d8174aee48467c1aaf935e542131184f73265fd6fc4db93b40a850e55eb33a23

Sharing

Copy URL

Twitter E-mail

General

Target

d8174aee48467c1aaf935e542131184f73265fd6fc4db93b40a850e55eb33a23
Size

810KB
MD5

4bb28ed07ee6e455812d5dbc78d970aa
SHA1

dbb02f62a99a2ce12f86e3de58f3af3c153a74e1
SHA256

d8174aee48467c1aaf935e542131184f73265fd6fc4db93b40a850e55eb33a23
SHA512

9f57df70f41eb24f80608d791410ead718de40b2554bba73678bf94c679f42c2b08dc445439591135b3d490d2ddfdeefed1ec1479cb464dd1c04e9e7607c1254
SSDEEP

12288:zoj8zMw3uMw+MwlMw38SnBuYvcmoXaow:zoj8dZjnQYKqow

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
d8174aee48467c1aaf935e542131184f73265fd6fc4db93b40a850e55eb33a23

Files

d8174aee48467c1aaf935e542131184f73265fd6fc4db93b40a850e55eb33a23
.exe windows:6 windows x86

aab70942778009961e565dbcec0ce199

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

wtsapi32

WTSUnRegisterSessionNotification
WTSRegisterSessionNotification

netapi32

NetLocalGroupGetMembers
NetApiBufferFree

ws2_32

closesocket
inet_addr
ntohs
inet_ntoa
InetPtonW
htons
getsockname
bind
WSAAsyncSelect
WSACleanup
WSAStartup
socket
send
recv
ioctlsocket
connect

winhttp

WinHttpCloseHandle
WinHttpDetectAutoProxyConfigUrl
WinHttpGetProxyForUrl
WinHttpGetIEProxyConfigForCurrentUser
WinHttpOpen

secur32

GetUserNameExW

comctl32

PropertySheetW
InitMUILanguage

crypt32

CertGetNameStringW
CertCreateCertificateContext
CryptUnprotectData
CryptProtectData
CryptStringToBinaryA
CryptBinaryToStringA
CertFreeCertificateContext

shlwapi

PathIsRelativeW
StrTrimA
UrlUnescapeA

advapi32

RegDeleteValueW
EqualSid
CreateWellKnownSid
CopySid
OpenProcessToken
QueryServiceStatus
OpenServiceW
OpenSCManagerW
CloseServiceHandle
RegCopyTreeW
RegGetValueW
RegDeleteTreeW
RegSetValueExW
RegQueryValueExW
CryptGenRandom
SetSecurityDescriptorDacl
InitializeSecurityDescriptor
CryptDestroyHash
CryptHashData
CryptCreateHash
CryptGetHashParam
CryptReleaseContext
CryptAcquireContextW
FreeSid
CheckTokenMembership
AllocateAndInitializeSid
ReportEventW
RegisterEventSourceW
DeregisterEventSource
RegOpenKeyExW
LookupAccountSidW
LookupAccountNameW
RegCloseKey
RegCreateKeyExW
GetTokenInformation

shell32

SHCreateItemFromParsingName
ShellExecuteExW
ShellExecuteW
Shell_NotifyIconW

gdi32

GetObjectW
CreateFontIndirectW
SetPixel
SelectObject
GetPixel
DeleteObject
DeleteDC
CreateCompatibleDC
LPtoDP
SetTextColor
GetTextExtentPoint32W
GetDeviceCaps
GetStockObject

comdlg32

GetOpenFileNameW

ole32

CoTaskMemFree
CoCreateInstance
CoInitializeEx
CoUninitialize

cryptui

CryptUIDlgViewContext

wininet

InternetOpenW
InternetCloseHandle
InternetConnectW
InternetReadFile
InternetSetOptionA
InternetSetOptionW
HttpOpenRequestW
HttpSendRequestW
HttpQueryInfoA
HttpQueryInfoW

