aba864de4992e7d2a3a06d560915b8a1d6b9edf810986d61aa4f72fd93967d2d

Sharing

Copy URL Twitter E-mail

General

Target

aba864de4992e7d2a3a06d560915b8a1d6b9edf810986d61aa4f72fd93967d2d
Size

939KB
MD5

cdd718912c34665f9e5b45d524118aa8
SHA1

41dc909b1483db566f826553bec2a97a32a78974
SHA256

aba864de4992e7d2a3a06d560915b8a1d6b9edf810986d61aa4f72fd93967d2d
SHA512

c2ecc4e8a0889ad19aa8f4366f5baf788dd5139a94aea828c7b5cb5e1a12c2884d016b49771ceb9f83785f21a84c396fd82d8467b538f38fdb24e16771909af5
SSDEEP

12288:yMtHx9ZiKLgRNNqBU/hqogygIbRPbtBoMoGEq7CJf:PHkKQNqByrgVURPXBoUof

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
aba864de4992e7d2a3a06d560915b8a1d6b9edf810986d61aa4f72fd93967d2d

Files

aba864de4992e7d2a3a06d560915b8a1d6b9edf810986d61aa4f72fd93967d2d
.exe windows:5 windows x64

b0400a77ed0c75438edeacdf881b2a16

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

kernel32

GetModuleHandleW
FreeLibrary
WideCharToMultiByte
lstrcmpiW
GlobalUnlock
LoadLibraryExW
CreateFileW
WriteConsoleW
SetFilePointerEx
SetStdHandle
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetOEMCP
IsValidCodePage
FindNextFileW
FindFirstFileExW
FindClose
GetConsoleMode
GetConsoleCP
FlushFileBuffers
EnumSystemLocalesW
GetUserDefaultLCID
IsValidLocale
GetFileType
GetACP
GetProcessHeap
GetStdHandle
ExitProcess
GetModuleHandleExW
ExitThread
RtlUnwindEx
RtlPcToFileHeader
GetCurrentProcessId
GetStartupInfoW
IsProcessorFeaturePresent
TerminateProcess
SetUnhandledExceptionFilter
UnhandledExceptionFilter
RtlVirtualUnwind
DeleteCriticalSection
GlobalLock
GetProcAddress
HeapDestroy
DecodePointer
GetLocalTime
HeapAlloc
FindResourceW
LoadResource
FindResourceExW
RaiseException
GetNativeSystemInfo
CloseHandle
HeapReAlloc
Process32FirstW
GlobalAlloc
LockResource
OutputDebugStringW
Process32NextW
GetLastError
Sleep
MultiByteToWideChar
CreateToolhelp32Snapshot
GetCommandLineA
HeapSize
OpenProcess
ResumeThread
GetCurrentThreadId
LeaveCriticalSection
InitializeCriticalSectionAndSpinCount
CreateJobObjectW
GetModuleFileNameW
AssignProcessToJobObject
GetCurrentProcess
GetCommandLineW
EnterCriticalSection
SetLastError
HeapFree
SetInformationJobObject
RtlLookupFunctionEntry
RtlCaptureContext
ResetEvent
LoadLibraryW
UnregisterWaitEx
QueryDepthSList
InterlockedFlushSList
ReleaseSemaphore
VirtualProtect
GetVersionExW
UnregisterWait
RegisterWaitForSingleObject
SetThreadAffinityMask
GetProcessAffinityMask
GetNumaHighestNodeNumber
DeleteTimerQueueTimer
ChangeTimerQueueTimer
CreateTimerQueueTimer
WriteFile
SizeofResource
GetLogicalProcessorInformation
GetThreadPriority
SetThreadPriority
TryEnterCriticalSection
DuplicateHandle
WaitForSingleObjectEx
GetCurrentThread
GetExitCodeThread
QueryPerformanceCounter
CreateEventW
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
GetSystemTimeAsFileTime
GetTickCount
EncodePointer
LCMapStringW
GetLocaleInfoW
GetStringTypeW
GetCPInfo
InitializeSListHead
InterlockedPopEntrySList
InterlockedPushEntrySList
FlushInstructionCache
VirtualAlloc
VirtualFree
LoadLibraryExA
IsDebuggerPresent
CreateTimerQueue
GetThreadTimes
FreeLibraryAndExitThread
GetModuleHandleA
SetEvent
SignalObjectAndWait
SwitchToThread
CreateThread

