17e3b4cf1c497b9d895703f7386b6769ad095ba40d4abc78d4bf117437a05c36

Sharing

Copy URL

Twitter E-mail

General

Target

17e3b4cf1c497b9d895703f7386b6769ad095ba40d4abc78d4bf117437a05c36
Size

3.1MB
MD5

d84c4951e8c0031fe3f1a050b4b43335
SHA1

04e3b82e911c8b7757fbbb156de9c25e5fa8219a
SHA256

17e3b4cf1c497b9d895703f7386b6769ad095ba40d4abc78d4bf117437a05c36
SHA512

c4f782efea0f760bb0a92ba6a1c5166c0f417a41db7a5eccd8402e7927431ac79ff8168b12748c3d7bc3879b9dfe5d930f697b3557db9b10a13eeeffce1cbc38
SSDEEP

49152:Jb4z8nL9Jz61bB39roO3hIHDMujt8k2Bt7:ZDLj6/CO3Qwujt

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
17e3b4cf1c497b9d895703f7386b6769ad095ba40d4abc78d4bf117437a05c36

Files

17e3b4cf1c497b9d895703f7386b6769ad095ba40d4abc78d4bf117437a05c36
.exe windows:6 windows x86

30a07b39eac0d8609fafda7f4108c834

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

bcrypt

BCryptOpenAlgorithmProvider
BCryptGenRandom
BCryptCloseAlgorithmProvider

advapi32

AddAccessAllowedAceEx
SetEntriesInAclW
BuildTrusteeWithSidW
RegCreateKeyExA
InitializeSecurityDescriptor
SetSecurityDescriptorDacl
OpenProcessToken
FreeSid
GetTokenInformation
RegCloseKey
RegCreateKeyExW
RegDeleteValueW
RegOpenKeyExW
RegQueryValueExW
RegSetValueExW
RegDeleteKeyW
RegEnumKeyExW
RegNotifyChangeKeyValue
RegQueryValueExA
RegSetValueExA
ImpersonateLoggedOnUser
RevertToSelf
LookupAccountSidW
RegOpenKeyExA
CryptAcquireContextA
CryptReleaseContext
CryptGetHashParam
SetServiceStatus
RegisterServiceCtrlHandlerW
StartServiceCtrlDispatcherW
OpenServiceW
OpenSCManagerW
SetServiceObjectSecurity
InitializeAcl
GetLengthSid
IsValidSid
ConvertStringSidToSidW
ChangeServiceConfig2W
QueryServiceStatusEx
ControlService
StartServiceW
CreateServiceW
CloseServiceHandle
RegDeleteTreeA
RegDeleteKeyA
RegDeleteTreeW
RegDeleteValueA
RegEnumKeyExA
CryptDestroyHash
CryptHashData
CryptCreateHash
CreateWellKnownSid

crypt32

CryptStringToBinaryW
CertAddEncodedCertificateToStore
CertCreateCertificateContext
CertCloseStore
CertOpenStore
CertFreeCertificateContext
CryptMsgControl
CryptMsgGetParam
CryptMsgClose
CertVerifyCertificateChainPolicy
CertFreeCertificateChain
CertGetCertificateChain
CryptQueryObject
CertGetNameStringW
CertFindCertificateInStore

shlwapi

PathAppendW
PathRemoveFileSpecW
PathFileExistsW

winhttp

WinHttpCrackUrl
WinHttpQueryAuthSchemes
WinHttpSetCredentials
WinHttpSetOption
WinHttpSetStatusCallback
WinHttpOpen
WinHttpCloseHandle
WinHttpQueryHeaders
WinHttpReceiveResponse
WinHttpSendRequest
WinHttpAddRequestHeaders
WinHttpOpenRequest
WinHttpQueryOption
WinHttpQueryDataAvailable
WinHttpReadData
WinHttpConnect

