a5004383311c8152729ff142f0075ff0

Sharing

Copy URL Twitter E-mail

General

Target

a5004383311c8152729ff142f0075ff0
Size

744KB
MD5

a5004383311c8152729ff142f0075ff0
SHA1

f7be770ecf8022821486e0eb47adee60ee97e052
SHA256

6018d9e782a2c35dd6c50671b69bea779e0bd994d26841ac4b16ad28fdf583f9
SHA512

23cfc18e0e9c42fac5d56a2b0b9d57b39c232bffea763fb085c41af0d8c7bebc141d5e5013eed6dd9111649abdca0606cef0223b0d606304dbf0248a4731c024
SSDEEP

6144:1/jZ2m50fvgz2erKI9WoIEyOp0xn+KPPX4ZLdn+m9ewZLdn+m9e:1/jMg0w3rKI9W8Dp0ZIZLxd/ZLxd

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
a5004383311c8152729ff142f0075ff0

Files

a5004383311c8152729ff142f0075ff0
.exe windows:4 windows x86 arch:x86

9d4d88e08c1d255b0605cd7e61edff7c

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

netapi32

NetUserGetGroups
NetUserGetLocalGroups

rpcrt4

UuidFromStringW

version

GetFileVersionInfoW
GetFileVersionInfoSizeW
VerQueryValueW

kernel32

GetCurrentProcessId
QueryPerformanceCounter
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsA
GetFileType
SetHandleCount
LCMapStringW
LCMapStringA
IsValidCodePage
GetOEMCP
GetACP
GetCPInfo
ExitProcess
GetModuleFileNameA
GetStdHandle
GetCurrentThreadId
SetLastError
TlsFree
GetConsoleCP
VirtualAlloc
VirtualFree
HeapCreate
HeapDestroy
RaiseException
RtlUnwind
GetStartupInfoA
GetVersionExA
GetCommandLineA
CreateThread
ResumeThread
ExitThread
HeapSize
HeapReAlloc
HeapAlloc
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
TerminateProcess
GetConsoleMode
GetLocaleInfoA
GetStringTypeA
GetStringTypeW
LoadLibraryA
ExpandEnvironmentStringsA
GetProcessHeap
HeapFree
WideCharToMultiByte
lstrlenA
WriteFile
FreeLibrary
FileTimeToLocalFileTime
GetCurrentProcess
Sleep
GetLastError
GetSystemInfo
GetSystemTimeAsFileTime
MultiByteToWideChar
CreateFileW
GetSystemDirectoryW
ReadFile
OutputDebugStringW
GetFileSize
TlsSetValue
GetUserDefaultLangID
TlsAlloc
GetSystemDefaultLangID
TlsGetValue
FormatMessageW
LocalAlloc
GetTimeFormatW
CompareFileTime
GetDateFormatW
GetTimeZoneInformation
FileTimeToSystemTime
SystemTimeToFileTime
LocalFree
SystemTimeToTzSpecificLocalTime
InterlockedDecrement
SetFilePointer
GetModuleFileNameW
GlobalFree
UnmapViewOfFile
GetFileAttributesW
MapViewOfFile
GetVersionExW
DeleteFileW
GlobalUnlock
InitializeCriticalSection
GetTickCount
GetModuleHandleW
CloseHandle
SetEndOfFile
InterlockedIncrement
GlobalAlloc
GetCommandLineW
EnterCriticalSection
GlobalLock
CreateFileMappingW
DeleteCriticalSection
LeaveCriticalSection
GetProcAddress
CompareStringW
LoadLibraryW
SetStdHandle
FlushFileBuffers
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
CreateFileA
GetModuleHandleA

