8177542b521003912635fb696c69e838680aa762843867343d3aa94ff2fcb7ec

Sharing

Copy URL Twitter E-mail

General

Target

8177542b521003912635fb696c69e838680aa762843867343d3aa94ff2fcb7ec
Size

2.0MB
MD5

c5714b1af88bdb5049ea808ca8e81004
SHA1

1bed5570735e616658a8816f67b012edf1fc51f8
SHA256

8177542b521003912635fb696c69e838680aa762843867343d3aa94ff2fcb7ec
SHA512

359712a3d124af3f1b26100dc54321f1364a736797af0c8875f076d0d35907345fa0acfd5ee97a28130a0f6c1aa197902336856e4aa528f2312d7875e00d7663
SSDEEP

49152:IGWwjJIK/04O04n2bOlmhDGrnTuCfyuFK30CZ3NIjtaB0Dc+FF9:m0/Pv4n2bOlmhDG+uFqNARVF3

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
8177542b521003912635fb696c69e838680aa762843867343d3aa94ff2fcb7ec

Files

8177542b521003912635fb696c69e838680aa762843867343d3aa94ff2fcb7ec
.exe windows:6 windows x86

3d6700ee7e2f18a3410b0527b0678f5f

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_REMOVABLE_RUN_FROM_SWAP
IMAGE_FILE_NET_RUN_FROM_SWAP

Imports

secur32

LsaGetLogonSessionData
LsaFreeReturnBuffer
LsaEnumerateLogonSessions

kernel32

QueryDosDeviceW
ReadFile
GetFileSize
SetFilePointer
SetLastError
SetDllDirectoryW
DecodePointer
GetCurrentThreadId
SetErrorMode
InitializeCriticalSectionEx
RaiseException
IsProcessorFeaturePresent
CreateDirectoryW
GetCurrentProcessId
GetSystemDefaultLangID
GetUserDefaultLangID
GetCommandLineW
MoveFileW
SetCurrentDirectoryW
GetModuleFileNameW
lstrcmpW
lstrcpyW
GetLocaleInfoW
GetSystemDirectoryW
Process32NextW
Process32FirstW
CreateToolhelp32Snapshot
CopyFileW
FindNextFileW
FindFirstFileW
MoveFileExW
RemoveDirectoryW
SetFileAttributesW
CreateProcessW
FileTimeToSystemTime
FindClose
GetLocalTime
Sleep
GetTickCount
DeleteFileW
GetCurrentProcess
DuplicateHandle
SetPriorityClass
GetPriorityClass
GetModuleHandleW
LocalFree
GetShortPathNameW
GetTempPathW
lstrcmpiW
lstrlenW
WideCharToMultiByte
LeaveCriticalSection
EnterCriticalSection
DeleteCriticalSection
InitializeCriticalSection
ProcessIdToSessionId
FormatMessageW
LocalAlloc
ExpandEnvironmentStringsW
OpenProcess
GetExitCodeProcess
WaitForSingleObject
WTSGetActiveConsoleSessionId
CloseHandle
FindResourceExW
FindResourceW
LoadResource
LockResource
SizeofResource
MultiByteToWideChar
GetProcessHeap
HeapAlloc
WriteConsoleW
HeapFree
HeapReAlloc
HeapSize
HeapDestroy
GetLastError
CreateFileW
GetFileAttributesW
GetProcAddress
FreeLibrary
LoadLibraryExW
CancelWaitableTimer
GlobalFree
SetFilePointerEx
GetConsoleMode
GetConsoleCP
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineA
GetOEMCP
GetACP
GetSystemInfo
VirtualProtect
VirtualQuery
LoadLibraryExA
GetFileAttributesExW
SetFileTime
VirtualFree
VirtualAlloc
GetProcessAffinityMask
GlobalMemoryStatus
ReleaseSemaphore
CreateEventW
SetEvent
ResetEvent
CreateSemaphoreW
WaitForMultipleObjects
QueryPerformanceCounter
FindFirstFileExW
GetStringTypeW
InitializeCriticalSectionAndSpinCount
SwitchToThread
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
GetSystemTimeAsFileTime
EncodePointer
LCMapStringW
GetCPInfo
IsDebuggerPresent
OutputDebugStringW
VerSetConditionMask
VerifyVersionInfoW
GetCurrentThread
GetProcessTimes
GetLongPathNameW
WriteFile
FlushFileBuffers
SetEndOfFile
LoadLibraryW
CreateThread
ResumeThread
TerminateThread
ExitThread
WaitForMultipleObjectsEx
ReadProcessMemory
lstrlenA
GetSystemDefaultUILanguage
GetUserDefaultUILanguage
TerminateProcess
GetThreadContext
SetUnhandledExceptionFilter
GetSystemTime
lstrcmpA
UnhandledExceptionFilter
GetStartupInfoW
InitializeSListHead
RtlUnwind
GetFileType
FreeLibraryAndExitThread
GetModuleHandleExW
ExitProcess
GetStdHandle
IsValidLocale
GetUserDefaultLCID
EnumSystemLocalesW
SetStdHandle
IsValidCodePage

