af2a3a628e2dda16dbab4ec37c1976be

Sharing

Copy URL

Twitter E-mail

General

Target

af2a3a628e2dda16dbab4ec37c1976be
Size

1.4MB
MD5

af2a3a628e2dda16dbab4ec37c1976be
SHA1

4e70c1955be4911daa0931b8a5235912abbccf43
SHA256

4ca0320b50845c37ff32ea50d567ed9924dfb73a175bdd2ee6f14e749c4b8431
SHA512

298c3be70f24a80275d9d16c135c6a3712c55295f7a634059bef265a16cd19c1b3240c2f0ea28d1c8e4e457ee5e72e6c1e1b793f7d80a23da435f36b4af2a87b
SSDEEP

24576:gqbWhAUNvpV9zSshtmtOwl7P9q1u9TtyH7VoCt5KfoAZ5tcCtEOgmE/MHJLcTZ:gqqhNNvD7wx9WotyxoCXKfp6OpEGLS

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
af2a3a628e2dda16dbab4ec37c1976be

Files

af2a3a628e2dda16dbab4ec37c1976be
.exe windows:10 windows x64 arch:x64

19a0a662527a4979bd06835d6218fc60

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

advapi32

EventRegister
EventUnregister
TraceMessage
GetTraceLoggerHandle
GetTraceEnableLevel
GetTraceEnableFlags
RegisterTraceGuidsW
UnregisterTraceGuids
EventWriteTransfer
OpenSCManagerW
OpenServiceW
CloseServiceHandle
RegCloseKey
CreateServiceW
RegOpenKeyExW
ChangeServiceConfig2W
QueryServiceStatusEx
ControlService
DeleteService
StartServiceCtrlDispatcherW
RegisterServiceCtrlHandlerExW
SetServiceStatus
CopySid
GetLengthSid
IsValidSid
InitializeAcl
AddAce
GetAclInformation
ConvertStringSecurityDescriptorToSecurityDescriptorW
ConvertSecurityDescriptorToStringSecurityDescriptorW
GetSecurityDescriptorOwner
GetSecurityDescriptorGroup
GetSecurityDescriptorDacl
SetSecurityDescriptorDacl
GetSecurityDescriptorSacl
GetSecurityDescriptorControl
MakeAbsoluteSD
InitializeSecurityDescriptor
GetNamedSecurityInfoW
RegQueryValueExW
RegDeleteValueW
RegSetValueExW
RegNotifyChangeKeyValue
ConvertStringSidToSidW
RegCreateKeyExW
RegSetKeySecurity
RegEnumKeyExW
RegGetValueW
EventWriteEx
SetEntriesInAclW
ConvertSidToStringSidW
SetSecurityDescriptorOwner
SetSecurityDescriptorGroup
LsaOpenPolicy
LsaLookupNames2
LsaFreeMemory
LsaClose
SetSecurityInfo
GetSecurityInfo
SetSecurityDescriptorControl
GetAce
EqualSid
StartServiceW
ChangeServiceConfigW
LookupAccountSidW

kernel32

EnterCriticalSection
LeaveCriticalSection
CompareStringOrdinal
SetProcessWorkingSetSize
ResetEvent
IsWow64Process
LocalFree
GetModuleFileNameW
DeleteTimerQueueTimer
DeleteTimerQueueEx
CreateTimerQueue
ChangeTimerQueueTimer
CreateTimerQueueTimer
FindResourceW
CompareStringA
GetFullPathNameW
MultiByteToWideChar
MulDiv
RegisterWaitForSingleObject
UnregisterWaitEx
FormatMessageW
GetProcessHeap
HeapFree
CreateThread
WaitForMultipleObjects
GetStringTypeExW
IsProcessorFeaturePresent
lstrcmpiW
GetComputerNameW
GetDynamicTimeZoneInformation
FileTimeToLocalFileTime
FileTimeToSystemTime
GetFileAttributesExW
TzSpecificLocalTimeToSystemTime
GetCurrentThreadId
FindCloseChangeNotification
FindFirstChangeNotificationW
FindNextChangeNotification
WideCharToMultiByte
LocalAlloc
DelayLoadFailureHook
ResolveDelayLoadedAPI
PowerClearRequest
PowerSetRequest
GetTickCount64
WaitForSingleObject
CreateEventW
GetTickCount
Sleep
PowerCreateRequest
SetLastError
GetLastError
GetProcessMitigationPolicy
GetModuleHandleExW
LoadLibraryExW
FreeLibrary
GetProcAddress
LoadLibraryW
RegQueryInfoKeyW
RegGetKeySecurity
OutputDebugStringA
GetModuleHandleW
TerminateProcess
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetSystemTimeAsFileTime
GetCurrentProcessId
QueryPerformanceCounter
GetStartupInfoW
HeapDestroy
HeapAlloc
HeapReAlloc
HeapSize
SetEvent
OpenEventW
GetCurrentProcess
CompareStringW
FindResourceExW
LoadResource
LockResource
SizeofResource
HeapSetInformation
DeleteCriticalSection
InitializeCriticalSection
CloseHandle
RaiseException
lstrcmpW

