a71357d94e405749a06f85d8422f56a4e7852b2ce28eb680d453879f60e86e3a

Sharing

Copy URL

Twitter E-mail

General

Target

a71357d94e405749a06f85d8422f56a4e7852b2ce28eb680d453879f60e86e3a
Size

2.2MB
MD5

1ebe24231fdda9908d6f4a1e2f15bc8c
SHA1

cf7eb06f1f8034eaebd415e430ce8c7c786104c5
SHA256

a71357d94e405749a06f85d8422f56a4e7852b2ce28eb680d453879f60e86e3a
SHA512

46a5018aa85867f3ef01e30507b59f8ea7cb52db8e4539f65da1742e15b85e6836dc93e081c36568443eb7b69c92a27af1c576f9fb8ee48ea2bbc283d2c7685a
SSDEEP

49152:QOdtmlcm5IIpiaOlyVa/c8Xdc3G3IOz2zm3KRPGrurMlxRJ8yWFi0:zdtwqYaIOadRPMlR8yWF/

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
a71357d94e405749a06f85d8422f56a4e7852b2ce28eb680d453879f60e86e3a

Files

a71357d94e405749a06f85d8422f56a4e7852b2ce28eb680d453879f60e86e3a
.exe windows:6 windows x86

782b75a77cd7e73269f7995c8bfc7ae2

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

powrprof

PowerDeterminePlatformRole

setupapi

SetupDiGetClassDevsW
SetupDiEnumDeviceInfo
CM_Get_Device_IDW

kernel32

MoveFileExW
WTSGetActiveConsoleSessionId
InitializeCriticalSection
EnterCriticalSection
LeaveCriticalSection
SetEvent
ResetEvent
CreateEventW
CreateThread
MoveFileW
Sleep
TerminateThread
GetPrivateProfileIntW
GetPrivateProfileStringW
InitializeCriticalSectionAndSpinCount
GetEnvironmentVariableW
GetShortPathNameW
SetErrorMode
GetCurrentThreadId
ResumeThread
SetPriorityClass
LoadLibraryExW
lstrcmpiW
FlushInstructionCache
lstrlenW
GetProcessId
GetModuleHandleA
GetTempFileNameW
MapViewOfFile
UnmapViewOfFile
GetLogicalDriveStringsW
GetVolumePathNameW
ReplaceFileW
GetCurrentDirectoryW
CreateFileMappingW
SetCurrentDirectoryW
GetFileAttributesExW
GetNativeSystemInfo
CreateMutexW
FormatMessageA
OutputDebugStringA
ReleaseMutex
RegisterWaitForSingleObject
UnregisterWaitEx
FindFirstFileExW
SystemTimeToTzSpecificLocalTime
SystemTimeToFileTime
QueryPerformanceCounter
GetSystemTimeAsFileTime
TzSpecificLocalTimeToSystemTime
FileTimeToSystemTime
QueryPerformanceFrequency
SetEndOfFile
SetFilePointerEx
UnlockFile
LockFile
SetFileTime
FlushFileBuffers
GetFileSizeEx
DuplicateHandle
GetFileInformationByHandle
SetThreadPriority
GetThreadPriority
IsDebuggerPresent
GetUserDefaultLangID
CopyFileW
GetModuleHandleExW
TlsGetValue
TlsSetValue
TlsAlloc
TlsFree
SetInformationJobObject
GetQueuedCompletionStatus
PostQueuedCompletionStatus
CreateIoCompletionPort
WaitForMultipleObjects
GlobalMemoryStatusEx
RtlCaptureStackBackTrace
QueueUserWorkItem
GetModuleHandleExA
GetProcessHeaps
HeapSetInformation
HeapUnlock
HeapLock
HeapWalk
GetProcessIoCounters
VirtualQueryEx
GetProcessTimes
GetSystemInfo
IsValidLocale
GetLocaleInfoW
LCMapStringW
CompareStringW
GetTimeFormatW
GetDateFormatW
WriteConsoleW
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetTimeZoneInformation
FatalAppExitA
ReadConsoleW
CreateSemaphoreW
GetStartupInfoW
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetStdHandle
GetStringTypeW
GetOEMCP
GetACP
IsValidCodePage
GetConsoleMode
GetConsoleCP
GetFileType
SetStdHandle
SetConsoleCtrlHandler
AreFileApisANSI
ExitProcess
GetCPInfo
VirtualQuery
VirtualProtect
RtlUnwind
EncodePointer
VirtualFree
VirtualAlloc
IsProcessorFeaturePresent
InterlockedPushEntrySList
InterlockedPopEntrySList
InitializeSListHead
OutputDebugStringW
EndUpdateResourceW
UpdateResourceW
BeginUpdateResourceW
lstrcmpW
LocalAlloc
GetSystemDirectoryW
GetTickCount
GetLocalTime
GetVersion
CreateProcessW
GetExitCodeProcess
TerminateProcess
GetCurrentProcessId
GetTempPathW
QueryDosDeviceW
GetVolumeInformationW
GetDiskFreeSpaceExW
GetCommandLineW
ProcessIdToSessionId
SetFilePointer
GetCurrentThread
GetCurrentProcess
Process32NextW
Process32FirstW
CreateToolhelp32Snapshot
LoadLibraryW
FreeLibrary
GetWindowsDirectoryW
OpenProcess
WaitForSingleObject
LocalFree
GetProcAddress
GetModuleHandleW
GetVersionExW
DeviceIoControl
LoadLibraryExA
SetLastError
SetFileAttributesW
GetLongPathNameW
GetFullPathNameW
ExpandEnvironmentStringsW
WideCharToMultiByte
MultiByteToWideChar
CloseHandle
WriteFile
ReadFile
GetFileSize
CreateFileW
FindResourceW
SizeofResource
LockResource
LoadResource
GetModuleFileNameW
FindResourceExW
DeleteCriticalSection
InitializeCriticalSectionEx
GetProcessHeap
HeapSize
HeapFree
HeapReAlloc
HeapAlloc
HeapDestroy
GetLastError
RaiseException
DecodePointer
RemoveDirectoryW
GetFileAttributesW
FindNextFileW
FindFirstFileW
FindClose
DeleteFileW
CreateDirectoryW
GetUserDefaultLCID
EnumSystemLocalesW
GetDriveTypeW
GetFullPathNameA
SetEnvironmentVariableA
TryEnterCriticalSection

