7428f88c9bd6eef03b040628bd60f4fdb3b4a5b575f7606579d3d74b11a71721

Sharing

Copy URL

Twitter E-mail

General

Target

7428f88c9bd6eef03b040628bd60f4fdb3b4a5b575f7606579d3d74b11a71721
Size

2.1MB
MD5

d2a861134af4bb919ba54088a7aebf58
SHA1

a7a2452233dd6230ec32237c72e8401dcfe7a1a4
SHA256

7428f88c9bd6eef03b040628bd60f4fdb3b4a5b575f7606579d3d74b11a71721
SHA512

d96c492f737663199afdbb0997b5fd06bcad69f0339675e8601d48688e21ab6c36cfaef34d83730178f28779875527e245aa0fabdbbf21e575728da6daaa6e53
SSDEEP

49152:+SAnmJAhUKeyXIJSIZo50B9Qje+Sj2n0s8CYyMZfiRvJLNiXicJFFRGNzj3:+HvhzpIJSIe50B9Qje+j/7wRGpj3

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
7428f88c9bd6eef03b040628bd60f4fdb3b4a5b575f7606579d3d74b11a71721

Files

7428f88c9bd6eef03b040628bd60f4fdb3b4a5b575f7606579d3d74b11a71721
.exe windows:6 windows x86

3d6700ee7e2f18a3410b0527b0678f5f

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_REMOVABLE_RUN_FROM_SWAP
IMAGE_FILE_NET_RUN_FROM_SWAP

Imports

secur32

LsaGetLogonSessionData
LsaFreeReturnBuffer
LsaEnumerateLogonSessions

kernel32

QueryDosDeviceW
ReadFile
GetFileSize
SetFilePointer
SetLastError
SetDllDirectoryW
DecodePointer
GetCurrentThreadId
SetErrorMode
InitializeCriticalSectionEx
RaiseException
IsProcessorFeaturePresent
CreateDirectoryW
GetCurrentProcessId
GetSystemDefaultLangID
GetUserDefaultLangID
GetCommandLineW
MoveFileW
SetCurrentDirectoryW
GetModuleFileNameW
lstrcmpW
lstrcpyW
GetLocaleInfoW
GetSystemDirectoryW
Process32NextW
Process32FirstW
CreateToolhelp32Snapshot
CopyFileW
FindNextFileW
FindFirstFileW
MoveFileExW
RemoveDirectoryW
SetFileAttributesW
CreateProcessW
FileTimeToSystemTime
FindClose
GetLocalTime
Sleep
GetTickCount
DeleteFileW
GetCurrentProcess
DuplicateHandle
SetPriorityClass
GetPriorityClass
GetModuleHandleW
LocalFree
GetShortPathNameW
GetTempPathW
lstrcmpiW
lstrlenW
WideCharToMultiByte
LeaveCriticalSection
EnterCriticalSection
DeleteCriticalSection
InitializeCriticalSection
ProcessIdToSessionId
FormatMessageW
LocalAlloc
ExpandEnvironmentStringsW
OpenProcess
GetExitCodeProcess
WaitForSingleObject
WTSGetActiveConsoleSessionId
CloseHandle
FindResourceExW
FindResourceW
LoadResource
LockResource
SizeofResource
MultiByteToWideChar
GetProcessHeap
HeapAlloc
WriteConsoleW
HeapFree
HeapReAlloc
HeapSize
HeapDestroy
GetLastError
CreateFileW
GetFileAttributesW
GetProcAddress
FreeLibrary
LoadLibraryExW
CancelWaitableTimer
GlobalFree
SetFilePointerEx
GetConsoleMode
GetConsoleCP
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineA
GetOEMCP
GetACP
GetSystemInfo
VirtualProtect
VirtualQuery
LoadLibraryExA
GetFileAttributesExW
SetFileTime
VirtualFree
VirtualAlloc
GetProcessAffinityMask
GlobalMemoryStatus
ReleaseSemaphore
CreateEventW
SetEvent
ResetEvent
CreateSemaphoreW
WaitForMultipleObjects
QueryPerformanceCounter
FindFirstFileExW
GetStringTypeW
InitializeCriticalSectionAndSpinCount
SwitchToThread
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
GetSystemTimeAsFileTime
EncodePointer
LCMapStringW
GetCPInfo
IsDebuggerPresent
OutputDebugStringW
VerSetConditionMask
VerifyVersionInfoW
GetCurrentThread
GetProcessTimes
GetLongPathNameW
WriteFile
FlushFileBuffers
SetEndOfFile
LoadLibraryW
CreateThread
ResumeThread
TerminateThread
ExitThread
WaitForMultipleObjectsEx
ReadProcessMemory
lstrlenA
GetSystemDefaultUILanguage
GetUserDefaultUILanguage
TerminateProcess
GetThreadContext
SetUnhandledExceptionFilter
GetSystemTime
lstrcmpA
UnhandledExceptionFilter
GetStartupInfoW
InitializeSListHead
RtlUnwind
GetFileType
FreeLibraryAndExitThread
GetModuleHandleExW
ExitProcess
GetStdHandle
IsValidLocale
GetUserDefaultLCID
EnumSystemLocalesW
SetStdHandle
IsValidCodePage

