d2bb637570dfe9d6ef92d418bfd097b3c94c10e2ac9c4ccfd01008316f016cf1

Sharing

Copy URL Twitter E-mail

General

Target

d2bb637570dfe9d6ef92d418bfd097b3c94c10e2ac9c4ccfd01008316f016cf1
Size

1.3MB
MD5

5689ee640f80544c932be8c2261587da
SHA1

5bc19053a0d4599611fac977bd9aa236b9cf35e3
SHA256

d2bb637570dfe9d6ef92d418bfd097b3c94c10e2ac9c4ccfd01008316f016cf1
SHA512

f2e015eacd8e88f0d26315f47d3d293402c6c309dd01d113ce1307e9e92b13375c644aedf5313d108d1a49d6fb6ec4471b7cadefe6c54ae39ad80cc398373542
SSDEEP

24576:Bi76F/PDGckPZPi2D4GCS0gq/jX9NvEdHyWj9:BJ/bPkx5CS0P/JNiHyk

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
d2bb637570dfe9d6ef92d418bfd097b3c94c10e2ac9c4ccfd01008316f016cf1

Files

d2bb637570dfe9d6ef92d418bfd097b3c94c10e2ac9c4ccfd01008316f016cf1
.exe windows x86

2d6eebba488785a253f5cc371c14666b

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

shell32

SHFileOperationW
ShellExecuteW
SHCreateDirectoryExW
SHGetSpecialFolderPathW

kernel32

SetFileAttributesW
GetFileAttributesW
DeleteFileW
FindFirstFileW
FindNextFileW
CopyFileW
MoveFileW
MoveFileExW
DecodePointer
RaiseException
InitializeCriticalSectionAndSpinCount
DeleteCriticalSection
GetSystemTimeAsFileTime
SystemTimeToFileTime
FileTimeToLocalFileTime
LocalFileTimeToFileTime
FileTimeToSystemTime
GetCurrentProcess
TerminateProcess
GetFileTime
GetFileSize
CreateDirectoryW
WriteFile
ReadFile
SetEndOfFile
SetFilePointer
MultiByteToWideChar
WideCharToMultiByte
FreeLibrary
GetLogicalDrives
DeviceIoControl
GetDriveTypeW
GetVersionExW
VirtualQuery
GetCurrentProcessId
SetUnhandledExceptionFilter
GetCurrentThread
GetCurrentThreadId
IsDebuggerPresent
GetLocalTime
FormatMessageW
lstrcpyW
lstrcatW
lstrlenW
IsBadWritePtr
InterlockedDecrement
InitializeCriticalSection
EnterCriticalSection
LeaveCriticalSection
LocalFree
ProcessIdToSessionId
CreateToolhelp32Snapshot
Process32FirstW
CreateFileW
ReleaseMutex
WaitForSingleObject
MapViewOfFile
UnmapViewOfFile
CreateFileMappingW
OpenFileMappingW
ReleaseSemaphore
CreateMutexW
OpenMutexW
CreateSemaphoreW
OpenSemaphoreW
GlobalAlloc
GlobalFree
ExpandEnvironmentStringsW
GetPrivateProfileIntW
GetPrivateProfileStringW
WritePrivateProfileStringW
GetPrivateProfileSectionW
WritePrivateProfileSectionW
GetPrivateProfileSectionNamesW
GetPrivateProfileStructW
WritePrivateProfileStructW
GetFullPathNameW
MapViewOfFileEx
GetCPInfo
GetModuleHandleExW
GetDiskFreeSpaceExW
LockFile
Sleep
UnhandledExceptionFilter
IsProcessorFeaturePresent
GetStartupInfoW
QueryPerformanceCounter
InitializeSListHead
OutputDebugStringW
GetFileType
GetTimeZoneInformation
LoadLibraryExW
InterlockedFlushSList
InterlockedPushEntrySList
WriteConsoleW
ReadConsoleW
FlushFileBuffers
SetFilePointerEx
RtlUnwind
GetConsoleMode
GetConsoleCP
CreateThread
WaitForSingleObjectEx
OutputDebugStringA
SetConsoleCtrlHandler
SetEnvironmentVariableW
SetEnvironmentVariableA
FreeEnvironmentStringsW
GetTempFileNameW
GetTempPathW
FindResourceExW
FindResourceW
GetCommandLineW
GetModuleHandleW
GetModuleFileNameW
LoadLibraryW
GetTickCount
CloseHandle
FindClose
SizeofResource
LoadResource
GetLastError
GetProcessHeap
HeapSize
HeapFree
HeapReAlloc
HeapAlloc
HeapDestroy
GetProcAddress
LockResource
PeekNamedPipe
SystemTimeToTzSpecificLocalTime
ExitProcess
Process32NextW
IsDBCSLeadByte
GetEnvironmentStringsW
GetCommandLineA
GetOEMCP
IsValidCodePage
FindNextFileA
FindFirstFileExW
FindFirstFileExA
GetStringTypeW
GetLocaleInfoW
LCMapStringW
SetStdHandle
GetFullPathNameA
GetCurrentDirectoryW
SetCurrentDirectoryW
EnumSystemLocalesW
GetUserDefaultLCID
CompareStringW
EncodePointer
TlsFree
TlsSetValue
IsValidLocale
GetTimeFormatW
GetDateFormatW
GetACP
GetStdHandle
GetModuleFileNameA
TlsGetValue
QueryPerformanceFrequency
SetLastError
CreateEventW
SwitchToThread
TlsAlloc

