88a60b6b9e19a72026fcb66b157b754d0066fcbb7369aea78f6c8f8a79fb1b5a

Sharing

Copy URL

Twitter E-mail

General

Target

88a60b6b9e19a72026fcb66b157b754d0066fcbb7369aea78f6c8f8a79fb1b5a
Size

2.7MB
MD5

ab6c9aa250c19447e8e3cee4c4d08038
SHA1

e0ce6bfd1bba8133d2062a4aa69dbcf959c63d53
SHA256

88a60b6b9e19a72026fcb66b157b754d0066fcbb7369aea78f6c8f8a79fb1b5a
SHA512

958be8b93072ce34b2bdd4a8734765a95918548590bcd45e3894913f3e5be445a53bcd9760a9c1943e4df95d80e9b66cc8c39a5f8fc174a8603ad2e538c44209
SSDEEP

49152:udyiHYXgjXytyQbtEHuURU+IInQc2Ardd3+dg6r27vPYpsZ/QNPSO5Pvooh1+0rP:u8iHYXiGWh+7rkEsegO5H

Score

9^/10

oss_ak

Malware Config

Signatures

detect oss ak 1 IoCs

oss ak information detected.

oss_ak

resource	yara_rule
sample	detect_ak_stuff

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
88a60b6b9e19a72026fcb66b157b754d0066fcbb7369aea78f6c8f8a79fb1b5a

Files

88a60b6b9e19a72026fcb66b157b754d0066fcbb7369aea78f6c8f8a79fb1b5a
.exe windows:5 windows x86

42abb82c96f27d3c8ec00a865e28dc2b

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

HeapDestroy
HeapSize
HeapReAlloc
LockResource
FindResourceExW
SetConsoleTextAttribute
GetStdHandle
GetConsoleScreenBufferInfo
WriteConsoleA
WriteFile
GetConsoleMode
CreateMutexA
ReleaseMutex
DecodePointer
SetEvent
ResetEvent
WaitForSingleObjectEx
CreateEventW
UnhandledExceptionFilter
SetUnhandledExceptionFilter
TerminateProcess
IsProcessorFeaturePresent
QueryPerformanceCounter
GetSystemTimeAsFileTime
InitializeSListHead
IsDebuggerPresent
GetStartupInfoW
OutputDebugStringW
LoadLibraryW
CloseHandle
WTSGetActiveConsoleSessionId
GetPrivateProfileIntA
WaitForSingleObject
CreateThread
UnregisterWaitEx
QueryDepthSList
GetModuleFileNameA
WritePrivateProfileStringA
GetPrivateProfileStringA
LocalAlloc
LocalFree
WideCharToMultiByte
HeapFree
GetProcessHeap
FormatMessageW
GetCurrentProcessId
GetTimeZoneInformation
GetFileAttributesA
GetCurrentThreadId
InterlockedCompareExchange
InterlockedExchange
GetCommandLineW
InterlockedDecrement
Sleep
DeleteCriticalSection
InitializeCriticalSectionAndSpinCount
GetModuleFileNameW
LoadLibraryExW
FindResourceW
LoadResource
SizeofResource
MultiByteToWideChar
GetLastError
EnterCriticalSection
RaiseException
LeaveCriticalSection
lstrcmpiW
InterlockedFlushSList
InterlockedPushEntrySList
InterlockedPopEntrySList
ReleaseSemaphore
VirtualProtect
VirtualFree
VirtualAlloc
GetModuleHandleA
FreeLibraryAndExitThread
GetThreadTimes
UnregisterWait
RegisterWaitForSingleObject
SetThreadAffinityMask
GetProcessAffinityMask
GetNumaHighestNodeNumber
DeleteTimerQueueTimer
ChangeTimerQueueTimer
CreateTimerQueueTimer
GetLogicalProcessorInformation
GetThreadPriority
SetThreadPriority
SwitchToThread
SignalObjectAndWait
CreateTimerQueue
FlushFileBuffers
HeapAlloc
GetCurrentProcess
MapViewOfFile
CreateFileMappingW
FormatMessageA
GetSystemTime
SystemTimeToFileTime
GetFileSize
LockFileEx
CreateFileMappingA
UnlockFile
HeapCompact
GetSystemInfo
DeleteFileW
DeleteFileA
GetVersionExA
CreateFileA
FlushViewOfFile
GetFileAttributesExW
GetDiskFreeSpaceA
GetTempPathA
HeapValidate
UnmapViewOfFile
GetVersionExW
GetFileAttributesW
CreateFileW
GetTempPathW
UnlockFileEx
SetEndOfFile
GetFullPathNameA
SetFilePointer
InitializeCriticalSection
LockFile
OutputDebugStringA
GetDiskFreeSpaceW
GetFullPathNameW
HeapCreate
ReadFile
AreFileApisANSI
SetConsoleMode
ReadConsoleW
ReadConsoleA
GetEnvironmentVariableW
FindNextFileW
FindFirstFileW
LoadLibraryA
ConvertFiberToThread
DeleteFiber
GetModuleHandleExW
GetFileType
ExitThread
FindNextFileA
FindFirstFileA
FindClose
CreateMutexW
LCMapStringW
CompareStringW
GetCPInfo
EncodePointer
GetTickCount
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
SetLastError
TryEnterCriticalSection
GetExitCodeThread
GetCurrentThread
DuplicateHandle
GetModuleHandleW
GetProcAddress
FreeLibrary

