d6ecae0cf509338e110f7ba93c80cdd29920e734fec195f65871a1def9d8674d

Sharing

Copy URL Twitter E-mail

General

Target

d6ecae0cf509338e110f7ba93c80cdd29920e734fec195f65871a1def9d8674d
Size

1.5MB
MD5

d996d8253d1f80b539db5eaf20be0942
SHA1

14f41e65ce57feab8f932bf5932295789ea0c21c
SHA256

d6ecae0cf509338e110f7ba93c80cdd29920e734fec195f65871a1def9d8674d
SHA512

cd3331d07402f07655de3bdb96f4b1cf370dcbeb78243d0427fc4d29e90bbe4c98df1053fb8295cbe75ae2666cac8f8dc48de3a6ebc8c9cb171edc138ac42764
SSDEEP

24576:QmkuyC4wOcRUtBT/LyxoxRMt37MVfO/7MSZNOge7ziqBkob:QUyCac23+t+OwSZUgePiqLb

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
d6ecae0cf509338e110f7ba93c80cdd29920e734fec195f65871a1def9d8674d

Files

d6ecae0cf509338e110f7ba93c80cdd29920e734fec195f65871a1def9d8674d
.exe windows:5 windows x86 arch:x86

26217b955853a5912259162bd3bb9722

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

ntdll

RtlTryEnterCriticalSection
RtlSetCriticalSectionSpinCount
RtlPrefixUnicodeString
RtlNtStatusToDosError
RtlLeaveCriticalSection
RtlInitUnicodeString
RtlInitializeCriticalSection
RtlImageNtHeader
RtlFreeUnicodeString
RtlFreeAnsiString
RtlEqualUnicodeString
RtlEnterCriticalSection
RtlDestroyProcessParameters
RtlDeleteCriticalSection
RtlCreateProcessParameters
RtlAppendUnicodeToString
NtTerminateThread
NtTerminateProcess
NtSetValueKey
NtSetIoCompletion
NtSetInformationProcess
NtSetEvent
NtSetDefaultLocale
NtResumeThread
NtRaiseHardError
NtQuerySymbolicLinkObject
NtQueryKey
NtQueryInformationThread
NtQueryDefaultLocale
NtOpenThread
NtOpenSymbolicLinkObject
NtOpenProcess
NtFreeVirtualMemory
NtFlushKey
NtFlushBuffersFile
NtEnumerateValueKey
NtEnumerateKey
NtDuplicateObject
NtDeleteValueKey
NtDeleteKey
NtDelayExecution
NtCreateThread
NtCreateProcess
NtAllocateVirtualMemory
CsrFreeCaptureBuffer
CsrClientCallServer
CsrAllocateMessagePointer
RtlDosPathNameToNtPathName_U

oleaut32

SafeArrayAccessData
SafeArrayGetLBound
SafeArrayGetUBound
SafeArrayUnaccessData
SysAllocString
SysFreeString
SysStringLen
VariantClear

gdi32

AddFontResourceW
CreateCompatibleBitmap
CreateCompatibleDC
CreateDCA
CreateDIBitmap
CreateDIBSection
CreateFontIndirectW
CreateFontW
CreatePen
CreateSolidBrush
DeleteDC
DeleteObject
GetDeviceCaps
GetObjectW
GetStockObject
GetStretchBltMode
GetTextCharset
GetTextExtentPoint32W
LineTo
MoveToEx
Polygon
Rectangle
RemoveFontResourceW
SelectObject
SetBkMode
SetDIBits
SetStretchBltMode
SetTextColor
StretchBlt
BitBlt