user32

PostQuitMessage
GetCursorPos
UpdateLayeredWindow
OffsetRect
SetTimer
IsIconic
ReleaseDC
GetWindowDC
GetDesktopWindow
GetDC
UnregisterClassW
LoadImageW
MsgWaitForMultipleObjectsEx
CallMsgFilterW
GetQueueStatus
WaitMessage
KillTimer
PostMessageW
GetWindowTextW
GetWindowTextLengthW
GetWindowLongW
EnumWindows
GetClassNameW
ScreenToClient
CreateDialogParamW
SetWindowPos
MapWindowPoints
GetParent
GetWindowRect
GetMonitorInfoW
MonitorFromWindow
GetWindowPlacement
GetWindow
wsprintfW
SetCursor
ExitWindowsEx
GetWindowThreadProcessId
MessageBoxW
SendMessageW
DefWindowProcW
CharUpperW
GetKeyState
IsWindowEnabled
CallWindowProcW
DestroyWindow
GetDlgItem
SetWindowTextW
SetWindowLongW
GetMessageW
TranslateMessage
DispatchMessageW
PeekMessageW
CharNextW
RegisterClassExW
GetClassInfoExW
CreateWindowExW
ShowWindow
MoveWindow
IsWindowVisible
SetFocus
DrawTextW
GetClientRect
FillRect
InflateRect
LoadCursorW
GetSystemMetrics
IsWindow
SystemParametersInfoW
FindWindowW

gdi32

DeleteObject
GetDeviceCaps
CreateSolidBrush
SetTextColor
BitBlt
CreateCompatibleDC
DeleteDC
SelectObject
SetViewportOrgEx
CreateDIBSection
GetStockObject
GetObjectA
SetBkMode
CreateCompatibleBitmap

advapi32

AllocateAndInitializeSid
AddAccessAllowedAce
AccessCheck
RegSetValueExW
RegOpenKeyExW
RegDeleteKeyExW
RegCreateKeyExW
RegCloseKey
LookupPrivilegeValueW
RevertToSelf
ImpersonateSelf
AdjustTokenPrivileges
OpenThreadToken
SetThreadToken
ConvertStringSidToSidW
LookupAccountSidW
SetTokenInformation
GetTokenInformation
DuplicateTokenEx
OpenProcessToken
CreateProcessAsUserW
SetNamedSecurityInfoW
GetNamedSecurityInfoW
IsValidSid
InitializeSid
InitializeAcl
GetSidSubAuthority
GetSidLengthRequired
GetLengthSid
GetAclInformation
GetAce
CopySid
AddAce
RegQueryInfoKeyW
RegQueryValueExW
RegisterTraceGuidsW
GetTraceEnableLevel
RegOpenKeyW
UnregisterTraceGuids
TraceEvent
GetTraceLoggerHandle
GetTraceEnableFlags
SystemFunction036
RegNotifyChangeKeyValue
RegEnumValueW
ConvertSidToStringSidW
DuplicateToken
EqualSid
FreeSid
ImpersonateLoggedOnUser
InitializeSecurityDescriptor
IsValidSecurityDescriptor
SetSecurityDescriptorDacl
SetSecurityDescriptorGroup
SetSecurityDescriptorOwner
RegOpenCurrentUser
RegDeleteKeyW
RegEnumKeyExW
RegDeleteValueW