libcrypto-3

PEM_read_PrivateKey
X509_alias_get0
X509_free
PEM_write_PrivateKey
EVP_PKEY_new
PEM_write_PKCS8PrivateKey
ERR_get_error
PKCS12_free
PKCS12_parse
EVP_aes_256_cbc
i2d_PKCS12_fp
PKCS12_create
EVP_PKEY_free
EVP_default_properties_is_fips_enabled
OPENSSL_sk_pop_free
OPENSSL_init_crypto
OSSL_PROVIDER_load
OSSL_PROVIDER_unload
OSSL_PROVIDER_available
d2i_PKCS12_fp

kernel32

GetStartupInfoW
OpenProcess
GetTickCount
FindClose
FindFirstFileW
FindNextFileW
GetFileInformationByHandle
ExpandEnvironmentStringsW
ExitThread
GlobalFree
CreateProcessW
IsDebuggerPresent
GetTempPathW
FormatMessageW
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsProcessorFeaturePresent
WriteFile
ReadFileEx
ReadFile
GetStdHandle
WideCharToMultiByte
ResumeThread
TerminateThread
GetCurrentThreadId
CreateThread
TerminateProcess
GetCurrentProcessId
CreateEventW
SetEvent
CancelIo
PeekNamedPipe
SetNamedPipeHandleState
CreatePipe
GetWindowsDirectoryW
SetHandleInformation
QueryPerformanceCounter
GetSystemTimeAsFileTime
MultiByteToWideChar
CopyFileW
CreateSemaphoreW
GetFileAttributesW
CreateFileW
InitializeSListHead
LocalFree
CreateDirectoryW
VerifyVersionInfoW
LoadLibraryW
GetProcAddress
GetModuleHandleW
FreeLibrary
Sleep
GetCommandLineW
VerSetConditionMask
GetUserDefaultUILanguage
GetTimeFormatW
GetDateFormatW
FileTimeToSystemTime
EnumResourceLanguagesW
FindResourceW
SizeofResource
LoadResource
GetModuleFileNameW
FindResourceExW
FileTimeToLocalFileTime
CompareStringOrdinal
FreeEnvironmentStringsW
GetEnvironmentStringsW
MulDiv
GetSystemDirectoryW
GetExitCodeProcess
GetCurrentProcess
WaitForSingleObject
ReleaseSemaphore
GetLastError
CloseHandle

user32

RemovePropW
GetPropW
SetPropW
IsWindowEnabled
EnableWindow
KillTimer
MsgWaitForMultipleObjectsEx
SetFocus
GetDlgCtrlID
GetClientRect
MoveWindow
PostMessageW
PeekMessageW
GetWindowTextLengthW
keybd_event
SetDlgItemTextA
LoadCursorW
SetCursor
GetIconInfo
GetCursorPos
SetMenuInfo
TrackPopupMenu
GetSysColor
EnumThreadWindows
IsDialogMessageW
SetDlgItemInt
GetDlgItemInt
CreatePopupMenu
DestroyMenu
EnableMenuItem
AppendMenuW
GetWindowTextW
EndDialog
FindWindowW
ReleaseDC
GetDC
GetMenuInfo
GetMenuItemID
SetTimer
GetDlgItemTextW
SetDlgItemTextW
DestroyWindow
CreateWindowExW
RegisterClassExW
PostQuitMessage
DefWindowProcW
DispatchMessageW
TranslateMessage
GetMessageW
RegisterWindowMessageW
LoadImageW
CreateIconFromResourceEx
LookupIconIdFromDirectory
SetWindowLongW
MessageBoxExW
CheckMenuItem
SetForegroundWindow
MessageBoxW
SendMessageW
SendMessageTimeoutW
ShowWindow
SetWindowPos
GetDlgItem
GetSystemMetrics
InvalidateRect
SetWindowTextW
GetWindowRect
HideCaret
ShowCaret
OffsetRect
CreateDialogIndirectParamW
DialogBoxIndirectParamW
CheckRadioButton
IsDlgButtonChecked
SetMenuItemBitmaps

