ac9dfebb1e47d99dc1debc683c865668b80912075b25ca342248f5f186f4c9de

Sharing

Copy URL

Twitter E-mail

General

Target

ac9dfebb1e47d99dc1debc683c865668b80912075b25ca342248f5f186f4c9de
Size

2.8MB
MD5

d8d4dc99223d2c97a7cfe0985e38c02d
SHA1

90c1444d556c28055aa23cd675d9b8b698ec268a
SHA256

ac9dfebb1e47d99dc1debc683c865668b80912075b25ca342248f5f186f4c9de
SHA512

b1baf0d0d910c32a511aa7006f330afc0c42ee918779adb5e73f9c0ba25a878bad0d757cba116b11484ef9cb4a9c29b7642d760683d64abbdabbc82bb354bf47
SSDEEP

49152:taZtrIXEmZxS1dTg/XtspfOgT1E2ki+mQ8OnmX//3qHcLLI:taZtrIXEm70dTgl+fMi+HW//3q8L

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
ac9dfebb1e47d99dc1debc683c865668b80912075b25ca342248f5f186f4c9de

Files

ac9dfebb1e47d99dc1debc683c865668b80912075b25ca342248f5f186f4c9de
.exe windows:6 windows x86 arch:x86

e21c8968232c4c790445f926b49d62ad

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

SearchPathW
CreateDirectoryW
GetShortPathNameW
GetTempFileNameW
SetFileTime
FindCloseChangeNotification
FindFirstChangeNotificationW
CompareFileTime
GetFileInformationByHandle
lstrcmpiW
LoadLibraryExW
GetSystemDirectoryW
Sleep
GetTempPathW
GetCurrentDirectoryW
SetCurrentDirectoryW
DecodePointer
GetLocalTime
MultiByteToWideChar
VerifyVersionInfoW
GetCurrentThreadId
DeleteCriticalSection
InitializeCriticalSectionAndSpinCount
RaiseException
VerSetConditionMask
LoadLibraryW
FreeLibrary
LocalFree
GetProcAddress
GetModuleHandleW
WideCharToMultiByte
FindResourceW
SizeofResource
LockResource
LoadResource
FindResourceExW
DeleteFileW
SetEndOfFile
ReadConsoleW
SetFilePointerEx
SetStdHandle
SetEnvironmentVariableW
SetEnvironmentVariableA
FreeEnvironmentStringsW
GetEnvironmentStringsW
UnlockFile
ReadFile
LockFile
GetFileSize
Process32NextW
Process32FirstW
CreateToolhelp32Snapshot
GetModuleFileNameW
OpenProcess
GetCurrentProcessId
CreateMutexW
LeaveCriticalSection
EnterCriticalSection
InitializeCriticalSection
GetLongPathNameW
UnmapViewOfFile
MapViewOfFile
CreateFileMappingW
GetProcessHeap
HeapSize
HeapFree
HeapReAlloc
HeapAlloc
HeapDestroy
SetLastError
GetCommandLineW
GetCommandLineA
GetCPInfo
GetOEMCP
IsValidCodePage
FindNextFileA
FindFirstFileExW
FindFirstFileExA
HeapQueryInformation
GetConsoleMode
GetConsoleCP
GetTimeZoneInformation
EnumSystemLocalesW
GetUserDefaultLCID
IsValidLocale
GetLocaleInfoW
LCMapStringW
CompareStringW
GetTimeFormatW
GetDateFormatW
SetConsoleCtrlHandler
GetStringTypeW
GetCurrentThread
GetACP
ExitProcess
GetSystemInfo
HeapValidate
WriteConsoleW
GetFileType
GetStdHandle
FreeLibraryAndExitThread
ResumeThread
GetLastError
CloseHandle
SetFilePointer
ExitThread
CreateThread
GetModuleHandleExW
GetModuleFileNameA
InterlockedFlushSList
RtlUnwind
lstrcmpiA
lstrcmpA
GetSystemWindowsDirectoryW
FreeResource
InterlockedCompareExchange
GetFileAttributesExW
CreateFileW
VirtualQuery
QueryPerformanceCounter
GetStartupInfoW
WaitForSingleObjectEx
ResetEvent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetCurrentProcess
lstrcpynW
lstrlenW
InitializeCriticalSectionEx
GetFileSizeEx
DebugBreak
FindClose
FindFirstFileW
FindNextFileW
GetFullPathNameW
RemoveDirectoryW
OutputDebugStringW
DeviceIoControl
SetEvent
WaitForSingleObject
GetPrivateProfileStringW
OutputDebugStringA
WriteFile
GetFileAttributesW
SetFileAttributesW
GetWindowsDirectoryW
MoveFileW
MoveFileExW
GetTickCount
CreateEventW
WaitForMultipleObjects
LocalAlloc
FormatMessageW
GetEnvironmentVariableW
GetVersionExW
GetLogicalDriveStringsW
QueryDosDeviceW
TerminateProcess
GetExitCodeProcess
CreateFileA
DeleteFileA
GetTempPathA
GetTempFileNameA
IsDebuggerPresent
EncodePointer
InitializeSListHead
InterlockedPopEntrySList
InterlockedPushEntrySList
FlushInstructionCache
IsProcessorFeaturePresent
VirtualAlloc
VirtualFree
LoadLibraryExA
SwitchToThread
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
GetSystemTimeAsFileTime
FlushFileBuffers
IsBadReadPtr
IsBadWritePtr
GlobalAlloc
GlobalLock
GlobalUnlock
GlobalFree