kernel32

GetConsoleCP
GetConsoleMode
GetConsoleOutputCP
GetCPInfo
GetCurrencyFormatA
GetCurrencyFormatW
GetCurrentProcess
GetCurrentProcessId
GetCurrentThread
GetCurrentThreadId
GetDateFormatA
GetDateFormatW
GetDiskFreeSpaceExW
GetDiskFreeSpaceW
GetDriveTypeW
GetEnvironmentStrings
GetEnvironmentStringsW
GetEnvironmentVariableW
GetExitCodeProcess
GetExitCodeThread
GetFileInformationByHandle
GetFileSize
GetFileTime
GetFileType
GetHandleInformation
GetLastError
GetLocaleInfoA
GetLocaleInfoW
GetLocalTime
GetLogicalDrives
GetModuleFileNameA
GetModuleFileNameW
GetModuleHandleA
GetModuleHandleW
GetNumberFormatA
GetNumberFormatW
GetOEMCP
GetPrivateProfileIntA
GetPrivateProfileIntW
GetPrivateProfileSectionA
GetPrivateProfileSectionNamesA
GetPrivateProfileSectionNamesW
GetPrivateProfileSectionW
GetPrivateProfileStringA
GetPrivateProfileStringW
GetPrivateProfileStructA
GetPrivateProfileStructW
GetProcAddress
GetProcessHeap
GetProfileIntA
GetProfileIntW
GetProfileSectionA
GetProfileSectionW
GetProfileStringA
GetProfileStringW
GetStartupInfoA
GetStartupInfoW
GetStdHandle
GetStringTypeA
GetStringTypeW
CreateNamedPipeW
GetSystemDefaultLCID
GetSystemDirectoryW
GetSystemInfo
GetSystemTime
GetSystemTimeAsFileTime
GetSystemWindowsDirectoryW
GetTempPathW
GetThreadContext
GetThreadLocale
GetTickCount
GetTimeFormatA
GetTimeFormatW
GetTimeZoneInformation
GetUserDefaultLangID
GetUserDefaultLCID
GetVersion
GetVersionExA
GetVersionExW
GetVolumeInformationW
GetWindowsDirectoryW
GlobalAlloc
GlobalFree
GlobalLock
GlobalUnlock
HeapAlloc
HeapCreate
HeapDestroy
HeapFree
HeapReAlloc
HeapSize
InitializeCriticalSection
InitializeCriticalSectionAndSpinCount
IsDBCSLeadByteEx
IsDebuggerPresent
IsProcessorFeaturePresent
IsValidCodePage
IsValidLocale
LCMapStringA
LCMapStringW
LeaveCriticalSection
LoadResource
LocalAlloc
LocalFree
LockResource
MapViewOfFile
MoveFileA
MoveFileExA
MoveFileExW
MoveFileW
MultiByteToWideChar
OpenEventA
OpenEventW
OpenFileMappingW
GetComputerNameW
OpenProcess
OpenSemaphoreW
OutputDebugStringW
QueryDosDeviceW
QueryPerformanceCounter
QueryPerformanceFrequency
QueueUserAPC
RaiseException
ReadFile
ReadProcessMemory
ReleaseMutex
ReleaseSemaphore
ResumeThread
RtlUnwind
SearchPathA
SearchPathW
SetConsoleCtrlHandler
SetEndOfFile
SetEnvironmentVariableA
SetEnvironmentVariableW
SetEvent
SetFileAttributesW
SetFilePointer
SetFileTime
SetHandleCount
CreateNamedPipeA
SetLocaleInfoA
SetLocaleInfoW
SetPriorityClass
SetProcessAffinityMask
SetProcessPriorityBoost
SetProcessWorkingSetSize
SetStdHandle
SetThreadAffinityMask
SetThreadContext
SetThreadIdealProcessor
SetThreadLocale
SetThreadPriority
SetThreadPriorityBoost
SetUnhandledExceptionFilter
SizeofResource
Sleep
SuspendThread
SystemTimeToFileTime
TerminateProcess
TerminateThread
TlsAlloc
TlsFree
TlsGetValue
TlsSetValue
UnhandledExceptionFilter
UnmapViewOfFile
VirtualAlloc
VirtualAllocEx
VirtualFree
VirtualFreeEx
VirtualProtect
VirtualProtectEx
VirtualQuery
VirtualQueryEx
WaitForDebugEvent
WaitForMultipleObjects
WaitForSingleObject
WideCharToMultiByte
WriteConsoleA
WriteConsoleW
WritePrivateProfileSectionA
WritePrivateProfileSectionW
WritePrivateProfileStringA
WritePrivateProfileStringW
WritePrivateProfileStructA
WritePrivateProfileStructW
WriteProfileStringA
WriteProfileStringW
CopyFileExW
EnumResourceNamesW
EnumSystemLocalesA
LoadLibraryExW
LoadLibraryExA
CreateMutexW
CreateFileMappingW
CreateFileA
CreateEventW
CreateEventA
CreateConsoleScreenBuffer
CopyFileW
CopyFileA
ContinueDebugEvent
CompareStringW
CompareStringA
CompareFileTime
CloseHandle
AddAtomW
GetCurrentDirectoryW
SetCurrentDirectoryW
GetFileAttributesW
FindClose
FindNextFileW
FindFirstFileW
GetFileAttributesExW
GetFullPathNameW
GetShortPathNameW
GetLongPathNameW
CreateFileW
WriteFile
CreateDirectoryW
RemoveDirectoryW
DeleteFileW
GetCommandLineW
GetCommandLineA
GetACP
FreeLibrary
FreeEnvironmentStringsW
FreeEnvironmentStringsA
FormatMessageW
FlushFileBuffers
FindResourceW
FindResourceA
FindFirstChangeNotificationW
FindFirstChangeNotificationA
FileTimeToSystemTime
FatalAppExitA
ExpandEnvironmentStringsW
ExitThread
ExitProcess
EnterCriticalSection
DuplicateHandle
DeleteFiber
DeleteCriticalSection
DebugBreak
DebugActiveProcess
CreateThread
CreateSemaphoreW
CreateRemoteThread
CreateProcessW
OpenMutexW
CreateProcessA
GetSystemDefaultLangID
SetLastError

