a2ac6d62ecabc985c6958f6ff334c035f358ca87f36e4591eddb1bcda91a73ab

Sharing

Copy URL

Twitter E-mail

General

Target

a2ac6d62ecabc985c6958f6ff334c035f358ca87f36e4591eddb1bcda91a73ab
Size

197KB
MD5

1f1b5ff87a50e9f61d066e6ddd9c1421
SHA1

f138a236151ce60a1a289ae8957ccfd6c4275424
SHA256

a2ac6d62ecabc985c6958f6ff334c035f358ca87f36e4591eddb1bcda91a73ab
SHA512

91ae5f9b99ce750b98c0ec67d986405935d627c59e443f52a7678e7c8666db59ce52b24d0411de29808976ddf1f4f752f2ce431548f1b18a67ad5af5a9cc4252
SSDEEP

3072:7OJIPAvrGwMD8fDMNX33qLqhuGIcrfhS/LFqjSfZSOgNucfE3tygR5x2p/X:7LoT7yODK3SqvjdS/LFSasucEReB

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
a2ac6d62ecabc985c6958f6ff334c035f358ca87f36e4591eddb1bcda91a73ab

Files

a2ac6d62ecabc985c6958f6ff334c035f358ca87f36e4591eddb1bcda91a73ab
.exe windows x86

7cb01374093d6adcb8714b75c7f24f02

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

shlwapi

SHDeleteKeyA

kernel32

MoveFileExA
HeapAlloc
HeapFree
GetProcessHeap
GetLocalTime
MapViewOfFile
UnmapViewOfFile
CreateFileMappingA
GlobalAlloc
GlobalSize
GlobalLock
GlobalUnlock
GlobalFree
TerminateProcess
WaitForMultipleObjects
CreatePipe
DisconnectNamedPipe
PeekNamedPipe
GetStartupInfoA
SetErrorMode
ReleaseMutex
OpenEventA
FreeConsole
LocalSize
CreateToolhelp32Snapshot
Process32First
Process32Next
GetCurrentThreadId
lstrcmpiA
SetFilePointerEx
HeapSize
GetConsoleMode
GetConsoleCP
FlushFileBuffers
SetStdHandle
SetEnvironmentVariableA
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCPInfo
GetOEMCP
IsValidCodePage
FindFirstFileExA
GetTickCount
GetFileType
LCMapStringW
CompareStringW
GetStringTypeW
HeapReAlloc
DecodePointer
GetACP
GetCommandLineW
GetCommandLineA
ExitProcess
GetStdHandle
GetModuleHandleExW
FreeLibraryAndExitThread
ExitThread
LoadLibraryExW
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
EncodePointer
RaiseException
WriteProcessMemory
CreateRemoteThread
GetCurrentProcess
OpenProcess
VirtualAllocEx
GetModuleFileNameA
SetLastError
GetVolumeInformationA
MoveFileA
FindNextFileA
FindFirstFileA
DeleteFileA
GetFileAttributesA
CreateFileA
RemoveDirectoryA
CreateDirectoryA
GetDiskFreeSpaceExA
GetDriveTypeA
CreateProcessA
GetLogicalDriveStringsA
FindClose
CreateFileW
SetFilePointer
ReadFile
WriteFile
GetFileSize
GetLastError
LocalFree
LocalReAlloc
LocalAlloc
WideCharToMultiByte
MultiByteToWideChar
GetVersionExA
GetWindowsDirectoryA
GetPrivateProfileSectionNamesA
GetPrivateProfileStringA
LoadLibraryA
lstrlenA
lstrcatA
lstrcmpA
GetProcAddress
FreeLibrary
CancelIo
lstrcpyA
Sleep
ResetEvent
InterlockedExchange
DeleteCriticalSection
LeaveCriticalSection
EnterCriticalSection
InitializeCriticalSection
VirtualFree
VirtualAlloc
CreateEventA
CloseHandle
WaitForSingleObject
RtlUnwind
InitializeSListHead
GetSystemTimeAsFileTime
GetCurrentProcessId
QueryPerformanceCounter
GetStartupInfoW
IsDebuggerPresent
IsProcessorFeaturePresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetModuleHandleW
CreateEventW
WaitForSingleObjectEx
InitializeCriticalSectionAndSpinCount
SetEvent
ResumeThread
TerminateThread
GetSystemDirectoryA
CreateThread
WriteConsoleW

