170e7cfdaa1a07b7988c5cbb61cc6c2e

Sharing

Copy URL

Twitter E-mail

General

Target

170e7cfdaa1a07b7988c5cbb61cc6c2e
Size

81KB
MD5

170e7cfdaa1a07b7988c5cbb61cc6c2e
SHA1

9081ecb5e0946844f3f46defce27f349d9df54cd
SHA256

cabed45c1221b6a8be8a2c1b881ceccbde5436a4e77932ab57825900a665887e
SHA512

2479a7fb4a76370322dc1dc441ce23c9f7351f1f6f2f6db5305526edf5804b554487309cee4fdf47c70a4236f6342d73bc2ad548d63d24e985faae860b58d8ec
SSDEEP

1536:ck2p/VYFzF4YrBmXmt7Q/RWS533awsLIRz1VIBOujqjV6Fh0Md6/GU:SBOZFLm2t7cWS5HaiNMOvm6/GU

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
170e7cfdaa1a07b7988c5cbb61cc6c2e

Files

170e7cfdaa1a07b7988c5cbb61cc6c2e
.exe windows:4 windows x86 arch:x86

b23bb102e362cb61036d45b180d164fe

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

shlwapi

PathParseIconLocationW
PathRemoveArgsA
StrRetToStrA
PathIsRootW
PathCompactPathExA
PathSearchAndQualifyW
PathStripToRootW
PathCreateFromUrlW
PathIsRelativeW
PathCompactPathW
SHSetValueW
PathIsNetworkPathW
SHCopyKeyW
PathIsRelativeA
SHRegWriteUSValueA
SHRegQueryUSValueW
PathIsSystemFolderA
wnsprintfW
PathIsURLA
StrToIntExA
StrTrimA
PathRemoveArgsW
StrCmpW
PathCommonPrefixW
PathGetArgsA
PathRemoveBackslashW
SHQueryInfoKeyA
SHDeleteKeyW
UrlEscapeA
PathIsLFNFileSpecA
StrToIntW
PathFindExtensionA
UrlCombineW
SHRegQueryInfoUSKeyW
PathParseIconLocationA
PathCreateFromUrlA
SHRegOpenUSKeyW
PathQuoteSpacesA
SHEnumKeyExW
StrSpnW
PathCompactPathExW
PathGetDriveNumberW
StrStrW
PathIsDirectoryEmptyW
SHAutoComplete
PathFindNextComponentW
StrCpyNW
PathIsRootA
HashData
StrCatW
UrlUnescapeW
PathAppendW
StrRStrIW
SHStrDupA
StrFromTimeIntervalW
PathGetCharTypeA
PathSkipRootW
PathRemoveBackslashA
PathUndecorateW
PathIsPrefixA
PathIsSystemFolderW
PathCanonicalizeA
UrlEscapeW
PathMakePrettyA
SHRegDuplicateHKey
StrCmpNA
UrlGetLocationA
IntlStrEqWorkerW
PathIsDirectoryA
SHEnumKeyExA
StrToIntA
UrlCompareW
PathAddBackslashW
PathFindNextComponentA
PathIsContentTypeA
UrlIsOpaqueA
AssocQueryKeyA
StrRetToBufA
SHRegDeleteUSValueW
SHRegGetBoolUSValueA
PathRemoveFileSpecA
PathIsSameRootW
SHRegDeleteEmptyUSKeyW
PathGetDriveNumberA
SHOpenRegStreamW
SHGetValueA
PathStripToRootA
StrCatBuffA
StrDupW
PathUnmakeSystemFolderW
StrIsIntlEqualW
PathSearchAndQualifyA
PathSetDlgItemPathA
StrTrimW
PathIsUNCServerA
SHRegEnumUSValueA
StrStrIW
SHOpenRegStreamA
ColorRGBToHLS
AssocQueryStringW
PathBuildRootW
SHSetValueA
StrFormatByteSize64A
StrCSpnW
StrCSpnIW
PathIsLFNFileSpecW
StrCpyW
SHRegGetUSValueW
PathIsUNCA
PathUnmakeSystemFolderA
SHRegQueryUSValueA
StrRChrW
PathRelativePathToW
SHIsLowMemoryMachine
PathCombineW
SHRegQueryInfoUSKeyA
UrlHashW
StrCmpNIW

