fb342e9032de47f5c8f47d9cce8992930eebb46b676908403303ddd40425841e

Sharing

Copy URL Twitter E-mail

General

Target

fb342e9032de47f5c8f47d9cce8992930eebb46b676908403303ddd40425841e
Size

13.0MB
MD5

40bca4ab2387d8a80b729c4c49d48a19
SHA1

dcb15c8924eccb97d171013db4428c84ecbcf03f
SHA256

fb342e9032de47f5c8f47d9cce8992930eebb46b676908403303ddd40425841e
SHA512

eca50ba24b6e46f62025e571feeae07e15867cc2a5000512f556cca1aa19ec6ac6a31dabd98951d34f911a54919f5ebfb3be82fedcfa66c32f4edc64e4bc3051
SSDEEP

196608:maks73Z3JbV31+Ri5Zx3GY7a/lJsv6tWKFdu9CjNBiZ:marR31+Ri5b3n7a/lJsv6tWKFdu9CfiZ

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
fb342e9032de47f5c8f47d9cce8992930eebb46b676908403303ddd40425841e

Files

fb342e9032de47f5c8f47d9cce8992930eebb46b676908403303ddd40425841e
.exe windows:5 windows x86

17522c59aa6ce37fae9dbb91c337ea43

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

setupapi

SetupDiEnumDeviceInfo
CM_Get_Device_IDW
SetupDiOpenDevRegKey
CM_Get_Parent
CM_Get_Device_IDA
SetupDiGetDeviceRegistryPropertyW
SetupDiGetClassDevsW
SetupDiGetDeviceInterfaceDetailW
SetupDiEnumDeviceInterfaces
SetupDiDestroyDeviceInfoList
CM_Get_DevNode_Status

iphlpapi

GetNetworkParams
GetAdaptersAddresses
GetAdaptersInfo

advapi32

OpenProcessToken
RegDeleteValueW
RegEnumKeyExW
RegFlushKey
RegQueryInfoKeyW
RegSetValueExW
GetTokenInformation
FreeSid
GetLengthSid
CopySid
RegCreateKeyExW
CryptEnumProvidersA
CryptSignHashA
CryptDestroyHash
CryptCreateHash
CryptDecrypt
CryptAcquireContextW
CryptReleaseContext
CryptGenRandom
RegCloseKey
RegEnumValueW
RegOpenKeyExW
RegQueryValueExW
RegNotifyChangeKeyValue
SystemFunction036
DeregisterEventSource
RegisterEventSourceA
ReportEventA
CryptAcquireContextA
CryptExportKey
CryptGetUserKey
CryptGetProvParam
CryptSetHashParam
CryptDestroyKey
RegDeleteKeyW

crypt32

CertFreeCertificateChain
CertGetCertificateChain
CertFreeCertificateContext
CertCreateCertificateContext
CertGetCertificateContextProperty
CertDuplicateCertificateContext
CertFindCertificateInStore
CertEnumCertificatesInStore
CertCloseStore
CertOpenStore

kernel32

WaitForMultipleObjects
CreateEventW
SetHandleInformation
LocalFree
GetNativeSystemInfo
FormatMessageW
CompareStringW
GetUserDefaultLCID
GetCurrentProcessId
GetCommandLineW
OutputDebugStringW
GetConsoleWindow
GetSystemTime
GetLocalTime
GetCurrentProcess
RaiseException
SwitchToThread
CreateThread
GetCurrentThread
GetCurrentThreadId
SetThreadPriority
GetThreadPriority
TerminateThread
ResumeThread
SetEvent
WaitForSingleObject
DuplicateHandle
GetSystemInfo
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
WaitForSingleObjectEx
ResetEvent
GetTickCount
QueryPerformanceCounter
QueryPerformanceFrequency
CreateIoCompletionPort
GetQueuedCompletionStatus
PostQueuedCompletionStatus
ReleaseSemaphore
ReleaseMutex
CreateMutexW
CreateSemaphoreW
GetSystemDirectoryW
GetModuleFileNameW
GetStartupInfoW
GetFileAttributesExW
GetLongPathNameW
SetErrorMode
GetLogicalDrives
GetFileInformationByHandle
FindClose
SystemTimeToTzSpecificLocalTime
FileTimeToSystemTime
GetTempPathW
SetCurrentDirectoryW
GetCurrentDirectoryW
CreateDirectoryW
RemoveDirectoryW
CancelIo
GetFileAttributesW
DeleteFileW
FindFirstFileW
CopyFileW
MoveFileW
GetFileType
FlushFileBuffers
SetEndOfFile
SetFilePointerEx
MapViewOfFile
UnmapViewOfFile
CreateFileMappingW
MoveFileExW
GetLocaleInfoW
GetTimeFormatW
GetDateFormatW
GetCurrencyFormatW
GetUserDefaultUILanguage
MultiByteToWideChar
WideCharToMultiByte
FreeLibrary
GetModuleHandleExW
GlobalFree
FindNextFileW
GetTimeZoneInformation
GetGeoInfoW
GetUserGeoID
OpenProcess
LoadLibraryA
ReadConsoleInputW
GetNumberOfConsoleInputEvents
SetConsoleMode
GetConsoleCP
PeekNamedPipe
VirtualQuery
FlushConsoleInputBuffer
GlobalMemoryStatus
FindNextFileA
FindFirstFileA
GetModuleHandleA
SystemTimeToFileTime
GetStringTypeW
HeapQueryInformation
HeapSize
HeapReAlloc
HeapFree
GetProcessHeap
FreeEnvironmentStringsW
GetEnvironmentStringsW
InitializeCriticalSectionAndSpinCount
GetOEMCP
GetACP
IsValidCodePage
GetFileSizeEx
GetCPInfo
DecodePointer
SetEnvironmentVariableW
SetConsoleCtrlHandler
EnumSystemLocalesW
IsValidLocale
LCMapStringW
HeapValidate
HeapAlloc
GetDriveTypeW
SetStdHandle
SetFileAttributesW
GetConsoleOutputCP
ReadConsoleW
GetConsoleMode
FreeLibraryAndExitThread
ExitThread
WriteConsoleW
GetStdHandle
ExitProcess
GetSystemTimeAsFileTime
UnhandledExceptionFilter
SetUnhandledExceptionFilter
TerminateProcess
IsProcessorFeaturePresent
IsDebuggerPresent
InitializeSListHead
RtlUnwind
LoadLibraryExW
WaitCommEvent
SetCommTimeouts
SetCommState
SetCommMask
SetCommBreak
PurgeComm
GetCommTimeouts
GetCommState
GetCommModemStatus
EscapeCommFunction
ClearCommError
ClearCommBreak
ReadFile
WriteFile
Sleep
QueryDosDeviceA
DeviceIoControl
GetLastError
CloseHandle
CreateFileW
CreateFileA
AttachConsole
GetModuleHandleW
LoadLibraryW
FindFirstFileExW
GetProcAddress
SetLastError
DeleteCriticalSection
LeaveCriticalSection
EnterCriticalSection
VirtualFree
VirtualAlloc
GetFullPathNameW
GetCommandLineA
EncodePointer
InterlockedFlushSList
InterlockedPushEntrySList
PeekConsoleInputA