user32

keybd_event
mouse_event
MapVirtualKeyA
SetCapture
GetSystemMetrics
SetCursorPos
WindowFromPoint
LoadCursorA
DestroyCursor
GetThreadDesktop
GetMessageA
TranslateMessage
DispatchMessageA
wsprintfA
CharNextA
GetActiveWindow
SystemParametersInfoA
GetKeyNameTextA
GetWindowTextA
SetWindowsHookExA
UnhookWindowsHookEx
CallNextHookEx
SendMessageA
OpenClipboard
BlockInput
GetDC
ReleaseDC
GetCursorPos
SetRect
GetDesktopWindow
GetCursorInfo
ExitWindowsEx
IsWindowVisible
EnumWindows
GetWindowThreadProcessId
CloseClipboard
SetClipboardData
GetClipboardData
OpenDesktopA
CloseWindow
IsWindow
CreateWindowExA
PostMessageA
GetUserObjectInformationA
OpenInputDesktop
CloseDesktop
SetThreadDesktop
EmptyClipboard

gdi32

CreateCompatibleBitmap
CreateCompatibleDC
DeleteDC
CreateDIBSection
SelectObject
GetDIBits
DeleteObject
BitBlt

advapi32

RegSetValueExA
IsValidSid
LookupAccountNameA
LsaFreeMemory
LsaClose
LsaOpenPolicy
LsaRetrievePrivateData
LookupAccountSidA
GetTokenInformation
SetServiceStatus
RegisterServiceCtrlHandlerA
RegEnumValueA
RegEnumKeyExA
RegDeleteValueA
RegDeleteKeyA
RegCreateKeyExA
SetSecurityDescriptorDacl
InitializeSecurityDescriptor
AddAccessAllowedAce
InitializeAcl
GetLengthSid
FreeSid
AllocateAndInitializeSid
LookupPrivilegeValueA
AdjustTokenPrivileges
OpenProcessToken
OpenEventLogA
CloseEventLog
ClearEventLogA
QueryServiceStatus
OpenServiceA
OpenSCManagerA
DeleteService
ControlService
CloseServiceHandle
RegQueryValueExA
RegOpenKeyA
RegQueryValueA
RegOpenKeyExA
RegCloseKey

shell32

SHGetFileInfoA
SHGetSpecialFolderPathA

winmm

waveOutWrite
waveOutReset
waveInGetNumDevs
waveOutPrepareHeader
waveInClose
waveInPrepareHeader
waveInUnprepareHeader
waveInAddBuffer
waveInStart
waveOutUnprepareHeader
waveOutClose
waveOutOpen
waveOutGetNumDevs
waveInOpen
waveInStop
waveInReset

ws2_32

ntohs
recv
select
closesocket
htons
gethostname
send
setsockopt
socket
gethostbyname
WSAStartup
WSACleanup
WSAIoctl
getsockname
connect

imm32

ImmGetCompositionStringA
ImmReleaseContext
ImmGetContext

wininet

InternetCloseHandle
InternetOpenUrlA
InternetReadFile
InternetOpenA

avicap32

capCreateCaptureWindowA
capGetDriverDescriptionA

msvfw32

ICClose
ICSendMessage
ICSeqCompressFrameStart
ICSeqCompressFrameEnd
ICSeqCompressFrame
ICCompressorFree
ICOpen

psapi

GetModuleFileNameExA
EnumProcessModules

wtsapi32

WTSFreeMemory
WTSQuerySessionInformationA

Exports

Exports

ServiceMain

Sections

.text
Size: 137KB - Virtual size: 136KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 41KB - Virtual size: 40KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

7cb01374093d6adcb8714b75c7f24f02

Headers

DLL Characteristics

File Characteristics

Imports

shlwapi

kernel32

user32

gdi32

advapi32

shell32

winmm

ws2_32

imm32

wininet

avicap32

msvfw32

psapi

wtsapi32

Exports

Exports

Sections

.text Size: 137KB - Virtual size: 136KB

.rdata Size: 41KB - Virtual size: 40KB

.data Size: 8KB - Virtual size: 11KB

.rsrc Size: 2KB - Virtual size: 1KB

.reloc Size: 8KB - Virtual size: 7KB

.text
Size: 137KB - Virtual size: 136KB

.rdata
Size: 41KB - Virtual size: 40KB

.data
Size: 8KB - Virtual size: 11KB

.rsrc
Size: 2KB - Virtual size: 1KB

.reloc
Size: 8KB - Virtual size: 7KB