vcruntime140

_except_handler4_common
__current_exception_context
__current_exception
wcschr
strstr
wcsrchr
memmove
memcpy
memchr
strchr
memset
wcsstr

api-ms-win-crt-string-l1-1-0

_wcsdup
strncpy_s
wcsncat
wcstok_s
wcsspn
strtok
strncpy
iswctype
wcsncpy_s
isxdigit
strncmp
_stricmp
_strdup
_wcsicmp
wcsncpy
strspn
wcscspn
isalnum
_wcsnicmp
wcsncmp
wcspbrk

api-ms-win-crt-heap-l1-1-0

realloc
free
calloc
malloc
_set_new_mode

api-ms-win-crt-stdio-l1-1-0

fgets
fclose
_wfopen
__stdio_common_vfwprintf
__stdio_common_vswscanf
__stdio_common_vsprintf
_set_fmode
__stdio_common_vswprintf
__acrt_iob_func
clearerr
feof
ferror
fflush
_fileno
fopen
fread
fseek
__p__commode
fwrite
rewind
__stdio_common_vfprintf
__stdio_common_vsscanf
_close
_lseek
_read
_setmode
_write
_open
ftell

api-ms-win-crt-time-l1-1-0

_time64
_wctime64

api-ms-win-crt-utility-l1-1-0

rand
srand

api-ms-win-crt-convert-l1-1-0

mbstowcs
wcstol
atoi
strtod
_wtoi
strtol
strtoul

api-ms-win-crt-runtime-l1-1-0

_c_exit
_exit
_initterm_e
_initterm
_initialize_onexit_table
exit
_get_wide_winmain_command_line
_register_onexit_function
_initialize_wide_environment
_configure_wide_argv
_register_thread_local_exe_atexit_callback
_set_app_type
_crt_atexit
_controlfp_s
terminate
_cexit
_seh_filter_exe

api-ms-win-crt-filesystem-l1-1-0

_wsplitpath
_wstat64i32
_wunlink

api-ms-win-crt-environment-l1-1-0

_wgetenv_s
_wputenv_s

api-ms-win-crt-math-l1-1-0

__setusermatherr

api-ms-win-crt-locale-l1-1-0

_configthreadlocale

Exports

Exports

OPENSSL_Applink
aslr_workaround

Sections

.text
Size: 93KB - Virtual size: 93KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 27KB - Virtual size: 27KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 680KB - Virtual size: 679KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

aab70942778009961e565dbcec0ce199

Headers

DLL Characteristics

File Characteristics

Imports

wtsapi32

netapi32

ws2_32

winhttp

secur32

comctl32

crypt32

shlwapi

advapi32

shell32

gdi32

comdlg32

ole32

cryptui

wininet

libcrypto-3

kernel32

user32

vcruntime140

api-ms-win-crt-string-l1-1-0

api-ms-win-crt-heap-l1-1-0

api-ms-win-crt-stdio-l1-1-0

api-ms-win-crt-time-l1-1-0

api-ms-win-crt-utility-l1-1-0

api-ms-win-crt-convert-l1-1-0

api-ms-win-crt-runtime-l1-1-0

api-ms-win-crt-filesystem-l1-1-0

api-ms-win-crt-environment-l1-1-0

api-ms-win-crt-math-l1-1-0

api-ms-win-crt-locale-l1-1-0

Exports

Exports

Sections

.text Size: 93KB - Virtual size: 93KB

.rdata Size: 27KB - Virtual size: 27KB

.data Size: 1024B - Virtual size: 9KB

.rsrc Size: 680KB - Virtual size: 679KB

.reloc Size: 8KB - Virtual size: 7KB

.text
Size: 93KB - Virtual size: 93KB

.rdata
Size: 27KB - Virtual size: 27KB

.data
Size: 1024B - Virtual size: 9KB

.rsrc
Size: 680KB - Virtual size: 679KB

.reloc
Size: 8KB - Virtual size: 7KB