user32

PostThreadMessageW
IsClipboardFormatAvailable
AddClipboardFormatListener
PostQuitMessage
GetClientRect
SetWindowLongW
SetClipboardData
GetClassInfoExW
MapWindowPoints
GetParent
MoveWindow
GetDlgItem
MonitorFromWindow
LoadCursorW
RemoveClipboardFormatListener
FindWindowW
GetClipboardData
TranslateMessage
GetWindowLongW
GetMessageW
RegisterClipboardFormatW
DefWindowProcW
CallWindowProcW
GetWindow
GetWindowRect
DestroyWindow
SetWindowPos
EmptyClipboard
SetWindowLongPtrW
CreateWindowExW
SendMessageW
UnregisterClassW
GetWindowLongPtrW
RegisterClassExW
LoadStringW
wsprintfA
ShowWindow
OpenClipboard
DispatchMessageW
GetMonitorInfoW
CloseClipboard
CharNextW

gdi32

GetStockObject

advapi32

RegEnumKeyExW
LookupPrivilegeValueW
DeregisterEventSource
GetSecurityDescriptorSacl
SetSecurityDescriptorDacl
AdjustTokenPrivileges
RevertToSelf
CreateServiceW
RegCloseKey
RegQueryInfoKeyW
CloseServiceHandle
RegQueryValueExA
OpenSCManagerW
RegDeleteKeyW
SetServiceStatus
ChangeServiceConfig2W
RegDisablePredefinedCache
RegCreateKeyExW
RegisterServiceCtrlHandlerW
ReportEventW
ImpersonateLoggedOnUser
SetSecurityDescriptorSacl
RegSetValueExW
OpenProcessToken
StartServiceW
InitializeSecurityDescriptor
RegOpenKeyExA
RegOpenKeyExW
CreateProcessAsUserW
StartServiceCtrlDispatcherW
RegDeleteValueW
OpenServiceW
ConvertStringSecurityDescriptorToSecurityDescriptorW
DuplicateTokenEx
RegisterEventSourceW
GetTokenInformation

ole32

CoTaskMemRealloc
OleInitialize
CoTaskMemFree
CoTaskMemAlloc
CoCreateInstance

oleaut32

VarUI4FromStr

shlwapi

StrStrIW
StrStrA

wininet

InternetCreateUrlA
InternetReadFile
InternetConnectA
HttpSendRequestA
InternetCloseHandle
HttpQueryInfoA
HttpOpenRequestA
InternetCrackUrlA
InternetOpenA

iphlpapi

GetAdaptersInfo

userenv

CreateEnvironmentBlock
DestroyEnvironmentBlock

Sections

.text
Size: 615KB - Virtual size: 615KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 195KB - Virtual size: 195KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 14KB - Virtual size: 22KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 45KB - Virtual size: 45KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.gfids
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.tls
Size: 512B - Virtual size: 9B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 58KB - Virtual size: 57KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

b0400a77ed0c75438edeacdf881b2a16

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

gdi32

advapi32

ole32

oleaut32

shlwapi

wininet

iphlpapi

userenv

Sections

.text Size: 615KB - Virtual size: 615KB

.rdata Size: 195KB - Virtual size: 195KB

.data Size: 14KB - Virtual size: 22KB

.pdata Size: 45KB - Virtual size: 45KB

.gfids Size: 3KB - Virtual size: 2KB

.tls Size: 512B - Virtual size: 9B

.rsrc Size: 58KB - Virtual size: 57KB

.reloc Size: 5KB - Virtual size: 5KB

.text
Size: 615KB - Virtual size: 615KB

.rdata
Size: 195KB - Virtual size: 195KB

.data
Size: 14KB - Virtual size: 22KB

.pdata
Size: 45KB - Virtual size: 45KB

.gfids
Size: 3KB - Virtual size: 2KB

.tls
Size: 512B - Virtual size: 9B

.rsrc
Size: 58KB - Virtual size: 57KB

.reloc
Size: 5KB - Virtual size: 5KB