advapi32

GetEffectiveRightsFromAclW
EqualSid
InitializeSecurityDescriptor
LockServiceDatabase
GetNamedSecurityInfoW
GetUserNameW
GetNumberOfEventLogRecords
BuildImpersonateExplicitAccessWithNameA
CryptAcquireContextW
GetTrusteeNameA
LookupSecurityDescriptorPartsW
OpenProcessToken
SetServiceObjectSecurity
CryptImportKey
RegLoadKeyW
AllocateAndInitializeSid
CryptGenKey
BuildSecurityDescriptorA
BuildTrusteeWithNameW
RegConnectRegistryA
RegQueryMultipleValuesA
GetNamedSecurityInfoExA
UnlockServiceDatabase
ReadEventLogA
CryptAcquireContextA
SetNamedSecurityInfoExA
RegOpenKeyA
ImpersonateNamedPipeClient
RegDeleteValueA
CryptDuplicateHash
AddAccessAllowedAce
SetSecurityDescriptorGroup
GetSidSubAuthority
InitiateSystemShutdownA
SetNamedSecurityInfoA
CryptSetHashParam
GetSecurityInfoExW
RegisterEventSourceA
GetSidIdentifierAuthority
AccessCheck
StartServiceA
ImpersonateLoggedOnUser
CryptReleaseContext
SetFileSecurityW
AllocateLocallyUniqueId
FindFirstFreeAce
RegSaveKeyA
CryptEnumProviderTypesA
GetAuditedPermissionsFromAclW
DeleteAce
SetEntriesInAccessListA
RegEnumKeyExA
IsValidAcl
CryptSignHashA
DeregisterEventSource
SetSecurityInfoExW
QueryServiceLockStatusA
RegFlushKey
CryptGetUserKey
RegConnectRegistryW
CryptVerifySignatureW
EnumServicesStatusA
RegQueryValueExA
EnumDependentServicesA
AbortSystemShutdownA
CryptGetDefaultProviderA
ObjectOpenAuditAlarmA
RegReplaceKeyW
GetTokenInformation
BackupEventLogA
GetLengthSid
DestroyPrivateObjectSecurity
CryptSetProviderA
GetServiceDisplayNameW
GetMultipleTrusteeW
CryptEncrypt
InitiateSystemShutdownW
DeleteService
RegEnumValueA
CloseServiceHandle
ImpersonateSelf
OpenEventLogW
GetSecurityDescriptorControl
OpenSCManagerA
GetTrusteeNameW
PrivilegedServiceAuditAlarmA
PrivilegeCheck
GetKernelObjectSecurity
CryptDestroyKey
GetPrivateObjectSecurity
QueryServiceConfigA
GetCurrentHwProfileW
GetExplicitEntriesFromAclW
GetServiceDisplayNameA
ObjectPrivilegeAuditAlarmW
CryptDuplicateKey
CreateServiceA
CryptSetProviderW
CryptContextAddRef
EnumDependentServicesW
SetTokenInformation
ObjectDeleteAuditAlarmW
RegUnLoadKeyW
ObjectCloseAuditAlarmA
GetSecurityDescriptorSacl
CryptGetDefaultProviderW
RegEnumKeyA
GetNamedSecurityInfoA
ObjectCloseAuditAlarmW
CryptCreateHash
LookupAccountNameA
BuildTrusteeWithSidA
GetSecurityDescriptorLength
RegSaveKeyW
CryptGetHashParam
GetSecurityDescriptorDacl
QueryServiceObjectSecurity
GetFileSecurityW