advapi32

SetServiceBits
SetSecurityDescriptorSacl
SetSecurityDescriptorOwner
SetSecurityDescriptorGroup
SetSecurityDescriptorDacl
SetNamedSecurityInfoW
SetFileSecurityW
SetFileSecurityA
SetEntriesInAclW
RevertToSelf
RegSetValueW
RegSetValueExW
RegSetValueExA
RegSetValueA
RegQueryValueW
RegQueryValueExW
RegQueryValueExA
RegQueryValueA
RegQueryInfoKeyW
RegOpenKeyW
RegOpenKeyExW
RegisterServiceCtrlHandlerW
RegisterServiceCtrlHandlerA
RegEnumValueW
RegEnumKeyExW
RegEnumKeyExA
RegDeleteValueW
RegDeleteValueA
RegDeleteKeyW
RegDeleteKeyA
RegCreateKeyExW
RegCloseKey
QueryServiceStatusEx
QueryServiceStatus
QueryServiceObjectSecurity
QueryServiceLockStatusW
QueryServiceLockStatusA
QueryServiceConfigW
QueryServiceConfigA
OpenThreadToken
OpenServiceW
OpenServiceA
OpenSCManagerW
OpenSCManagerA
OpenProcessToken
MapGenericMask
MakeSelfRelativeSD
MakeAbsoluteSD
LookupPrivilegeValueW
LookupAccountNameW
UnlockServiceDatabase
StartServiceW
StartServiceCtrlDispatcherW
StartServiceCtrlDispatcherA
StartServiceA
SetServiceStatus
SetServiceObjectSecurity
LockServiceDatabase
IsValidSid
IsValidSecurityDescriptor
InitializeSecurityDescriptor
InitializeAcl
ImpersonateSelf
GetUserNameW
GetTokenInformation
GetSidSubAuthorityCount
GetSidSubAuthority
GetSidIdentifierAuthority
GetServiceKeyNameW
GetServiceKeyNameA
GetServiceDisplayNameW
GetServiceDisplayNameA
GetSecurityInfo
GetSecurityDescriptorSacl
GetSecurityDescriptorOwner
GetSecurityDescriptorLength
GetSecurityDescriptorGroup
GetSecurityDescriptorDacl
GetSecurityDescriptorControl
GetNamedSecurityInfoW
GetLengthSid
GetFileSecurityW
GetAclInformation
GetAce
FreeSid
EqualSid
EnumServicesStatusW
EnumServicesStatusExW
EnumServicesStatusExA
EnumServicesStatusA
EnumDependentServicesW
EnumDependentServicesA
DuplicateTokenEx
DuplicateToken
DeleteService
CryptVerifySignatureW
CryptSignHashW
CryptReleaseContext
CryptImportKey
CryptHashData
CryptGetHashParam
CryptDestroyKey
CryptDestroyHash
CryptCreateHash
CryptAcquireContextW
CreateServiceW
CreateServiceA
CreateProcessAsUserW
CreateProcessAsUserA
CopySid
ConvertStringSidToSidW
ControlService
CloseServiceHandle
ChangeServiceConfigW
ChangeServiceConfigA
AllocateAndInitializeSid
AddAce
AddAccessAllowedAceEx
AccessCheck
LogonUserW
LogonUserA

