1995de7d0e724a06d1a666f8ca9691009ee7ded5c6d6eaa07095cc386ba3d400

Sharing

Copy URL Twitter E-mail

General

Target

1995de7d0e724a06d1a666f8ca9691009ee7ded5c6d6eaa07095cc386ba3d400
Size

1.7MB
MD5

2633b46c841a18f303f77fe9fa5dcfa5
SHA1

13c55a56a7b10806150ee376a5c6a847aaf81d32
SHA256

1995de7d0e724a06d1a666f8ca9691009ee7ded5c6d6eaa07095cc386ba3d400
SHA512

7b842e38e61613552f4e4cf0f5c157a6aa551aa0bea7fec2619849aa44a991416643b53cf5c225aef1e228dd49250e937261c34f96be2f1bbd4a3eb42676d54f
SSDEEP

49152:Z6nAdsfbTbAnYCXkgqBYlQhc7OL2WMpTUJlPKgx4HvO9:Z6nAwkTXkgqBMQhJ2WMCygx4Hv

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
1995de7d0e724a06d1a666f8ca9691009ee7ded5c6d6eaa07095cc386ba3d400

Files

1995de7d0e724a06d1a666f8ca9691009ee7ded5c6d6eaa07095cc386ba3d400
.exe windows x86

8234f29cb63e45ca76bbcd614cf8cc7b

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

shlwapi

SHDeleteKeyA
PathFileExistsA

kernel32

CreateProcessA
LocalAlloc
LocalReAlloc
LocalFree
GetLogicalDriveStringsA
MoveFileA
GetTempPathA
GetTempFileNameA
GetCurrentProcessId
TerminateProcess
FreeResource
GetModuleFileNameA
LoadResource
SizeofResource
WinExec
QueryFullProcessImageNameA
FindResourceA
K32GetModuleFileNameExA
SetLastError
GetTickCount
GetSystemDirectoryA
MoveFileExA
HeapAlloc
HeapFree
GetProcessHeap
GetLocalTime
MapViewOfFile
UnmapViewOfFile
CreateFileMappingA
GetCurrentDirectoryW
CreateFileW
FlushFileBuffers
GetCurrentThreadId
GetModuleFileNameW
lstrlenW
GlobalAlloc
GlobalSize
GlobalUnlock
GlobalLock
GlobalFree
CreatePipe
DisconnectNamedPipe
PeekNamedPipe
WaitForMultipleObjects
GetStartupInfoA
SetErrorMode
OpenEventA
ExitProcess
CopyFileA
FreeConsole
LocalSize
K32EnumProcessModules
InitializeProcThreadAttributeList
DeleteProcThreadAttributeList
UpdateProcThreadAttribute
lstrcmpiA
CreateEventW
WaitForSingleObjectEx
InitializeCriticalSectionAndSpinCount
SetEndOfFile
WriteConsoleW
HeapSize
SetStdHandle
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineW
GetCommandLineA
GetOEMCP
GetACP
IsValidCodePage
FindNextFileW
FindFirstFileExW
HeapReAlloc
ReadConsoleW
SetFilePointerEx
GetFileSizeEx
CreateFileA
GetConsoleOutputCP
GetFileType
EnumSystemLocalesW
GetUserDefaultLCID
IsValidLocale
GetLocaleInfoW
LCMapStringW
GetStdHandle
GetFileAttributesExW
CreateDirectoryW
FreeLibraryAndExitThread
ExitThread
GetModuleHandleExW
GetVolumeInformationA
TlsSetValue
TlsGetValue
TlsAlloc
RtlUnwind
RaiseException
GetOverlappedResult
ConnectNamedPipe
CreateNamedPipeA
WriteFile
SetFilePointer
RemoveDirectoryA
ReadFile
GetFileSize
GetFileAttributesA
GetDriveTypeA
GetDiskFreeSpaceExA
FindNextFileA
CreateDirectoryA
WideCharToMultiByte
MultiByteToWideChar
GetPrivateProfileSectionNamesA
GetPrivateProfileStringA
lstrlenA
lstrcatA
lstrcmpA
LoadLibraryA
FreeLibrary
GetWindowsDirectoryA
lstrcpyA
ResetEvent
CancelIo
VirtualFree
VirtualAlloc
DeleteCriticalSection
LeaveCriticalSection
EnterCriticalSection
InitializeCriticalSection
Process32Next
Process32First
GetModuleHandleW
Sleep
CreateToolhelp32Snapshot
GetProcAddress
GetModuleHandleA
VirtualFreeEx
WriteProcessMemory
VirtualAllocEx
GetVersionExA
OpenProcess
GetExitCodeThread
CreateRemoteThread
GetCurrentProcess
GetLastError
ResumeThread
TerminateThread
CreateThread
CreateEventA
WaitForSingleObject
SetEvent
CloseHandle
UnhandledExceptionFilter
SetNamedPipeHandleState
WaitNamedPipeA
GetCPInfo
QueryPerformanceFrequency
LCMapStringEx
DecodePointer
EncodePointer
TryEnterCriticalSection
InitializeCriticalSectionEx
AcquireSRWLockExclusive
ReleaseSRWLockExclusive
InitializeSRWLock
FindFirstFileA
FindClose
TlsFree
DeleteFileA
GetStringTypeW
InitializeSListHead
SetUnhandledExceptionFilter
IsProcessorFeaturePresent
LoadLibraryExW
IsWow64Process
GetConsoleMode
ReadProcessMemory
GetSystemTimeAsFileTime
QueryPerformanceCounter
GetStartupInfoW
VirtualProtectEx
VirtualQueryEx
IsDebuggerPresent

