a9ae78d55fef870bfc92194f5116d9fdbe527695854c4e2195e664629e2a4c4e

Sharing

Copy URL Twitter E-mail

General

Target

a9ae78d55fef870bfc92194f5116d9fdbe527695854c4e2195e664629e2a4c4e
Size

13.3MB
MD5

ca6f0aa9d735a90b7124162a9b1a0d3b
SHA1

e361ab49dc0613abdd6f7fe07f829fefa218e75a
SHA256

a9ae78d55fef870bfc92194f5116d9fdbe527695854c4e2195e664629e2a4c4e
SHA512

2c59d0d028bd17171332a9fccbaf6e3a4a87805a5e866017eef025599b4d1528c1bf4a6c1e3df45e86408adee91afe0afb797295006a0b3fcb2345d70cb8d75a
SSDEEP

196608:tF3ZKU7+47eSpQVOB3yYWip5hOwo5qw4ijr53Ze+7dym8p4W:t+U7+47eSp1yk5h1o315bdymc4W

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
a9ae78d55fef870bfc92194f5116d9fdbe527695854c4e2195e664629e2a4c4e

Files

a9ae78d55fef870bfc92194f5116d9fdbe527695854c4e2195e664629e2a4c4e
.exe windows:6 windows x64

54610787e22ce1e9fc83fb220f34a7e5

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

kernel32

QueueUserAPC
CancelIo
SetDllDirectoryW
LoadLibraryA
SetDefaultDllDirectories
FreeLibrary
GetCurrentThreadId
GetCurrentProcessId
GetCurrentProcess
SetUnhandledExceptionFilter
CreateFileW
CreateDirectoryW
lstrlenW
UnregisterWaitEx
RegisterWaitForSingleObject
LocalAlloc
LoadLibraryW
GetProductInfo
ProcessIdToSessionId
GetUserDefaultUILanguage
GetLocaleInfoW
GlobalFree
GlobalLock
GlobalAlloc
FindResourceW
SizeofResource
DeleteCriticalSection
ReadDirectoryChangesW
LockResource
LoadResource
SetLastError
RaiseException
InitializeCriticalSectionEx
LeaveCriticalSection
EnterCriticalSection
WriteConsoleW
GetCommandLineW
GetCommandLineA
FindNextFileA
FindFirstFileExA
GetOEMCP
IsValidCodePage
SetEnvironmentVariableA
GetTimeZoneInformation
GetCurrentDirectoryW
SetCurrentDirectoryW
SetStdHandle
EnumSystemLocalesW
IsValidLocale
CompareStringW
GetTimeFormatW
GetDateFormatW
GetConsoleCP
GetACP
GetModuleFileNameA
ExitProcess
SetConsoleCtrlHandler
SetFilePointerEx
GetModuleHandleExW
FreeLibraryAndExitThread
ExitThread
GetDriveTypeW
RtlUnwind
InterlockedFlushSList
RtlUnwindEx
RtlPcToFileHeader
GetStartupInfoW
IsProcessorFeaturePresent
UnhandledExceptionFilter
RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext
CreateWaitableTimerA
GetLogicalProcessorInformation
ResumeThread
SetWaitableTimer
OpenEventA
WaitForMultipleObjectsEx
GetLastError
CreateSymbolicLinkW
GetFileInformationByHandleEx
CreateSemaphoreA
SetThreadpoolWait
CreateThreadpoolWait
CloseThreadpoolTimer
WaitForThreadpoolTimerCallbacks
SetThreadpoolTimer
CreateThreadpoolTimer
CloseThreadpoolWork
SubmitThreadpoolWork
CreateThreadpoolWork
DecodePointer