ole32

CoTaskMemFree
CoMarshalInterface
CoGetInterfaceAndReleaseStream
StgCreateStorageEx
OleRegEnumVerbs
GetConvertStg
OleSaveToStream
UtConvertDvtd32toDvtd16
CoTaskMemAlloc
OleLockRunning
OleTranslateAccelerator
OleDestroyMenuDescriptor
CoReleaseServerProcess
ReadClassStg
OleSave
OleCreateStaticFromData
CoTaskMemRealloc
CoUninitialize
CoLoadLibrary
StgOpenStorage
OleQueryCreateFromData
CreateBindCtx
CoQueryClientBlanket
CoSuspendClassObjects
OleGetIconOfClass
WriteFmtUserTypeStg
CreateDataAdviseHolder
CoImpersonateClient
CoIsHandlerConnected
CoQueryProxyBlanket
OleCreateMenuDescriptor
CoGetObject
OleQueryLinkFromData
CoFreeAllLibraries
WriteStringStream
CoGetMarshalSizeMax
WriteClassStm
GetHookInterface
CoGetInstanceFromFile
CoMarshalInterThreadInterfaceInStream
UpdateDCOMSettings
CoDosDateTimeToFileTime
WriteOleStg
ReleaseStgMedium
OleCreateFromData
OleLoadFromStream
GetHGlobalFromILockBytes
OleLoad
UtGetDvtd32Info
IsEqualGUID
UtConvertDvtd16toDvtd32
IsAccelerator
CoTreatAsClass
CoBuildVersion
CoGetStandardMarshal
SetConvertStg
RegisterDragDrop
OleCreateLinkFromData
ReadFmtUserTypeStg
OleFlushClipboard
ProgIDFromCLSID
CLSIDFromProgID
OleConvertIStorageToOLESTREAM
CoCopyProxy
CoMarshalHresult
OleGetAutoConvert
StgIsStorageILockBytes
CoQueryAuthenticationServices
OleDoAutoConvert
CoGetCurrentLogicalThreadId
OleCreateLinkToFileEx
OleSetMenuDescriptor
MonikerCommonPrefixWith
CoFileTimeToDosDateTime
OleCreateFromDataEx
OleCreateLinkEx
CoCreateFreeThreadedMarshaler
CoLockObjectExternal
StringFromCLSID
OleBuildVersion
OleDuplicateData
StgCreateDocfile
CoUnmarshalInterface
MonikerRelativePathTo
StgOpenAsyncDocfileOnIFillLockBytes
PropVariantCopy
CreateStreamOnHGlobal
CreateObjrefMoniker
OleDraw
OleRun
OleCreateEmbeddingHelper
OleCreateLink
CoInitializeEx
CoGetInstanceFromIStorage
GetHGlobalFromStream
CoGetPSClsid
CoRegisterClassObject
CoResumeClassObjects
CreatePointerMoniker
CoRevokeMallocSpy
FreePropVariantArray
OleCreateFromFile
CreateOleAdviseHolder
CoRegisterMallocSpy
OleConvertOLESTREAMToIStorageEx
OleCreateLinkToFile
CLSIDFromString
CoUnmarshalHresult
CoFileTimeNow
OleRegGetMiscStatus
ReadOleStg

kernel32

ExpandEnvironmentStringsA
GetFileAttributesExA
SetFileApisToANSI
WritePrivateProfileStructA
FillConsoleOutputCharacterA
GetProfileSectionA
FlushConsoleInputBuffer
IsBadStringPtrW
TerminateProcess
GetModuleHandleW
GetCalendarInfoA
VirtualProtect
EnumDateFormatsExW
CreateMailslotW
CallNamedPipeA
GetBinaryTypeW
SetLocalTime
ReadConsoleInputA
UpdateResourceW
GetProfileIntA
GetPrivateProfileStringA
EnumResourceLanguagesA
GetTempFileNameW
GetSystemDefaultLangID
GetCurrencyFormatA
SwitchToFiber
AreFileApisANSI
UnlockFile
SetNamedPipeHandleState
GetModuleFileNameW
EnumCalendarInfoW
DisableThreadLibraryCalls
GetSystemPowerStatus
LoadResource
SetMailslotInfo
SetupComm
VirtualFreeEx
LocalUnlock
SetConsoleWindowInfo
FindCloseChangeNotification
GetQueuedCompletionStatus
GetTempPathA
WriteConsoleInputW
GetConsoleMode
GetPrivateProfileStructW
Module32Next
GetPrivateProfileSectionA
Heap32ListNext
VerLanguageNameW
lstrcpynW
GetProcessVersion
FlushFileBuffers
WritePrivateProfileStructW
MapViewOfFileEx
IsValidLocale
EndUpdateResourceW
GetACP
GetModuleHandleA
TransactNamedPipe
OpenFileMappingW
GetLocaleInfoW
SwitchToThread
SetProcessPriorityBoost
SignalObjectAndWait
SetMessageWaitingIndicator
GetEnvironmentStringsA
ExitProcess
VirtualAllocEx
WriteFileEx
GetOverlappedResult
GlobalGetAtomNameW
GetNamedPipeHandleStateA
ResetWriteWatch
GetSystemTimeAsFileTime
EnumSystemLocalesW
GetStdHandle
ExpandEnvironmentStringsW
ClearCommError
SetThreadPriority
GetConsoleOutputCP
GetCurrencyFormatW
CompareFileTime
GetVersionExW
GetNumberOfConsoleInputEvents
DebugActiveProcess
SetTimeZoneInformation
WaitForSingleObject
ConnectNamedPipe
SetWaitableTimer
EnumTimeFormatsW
WaitForDebugEvent
OpenMutexA
GetLongPathNameW
LockResource
GlobalFix
WriteConsoleOutputA
QueryDosDeviceW
SetTapeParameters
GetCommandLineW
WriteProfileStringA
FindNextFileA
LocalShrink
DosDateTimeToFileTime
GetStartupInfoW
WriteTapemark
ReadConsoleA
GetPriorityClass
GetFullPathNameW
GetDiskFreeSpaceW
VirtualAlloc
FillConsoleOutputCharacterW
FatalAppExitW
GetStringTypeExW
FreeLibraryAndExitThread
SetEvent
EnumResourceLanguagesW
EnumDateFormatsW
TlsAlloc
GetNumberOfConsoleMouseButtons
GetModuleFileNameA
WritePrivateProfileStringW
HeapCreate
GetProcessWorkingSetSize
CreateWaitableTimerW
PurgeComm
LoadLibraryExA
UnhandledExceptionFilter
BeginUpdateResourceW