user32

wvsprintfW
AttachThreadInput
ShowWindow
UnregisterClassW
IsIconic
mouse_event
GetForegroundWindow
SetForegroundWindow
SetWindowPos
GetWindowRect
SetCursorPos
GetCursorPos
GetWindowLongW
GetWindowThreadProcessId
MonitorFromPoint
GetMonitorInfoW
MessageBoxW

advapi32

ConvertStringSecurityDescriptorToSecurityDescriptorW
BuildExplicitAccessWithNameW
SetSecurityInfo
GetSecurityInfo
SetEntriesInAclW
GetSecurityDescriptorSacl
GetSidSubAuthorityCount
GetSidSubAuthority
GetSidIdentifierAuthority
OpenThreadToken
IsTextUnicode
LookupAccountSidW
GetTokenInformation
OpenProcessToken
ConvertSidToStringSidW
RegDeleteValueW
RegDeleteKeyW
RegCreateKeyExW
LookupAccountNameW
RegSetValueExW
RegOpenKeyW
RegQueryValueExW
RegOpenKeyExA
RegQueryValueExA
RegOpenKeyExW
RegCloseKey

ole32

CoCreateInstance
CoInitialize
CoTaskMemFree
StringFromGUID2
CoCreateGuid
CoUninitialize

oleaut32

SysFreeString
SysAllocString
GetErrorInfo
SetErrorInfo
CreateErrorInfo
VariantInit
VariantClear
VariantChangeType

shlwapi

PathFileExistsW

version

GetFileVersionInfoSizeW
VerQueryValueW
GetFileVersionInfoW

netapi32

NetWkstaTransportEnum
Netbios
NetApiBufferFree

wtsapi32

WTSQuerySessionInformationW
WTSFreeMemory

ws2_32

htonl
ntohl

Sections

.text
Size: 1.0MB - Virtual size: 1.0MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 165KB - Virtual size: 164KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 10KB - Virtual size: 25KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 9KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Shared
Size: 512B - Virtual size: 260B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.00cfg
Size: 512B - Virtual size: 260B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 111KB - Virtual size: 112KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

2d6eebba488785a253f5cc371c14666b

Headers

DLL Characteristics

File Characteristics

Imports

shell32

kernel32

user32

advapi32

ole32

oleaut32

shlwapi

version

netapi32

wtsapi32

ws2_32

Sections

.text Size: 1.0MB - Virtual size: 1.0MB

.rdata Size: 165KB - Virtual size: 164KB

.data Size: 10KB - Virtual size: 25KB

.idata Size: 9KB - Virtual size: 8KB

Shared Size: 512B - Virtual size: 260B

.00cfg Size: 512B - Virtual size: 260B

.rsrc Size: 3KB - Virtual size: 3KB

.reloc Size: 111KB - Virtual size: 112KB

.text
Size: 1.0MB - Virtual size: 1.0MB

.rdata
Size: 165KB - Virtual size: 164KB

.data
Size: 10KB - Virtual size: 25KB

.idata
Size: 9KB - Virtual size: 8KB

Shared
Size: 512B - Virtual size: 260B

.00cfg
Size: 512B - Virtual size: 260B

.rsrc
Size: 3KB - Virtual size: 3KB

.reloc
Size: 111KB - Virtual size: 112KB