Process32NextW
Process32FirstW
CreateToolhelp32Snapshot
GetSystemPowerStatus
GetProcAddress
FreeLibraryWhenCallbackReturns
GetCurrentProcessorNumber
FlushProcessWriteBuffers
CreateSemaphoreExW
CreateEventExW
SleepConditionVariableSRW
SleepConditionVariableCS
WakeAllConditionVariable
WakeConditionVariable
InitializeConditionVariable
InitOnceExecuteOnce
FlsFree
FlsSetValue
FlsGetValue
FlsAlloc
SetFileInformationByHandle
GetCPInfo
CompareStringEx
LCMapStringEx
TryAcquireSRWLockExclusive
InitializeSRWLock
GetStringTypeW
VirtualFree
VirtualAlloc
FlushInstructionCache
GetModuleHandleW
GetTickCount64
FindNextFileW
FindFirstFileW
InterlockedPushEntrySList
InterlockedPopEntrySList
InitializeSListHead
EncodePointer
IsDebuggerPresent
GetFileTime
CreateDirectoryA
EnumResourceNamesW
LoadLibraryExW
CreateMutexA
ReleaseMutex
GetConsoleDisplayMode
AttachConsole
FreeConsole
MulDiv
GlobalUnlock
GlobalSize
GlobalReAlloc
FindResourceExW
GetUserGeoID
GetPackageInfo
ClosePackageInfo
OpenPackageInfoByFullName
GetPackagesByPackageFamily
PackageIdFromFullName
GetCurrentPackageFullName
SetThreadLocale
GetThreadLocale
FreeResource
GetFileSizeEx
GetComputerNameW
GetSystemDirectoryW
GetVolumeInformationW
QueryFullProcessImageNameW
SetEnvironmentVariableW
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCurrentPackageFamilyName
GetModuleFileNameW
GetVersionExW
SystemTimeToTzSpecificLocalTime
MoveFileExW
CopyFileW
IsWow64Process
GetTempFileNameW
WaitForSingleObjectEx
GetLongPathNameW
GetFileInformationByHandle
GetDiskFreeSpaceExW
FindFirstFileExW
ExpandEnvironmentStringsW
ExpandEnvironmentStringsA
OpenProcess
GetExitCodeProcess
OpenEventW
TerminateProcess
FileTimeToSystemTime
GetExitCodeThread
DuplicateHandle
WaitForMultipleObjects
OOBEComplete
GetUserDefaultLCID
LCMapStringW
CloseThreadpoolWait
GetStringTypeExW
FindClose
CompareFileTime
WideCharToMultiByte
CreateHardLinkW
FormatMessageW
FormatMessageA
LocalFree
Sleep
CreateEventW
CreateEventA
WaitForSingleObject
ResetEvent
SetEvent
GetProcessHeap
HeapSize
HeapFree
GetThreadPriority
SetThreadPriority
GetCurrentThread
CreateThread
TerminateThread
GetLocaleInfoEx
GetSystemDefaultUILanguage
LoadLibraryExA
VirtualQuery
VirtualProtect
ConvertThreadToFiber
ConvertFiberToThread
CreateFiber
DeleteFiber
SwitchToFiber
VerifyVersionInfoW
MoveFileExA
HeapReAlloc
HeapAlloc
HeapDestroy
ReleaseSemaphore
CloseHandle

shlwapi

UrlEscapeW
ord437
PathFindFileNameW
StrChrIW
StrRetToBufW
ord487
ord176
SHRegDuplicateHKey
PathGetArgsW
AssocQueryStringW
PathFileExistsW

