12a06000aff077f662e8dc85921b8fc139f17f369a7407edf4a3a66cd023d0d9

Sharing

Copy URL

Twitter E-mail

General

Target

12a06000aff077f662e8dc85921b8fc139f17f369a7407edf4a3a66cd023d0d9
Size

5.2MB
MD5

7cf8d2b5e958418ca01eee87eb5d0097
SHA1

053cd7cce54f9d58367c0de90440eac863fed5ba
SHA256

12a06000aff077f662e8dc85921b8fc139f17f369a7407edf4a3a66cd023d0d9
SHA512

3e4e28194817097e797ef787d9e95993ea862e69ead9154adc341076f0990b096d3e84b8f93655011a7e31a8cb839d1c55c766e14135cb2e3f0c0a8e32440700
SSDEEP

98304:+R+1QAobMIIV0gHIv4ZyNdpCjzzw43ae34DZw3vBaMQ+m1CKv10kBOojseVR228:a+1QRIoAcvcjooaFHMQ+5AcGXS2

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
12a06000aff077f662e8dc85921b8fc139f17f369a7407edf4a3a66cd023d0d9

Files

12a06000aff077f662e8dc85921b8fc139f17f369a7407edf4a3a66cd023d0d9
.exe windows x86

f55f8410dabf12284594f5eb9795ae4e

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

Thread32Next
CreateDirectoryA
CreateFileA
FindClose
FindFirstFileA
FindNextFileA
GetFileSizeEx
RemoveDirectoryA
SetEndOfFile
SetFilePointer
WriteFile
GetLastError
QueryPerformanceCounter
QueryPerformanceFrequency
ReleaseSemaphore
ReleaseMutex
WaitForSingleObject
CreateMutexA
GetProcessTimes
SwitchToThread
GetTickCount
MapViewOfFileEx
UnmapViewOfFile
GetProcAddress
LocalFree
FormatMessageA
CreateSemaphoreA
CreateFileMappingA
OpenProcess
GetSystemTimeAsFileTime
FormatMessageW
WideCharToMultiByte
FindFirstFileW
FindNextFileW
GetModuleHandleW
GetEnvironmentVariableW
GetCurrentDirectoryW
CreateDirectoryW
CreateFileW
DeleteFileW
FlushFileBuffers
GetFileAttributesW
GetFileInformationByHandle
GetFileTime
GetFullPathNameW
RemoveDirectoryW
SetFilePointerEx
SetFileTime
DeviceIoControl
GetWindowsDirectoryW
CreateDirectoryExW
AreFileApisANSI
MultiByteToWideChar
FreeLibrary
LoadLibraryA
GetEnvironmentVariableA
SetCurrentDirectoryA
GetFileAttributesA
GetFullPathNameA
GetSystemTime
FileTimeToSystemTime
GetTimeZoneInformation
GetExitCodeProcess
CreateProcessA
GetStdHandle
GetConsoleMode
ExitThread
InitializeCriticalSection
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
DeleteFileA
IsWow64Process
GetProfileStringA
ReadFile
IsDebuggerPresent
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsProcessorFeaturePresent
ExitProcess
GetModuleHandleExW
GetDriveTypeW
GetFileType
Thread32First
SystemTimeToTzSpecificLocalTime
GetCPInfo
CreateThread
FreeLibraryAndExitThread
RaiseException
GetConsoleCP
InitializeCriticalSectionAndSpinCount
TlsSetValue
LoadLibraryExW
GetDateFormatW
GetTimeFormatW
CompareStringW
LCMapStringW
GetLocaleInfoW
IsValidLocale
GetUserDefaultLCID
EnumSystemLocalesW
SetStdHandle
GetStringTypeW
HeapReAlloc
HeapSize
IsValidCodePage
GetOEMCP
ReadConsoleW
GetModuleFileNameW
WriteConsoleW
EncodePointer
DecodePointer
GetEnvironmentStringsW
FreeEnvironmentStringsW
SetEnvironmentVariableW
LocalAlloc
MapViewOfFile
OpenFileMappingA
GetPrivateProfileIntA
GetPrivateProfileStringA
WritePrivateProfileStringA
GetPrivateProfileSectionA
WritePrivateProfileSectionA
SetEvent
ResetEvent
CreateEventA
OpenEventA
WaitForMultipleObjects
ProcessIdToSessionId
IsBadWritePtr
OpenSemaphoreA
FlushInstructionCache
GetVersion
LockFile
UnlockFile
IsBadStringPtrA
IsBadStringPtrW
GetDriveTypeA
GetLogicalDrives
GetOverlappedResult
CreateEventW
EnumSystemFirmwareTables
GetSystemFirmwareTable
OpenMutexA
GetCommandLineA
FindFirstFileExW
InterlockedFlushSList
InterlockedPushEntrySList
RtlUnwind
InitializeSListHead
CompareStringEx
GetLocaleInfoEx
LCMapStringEx
WaitForSingleObjectEx
TryEnterCriticalSection
InitializeCriticalSectionEx
AcquireSRWLockExclusive
ReleaseSRWLockExclusive
InitializeSRWLock
CreateToolhelp32Snapshot
TlsFree
TlsGetValue
TlsAlloc
OpenThread
CloseHandle
GlobalFree
GlobalAlloc
GetTickCount64
Process32Next
Process32First
Sleep
GetModuleHandleExA
IsBadReadPtr
GetComputerNameA
GetNativeSystemInfo
GetSystemWindowsDirectoryA
GetWindowsDirectoryA
GetSystemDirectoryA
GetSystemInfo
SetLastError
GetModuleHandleA
GetModuleFileNameA
VirtualQuery
VirtualProtect
GetVersionExA
SetPriorityClass
SetThreadPriority
GetCurrentThread
TerminateProcess
HeapFree
GetCurrentDirectoryA
SetConsoleCtrlHandler
GetACP
SystemTimeToFileTime
GetLocalTime
GetTempPathA
GetDiskFreeSpaceA
GetUserDefaultUILanguage
GetExitCodeThread
GetCurrentThreadId
DuplicateHandle
SetThreadContext
GetStartupInfoW
GetCurrentProcessId
GetCurrentProcess
GetProcessHeap
HeapAlloc
PeekNamedPipe
HeapCreate
GetCommandLineW

