKey
RegOpenKeyExA
AdjustTokenPrivileges
RegDeleteValueA

shell32

SHGetFolderPathA
ShellExecuteExA
SHGetFileInfoA
ShellExecuteA

ole32

CoInitialize
CoTaskMemFree
CoUninitialize
CoCreateInstance

oleaut32

SysAllocStringByteLen
SysStringLen
SysFreeString
SysAllocString
SysStringByteLen
VariantInit
VariantClear
VariantChangeType
GetErrorInfo
SetErrorInfo
CreateErrorInfo

shlwapi

UrlUnescapeA

Sections

.text
Size: 380KB - Virtual size: 378KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 72KB - Virtual size: 71KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 16KB - Virtual size: 25KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 100KB - Virtual size: 137KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

0171a76ef7f7325ca68b73ab3767f62e

Headers

File Characteristics

Imports

version

comctl32

ws2_32

kernel32

user32

gdi32

comdlg32

advapi32

shell32

ole32

oleaut32

shlwapi

Sections

.text Size: 380KB - Virtual size: 378KB

.rdata Size: 72KB - Virtual size: 71KB

.data Size: 16KB - Virtual size: 25KB

.rsrc Size: 100KB - Virtual size: 137KB

.text
Size: 380KB - Virtual size: 378KB

.rdata
Size: 72KB - Virtual size: 71KB

.data
Size: 16KB - Virtual size: 25KB

.rsrc
Size: 100KB - Virtual size: 137KB