user32

PostThreadMessageW
CharUpperW
GetUserObjectInformationW
CharNextW
LoadStringW
MessageBoxW
GetMessageW
TranslateMessage
GetProcessWindowStation
DispatchMessageW

advapi32

CreateProcessAsUserW
CryptDestroyHash
CryptHashData
CryptCreateHash
DuplicateTokenEx
RegQueryValueExA
RegOpenKeyA
RegisterServiceCtrlHandlerW
DeregisterEventSource
ReportEventW
RegisterEventSourceW
StartServiceCtrlDispatcherW
RegQueryValueExW
CreateServiceW
DeleteService
ControlService
SetServiceStatus
CloseServiceHandle
ChangeServiceConfig2W
ChangeServiceConfigW
OpenServiceW
OpenSCManagerW
RegDeleteValueW
RegCreateKeyExW
RegSetValueExW
RegOpenKeyExW
RegEnumKeyExW
RegQueryInfoKeyW
RegCloseKey
RegDeleteKeyW
CryptAcquireContextW
CryptReleaseContext
CryptGetHashParam
CryptGenRandom

ole32

CoTaskMemRealloc
OleRun
CLSIDFromString
CoInitializeEx
CoUninitialize
CoTaskMemAlloc
CoTaskMemFree
CoReleaseServerProcess
CoAddRefServerProcess
CoCreateInstance
CoInitialize
CLSIDFromProgID

shell32

SHGetFolderPathA
SHCreateDirectoryExA

oleaut32

SysAllocString
VariantChangeType
VariantClear
VariantInit
SysFreeString
VarUI4FromStr
GetErrorInfo

iphlpapi

GetAdaptersInfo

ws2_32

ntohs
shutdown
WSASocketW
socket
inet_addr
sendto
select
WSAAddressToStringW
WSASetLastError
WSASend
setsockopt
htons
__WSAFDIsSet
getsockopt
ioctlsocket
WSAGetLastError
closesocket
getaddrinfo
gethostbyname
send
recv
WSACleanup
bind
WSAStartup
getnameinfo
freeaddrinfo
getpeername
connect

wtsapi32

WTSQueryUserToken

userenv

CreateEnvironmentBlock

winmm

mciSendCommandW
mciSendCommandA

vcruntime140

__std_terminate
memchr
__RTDynamicCast
__current_exception
__processing_throw
wcsstr
__std_exception_destroy
memmove
__std_exception_copy
strrchr
strchr
strstr
__vcrt_InitializeCriticalSectionEx
memset
_except_handler4_common
__CxxFrameHandler3
_CxxThrowException
__AdjustPointer
memcpy
__uncaught_exception
memcmp
_purecall

api-ms-win-crt-string-l1-1-0

isspace
strncpy
_stricmp
tolower
strcspn
strncmp
__strncnt
islower
_wcsdup
isupper
_strnicmp
strtok
isxdigit
strcmp
strspn
isdigit
wcscpy_s
wcsncpy_s
wmemcpy_s

api-ms-win-crt-heap-l1-1-0

_msize
_malloc_base
_set_new_mode
free
_recalloc
malloc
_callnewh
realloc
calloc
_free_base
_calloc_base