kernel32

DecodePointer
RaiseException
HeapDestroy
HeapReAlloc
HeapSize
InitializeCriticalSectionEx
DeleteCriticalSection
DeleteFileA
GetTempPathA
GetTempFileNameA
InitializeCriticalSection
EnterCriticalSection
LeaveCriticalSection
CreateFileA
WriteFile
LocalFree
GetCurrentDirectoryW
GetTempFileNameW
GetTempPathW
WaitForSingleObject
GetWindowsDirectoryW
ReleaseMutex
WaitForSingleObjectEx
SetEvent
WaitForMultipleObjects
MoveFileExW
SetCurrentDirectoryW
ResetEvent
GetCurrentProcessId
GetExitCodeProcess
LoadLibraryExW
LoadResource
LockResource
SizeofResource
FindResourceW
CreateProcessW
GetSystemTimeAsFileTime
FileTimeToSystemTime
SetConsoleCtrlHandler
TlsGetValue
Process32NextW
RtlUnwind
InterlockedPushEntrySList
OutputDebugStringW
GetStartupInfoW
IsDebuggerPresent
IsProcessorFeaturePresent
UnhandledExceptionFilter
InitializeCriticalSectionAndSpinCount
WriteConsoleW
InitializeSListHead
GetCPInfo
CompareStringEx
GetModuleHandleW
SetLastError
CreateFileW
SetNamedPipeHandleState
WaitNamedPipeW
ReadFile
ConnectNamedPipe
DisconnectNamedPipe
CreateNamedPipeW
GetOverlappedResult
SetWaitableTimer
CreateWaitableTimerW
GetCurrentThreadId
LocalAlloc
GetNamedPipeClientProcessId
GetModuleFileNameA
FileTimeToLocalFileTime
FindClose
FindFirstFileW
FindNextFileW
GetFileAttributesW
GetFileTime
SystemTimeToFileTime
CreateFileMappingW
MapViewOfFile
UnmapViewOfFile
Process32FirstW
CreateToolhelp32Snapshot
WTSGetActiveConsoleSessionId
OpenProcess
GlobalFree
LoadLibraryA
GetACP
MultiByteToWideChar
GetModuleFileNameW
SetStdHandle
SetEnvironmentVariableW
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetOEMCP
IsValidCodePage
GetTimeZoneInformation
CreatePipe
GetConsoleCP
GetSystemDirectoryW
LoadLibraryW
FreeLibrary
GetCurrentProcess
CreateEventW
GetProcessHeap
HeapFree
HeapAlloc
GetLastError
CloseHandle
CreateMutexW
WideCharToMultiByte
GetProcAddress
GetModuleHandleA
GetTickCount
GetSystemInfo
SwitchToThread
Sleep
QueryPerformanceFrequency
QueryPerformanceCounter
TlsSetValue
TlsFree
CreateThread
ExitThread
FreeLibraryAndExitThread
GetModuleHandleExW
ExitProcess
DuplicateHandle
GetStdHandle
GetCommandLineA
GetCommandLineW
GetDateFormatW
GetTimeFormatW
CompareStringW
LCMapStringW
GetLocaleInfoW
IsValidLocale
GetUserDefaultLCID
EnumSystemLocalesW
GetFileType
TlsAlloc
FlushFileBuffers
ReadConsoleW
DeleteFileW
GetFileSizeEx
QueryFullProcessImageNameW
GetLocalTime
GetDiskFreeSpaceExW
SetUnhandledExceptionFilter
TerminateProcess
VerSetConditionMask
GetComputerNameExW
IsWow64Process
VerifyVersionInfoW
LocalFileTimeToFileTime
SetFileTime
GetStringTypeW
FormatMessageA
InitializeSRWLock
ReleaseSRWLockExclusive
AcquireSRWLockExclusive
TryEnterCriticalSection
CreateDirectoryW
FindFirstFileExW
GetFileAttributesExW
GetFileInformationByHandle
GetFinalPathNameByHandleW
GetFullPathNameW
SetEndOfFile
SetFileInformationByHandle
SetFilePointerEx
AreFileApisANSI
DeviceIoControl
CopyFileW
CreateHardLinkW
GetFileInformationByHandleEx
CreateSymbolicLinkW
InitializeConditionVariable
WakeConditionVariable
WakeAllConditionVariable
SleepConditionVariableCS
SleepConditionVariableSRW
GetExitCodeThread
ReleaseSRWLockShared
AcquireSRWLockShared
EncodePointer
LCMapStringEx
GetConsoleMode

shell32

SHGetFolderPathW
SHGetKnownFolderPath
SHGetFolderPathA

ole32

CoUninitialize
CoTaskMemFree
CoInitializeSecurity
CoInitializeEx
CoCreateInstance

oleaut32

VariantClear
VariantInit
SysAllocString
SysFreeString

wtsapi32

WTSQueryUserToken

urlmon

URLDownloadToFileA

wintrust

WTHelperGetProvSignerFromChain
CryptCATCatalogInfoFromContext
CryptCATAdminCalcHashFromFileHandle
CryptCATAdminEnumCatalogFromHash
CryptCATAdminReleaseCatalogContext
CryptCATAdminReleaseContext
CryptCATAdminAcquireContext
WTHelperProvDataFromStateData
WTHelperGetProvCertFromChain
WinVerifyTrust

ws2_32

InetNtopW
WSAStartup
GetAddrInfoW
WSAAddressToStringW
WSACleanup

version

VerQueryValueW
GetFileVersionInfoSizeW
GetFileVersionInfoW

iphlpapi

GetAdaptersAddresses
GetBestInterface

dbghelp

ImageNtHeader
MiniDumpWriteDump

Sections

.text
Size: 2.4MB - Virtual size: 2.4MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 456KB - Virtual size: 456KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 147KB - Virtual size: 199KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 11KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 169KB - Virtual size: 169KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

30a07b39eac0d8609fafda7f4108c834

Headers

DLL Characteristics

File Characteristics

Imports

bcrypt

advapi32

crypt32

shlwapi

winhttp

kernel32

shell32

ole32

oleaut32

wtsapi32

urlmon

wintrust

ws2_32

version

iphlpapi

dbghelp

Sections

.text Size: 2.4MB - Virtual size: 2.4MB

.rdata Size: 456KB - Virtual size: 456KB

.data Size: 147KB - Virtual size: 199KB

.rsrc Size: 11KB - Virtual size: 10KB

.reloc Size: 169KB - Virtual size: 169KB

.text
Size: 2.4MB - Virtual size: 2.4MB

.rdata
Size: 456KB - Virtual size: 456KB

.data
Size: 147KB - Virtual size: 199KB

.rsrc
Size: 11KB - Virtual size: 10KB

.reloc
Size: 169KB - Virtual size: 169KB