msvcrt

?what@exception@@UEBAPEBDXZ
_CxxThrowException
memcpy
_XcptFilter
_amsg_exit
__wgetmainargs
_ui64tow_s
_i64tow_s
__set_app_type
??0exception@@QEAA@AEBV0@@Z
_exit
wcsrchr
strchr
_cexit
exit
??1exception@@UEAA@XZ
ceil
floor
memcmp
memset
??1type_info@@UEAA@XZ
realloc
_onexit
__dllonexit
_unlock
_lock
?terminate@@YAXXZ
_commode
_fmode
_wcmdln
_initterm
_ltow_s
??0exception@@QEAA@AEBQEBDH@Z
??0exception@@QEAA@AEBQEBD@Z
_callnewh
strncpy_s
strcpy_s
wcschr
_strlwr_s
strncmp
_ultoa_s
_ultow_s
_wtol
_wtoi
qsort_s
_wcsicmp
_vsnwprintf
swscanf
wcsstr
wcstol
_wcslwr_s
_wcsnicmp
wcsncmp
iswdigit
towupper
_wcstoui64
wcstoul
_errno
_purecall
calloc
malloc
wcscpy_s
free
_wputenv
memmove_s
memcpy_s
__C_specific_handler
??_V@YAXPEAX@Z
__CxxFrameHandler3
??3@YAXPEAX@Z
__setusermatherr
memmove
wcscmp

user32

RegisterPowerSettingNotification
UnregisterClassA
CharUpperBuffW
wvsprintfA
CharUpperW
MsgWaitForMultipleObjectsEx
DispatchMessageW
PeekMessageW
wvsprintfW
UnregisterPowerSettingNotification

oleaut32

VarBstrCmp
SystemTimeToVariantTime
VariantTimeToSystemTime
SafeArrayUnlock
SafeArrayPtrOfIndex
SafeArrayLock
VariantInit
VariantChangeTypeEx
SetErrorInfo
CreateErrorInfo
SafeArrayCopy
SafeArrayCreate
SafeArrayDestroy
VariantClear
SysAllocStringLen
LoadRegTypeLi
SysStringLen
UnRegisterTypeLi
RegisterTypeLi
LoadTypeLi
SysAllocString
SysFreeString

ole32

CoSetProxyBlanket
StringFromGUID2
IIDFromString
CLSIDFromProgID
CoTaskMemAlloc
CoTaskMemFree
CoUnmarshalInterface
CoReleaseMarshalData
CoMarshalInterface
CreateStreamOnHGlobal
PropVariantClear
CoInitializeSecurity
CoInitializeEx
CoUninitialize
CoCreateInstance
CoCreateGuid

wsock32

WSAGetLastError
ntohs
inet_addr
htons

shell32

SHCreateItemFromParsingName
SHCreateItemWithParent
SHGetKnownFolderPath

iphlpapi

SendARP
GetIpNetEntry2
GetIpForwardTable
NotifyAddrChange
GetIpAddrTable
GetBestInterfaceEx
GetAdaptersAddresses
NotifyIpInterfaceChange
CancelIPChangeNotify
ResolveIpNetEntry2
CancelMibChangeNotify2

shlwapi

PathFindFileNameW
ord168
StrChrW
PathCreateFromUrlW
ord219
PathRemoveExtensionW
PathFindExtensionW

ntdll

RtlLookupFunctionEntry
RtlCaptureContext
RtlFreeUnicodeString
RtlVirtualUnwind
RtlInitString
RtlInitUnicodeString
RtlNtStatusToDosError
RtlIpv4StringToAddressExW
NtAllocateLocallyUniqueId

userenv

RegisterGPNotification
UnregisterGPNotification

netapi32

NetApiBufferFree
NetGetJoinInformation
NetShareGetInfo

wtsapi32

WTSQuerySessionInformationW
WTSFreeMemory
WTSEnumerateSessionsW

propsys

InitPropVariantFromCLSID
PropVariantToStringAlloc
PSGetPropertyDescriptionByName
PSGetPropertyKeyFromName
PropVariantToString

gdi32

DeleteObject

api-ms-win-core-apiquery-l1-1-0

ApiSetQueryApiSetPresence

Sections

.text
Size: 791KB - Virtual size: 791KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 174KB - Virtual size: 174KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 14KB - Virtual size: 23KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 21KB - Virtual size: 21KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 512B - Virtual size: 344B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 72KB - Virtual size: 71KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 400KB - Virtual size: 740KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

19a0a662527a4979bd06835d6218fc60

Headers

DLL Characteristics

File Characteristics

Imports

advapi32

kernel32

msvcrt

user32

oleaut32

ole32

wsock32

shell32

iphlpapi

shlwapi

ntdll

userenv

netapi32

wtsapi32

propsys

gdi32

api-ms-win-core-apiquery-l1-1-0

Sections

.text Size: 791KB - Virtual size: 791KB

.rdata Size: 174KB - Virtual size: 174KB

.data Size: 14KB - Virtual size: 23KB

.pdata Size: 21KB - Virtual size: 21KB

.didat Size: 512B - Virtual size: 344B

.rsrc Size: 72KB - Virtual size: 71KB

.reloc Size: 400KB - Virtual size: 740KB

.text
Size: 791KB - Virtual size: 791KB

.rdata
Size: 174KB - Virtual size: 174KB

.data
Size: 14KB - Virtual size: 23KB

.pdata
Size: 21KB - Virtual size: 21KB

.didat
Size: 512B - Virtual size: 344B

.rsrc
Size: 72KB - Virtual size: 71KB

.reloc
Size: 400KB - Virtual size: 740KB