user32

RegisterClassExW
GetCursorPos
CopyRect
PtInRect
EnumDisplayMonitors
MessageBoxW
RegisterWindowMessageW
SendMessageTimeoutW
SendNotifyMessageW
FindWindowW
LoadStringW
GetShellWindow
OffsetRect
UnionRect
EqualRect
DrawFocusRect
MoveWindow
GetMessageW
SetFocus
IsDialogMessageW
SetCursor
EndDialog
GetMonitorInfoW
MonitorFromWindow
LoadCursorW
GetWindow
GetParent
SetWindowLongW
GetWindowLongW
MapWindowPoints
ScreenToClient
GetWindowRect
GetClientRect
InvalidateRect
EndPaint
BeginPaint
ReleaseDC
GetDC
GetClassInfoExW
ReleaseCapture
SetCapture
GetAsyncKeyState
GetActiveWindow
DialogBoxParamW
IsIconic
IsWindowVisible
SetWindowPos
UpdateLayeredWindow
ShowWindow
DestroyWindow
IsWindow
CreateWindowExW
UnregisterClassW
CallWindowProcW
PostQuitMessage
TranslateMessage
DispatchMessageW
PeekMessageW
CharNextW
DefWindowProcW
SendMessageW
GetWindowThreadProcessId
FindWindowExW
PostMessageW
KillTimer
SetTimer
wsprintfW
UnregisterClassA
SetForegroundWindow

gdi32

BitBlt
CreateCompatibleBitmap
CreateCompatibleDC
CreateRectRgnIndirect
DeleteDC
DeleteObject
OffsetViewportOrgEx
RestoreDC
EnumFontFamiliesW
SelectClipRgn
SelectObject
CreateDIBSection
GetObjectW
SetViewportOrgEx
RectVisible
CreateFontW
GetObjectType
SaveDC

advapi32

DuplicateTokenEx
RegOpenKeyExA
RegEnumKeyExA
GetTokenInformation
CryptContextAddRef
CryptDecrypt
RegSetValueExW
RegQueryInfoKeyW
RegEnumKeyExW
RegDeleteValueW
RegDeleteKeyW
RegCreateKeyExW
RegQueryValueExW
RegOpenKeyExW
RegCloseKey
CryptEncrypt
CryptImportKey
CryptGenRandom
CryptSetKeyParam
CryptDestroyKey
CryptReleaseContext
CryptAcquireContextW
UnlockServiceDatabase
StartServiceW
QueryServiceStatus
QueryServiceLockStatusW
QueryServiceConfig2W
QueryServiceConfigW
LockServiceDatabase
CreateServiceW
ChangeServiceConfig2W
ChangeServiceConfigW
RegEnumValueW
RegQueryValueExA
CloseServiceHandle
ControlService
DeleteService
OpenSCManagerW
OpenServiceW
OpenProcessToken
AdjustTokenPrivileges
LookupPrivilegeValueW