advapi32

OpenProcessToken
CreateProcessAsUserW
DuplicateTokenEx
SetTokenInformation
GetTokenInformation
EqualSid
TraceMessage
AllocateAndInitializeSid
FreeSid
GetNamedSecurityInfoW
ConvertStringSidToSidW
SetEntriesInAclW
SetNamedSecurityInfoW
GetSidLengthRequired
InitializeSid
GetSidSubAuthority
OpenThreadToken
RegQueryValueExW
RegEnumValueW
SetSecurityDescriptorDacl
MakeAbsoluteSD
InitializeSecurityDescriptor
QueryServiceStatusEx
LookupPrivilegeNameW
ConvertSidToStringSidW
CopySid
GetLengthSid
IsValidSid
InitializeAcl
AddAce
GetAclInformation
GetAce
ConvertStringSecurityDescriptorToSecurityDescriptorW
GetSecurityDescriptorOwner
CryptReleaseContext
CryptDecrypt
CryptAcquireContextW
CryptDestroyKey
CryptSetKeyParam
CryptImportKey
MapGenericMask
SetSecurityInfo
GetSecurityInfo
DuplicateToken
CheckTokenMembership
AdjustTokenPrivileges
LookupPrivilegeValueW
RegDeleteValueW
RegCreateKeyExW
RegSetValueExW
RegOpenKeyExW
RegEnumKeyExW
RegQueryInfoKeyW
RegCloseKey
RegDeleteKeyW
StartServiceW
RegGetValueW
ConvertSecurityDescriptorToStringSecurityDescriptorW
QueryServiceStatus
OpenServiceW
OpenSCManagerW
CloseServiceHandle
GetSecurityDescriptorControl
GetSecurityDescriptorLength
MakeSelfRelativeSD
GetSecurityDescriptorSacl
GetSecurityDescriptorDacl
GetSecurityDescriptorGroup
LsaNtStatusToWinError

ole32

CoCreateInstance
PropVariantClear
CoInitializeEx
CoUninitialize
CoInitializeSecurity
StringFromIID
CoTaskMemAlloc
CoTaskMemRealloc
CoTaskMemFree
StringFromGUID2
CoCreateGuid
CLSIDFromString

oleaut32

SafeArrayCreate
SafeArrayUnlock
SysStringByteLen
SysAllocStringByteLen
VariantCopyInd
VariantInit
VariantClear
SysAllocStringLen
SafeArrayPtrOfIndex
SafeArrayLock
SafeArrayCreateVector
SafeArrayUnaccessData
SafeArrayAccessData
VarUI4FromStr

shlwapi

PathRemoveFileSpecW
UrlCanonicalizeW
PathIsDirectoryW
PathFindFileNameW
PathIsUNCServerW
PathAppendW
PathAddBackslashW
PathQuoteSpacesW
SHDeleteKeyW
PathIsUNCW
PathSkipRootW
PathFileExistsW

comctl32

InitCommonControlsEx

psapi

GetModuleFileNameExW

crypt32

CryptHashCertificate
CertCompareIntegerBlob
CertFreeCertificateChain
CertGetCertificateChain
CryptMsgGetParam
CertFindCertificateInStore
CertCloseStore
CryptMsgClose
CertGetEnhancedKeyUsage
CertNameToStrW
CryptQueryObject
CertGetNameStringW
CertFreeCertificateContext

wintrust

CryptCATAdminReleaseContext
CryptCATAdminCalcHashFromFileHandle
CryptCATAdminEnumCatalogFromHash
CryptCATAdminAcquireContext
CryptCATAdminReleaseCatalogContext
CryptCATCatalogInfoFromContext
WintrustGetRegPolicyFlags
WinVerifyTrust

Sections

.text
Size: 920KB - Virtual size: 920KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 326KB - Virtual size: 326KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 7KB - Virtual size: 27KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 255KB - Virtual size: 255KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 62KB - Virtual size: 61KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

3d6700ee7e2f18a3410b0527b0678f5f

Headers

DLL Characteristics

File Characteristics

Imports

secur32

kernel32

advapi32

ole32

oleaut32

shlwapi

comctl32

psapi

crypt32

wintrust

Sections

.text Size: 920KB - Virtual size: 920KB

.rdata Size: 326KB - Virtual size: 326KB

.data Size: 7KB - Virtual size: 27KB

.rsrc Size: 255KB - Virtual size: 255KB

.reloc Size: 62KB - Virtual size: 61KB

.text
Size: 920KB - Virtual size: 920KB

.rdata
Size: 326KB - Virtual size: 326KB

.data
Size: 7KB - Virtual size: 27KB

.rsrc
Size: 255KB - Virtual size: 255KB

.reloc
Size: 62KB - Virtual size: 61KB