user32

GetSystemMenu
AppendMenuA
LoadStringA
wsprintfA
GetSystemMetrics
MessageBoxW
CharLowerBuffA
DrawMenuBar
MessageBoxA
CharUpperBuffA
TranslateMessage
EnumDisplayDevicesA
DispatchMessageA
PeekMessageA
CallMsgFilterA

shell32

ShellExecuteExA

advapi32

SetSecurityDescriptorDacl
RegCloseKey
RegOpenKeyExA
RegQueryValueExA
QueryServiceStatusEx
StartServiceA
QueryServiceStatus
QueryServiceConfigA
OpenServiceA
OpenSCManagerA
CloseServiceHandle
RegFlushKey
RegDeleteKeyA
CryptGenRandom
CryptReleaseContext
CryptAcquireContextA
RegSetValueExA
RegEnumValueA
RegEnumKeyExA
RegDeleteValueA
RegCreateKeyExA
GetSecurityDescriptorSacl
GetUserNameA
ConvertStringSecurityDescriptorToSecurityDescriptorA
SetSecurityDescriptorSacl
InitializeSecurityDescriptor

psapi

GetModuleFileNameExA

powrprof

PowerReadFriendlyName

version

GetFileVersionInfoSizeA
GetFileVersionInfoA
VerQueryValueA

ws2_32

sendto
recvfrom
inet_addr
bind
getpeername
WSAGetLastError
socket
gethostbyaddr
setsockopt
send
select
recv
getsockopt
ioctlsocket
connect
closesocket
accept
__WSAFDIsSet
inet_ntoa
htons
WSACleanup
WSAStartup
freeaddrinfo
getaddrinfo
gethostname
gethostbyname
shutdown

winhttp

WinHttpGetProxyForUrl
WinHttpCloseHandle
WinHttpOpen
WinHttpGetDefaultProxyConfiguration
WinHttpGetIEProxyConfigForCurrentUser

crypt32

CryptMsgGetParam
CryptMsgClose
CertCloseStore
CryptQueryObject
CertFindCertificateInStore
CertFreeCertificateContext
CertGetNameStringA
CertGetNameStringW

wintrust

WinVerifyTrust

Sections

__wibu00
Size: 2.5MB - Virtual size: 2.5MB

IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

__wibu01
Size: 460KB - Virtual size: 457KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

__wibu02
Size: 20KB - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 128KB - Virtual size: 125KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

__wibu03
Size: 1.9MB - Virtual size: 1.9MB

IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

__wibu04
Size: 12KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

__wibu05
Size: 100KB - Virtual size: 112KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

__wibu06
Size: 72KB - Virtual size: 72KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

f55f8410dabf12284594f5eb9795ae4e

Headers

File Characteristics

Imports

kernel32

user32

shell32

advapi32

psapi

powrprof

version

ws2_32

winhttp

crypt32

wintrust

Sections

__wibu00 Size: 2.5MB - Virtual size: 2.5MB

__wibu01 Size: 460KB - Virtual size: 457KB

__wibu02 Size: 20KB - Virtual size: 17KB

.rsrc Size: 128KB - Virtual size: 125KB

__wibu03 Size: 1.9MB - Virtual size: 1.9MB

__wibu04 Size: 12KB - Virtual size: 12KB

__wibu05 Size: 100KB - Virtual size: 112KB

__wibu06 Size: 72KB - Virtual size: 72KB

__wibu00
Size: 2.5MB - Virtual size: 2.5MB

__wibu01
Size: 460KB - Virtual size: 457KB

__wibu02
Size: 20KB - Virtual size: 17KB

.rsrc
Size: 128KB - Virtual size: 125KB

__wibu03
Size: 1.9MB - Virtual size: 1.9MB

__wibu04
Size: 12KB - Virtual size: 12KB

__wibu05
Size: 100KB - Virtual size: 112KB

__wibu06
Size: 72KB - Virtual size: 72KB