93f160971f2de45df99b5e2f87c30b75431974fc6fb5e280d069187114fc81dd

Sharing

Copy URL Twitter E-mail

General

Target

93f160971f2de45df99b5e2f87c30b75431974fc6fb5e280d069187114fc81dd
Size

5.2MB
MD5

a85bb02dc65a46e9c60504ab36f61503
SHA1

39c50af13226df0115827dfd059374bc27557f7f
SHA256

93f160971f2de45df99b5e2f87c30b75431974fc6fb5e280d069187114fc81dd
SHA512

af12dac4ff632a93afcd4b45031fe06160a6adb660f566e12b1bba8b10b2fdaad33506dae3cf12de00e34ba184fe916d139ab79410c6140f6f39acf0a8227a98
SSDEEP

98304:HQ22zR0mSy2PFa8YlBHqKc/OYQvtyzFdptIfu2/dxcTySvRkyb4H37E58rn3R+9:HwN0VVyHqKcWYQvkzFmfuGdy2SvhUo5F

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/@~%~~%~~~@~%@%%%.1

Files

93f160971f2de45df99b5e2f87c30b75431974fc6fb5e280d069187114fc81dd
.zip
@~%~~%~~~@~%@%%%.1
.dll windows:4 windows x86

bf00da6ea0b86ae4b42d43eb97ded76d

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

lz32

LZClose

comdlg32

ReplaceTextA
GetSaveFileNameA
GetOpenFileNameW
PrintDlgW
FindTextA

wininet

InternetSetDialState
FtpDeleteFileW
InternetCheckConnectionW
GetUrlCacheEntryInfoExW

user32

ClientToScreen
PeekMessageW
GetCursorPos
GetScrollRange
IsCharLowerA
LoadMenuW
CharNextW
CallMsgFilterA
BringWindowToTop
LoadBitmapW
CharLowerBuffA
IsWindow
ShowScrollBar
SetCaretBlinkTime
DialogBoxParamA
GetMessageExtraInfo
GetCapture
MessageBoxA
DestroyAcceleratorTable
SetWindowTextW
PostMessageW
SetClassLongA
CopyImage
GetClassNameW
CreateCursor
FindWindowExW
GetKeyboardState
GetKeyboardLayoutList
GetMenuItemCount
RemoveMenu

oleacc

GetStateTextA
GetRoleTextW
LresultFromObject

advapi32

RegQueryValueW
ReportEventA
ReportEventW
SetFileSecurityA
GetLengthSid
SetSecurityDescriptorGroup
GetSidSubAuthorityCount
LsaFreeMemory

winmm

mixerOpen
waveInGetDevCapsA
waveOutGetID
midiOutMessage
CloseDriver
midiOutUnprepareHeader
mixerGetNumDevs
joyReleaseCapture
waveInGetPosition
waveOutGetErrorTextW
joyGetDevCapsA
midiStreamOut
mmioStringToFOURCCA
midiInStop
midiStreamPause
mciGetErrorStringW
mciGetDeviceIDFromElementIDA
mmioDescend
mmioOpenW
midiStreamOpen
mixerGetLineInfoW
waveOutGetErrorTextA
midiInOpen
PlaySoundW
timeGetDevCaps
midiStreamPosition
mmioInstallIOProcA
midiStreamClose
mixerGetDevCapsW
timeGetSystemTime

ole32

HGLOBAL_UserMarshal
CreateClassMoniker
CoMarshalInterface
OleFlushClipboard
IsAccelerator
OleConvertOLESTREAMToIStorage
OleGetAutoConvert
OleRegGetUserType
FreePropVariantArray
OleGetClipboard
CoGetObject
CoIsHandlerConnected
DoDragDrop
OleIsRunning
HBITMAP_UserFree
HBITMAP_UserSize
CoFileTimeNow
OleSetClipboard
RevokeDragDrop
FmtIdToPropStgName
CoBuildVersion
CoRegisterSurrogate
CoDisconnectObject
CoFileTimeToDosDateTime
HACCEL_UserUnmarshal

setupapi

SetupDiCreateDeviceInfoList
SetupDiClassGuidsFromNameW
SetupDiRegisterCoDeviceInstallers
SetupFindNextLine
SetupSetPlatformPathOverrideW
SetupDiDeleteDeviceInterfaceData
SetupDiOpenDeviceInterfaceA
SetupGetFileCompressionInfoW
SetupCopyOEMInfW
SetupDiDeleteDeviceInfo
SetupDiDestroyDriverInfoList
SetupLogFileW
SetupGetInfFileListA
SetupSetSourceListW
SetupGetTargetPathW
SetupGetMultiSzFieldA
SetupQuerySpaceRequiredOnDriveW
SetupDiGetClassDevsW
SetupRemoveInstallSectionFromDiskSpaceListW
SetupCancelTemporarySourceList
SetupSetPlatformPathOverrideA
SetupDiOpenClassRegKeyExW
SetupDiSetDeviceInstallParamsW
SetupDiGetClassBitmapIndex
SetupDiSetSelectedDevice
SetupDiSetDriverInstallParamsW
SetupDiSetDeviceInstallParamsA
SetupAddSectionToDiskSpaceListW
SetupDestroyDiskSpaceList
SetupOpenFileQueue
SetupTerminateFileLog
SetupGetSourceFileSizeW
SetupQueueRenameSectionW
SetupGetLineCountA
SetupDiBuildClassInfoListExA
SetupRemoveFromDiskSpaceListA
SetupDiOpenDeviceInfoW
SetupLogFileA
SetupDiGetDeviceInterfaceDetailW
SetupOpenInfFileW
SetupCreateDiskSpaceListA
SetupSetSourceListA
SetupDiInstallDevice
SetupAddToDiskSpaceListA
SetupDiGetDriverInfoDetailA
SetupCommitFileQueueA
SetupInstallFileExA
SetupDiGetSelectedDriverW
SetupGetTargetPathA
SetupGetInfFileListW
SetupLogErrorW
SetupCloseInfFile
SetupDiGetClassInstallParamsA
SetupInstallFromInfSectionW