user32

CharLowerW
CreateWindowStationW
SetWindowPlacement
MessageBoxIndirectW
TrackMouseEvent
GetWindowLongW
GetWindowWord
CountClipboardFormats
GetNextDlgGroupItem
WindowFromDC
GetMessageTime
PeekMessageW
SetCursor
DlgDirSelectComboBoxExA
CreateDesktopW
CharToOemA
GetMenuItemRect
GetDC
UpdateWindow
IsDlgButtonChecked
CloseClipboard
GetMenuDefaultItem
DeleteMenu
FindWindowA
GetClassLongW
MapVirtualKeyW
IsCharAlphaW
SetDeskWallpaper
SetClassLongW
EnableMenuItem
GetClipboardFormatNameA
GetShellWindow
GetPropW
DdeQueryStringW
SetWindowsHookExW
DdeDisconnectList
DlgDirListComboBoxA
SetClassWord
ReleaseDC
CreateDialogIndirectParamA
CreateDialogIndirectParamW
InsertMenuItemW
UnhookWindowsHookEx
LoadImageA
CloseDesktop
EnumDisplaySettingsExW
UnloadKeyboardLayout
UnregisterClassW
LoadMenuA
InsertMenuA
SetMessageExtraInfo
SetClipboardData
GetScrollBarInfo
MessageBoxW
InSendMessage
SetMenuItemInfoW
GetKeyNameTextA
LoadIconA
GetUserObjectInformationW
OemToCharW
IsClipboardFormatAvailable
MapDialogRect
IsRectEmpty
ShowWindowAsync
DeferWindowPos
CharLowerBuffA
GetThreadDesktop
ChangeDisplaySettingsExW
DlgDirListW
SetSystemCursor
DialogBoxIndirectParamW
GetScrollPos
UnpackDDElParam
SetPropA
MsgWaitForMultipleObjectsEx
GetDlgItemInt
LookupIconIdFromDirectory
CharToOemW
CharUpperW
GetDialogBaseUnits
SetRectEmpty
GetComboBoxInfo
ModifyMenuA
TileWindows
GrayStringW
SetMenu
GetSystemMenu
GetCursor
MonitorFromPoint
GetMenuInfo
MonitorFromWindow
EnumClipboardFormats
MapVirtualKeyExA
GetMenuContextHelpId
LockWindowUpdate
DdeSetUserHandle
GetSysColor
GetClipboardData
PaintDesktop
SetWindowPos
IsWindowUnicode
DdeFreeStringHandle
EnableScrollBar
EnumDisplaySettingsW
SendIMEMessageExA
ChangeMenuW
IsCharUpperA
TranslateAccelerator
SetWindowsHookW
GetUpdateRgn

Sections

.text
Size: 63KB - Virtual size: 63KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 16KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 118B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

b23bb102e362cb61036d45b180d164fe

Headers

DLL Characteristics

File Characteristics

Imports

shlwapi

advapi32

ole32

kernel32

user32

Sections

.text Size: 63KB - Virtual size: 63KB

.rdata Size: 16KB - Virtual size: 16KB

.data Size: 512B - Virtual size: 118B

.text
Size: 63KB - Virtual size: 63KB

.rdata
Size: 16KB - Virtual size: 16KB

.data
Size: 512B - Virtual size: 118B