16ba3568da8d26eef2676f8f77fd1bfaf18479466fc4dee36326b5614cf37d5e

Sharing

Copy URL Twitter E-mail

General

Target

16ba3568da8d26eef2676f8f77fd1bfaf18479466fc4dee36326b5614cf37d5e
Size

1.1MB
MD5

c256fececae622441965e9df4df03376
SHA1

26eb2b06fc65cc0c74522823ff26bee0cbcd4adf
SHA256

16ba3568da8d26eef2676f8f77fd1bfaf18479466fc4dee36326b5614cf37d5e
SHA512

4e68e4f4ed921fa748272e9b53e56c11d0adc25e19dac0efc8b46edb60ec522c2e64eb7694bd09cc4882864088c886cafdcc8b352a24f412c9882da0b05435c2
SSDEEP

12288:gI28GdVo/dU5lunA/ZWmltKEVMYkuXrQyDC6ywpeGBDFUNUyFHs5jE8oaFTz7tU6:gI2djLkuXrQiywpe4FEAFepjgT

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
16ba3568da8d26eef2676f8f77fd1bfaf18479466fc4dee36326b5614cf37d5e

Files

16ba3568da8d26eef2676f8f77fd1bfaf18479466fc4dee36326b5614cf37d5e
.exe windows:5 windows x86

0b376a2f5db521b0c18757be8b7d094c

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE

Imports

rpcrt4

UuidCreate

advapi32

ConvertSecurityDescriptorToStringSecurityDescriptorW
SystemFunction036
RegLoadKeyW
RegUnLoadKeyW
OpenProcessToken
AdjustTokenPrivileges
LookupPrivilegeValueW
RegEnumKeyExW
RegEnumValueW
RegEnumValueA
GetTokenInformation
GetUserNameW
RegQueryValueExW
RegSetValueExW
GetFileSecurityW
SetFileSecurityW
ConvertStringSecurityDescriptorToSecurityDescriptorW
RegQueryInfoKeyW
CreateProcessAsUserW
RegCreateKeyExW
RegDeleteKeyW
RegDeleteValueW
RegOpenKeyExW
RegCloseKey
GetSidSubAuthority
GetSidSubAuthorityCount
ConvertSidToStringSidW
GetTraceEnableFlags
GetTraceLoggerHandle
TraceEvent
UnregisterTraceGuids
GetTraceEnableLevel
RegisterTraceGuidsW