urlmon

CoInternetCreateZoneManager
CreateURLMoniker
RevokeFormatEnumerator
HlinkNavigateString

mpr

WNetGetConnectionW
WNetGetUniversalNameW
WNetUseConnectionW
WNetAddConnection3W
WNetEnumResourceA
WNetGetProviderNameW
WNetDisconnectDialog1W

rpcrt4

IUnknown_QueryInterface_Proxy
RpcBindingSetOption
NdrConformantVaryingArrayMemorySize
RpcSmFree
RpcMgmtSetCancelTimeout
RpcServerUseAllProtseqsEx
RpcServerUseProtseqEpExW
NdrConvert2
RpcServerUseProtseqIfExW
NdrComplexStructMarshall
NdrConformantStringUnmarshall
RpcBindingReset
RpcRevertToSelfEx
MesBufferHandleReset
I_RpcBindingCopy
RpcStringFreeA
NdrRpcSsDefaultAllocate
RpcServerInqDefaultPrincNameA
NdrConformantVaryingArrayMarshall
NdrSimpleTypeMarshall
I_RpcFreePipeBuffer
RpcSmClientFree
NdrNonConformantStringUnmarshall
RpcSmSwapClientAllocFree
RpcBindingInqAuthClientA
RpcServerUseProtseqA
MesDecodeBufferHandleCreate
NdrInterfacePointerMemorySize
RpcRaiseException
NdrFixedArrayUnmarshall
short_array_from_ndr
I_RpcConnectionSetSockBuffSize
NdrRpcSsEnableAllocate
NdrComplexStructBufferSize
RpcServerUnregisterIf
NdrConformantStringMemorySize
data_into_ndr
RpcMgmtEpEltInqNextW
RpcSsDestroyClientContext
data_size_ndr
I_RpcNsBindingSetEntryNameA
I_RpcFree
I_RpcAllocate
RpcObjectSetType
NdrFullPointerXlatInit
NdrRpcSmClientAllocate
NdrServerInitializeMarshall
RpcServerUseProtseqExW
RpcBindingFromStringBindingW
RpcBindingToStringBindingA
NdrFixedArrayMemorySize
RpcServerListen
NdrStubCall
NDRcopy
NDRSContextUnmarshallEx
NdrInterfacePointerUnmarshall
NdrStubCall2
NdrNonConformantStringMemorySize
double_array_from_ndr
I_RpcBindingInqTransportType
UuidToStringW
RpcNetworkInqProtseqsA
RpcServerRegisterAuthInfoW
RpcAsyncRegisterInfo
NdrSimpleTypeUnmarshall
RpcSmSetClientAllocFree
I_RpcBindingInqDynamicEndpointA
NdrContextHandleSize
RpcEpUnregister
NdrComplexArrayFree

clusapi

OpenClusterGroup
ClusterRegEnumKey
ClusterResourceOpenEnum
SetClusterQuorumResource
ClusterRegSetValue
GetClusterResourceState
ChangeClusterResourceGroup
ClusterRegSetKeySecurity
ClusterRegCloseKey
ClusterResourceCloseEnum
OnlineClusterResource
GetClusterNetworkId
GetClusterNetworkKey
OpenClusterNode
EvictClusterNode
RegisterClusterNotify
ClusterRegDeleteValue
GetClusterNetInterface

version

GetFileVersionInfoSizeW

resutils

ResUtilGetProperties
ResUtilGetResourceNameDependency
ClusWorkerCreate
ResUtilIsPathValid

shlwapi

PathUnquoteSpacesA
SHSetValueA
PathFindExtensionA
PathIsSameRootA

Exports

Exports

BulkAniseCondensations
ClamberedAmputateDecadent
ConsciousChassisCommuning
CuttlefishAilsYours
BBByyyyylllllYfS

Sections

.text
Size: 40KB - Virtual size: 39KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 56KB - Virtual size: 52KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 1.1MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 12KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
checksums.txt

Sharing

General

Malware Config

Signatures

Files

bf00da6ea0b86ae4b42d43eb97ded76d

Headers

File Characteristics

Imports

lz32

comdlg32

wininet

user32

oleacc

advapi32

winmm

ole32

setupapi

urlmon

mpr

rpcrt4

clusapi

version

resutils

shlwapi

Exports

Exports

Sections

.text Size: 40KB - Virtual size: 39KB

.rdata Size: 56KB - Virtual size: 52KB

.data Size: 4KB - Virtual size: 1.1MB

.rsrc Size: 4KB - Virtual size: 2KB

.reloc Size: 12KB - Virtual size: 9KB

.text
Size: 40KB - Virtual size: 39KB

.rdata
Size: 56KB - Virtual size: 52KB

.data
Size: 4KB - Virtual size: 1.1MB

.rsrc
Size: 4KB - Virtual size: 2KB

.reloc
Size: 12KB - Virtual size: 9KB