e399670c8a9f870a977135695ba6c138

Sharing

Copy URL

Twitter E-mail

General

Target

e399670c8a9f870a977135695ba6c138
Size

238KB
MD5

e399670c8a9f870a977135695ba6c138
SHA1

a9387faaaf80f1e3cb441414c6f5c9b1d3b9e541
SHA256

9c2f56322106ee4ce83de71a0b4e99817963ea940f0cb996e7eca635f9aaf5a7
SHA512

b10449e19c80f13ddf91717a927fe7151145251cb71c1a9e5fc77c8601680ff37e5021ecd5b9cba4210daba0b2964d2998ebf6cadccaec84dc55f588efd6f98f
SSDEEP

6144:z804HwbbQJL7d0G+RYvFZNXvi3uY/EV4jSbGmhvY:pLb6Lh0G+RYzViekuGmm

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
e399670c8a9f870a977135695ba6c138

Files

e399670c8a9f870a977135695ba6c138
.exe windows:5 windows x86 arch:x86

fb0683b25625bfd94b4e06ed6f6696f7

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

advapi32

RegEnumKeyW
DeleteAce
InitializeAcl
OpenServiceW
DeregisterEventSource
CryptHashData
ChangeServiceConfigW
CryptGetHashParam
GetTokenInformation
CryptCreateHash
RegSetValueW
ConvertStringSidToSidW
CloseServiceHandle
IsValidSid
RegDeleteValueW
ConvertStringSecurityDescriptorToSecurityDescriptorW
EqualSid
RegEnumValueA
RegEnumKeyExW
RegOpenKeyW
RegEnumKeyA

shlwapi

SHRegQueryInfoUSKeyA
SHDeleteValueW
PathAddBackslashW
PathRemoveFileSpecA
PathFindFileNameW
StrDupW
StrCmpNIW
PathStripToRootA
StrRetToBufW
PathAppendW
StrCmpIW
StrChrW
PathRemoveBackslashW
PathIsURLW
StrCmpNW
PathRemoveExtensionW
PathIsRelativeW
AssocQueryStringW
SHDeleteKeyW
UrlUnescapeW
StrChrIW
PathGetDriveNumberW
PathFindExtensionW
PathStripToRootW
StrToIntW

user32

WinHelpW
MessageBoxW
KillTimer
SendMessageW
LoadCursorW
SetWindowLongA
BeginPaint
EnableMenuItem
GetMessageA
CheckMenuItem
CallNextHookEx
GetMessageW
ExitWindowsEx
GetMenuItemCount
EndPaint
LoadBitmapW
GetSystemMenu
PtInRect
MessageBeep

kernel32

GetStdHandle
VirtualAllocEx
GetVersion
DisableThreadLibraryCalls
SetStdHandle
GetACP
IsBadWritePtr
FindResourceA
GetCurrentProcess
CreateDirectoryA
DeleteFileA
GlobalUnlock
GetModuleHandleA
GetTickCount
GlobalAlloc
UnmapViewOfFile
HeapDestroy
ExpandEnvironmentStringsW
DuplicateHandle
LoadLibraryExW
GetFileAttributesA
ExitProcess
FindResourceW
TerminateProcess
FindClose
OpenMutexA
SetLastError
GetSystemDirectoryW
ResumeThread
OutputDebugStringA

version

GetFileVersionInfoSizeW
GetFileVersionInfoSizeA
VerFindFileW
GetFileVersionInfoA
VerQueryValueA
VerQueryValueW
GetFileVersionInfoW

ntdll

RtlRegisterWait
NtOpenEvent
wcsstr
NtDuplicateToken
NtAdjustPrivilegesToken
strrchr
NtFsControlFile
RtlTimeFieldsToTime
RtlInsertElementGenericTable
wcscat
NtQueryDirectoryObject
RtlEnterCriticalSection
NtSetInformationProcess
RtlAllocateAndInitializeSid
RtlCreateHeap

comctl32

InitCommonControlsEx
InitCommonControls
ImageList_Create
ImageList_Draw

ole32

IIDFromString
CoGetObjectContext
GetRunningObjectTable
CreateILockBytesOnHGlobal
StgIsStorageFile
CLSIDFromString
CoRevokeClassObject
OleLoadFromStream
CoTaskMemAlloc
StgOpenStorage
CoImpersonateClient

Sections

.text
Size: 30KB - Virtual size: 30KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 35KB - Virtual size: 86KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.bdata
Size: 75KB - Virtual size: 170KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.edata
Size: 72KB - Virtual size: 180KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 20KB - Virtual size: 19KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

fb0683b25625bfd94b4e06ed6f6696f7

Headers

DLL Characteristics

File Characteristics

Imports

advapi32

shlwapi

user32

kernel32

version

ntdll

comctl32

ole32

Sections

.text Size: 30KB - Virtual size: 30KB

.data Size: 35KB - Virtual size: 86KB

.bdata Size: 75KB - Virtual size: 170KB

.edata Size: 72KB - Virtual size: 180KB

.rsrc Size: 20KB - Virtual size: 19KB

.text
Size: 30KB - Virtual size: 30KB

.data
Size: 35KB - Virtual size: 86KB

.bdata
Size: 75KB - Virtual size: 170KB

.edata
Size: 72KB - Virtual size: 180KB

.rsrc
Size: 20KB - Virtual size: 19KB