version

GetFileVersionInfoSizeW
VerQueryValueW
GetFileVersionInfoW

ws2_32

ntohl

winmm

timeGetTime

shlwapi

UrlCanonicalizeW

kernel32

SetFilePointerEx
GetDriveTypeW
OutputDebugStringW
EnumSystemLocalesW
GetUserDefaultLCID
IsValidLocale
LCMapStringW
GetStringTypeW
GetCPInfo
GetOEMCP
GetACP
IsValidCodePage
ReadConsoleW
RtlUnwind
WriteConsoleW
GetTimeZoneInformation
GetLastError
SetLastError
WaitForSingleObject
OpenProcess
ExpandEnvironmentStringsW
CloseHandle
QueueUserAPC
GetCurrentProcess
TerminateProcess
ResumeThread
CreateProcessW
SetPriorityClass
GetPriorityClass
VirtualAllocEx
WriteProcessMemory
GetModuleHandleW
GetProcAddress
FreeLibrary
LoadLibraryW
ReleaseMutex
CreateMutexW
HeapAlloc
HeapReAlloc
HeapFree
GetProcessHeap
HeapSetInformation
GetExitCodeProcess
CreateFileW
GetFileAttributesW
GetFileAttributesExW
GetShortPathNameW
MoveFileExW
CompareStringW
DuplicateHandle
GetCurrentThreadId
GetFileInformationByHandle
GetDateFormatW
DecodePointer
RaiseException
InitializeCriticalSectionAndSpinCount
DeleteCriticalSection
GetModuleFileNameW
LoadResource
LockResource
SizeofResource
FindResourceW
ReadFile
SetFilePointer
SetFileTime
WriteFile
RemoveDirectoryW
GetSystemTimeAsFileTime
LocalFree
WTSGetActiveConsoleSessionId
LoadLibraryExW
CreateFileMappingW
MapViewOfFile
UnmapViewOfFile
GetTickCount
FormatMessageA
OutputDebugStringA
DeleteFileW
GetCurrentProcessId
Sleep
IsDebuggerPresent
CreateThread
GetCommandLineW
GetUserDefaultLangID
GetTempFileNameW
CreateDirectoryW
CopyFileW
GetTempPathW
GetCurrentDirectoryW
GetLongPathNameW
SetCurrentDirectoryW
SetFileAttributesW
AssignProcessToJobObject
GetStdHandle
GetModuleHandleA
GetNativeSystemInfo
GetVersionExW
FindFirstFileW
FindFirstFileExW
FindClose
FindNextFileW
GetEnvironmentVariableW
SetEnvironmentVariableW
QueryPerformanceCounter
FileTimeToSystemTime
QueryPerformanceFrequency
SetEndOfFile
SetEnvironmentVariableA
FlushFileBuffers
GetFileSizeEx
RtlCaptureStackBackTrace
GetLocaleInfoW
GetUserDefaultUILanguage
GetModuleHandleExW
LeaveCriticalSection
EnterCriticalSection
Process32FirstW
GetProcessId
Process32NextW
CreateToolhelp32Snapshot
GetSystemDirectoryW
GetWindowsDirectoryW
TlsGetValue
TlsSetValue
TlsAlloc
TlsFree
SetUnhandledExceptionFilter
SetEvent
ResetEvent
WaitForMultipleObjects
VirtualQueryEx
LockFileEx
UnlockFileEx
GetFileType
CreateRemoteThread
VirtualProtect
VirtualFreeEx
FormatMessageW
RtlCaptureContext
InitializeCriticalSection
ReleaseSemaphore
CreateSemaphoreW
SetNamedPipeHandleState
TransactNamedPipe
WaitNamedPipeW
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetStartupInfoW
UnhandledExceptionFilter
HeapSize
PeekNamedPipe
FileTimeToLocalFileTime
MultiByteToWideChar
ExitProcess
SetStdHandle
GetFullPathNameW
GetConsoleMode
GetConsoleCP
WideCharToMultiByte
IsProcessorFeaturePresent
EncodePointer
LoadLibraryExA

ole32

CoCreateInstance
CoAllowSetForegroundWindow
CoCreateGuid
CoUninitialize
CoInitializeEx
CoTaskMemFree
CoSetProxyBlanket
PropVariantClear
CoTaskMemAlloc
StringFromGUID2

oleaut32

SysStringLen
VariantInit
VariantClear
SysFreeString
SysAllocString

user32

CharUpperW
wsprintfW
CallNextHookEx
UnhookWindowsHookEx
SetWindowsHookExW
GetMonitorInfoW
MonitorFromWindow
SetForegroundWindow
MoveWindow
DestroyWindow
CreateWindowExW
LoadIconW
SetWindowLongW
GetWindowLongW
SendMessageW
GetWindowThreadProcessId
FindWindowW
IsWindow
SendMessageTimeoutW
MessageBoxW

urlmon

CreateURLMonikerEx

wtsapi32

WTSQueryUserToken

userenv

DestroyEnvironmentBlock
GetProfileType
CreateEnvironmentBlock

Exports

Exports

ClearBreakpadPipeEnvironmentVariable
ClearCrashKeyValueImpl
CrashForException
DumpProcess
DumpProcessWithoutCrash
GetHandleVerifier
InjectDumpForHangDebugging
InjectDumpProcessWithoutCrash
SetCrashKeyValueImpl
TerminateProcessWithoutDump

Sections

.text
Size: 582KB - Virtual size: 582KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 160KB - Virtual size: 160KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 7KB - Virtual size: 30KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 512B - Virtual size: 2B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 296KB - Virtual size: 295KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 90KB - Virtual size: 92KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

0b376a2f5db521b0c18757be8b7d094c

Headers

DLL Characteristics

File Characteristics

Imports

rpcrt4

advapi32

version

ws2_32

winmm

shlwapi

kernel32

ole32

oleaut32

user32

urlmon

wtsapi32

userenv

Exports

Exports

Sections

.text Size: 582KB - Virtual size: 582KB

.rdata Size: 160KB - Virtual size: 160KB

.data Size: 7KB - Virtual size: 30KB

.tls Size: 512B - Virtual size: 2B

.rsrc Size: 296KB - Virtual size: 295KB

.reloc Size: 90KB - Virtual size: 92KB

.text
Size: 582KB - Virtual size: 582KB

.rdata
Size: 160KB - Virtual size: 160KB

.data
Size: 7KB - Virtual size: 30KB

.tls
Size: 512B - Virtual size: 2B

.rsrc
Size: 296KB - Virtual size: 295KB

.reloc
Size: 90KB - Virtual size: 92KB