advapi32

OpenProcessToken
CreateProcessAsUserW
DuplicateTokenEx
SetTokenInformation
GetTokenInformation
EqualSid
TraceMessage
AllocateAndInitializeSid
FreeSid
GetNamedSecurityInfoW
ConvertStringSidToSidW
SetEntriesInAclW
SetNamedSecurityInfoW
GetSidLengthRequired
InitializeSid
GetSidSubAuthority
OpenThreadToken
RegQueryValueExW
RegEnumValueW
SetSecurityDescriptorDacl
MakeAbsoluteSD
InitializeSecurityDescriptor
QueryServiceStatusEx
LookupPrivilegeNameW
ConvertSidToStringSidW
CopySid
GetLengthSid
IsValidSid
InitializeAcl
AddAce
GetAclInformation
GetAce
ConvertStringSecurityDescriptorToSecurityDescriptorW
GetSecurityDescriptorOwner
CryptReleaseContext
CryptDecrypt
CryptAcquireContextW
CryptDestroyKey
CryptSetKeyParam
CryptImportKey
MapGenericMask
SetSecurityInfo
GetSecurityInfo
DuplicateToken
CheckTokenMembership
AdjustTokenPrivileges
LookupPrivilegeValueW
RegDeleteValueW
RegCreateKeyExW
RegSetValueExW
RegOpenKeyExW
RegEnumKeyExW
RegQueryInfoKeyW
RegCloseKey
RegDeleteKeyW
StartServiceW
RegGetValueW
ConvertSecurityDescriptorToStringSecurityDescriptorW
QueryServiceStatus
OpenServiceW
OpenSCManagerW
CloseServiceHandle
GetSecurityDescriptorControl
GetSecurityDescriptorLength
MakeSelfRelativeSD
GetSecurityDescriptorSacl
GetSecurityDescriptorDacl
GetSecurityDescriptorGroup
LsaNtStatusToWinError

ole32

CoCreateInstance
PropVariantClear
CoInitializeEx
CoUninitialize
CoInitializeSecurity
StringFromIID
CoTaskMemAlloc
CoTaskMemRealloc
CoTaskMemFree
StringFromGUID2
CoCreateGuid
CLSIDFromString

oleaut32

SafeArrayCreate
SafeArrayUnlock
SysStringByteLen
SysAllocStringByteLen
VariantCopyInd
VariantInit
VariantClear
SysAllocStringLen
SafeArrayPtrOfIndex
SafeArrayLock
SafeArrayCreateVector
SafeArrayUnaccessData
SafeArrayAccessData
VarUI4FromStr

shlwapi

PathRemoveFileSpecW
UrlCanonicalizeW
PathIsDirectoryW
PathFindFileNameW
PathIsUNCServerW
PathAppendW
PathAddBackslashW
PathQuoteSpacesW
SHDeleteKeyW
PathIsUNCW
PathSkipRootW
PathFileExistsW

comctl32

InitCommonControlsEx

psapi

GetModuleFileNameExW

crypt32

CryptHashCertificate
CertCompareIntegerBlob
CertFreeCertificateChain
CertGetCertificateChain
CryptMsgGetParam
CertFindCertificateInStore
CertCloseStore
CryptMsgClose
CertGetEnhancedKeyUsage
CertNameToStrW
CryptQueryObject
CertGetNameStringW
CertFreeCertificateContext

wintrust

CryptCATAdminReleaseContext
CryptCATAdminCalcHashFromFileHandle
CryptCATAdminEnumCatalogFromHash
CryptCATAdminAcquireContext
CryptCATAdminReleaseCatalogContext
CryptCATCatalogInfoFromContext
WintrustGetRegPolicyFlags
WinVerifyTrust

Sections

.text
Size: 919KB - Virtual size: 919KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 326KB - Virtual size: 326KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 7KB - Virtual size: 27KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 255KB - Virtual size: 255KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 628KB - Virtual size: 632KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

3d6700ee7e2f18a3410b0527b0678f5f

Headers

DLL Characteristics

File Characteristics

Imports

secur32

kernel32

advapi32

ole32

oleaut32

shlwapi

comctl32

psapi

crypt32

wintrust

Sections

.text Size: 919KB - Virtual size: 919KB

.rdata Size: 326KB - Virtual size: 326KB

.data Size: 7KB - Virtual size: 27KB

.rsrc Size: 255KB - Virtual size: 255KB

.reloc Size: 628KB - Virtual size: 632KB

.text
Size: 919KB - Virtual size: 919KB

.rdata
Size: 326KB - Virtual size: 326KB

.data
Size: 7KB - Virtual size: 27KB

.rsrc
Size: 255KB - Virtual size: 255KB

.reloc
Size: 628KB - Virtual size: 632KB