gdiplus

GdipFillPath
GdipDrawImage
GdipFillRectangle
GdipGraphicsClear
GdipDrawRectangle
GdipSetCompositingMode
GdipDeleteGraphics
GdipCreateFromHWNDICM
GdipCreateFromHWND
GdipDrawImageRectRect
GdipDrawImageRectRectI
GdipSetClipRectI
GdipGetGenericFontFamilySansSerif
GdipCreateFontFamilyFromName
GdipDeleteFontFamily
GdipFlush
GdipGetImageGraphicsContext
GdipGetImageEncoders
GdipDrawLines
GdipSetCompositingQuality
GdipDrawLine
GdipGetImageEncodersSize
GdipSetInterpolationMode
GdipBitmapSetPixel
GdipSetImageAttributesColorMatrix
GdipDisposeImageAttributes
GdipFillEllipse
GdipSetPixelOffsetMode
GdipBitmapGetPixel
GdipCreateImageAttributes
GdipDeletePen
GdipCreatePen1
GdipCreateSolidFill
GdipDeleteBrush
GdipCloneBrush
GdipAddPathLine
GdipClosePathFigures
GdipDeletePath
GdipCreatePath
GdiplusStartup
GdipCreateBitmapFromScan0
GdipSaveImageToFile
GdipDisposeImage
GdipCloneImage
GdipFree
GdipAlloc
GdipBitmapUnlockBits
GdipBitmapLockBits
GdipCreateBitmapFromHICON
GdipCreateBitmapFromHBITMAP
GdipGetImagePixelFormat
GdipGetImageHeight
GdipSetSmoothingMode
GdipGetImageWidth
GdipSetStringFormatTrimming
GdipSetImageAttributesWrapMode
GdipSetStringFormatFlags
GdipDeleteStringFormat
GdipCreateStringFormat
GdipMeasureString
GdipDrawString
GdipDeleteFont
GdipCreateFont
GdiplusShutdown
GdipCreateFromHDC
GdipSetTextRenderingHint

ws2_32

inet_pton
getnameinfo
gethostbyname
WSACreateEvent
WSASetLastError
ntohs
WSAGetLastError
closesocket
gethostname
ioctlsocket
WSAEnumNetworkEvents
getpeername
WSAWaitForMultipleEvents
sendto
recvfrom
WSASetEvent
send
WSAEventSelect
WSAStartup
WSACleanup
WSAResetEvent
WSACloseEvent
freeaddrinfo
getaddrinfo
recv
listen
htonl
getsockname
connect
bind
accept
getsockopt
select
__WSAFDIsSet
socket
htons
WSAIoctl
setsockopt

wldap32

ord32
ord217
ord46
ord211
ord60
ord45
ord50
ord41
ord22
ord26
ord27
ord301
ord143
ord200
ord30
ord33
ord35
ord79

normaliz

IdnToAscii

dbghelp

MiniDumpWriteDump

iphlpapi

GetAdaptersInfo

netapi32

NetApiBufferFree
NetGetJoinInformation

api-ms-win-core-registry-l1-1-0

RegFlushKey
RegDeleteTreeW
RegEnumKeyExW
RegQueryInfoKeyW
RegDeleteValueW
RegSetValueExW
RegEnumValueW
RegCopyTreeW
RegCloseKey
RegCreateKeyExW
RegOpenKeyExW
RegQueryValueExW
RegNotifyChangeKeyValue

api-ms-win-core-com-l1-1-1

CoUninitialize
CoCreateGuid
StringFromGUID2
CoInitializeEx
CoTaskMemAlloc
CoTaskMemFree
CoSetProxyBlanket
PropVariantClear
CoCreateInstance
CoInitializeSecurity

oleaut32

SysAllocStringLen
VariantCopy
SysAllocString
SetErrorInfo
CreateErrorInfo
SysFreeString
VariantInit
VariantClear
VariantChangeType
GetErrorInfo
SysStringLen

api-ms-win-core-libraryloader-l1-2-0

LoadStringW
GetModuleHandleA

api-ms-win-core-synch-l1-2-0

InitializeCriticalSectionAndSpinCount
InitializeCriticalSection
SleepEx
AcquireSRWLockExclusive
ReleaseSRWLockExclusive
TryEnterCriticalSection
CreateMutexW

api-ms-win-core-profile-l1-1-0

QueryPerformanceFrequency
QueryPerformanceCounter

api-ms-win-core-sysinfo-l1-2-1

VerSetConditionMask
GetSystemTime
GetSystemInfo
GetSystemTimeAsFileTime
GetSystemDirectoryA
GetTickCount