shell32

SHCreateDirectoryExW
SHGetSpecialFolderPathW
SHFileOperationW
SHGetFolderPathW
CommandLineToArgvW
ShellExecuteW
ShellExecuteExW
ord165

ole32

CoInitializeEx
CoCreateGuid
CoSetProxyBlanket
CoInitialize
CoTaskMemFree
CoInitializeSecurity
CreateStreamOnHGlobal
CoUninitialize
CoCreateInstance
CoTaskMemAlloc
CoTaskMemRealloc
OleRun

oleaut32

VarUI4FromStr
VariantCopy
CreateErrorInfo
SetErrorInfo
GetErrorInfo
VariantChangeType
SysFreeString
SysAllocStringLen
SysAllocString
SysStringByteLen
VarBstrCmp
VariantInit
SysStringLen
VariantClear
SysAllocStringByteLen

shlwapi

SHGetValueW
PathRemoveFileSpecW
PathAppendW
PathFindFileNameW
SHSetValueA
AssocQueryStringW
PathFileExistsW
PathRenameExtensionA
StrTrimA
StrStrIA
StrStrIW
StrCmpIW
StrToIntExW
SHGetValueA
PathCombineW
wnsprintfW
SHDeleteKeyW
SHSetValueW
PathIsPrefixW
PathFindExtensionW
PathIsRelativeW
PathFindFileNameA
PathIsRootW
StrCmpNIW

comctl32

InitCommonControlsEx
_TrackMouseEvent

gdiplus

GdipCreateBitmapFromFileICM
GdipCreateBitmapFromStreamICM
GdiplusStartup
GdipCreateBitmapFromFile
GdipCreateBitmapFromStream
GdipDisposeImage
GdipCloneImage
GdipSetStringFormatTrimming
GdipSetStringFormatLineAlign
GdipAlloc
GdipFree
GdipCloneBrush
GdipDeleteBrush
GdipCreateSolidFill
GdipCreatePen1
GdipDeletePen
GdipGetImageWidth
GdipGetImageHeight
GdipCreateImageAttributes
GdipDisposeImageAttributes
GdipSetImageAttributesColorMatrix
GdipCreateFromHDC
GdipDeleteGraphics
GdipSetTextRenderingHint
GdipDrawRectangleI
GdipFillRectangleI
GdipDrawImagePointRectI
GdipDrawImageRectRect
GdipDrawImageRectRectI
GdipCreateFontFamilyFromName
GdipDeleteFontFamily
GdipCreateFont
GdipDeleteFont
GdipDrawString
GdipMeasureString
GdipCreateStringFormat
GdipDeleteStringFormat
GdipSetStringFormatFlags
GdipSetStringFormatAlign
GdiplusShutdown

version

GetFileVersionInfoW
VerQueryValueW
GetFileVersionInfoSizeW

psapi

EnumProcesses
GetProcessImageFileNameW
GetModuleFileNameExW

iphlpapi

GetAdaptersInfo

wininet

InternetGetConnectedState

urlmon

URLDownloadToCacheFileW
URLDownloadToFileW

setupapi

SetupIterateCabinetW

Sections

.text
Size: 1.8MB - Virtual size: 1.8MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 401KB - Virtual size: 401KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 16KB - Virtual size: 46KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.msvcjmc
Size: 512B - Virtual size: 177B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 477KB - Virtual size: 477KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 72KB - Virtual size: 72KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

e21c8968232c4c790445f926b49d62ad

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

gdi32

advapi32

shell32

ole32

oleaut32

shlwapi

comctl32

gdiplus

version

psapi

iphlpapi

wininet

urlmon

setupapi

Sections

.text Size: 1.8MB - Virtual size: 1.8MB

.rdata Size: 401KB - Virtual size: 401KB

.data Size: 16KB - Virtual size: 46KB

.msvcjmc Size: 512B - Virtual size: 177B

.rsrc Size: 477KB - Virtual size: 477KB

.reloc Size: 72KB - Virtual size: 72KB

.text
Size: 1.8MB - Virtual size: 1.8MB

.rdata
Size: 401KB - Virtual size: 401KB

.data
Size: 16KB - Virtual size: 46KB

.msvcjmc
Size: 512B - Virtual size: 177B

.rsrc
Size: 477KB - Virtual size: 477KB

.reloc
Size: 72KB - Virtual size: 72KB