api-ms-win-crt-runtime-l1-1-0

signal
raise
strerror
_endthreadex
_beginthreadex
_invalid_parameter_noinfo_noreturn
terminate
abort
_controlfp_s
_crt_atexit
_errno
_invalid_parameter_noinfo
_register_onexit_function
_initialize_onexit_table
_register_thread_local_exe_atexit_callback
_c_exit
_cexit
_exit
_initterm_e
_initterm
_get_wide_winmain_command_line
_initialize_wide_environment
_configure_wide_argv
_set_app_type
_seh_filter_exe
exit
strerror_s

api-ms-win-crt-stdio-l1-1-0

fread
fputc
__stdio_common_vsnwprintf_s
_putws
fwrite
_fileno
_fsopen
__stdio_common_vfprintf
__acrt_iob_func
_filelength
__p__commode
_get_stream_buffer_pointers
__stdio_common_vsscanf
fgetc
_wfopen
_setmode
fgets
ferror
feof
fgetpos
fflush
fsetpos
__stdio_common_vswprintf
_fseeki64
fclose
setvbuf
ftell
fseek
fputs
ungetc
_set_fmode
__stdio_common_vsnprintf_s
__stdio_common_vsprintf_s
fopen
__stdio_common_vswprintf_s
__stdio_common_vsprintf

api-ms-win-crt-time-l1-1-0

_time64
_mktime64
_gmtime64_s
_localtime64_s
strftime
_ftime64
_localtime64

api-ms-win-crt-filesystem-l1-1-0

remove
_lock_file
_unlock_file
_mkdir
_unlink
rename
_stat64i32
_rmdir

api-ms-win-crt-convert-l1-1-0

strtol
strtoul
atof
strtoull
wcstombs
atoi

api-ms-win-crt-utility-l1-1-0

qsort
rand

api-ms-win-crt-math-l1-1-0

_ldsign
_dsign
_fdsign
_fdtest
_dtest
_ldtest
_except1
__setusermatherr
_CIsqrt
_CIexp
frexp

api-ms-win-crt-multibyte-l1-1-0

_mbschr
_mbsstr
_mbsinc
_mbsrchr
_ismbblead

api-ms-win-crt-locale-l1-1-0

setlocale
__pctype_func
___lc_locale_name_func
_unlock_locales
___lc_codepage_func
_configthreadlocale
___lc_collate_cp_func
___mb_cur_max_func
localeconv
_lock_locales

api-ms-win-crt-environment-l1-1-0

getenv

rpcrt4

UuidCreate

crypt32

CryptBinaryToStringA

Sections

.text
Size: 2.0MB - Virtual size: 2.0MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 531KB - Virtual size: 530KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 29KB - Virtual size: 549KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.gfids
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.tls
Size: 512B - Virtual size: 17B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 69KB - Virtual size: 69KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 95KB - Virtual size: 94KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

42abb82c96f27d3c8ec00a865e28dc2b

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

advapi32

ole32

shell32

oleaut32

iphlpapi

ws2_32

wtsapi32

userenv

winmm

vcruntime140

api-ms-win-crt-string-l1-1-0

api-ms-win-crt-heap-l1-1-0

api-ms-win-crt-runtime-l1-1-0

api-ms-win-crt-stdio-l1-1-0

api-ms-win-crt-time-l1-1-0

api-ms-win-crt-filesystem-l1-1-0

api-ms-win-crt-convert-l1-1-0

api-ms-win-crt-utility-l1-1-0

api-ms-win-crt-math-l1-1-0

api-ms-win-crt-multibyte-l1-1-0

api-ms-win-crt-locale-l1-1-0

api-ms-win-crt-environment-l1-1-0

rpcrt4

crypt32

Sections

.text Size: 2.0MB - Virtual size: 2.0MB

.rdata Size: 531KB - Virtual size: 530KB

.data Size: 29KB - Virtual size: 549KB

.gfids Size: 3KB - Virtual size: 2KB

.tls Size: 512B - Virtual size: 17B

.rsrc Size: 69KB - Virtual size: 69KB

.reloc Size: 95KB - Virtual size: 94KB

.text
Size: 2.0MB - Virtual size: 2.0MB

.rdata
Size: 531KB - Virtual size: 530KB

.data
Size: 29KB - Virtual size: 549KB

.gfids
Size: 3KB - Virtual size: 2KB

.tls
Size: 512B - Virtual size: 17B

.rsrc
Size: 69KB - Virtual size: 69KB

.reloc
Size: 95KB - Virtual size: 94KB