api-ms-win-core-string-l1-1-0

MultiByteToWideChar

bcrypt

BCryptGenRandom

crypt32

CertGetEnhancedKeyUsage
CertGetIntendedKeyUsage
CertEnumCertificatesInStore
CertOpenSystemStoreA
CryptMsgGetParam
CertCloseStore
CertOpenStore
CertDuplicateCertificateContext
CertGetCertificateContextProperty
CertFreeCertificateContext
CryptQueryObject
CryptVerifyMessageSignature
CertGetNameStringW
CertFindCertificateInStore
CryptMsgClose

api-ms-win-core-processenvironment-l1-2-0

GetEnvironmentVariableA
GetEnvironmentVariableW
GetStdHandle

api-ms-win-core-file-l1-2-1

GetFileAttributesExW
WriteFile
GetDiskFreeSpaceW
FlushFileBuffers
UnlockFile
CreateFileA
GetFileAttributesA
GetDiskFreeSpaceA
DeleteFileA
GetFullPathNameW
LockFileEx
GetFileSize
GetFileType
ReadFile
DeleteFileW
GetFileAttributesW
LockFile
GetTempPathW
UnlockFileEx
SetEndOfFile
GetFullPathNameA
SetFilePointer

api-ms-win-core-namedpipe-l1-2-0

PeekNamedPipe

api-ms-win-core-console-l1-1-0

ReadConsoleW
ReadConsoleA
SetConsoleMode
GetConsoleMode

api-ms-win-core-processthreads-l1-1-2

TlsGetValue
OpenProcessToken
TlsSetValue
OpenThreadToken
TlsAlloc
TlsFree

api-ms-win-core-timezone-l1-1-0

SystemTimeToFileTime

api-ms-win-core-memory-l1-1-2

MapViewOfFile
FlushViewOfFile
CreateFileMappingW
UnmapViewOfFile

api-ms-win-core-heap-l1-2-0

HeapCreate
HeapCompact
HeapValidate

api-ms-win-core-debug-l1-1-1

OutputDebugStringW
OutputDebugStringA

api-ms-win-core-file-l1-2-2

AreFileApisANSI
GetTempPathA

propsys

VariantCompare

gdi32

SelectObject
DeleteObject
CreateCompatibleDC
DeleteDC
CreateDIBSection
GetObjectW
TextOutW
CreateBitmap
GetDIBits
CreateFontIndirectW
CreateSolidBrush
GetDeviceCaps
GetStockObject
AddFontMemResourceEx
SetBkColor
SetBkMode
SetMapMode
SetTextColor
GetTextMetricsW
CreateCompatibleBitmap
CreateFontW
GetTextExtentPoint32W
LPtoDP

advapi32

RegEnumKeyW
SetNamedSecurityInfoW
GetNamedSecurityInfoW
SetEntriesInAclW
SetSecurityInfo
CryptEnumProvidersW
CryptSignHashW
CryptDestroyHash
CryptCreateHash
CryptDecrypt
CryptExportKey
CryptGetUserKey
CryptGetProvParam
CryptSetHashParam
CryptDestroyKey
CryptReleaseContext
CryptAcquireContextW
ReportEventW
RegisterEventSourceW
DeregisterEventSource
GetSecurityInfo
GetUserNameW
RegOpenKeyW
RegDeleteKeyW

shell32

CommandLineToArgvW
ShellExecuteW
SHGetPropertyStoreForWindow
SHFileOperationW
SHEvaluateSystemCommandTemplate
SHQueryUserNotificationState
ShellExecuteExW
SHGetSettings
SHGetDesktopFolder
SHGetKnownFolderPath
SHGetFolderPathW
SHCreateDirectoryExW
SHGetMalloc
SHGetFileInfoW