user32

GetMenuItemCount
RegisterClassExW
MsgWaitForMultipleObjects
GetWindowPlacement
DrawFrameControl
GetDlgItemTextW
LoadIconW
InflateRect
GetPropW
BeginDeferWindowPos
GetDlgItem
EndDeferWindowPos
SetPropW
ReleaseCapture
CheckDlgButton
DestroyIcon
IsZoomed
ClientToScreen
MessageBoxW
GetWindowTextLengthW
LoadMenuW
GetMenuItemInfoW
DialogBoxIndirectParamW
CopyIcon
EnumChildWindows
IsDlgButtonChecked
SetMenuDefaultItem
ChildWindowFromPoint
SendDlgItemMessageW
GetClassNameW
DestroyMenu
GetSubMenu
GetSystemMetrics
LoadImageW
LoadCursorW
EnableMenuItem
OffsetRect
IsWindowVisible
SetDlgItemInt
SetWindowLongW
GetMessageW
BeginPaint
EmptyClipboard
SetDlgItemTextW
DestroyWindow
GetClientRect
GetSysColor
PeekMessageW
SetCursor
EndPaint
SetClipboardData
GetDlgItemInt
EnableWindow
CreateWindowExW
GetSysColorBrush
MessageBeep
GetMenu
PtInRect
IsDialogMessageW
CreateDialogParamW
DeleteMenu
GetWindowLongW
ShowWindow
OpenClipboard
SendMessageW
AppendMenuW
SetWindowPos
DrawMenuBar
MoveWindow
GetFocus
SetFocus
GetWindowTextW
SetWindowPlacement
SetCapture
EndDialog
ScreenToClient
CreatePopupMenu
GetActiveWindow
DeferWindowPos
GetWindowRect
PostQuitMessage
CloseClipboard
PostMessageW
TranslateMessage
MenuItemFromPoint
DialogBoxParamW
CallWindowProcW
LoadAcceleratorsW
InvalidateRect
SetWindowTextW
DefWindowProcW
DispatchMessageW
DrawTextW
TranslateAcceleratorW
MapWindowPoints
TrackPopupMenu
UpdateWindow
GetParent

gdi32

SetBkColor
ExtTextOutW
StartPage
GetDeviceCaps
SetMapMode
StartDocW
SetBkMode
CreateFontIndirectW
SetTextColor
GetStockObject
SelectObject
EndPage
GetObjectW
EndDoc

comdlg32

GetSaveFileNameW
GetOpenFileNameW
PrintDlgW

advapi32

RegSetValueExW
RegCreateKeyW
RegEnumValueW
RegQueryValueExW
GetSecurityDescriptorLength
GetLengthSid
ConvertStringSecurityDescriptorToSecurityDescriptorW
ConvertSidToStringSidW
ConvertSecurityDescriptorToStringSecurityDescriptorW
ConvertStringSidToSidW
RegDeleteValueW
RegOpenKeyExA
RegQueryValueExA
LookupPrivilegeValueW
AdjustTokenPrivileges
OpenProcessToken
LookupAccountSidW
GetSecurityDescriptorDacl
GetSecurityDescriptorGroup
EqualSid
IsValidSid
GetSidSubAuthorityCount
GetSidIdentifierAuthority
MapGenericMask
GetSidSubAuthority
AllocateAndInitializeSid
GetSecurityDescriptorOwner
GetAce
RegCloseKey

shell32

CommandLineToArgvW
ShellExecuteW

ole32

CoInitialize
CoCreateInstance
CreateBindCtx
CoUninitialize
StringFromGUID2
IIDFromString

oleaut32

VariantTimeToSystemTime
SystemTimeToVariantTime
SysAllocStringByteLen
SafeArrayGetLBound
SafeArrayGetElement
VariantChangeType
VariantClear
SysStringLen
SafeArrayGetUBound
VariantInit
VarDateFromStr
SysAllocString
SysFreeString

comctl32

ImageList_Draw
ImageList_BeginDrag
CreateStatusWindowW
CreateToolbarEx
PropertySheetW
ImageList_ReplaceIcon
ord17
CreatePropertySheetPageW
ImageList_EndDrag
ImageList_Create
ImageList_DragLeave
ImageList_DragEnter
ImageList_DragMove

activeds

ord9
ord20
ord15
ord12
ord13
ord7

wldap32

ord13
ord118
ord88
ord188
ord145
ord14
ord155
ord73

Sections

.text
Size: 264KB - Virtual size: 264KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 60KB - Virtual size: 58KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 32KB - Virtual size: 40KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 136KB - Virtual size: 136KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

9d4d88e08c1d255b0605cd7e61edff7c

Headers

File Characteristics

Imports

netapi32

rpcrt4

version

kernel32

user32

gdi32

comdlg32

advapi32

shell32

ole32

oleaut32

comctl32

activeds

wldap32

Sections

.text Size: 264KB - Virtual size: 264KB

.rdata Size: 60KB - Virtual size: 58KB

.data Size: 32KB - Virtual size: 40KB

.rsrc Size: 136KB - Virtual size: 136KB

.text
Size: 264KB - Virtual size: 264KB

.rdata
Size: 60KB - Virtual size: 58KB

.data
Size: 32KB - Virtual size: 40KB

.rsrc
Size: 136KB - Virtual size: 136KB