ole32

CoRevokeClassObject
WriteClassStg
StringFromGUID2
StringFromCLSID
StgOpenStorage
OleUninitialize
OleRun
OleLoad
OleGetAutoConvert
OleDoAutoConvert
CLSIDFromString
CoCreateGuid
CoCreateInstance
CoGetClassObject
CoGetMalloc
CoInitialize
CoRegisterClassObject
CoTaskMemAlloc
CoTaskMemFree
CoUninitialize
CreateBindCtx
OleCreate
OleCreateDefaultHandler

user32

BeginPaint
CharLowerW
CharNextExA
CharUpperW
CloseClipboard
CloseDesktop
CloseWindowStation
CreateDialogParamW
CreateIconFromResourceEx
CreateWindowExW
DefWindowProcA
DefWindowProcW
DestroyMenu
DestroyWindow
DispatchMessageW
DrawIconEx
DrawTextW
EnableWindow
EndPaint
FindWindowA
FindWindowExW
FindWindowW
GetClassInfoA
GetClassInfoW
GetClassNameW
GetClientRect
GetDC
GetDesktopWindow
GetDlgItem
GetIconInfo
GetMessageW
GetParent
GetProcessWindowStation
GetSysColor
GetSysColorBrush
GetSystemMetrics
GetUserObjectInformationW
GetWindow
GetWindowLongW
GetWindowRect
GetWindowThreadProcessId
IsDialogMessageW
IsWindow
IsWindowVisible
KillTimer
LoadCursorFromFileA
LoadCursorFromFileW
LoadCursorW
LoadIconW
LoadImageA
LoadImageW
LoadMenuA
LoadMenuW
LoadStringW
LookupIconIdFromDirectoryEx
MessageBoxW
OpenClipboard
OpenDesktopW
OpenInputDesktop
OpenWindowStationW
PeekMessageA
PeekMessageW
PostQuitMessage
RedrawWindow
RegisterClassExW
RegisterClassW
ReleaseCapture
ReleaseDC
SendMessageA
SendMessageW
SetCapture
SetClipboardData
SetCursor
SetProcessWindowStation
SetTimer
SetUserObjectSecurity
SetWindowLongW
SetWindowPos
SetWindowsHookExA
SetWindowsHookExW
ShowWindow
SystemParametersInfoW
TranslateMessage
UnregisterClassW
WaitForInputIdle
WinHelpA
WinHelpW
wvsprintfW

Exports

Exports

ManageAPIFactory

Sections

.text
Size: 1.2MB - Virtual size: 1.2MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 267KB - Virtual size: 267KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 13KB - Virtual size: 34KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 71KB - Virtual size: 70KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

26217b955853a5912259162bd3bb9722

Headers

DLL Characteristics

File Characteristics

Imports

ntdll

oleaut32

gdi32

kernel32

advapi32

ole32

user32

Exports

Exports

Sections

.text Size: 1.2MB - Virtual size: 1.2MB

.rdata Size: 267KB - Virtual size: 267KB

.data Size: 13KB - Virtual size: 34KB

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 71KB - Virtual size: 70KB

.text
Size: 1.2MB - Virtual size: 1.2MB

.rdata
Size: 267KB - Virtual size: 267KB

.data
Size: 13KB - Virtual size: 34KB

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 71KB - Virtual size: 70KB