msi

ord173
ord217

rpcrt4

UuidToStringW
UuidCreateSequential
RpcStringFreeW

wininet

InternetQueryOptionW
DeleteUrlCacheEntryW

winhttp

WinHttpCloseHandle
WinHttpOpen
WinHttpGetProxyForUrl

wintrust

WTHelperGetProvSignerFromChain
WTHelperGetProvCertFromChain
WTHelperProvDataFromStateData
WinVerifyTrust

userenv

GetUserProfileDirectoryW
ExpandEnvironmentStringsForUserW

comctl32

ord413
ord410

wtsapi32

WTSQueryUserToken
WTSEnumerateSessionsW
WTSFreeMemory

secur32

GetUserNameExW

api-ms-win-security-sddl-l1-1-0

ConvertStringSidToSidW
ConvertStringSecurityDescriptorToSecurityDescriptorW
ConvertSidToStringSidW

api-ms-win-security-base-l1-2-0

AllocateAndInitializeSid
FreeSid
IsValidSid
EqualSid
InitializeAcl
GetSecurityDescriptorSacl
GetLengthSid
GetAclInformation
GetAce
DuplicateTokenEx
AddAce
AddAccessAllowedAceEx
GetTokenInformation
GetSidSubAuthority

api-ms-win-security-lsalookup-l2-1-1

LookupAccountNameW

api-ms-win-core-version-l1-1-0

VerQueryValueW

comdlg32

GetSaveFileNameW

ole32

CoInitialize

Sections

.text
Size: 7.7MB - Virtual size: 7.7MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1.8MB - Virtual size: 1.8MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 134KB - Virtual size: 185KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 380KB - Virtual size: 380KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

_RDATA
Size: 512B - Virtual size: 348B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 2.7MB - Virtual size: 2.7MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 604KB - Virtual size: 608KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

54610787e22ce1e9fc83fb220f34a7e5

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

shlwapi

gdiplus

ws2_32

wldap32

normaliz

dbghelp

iphlpapi

netapi32

api-ms-win-core-registry-l1-1-0

api-ms-win-core-com-l1-1-1

oleaut32

api-ms-win-core-libraryloader-l1-2-0

api-ms-win-core-synch-l1-2-0

api-ms-win-core-profile-l1-1-0

api-ms-win-core-sysinfo-l1-2-1

api-ms-win-core-string-l1-1-0

bcrypt

crypt32

api-ms-win-core-processenvironment-l1-2-0

api-ms-win-core-file-l1-2-1

api-ms-win-core-namedpipe-l1-2-0

api-ms-win-core-console-l1-1-0

api-ms-win-core-processthreads-l1-1-2

api-ms-win-core-timezone-l1-1-0

api-ms-win-core-memory-l1-1-2

api-ms-win-core-heap-l1-2-0

api-ms-win-core-debug-l1-1-1

api-ms-win-core-file-l1-2-2

propsys

gdi32

advapi32

shell32

msi

rpcrt4

wininet

winhttp

wintrust

userenv

comctl32

wtsapi32

secur32

api-ms-win-security-sddl-l1-1-0

api-ms-win-security-base-l1-2-0

api-ms-win-security-lsalookup-l2-1-1

api-ms-win-core-version-l1-1-0

comdlg32

ole32

Sections

.text Size: 7.7MB - Virtual size: 7.7MB

.rdata Size: 1.8MB - Virtual size: 1.8MB

.data Size: 134KB - Virtual size: 185KB

.pdata Size: 380KB - Virtual size: 380KB

_RDATA Size: 512B - Virtual size: 348B

.rsrc Size: 2.7MB - Virtual size: 2.7MB

.reloc Size: 604KB - Virtual size: 608KB

.text
Size: 7.7MB - Virtual size: 7.7MB

.rdata
Size: 1.8MB - Virtual size: 1.8MB

.data
Size: 134KB - Virtual size: 185KB

.pdata
Size: 380KB - Virtual size: 380KB

_RDATA
Size: 512B - Virtual size: 348B

.rsrc
Size: 2.7MB - Virtual size: 2.7MB

.reloc
Size: 604KB - Virtual size: 608KB