user32

wsprintfA
CharNextA
GetForegroundWindow
GetWindowTextA
GetActiveWindow
GetKeyNameTextA
SetWindowsHookExA
UnhookWindowsHookEx
CallNextHookEx
SendMessageA
OpenClipboard
CloseClipboard
SetClipboardData
GetClipboardData
EmptyClipboard
keybd_event
DispatchMessageA
MapVirtualKeyA
SetCapture
GetSystemMetrics
SetCursorPos
WindowFromPoint
LoadCursorA
DestroyCursor
SystemParametersInfoA
BlockInput
GetDC
ReleaseDC
GetCursorPos
SetRect
GetDesktopWindow
GetCursorInfo
ExitWindowsEx
TranslateMessage
IsWindowVisible
EnumWindows
GetWindowThreadProcessId
OpenDesktopA
OpenInputDesktop
GetMessageA
wsprintfW
mouse_event
SetThreadDesktop
CloseWindow
IsWindow
CreateWindowExA
PostMessageA
GetUserObjectInformationA
GetThreadDesktop
CloseDesktop

gdi32

GetDIBits
CreateCompatibleBitmap
CreateCompatibleDC
DeleteDC
CreateDIBSection
SelectObject
BitBlt
DeleteObject

advapi32

FreeSid
AdjustTokenPrivileges
LookupPrivilegeValueA
IsValidSid
LookupAccountSidA
GetTokenInformation
SetServiceStatus
RegisterServiceCtrlHandlerA
RegEnumValueA
RegEnumKeyExA
RegDeleteValueA
RegDeleteKeyA
RegCreateKeyExA
SetSecurityDescriptorDacl
InitializeSecurityDescriptor
InitializeAcl
GetLengthSid
AllocateAndInitializeSid
AddAccessAllowedAce
OpenEventLogA
CloseEventLog
ClearEventLogA
QueryServiceStatus
OpenServiceA
OpenSCManagerA
DeleteService
ControlService
CloseServiceHandle
RegSetValueExA
RegQueryValueExA
RegOpenKeyA
RegQueryValueA
RegOpenKeyExA
RegCloseKey
LsaRetrievePrivateData
LsaOpenPolicy
LsaClose
LsaFreeMemory
LookupAccountNameA
OpenProcessToken

shell32

SHGetFileInfoA
SHGetSpecialFolderPathA

oleaut32

VariantClear
SysFreeString
SysAllocString

winmm

waveOutGetNumDevs
waveOutOpen
waveOutClose
waveOutPrepareHeader
waveOutUnprepareHeader
waveOutWrite
waveOutReset
waveInGetNumDevs
waveInOpen
waveInClose
waveInPrepareHeader
waveInUnprepareHeader
waveInAddBuffer
waveInStart
waveInStop
waveInReset

ws2_32

closesocket
connect
htons
ntohs
recv
select
send
setsockopt
socket
gethostbyname
WSAStartup
WSAGetLastError
WSAIoctl
WSACleanup
getsockname
gethostname

imm32

ImmReleaseContext
ImmGetCompositionStringA
ImmGetContext

wininet

InternetReadFile
InternetOpenUrlA
InternetCloseHandle
InternetOpenA

avicap32

capCreateCaptureWindowA
capGetDriverDescriptionA

msvfw32

ICSeqCompressFrameEnd
ICCompressorFree
ICSendMessage
ICClose
ICOpen
ICSeqCompressFrameStart
ICSeqCompressFrame

wtsapi32

WTSQuerySessionInformationA
WTSFreeMemory

Exports

Exports

ServiceMain

Sections

.text
Size: 294KB - Virtual size: 293KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 98KB - Virtual size: 97KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 10KB - Virtual size: 21KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.detourc
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.detourd
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1.3MB - Virtual size: 1.3MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 17KB - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

8234f29cb63e45ca76bbcd614cf8cc7b

Headers

DLL Characteristics

File Characteristics

Imports

shlwapi

kernel32

user32

gdi32

advapi32

shell32

oleaut32

winmm

ws2_32

imm32

wininet

avicap32

msvfw32

wtsapi32

Exports

Exports

Sections

.text Size: 294KB - Virtual size: 293KB

.rdata Size: 98KB - Virtual size: 97KB

.data Size: 10KB - Virtual size: 21KB

.detourc Size: 4KB - Virtual size: 4KB

.detourd Size: 512B - Virtual size: 12B

.rsrc Size: 1.3MB - Virtual size: 1.3MB

.reloc Size: 17KB - Virtual size: 17KB

.text
Size: 294KB - Virtual size: 293KB

.rdata
Size: 98KB - Virtual size: 97KB

.data
Size: 10KB - Virtual size: 21KB

.detourc
Size: 4KB - Virtual size: 4KB

.detourd
Size: 512B - Virtual size: 12B

.rsrc
Size: 1.3MB - Virtual size: 1.3MB

.reloc
Size: 17KB - Virtual size: 17KB