shell32

CommandLineToArgvW
SHGetSpecialFolderPathW

ole32

CoInitializeEx
CoInitializeSecurity
CoSetProxyBlanket
CoCreateInstance
CoFreeUnusedLibraries
CoUninitialize
CoCreateGuid
CoTaskMemFree
CoInitialize

ws2_32

gethostname
WSASendTo
WSASend
WSARecvFrom
WSARecv
WSANtohs
WSANtohl
WSAIoctl
WSAHtonl
WSAConnect
WSAAccept
setsockopt
select
listen
htons
getsockname
getpeername
closesocket
bind
WSAGetLastError
gethostbyname
gethostbyaddr
ntohl
inet_addr
getsockopt
htonl
WSAStartup
WSACleanup
WSAAsyncSelect
WSASocketW
WSASetLastError
shutdown
recv
send
__WSAFDIsSet

oleaut32

CreateErrorInfo
SetErrorInfo
VariantChangeType
GetErrorInfo
SysFreeString
SysAllocString
VariantClear
VariantInit

gdi32

GetDeviceCaps
GetDIBits
GetObjectA
DeleteObject
CreateCompatibleBitmap

user32

MessageBoxA
GetUserObjectInformationW
GetProcessWindowStation
CharNextExA
CallNextHookEx
UnhookWindowsHookEx
SetWindowsHookExW
SetWindowLongW
GetWindowLongW
KillTimer
GetDC
MsgWaitForMultipleObjectsEx
GetQueueStatus
DestroyWindow
CreateWindowExW
UnregisterClassW
RegisterClassW
DefWindowProcW
PostMessageW
PeekMessageW
DispatchMessageW
TranslateMessage
ReleaseDC
SetTimer

wintrust

WinVerifyTrust

Sections

.text
Size: 8.1MB - Virtual size: 8.1MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4.5MB - Virtual size: 4.5MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 72KB - Virtual size: 123KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 11KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.qtmetad
Size: 1024B - Virtual size: 881B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.tls
Size: 1024B - Virtual size: 782B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.00cfg
Size: 512B - Virtual size: 260B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 271KB - Virtual size: 270KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

17522c59aa6ce37fae9dbb91c337ea43

Headers

DLL Characteristics

File Characteristics

Imports

setupapi

iphlpapi

advapi32

crypt32

kernel32

shell32

ole32

ws2_32

oleaut32

gdi32

user32

wintrust

Sections

.text Size: 8.1MB - Virtual size: 8.1MB

.rdata Size: 4.5MB - Virtual size: 4.5MB

.data Size: 72KB - Virtual size: 123KB

.idata Size: 11KB - Virtual size: 10KB

.qtmetad Size: 1024B - Virtual size: 881B

.tls Size: 1024B - Virtual size: 782B

.00cfg Size: 512B - Virtual size: 260B

.rsrc Size: 3KB - Virtual size: 2KB

.reloc Size: 271KB - Virtual size: 270KB

.text
Size: 8.1MB - Virtual size: 8.1MB

.rdata
Size: 4.5MB - Virtual size: 4.5MB

.data
Size: 72KB - Virtual size: 123KB

.idata
Size: 11KB - Virtual size: 10KB

.qtmetad
Size: 1024B - Virtual size: 881B

.tls
Size: 1024B - Virtual size: 782B

.00cfg
Size: 512B - Virtual size: 260B

.rsrc
Size: 3KB - Virtual size: 2KB

.reloc
Size: 271KB - Virtual size: 270KB