shell32

SHGetKnownFolderPath
SHGetSpecialFolderPathW
SHGetFolderPathA
SHGetFolderPathW
ShellExecuteW
CommandLineToArgvW
SHGetMalloc
SHGetPathFromIDListW
SHGetSpecialFolderLocation
SHChangeNotify
ShellExecuteExW
SHFileOperationW

ole32

CoCreateInstance
PropVariantClear
CoTaskMemFree
CoTaskMemRealloc
CoTaskMemAlloc
OleInitialize
CoInitialize
CoInitializeEx
CoUninitialize

oleaut32

VarUI4FromStr
VariantClear
SysStringLen
SysFreeString
SysAllocString

shlwapi

StrToIntW
ord176
StrStrIW
SHStrDupW
ord12
StrChrW
PathIsDirectoryEmptyW
SHSetValueW
SHGetValueW
PathRemoveFileSpecW
PathIsDirectoryW
PathGetDriveNumberW
PathFindExtensionW
PathFileExistsW
PathAddBackslashW
PathAppendW
StrCpyNW
StrCmpIW
StrCmpNW
StrCmpNIW
StrRChrW

userenv

DestroyEnvironmentBlock
UnloadUserProfile
LoadUserProfileW
CreateEnvironmentBlock

mpr

WNetGetResourceInformationW

psapi

QueryWorkingSet
GetMappedFileNameW
GetProcessImageFileNameW
GetModuleFileNameExW
EnumProcessModules
EnumProcesses
GetProcessMemoryInfo

netapi32

NetApiBufferFree
NetGetJoinInformation

urlmon

URLDownloadToFileW

wininet

DeleteUrlCacheEntryW

comctl32

_TrackMouseEvent
InitCommonControlsEx

gdiplus

GdipSetStringFormatFlags
GdipSetStringFormatAlign
GdipSetStringFormatLineAlign
GdipSetTextRenderingHint
GdipSetStringFormatTrimming
GdipCreateBitmapFromScan0
GdipGetImageGraphicsContext
GdipDrawImagePointRectI
GdipMeasureString
GdipDeleteStringFormat
GdipDrawString
GdipCreateStringFormat
GdipCreateFont
GdipDeleteFontFamily
GdipCreateFontFamilyFromName
GdipDeleteFont
GdipSetImageAttributesColorMatrix
GdipDisposeImage
GdipDeleteGraphics
GdipCreateFromHDC
GdipReleaseDC
GdipGetDC
GdipGraphicsClear
GdipSetClipRectI
GdipRestoreGraphics
GdipSaveGraphics
GdipDrawImageRectRectI
GdipFillRectangleI
GdipSetSmoothingMode
GdipGetImageHeight
GdipGetImageWidth
GdipCreateSolidFill
GdipDeleteBrush
GdipCloneBrush
GdipFree
GdipAlloc
GdiplusShutdown
GdiplusStartup
GdipCreateImageAttributes
GdipDisposeImageAttributes
GdipTranslateWorldTransform
GdipLoadImageFromStreamICM
GdipLoadImageFromStream
GdipCreateFontFromLogfontA
GdipCloneImage
GdipCreateFontFromDC

winmm

timeGetTime
timeEndPeriod
timeBeginPeriod

Exports

Exports

GetHandleVerifier

Sections

.text
Size: 1.3MB - Virtual size: 1.3MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 177KB - Virtual size: 177KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 14KB - Virtual size: 29KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 512B - Virtual size: 2B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 189KB - Virtual size: 189KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 608KB - Virtual size: 612KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

782b75a77cd7e73269f7995c8bfc7ae2

Headers

DLL Characteristics

File Characteristics

Imports

powrprof

setupapi

kernel32

user32

gdi32

advapi32

shell32

ole32

oleaut32

shlwapi

userenv

mpr

psapi

netapi32

urlmon

wininet

comctl32

gdiplus

winmm

Exports

Exports

Sections

.text Size: 1.3MB - Virtual size: 1.3MB

.rdata Size: 177KB - Virtual size: 177KB

.data Size: 14KB - Virtual size: 29KB

.tls Size: 512B - Virtual size: 2B

.rsrc Size: 189KB - Virtual size: 189KB

.reloc Size: 608KB - Virtual size: 612KB

.text
Size: 1.3MB - Virtual size: 1.3MB

.rdata
Size: 177KB - Virtual size: 177KB

.data
Size: 14KB - Virtual size: 29KB

.tls
Size: 512B - Virtual size: 2B

.rsrc
Size: 189KB - Virtual size: 189KB

.reloc
Size: 608KB - Virtual size: 612KB