17a4a272562a2428970cc622b91988aa

Sharing

Copy URL Twitter E-mail

General

Target

17a4a272562a2428970cc622b91988aa
Size

6.9MB
MD5

17a4a272562a2428970cc622b91988aa
SHA1

ff21159c1d0019d48aadd3584e751357f2a089e6
SHA256

e2eb420becb5b1d3af51e81226573d9fdd099e14fd5725809e6c0f44f1e4bdc5
SHA512

debd9e2f230d5534f57b6dcdc06ee9015b8660e203fb1fd464a9dfa6d71e538c4b79cc06e60eecf62b59bdc33bd004945ba25f6e945dfbbf9488c61c8bcee386
SSDEEP

196608:kEGlvm3BvcyeQJNTRxYNczpc+g9PeUrRNo6jbN:kUxkV6RKc9s9P5zo8bN

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
17a4a272562a2428970cc622b91988aa

Files

17a4a272562a2428970cc622b91988aa
.exe windows:4 windows x86 arch:x86

c608286c39c50db3b8add888af1109ee

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

advapi32

RegCloseKey
RegOpenKeyExW
RegSetValueExW
RegCreateKeyExW
LookupAccountSidW
CopySid
GetSidSubAuthority
GetSidSubAuthorityCount
RegEnumValueW
ConvertSidToStringSidW
LookupAccountNameW
RegFlushKey
CryptReleaseContext
CryptDestroyHash
CryptGetHashParam
CryptHashData
CryptCreateHash
CryptAcquireContextW
ConvertStringSecurityDescriptorToSecurityDescriptorW
GetUserNameW
EqualSid
GetTokenInformation
FreeSid
AllocateAndInitializeSid
SetSecurityInfo
GetSecurityDescriptorSacl
RegEnumKeyW
RegOpenCurrentUser
RegQueryValueExW
RegDeleteValueW
RegEnumKeyExW
RegDeleteKeyW
AdjustTokenPrivileges
LookupPrivilegeValueW
OpenProcessToken

kernel32

GetCommandLineA
GetTickCount
Sleep
GetTimeZoneInformation
GetConsoleCP
GetCommandLineW
FlushFileBuffers
SetFilePointer
GetStringTypeA
GetStringTypeW
GetStartupInfoA
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
SetStdHandle
CreateFileA
CompareStringA
SetEnvironmentVariableA
GetVolumeInformationW
GetComputerNameW
GetConsoleMode
QueryPerformanceCounter
GetVersionExW
LeaveCriticalSection
RaiseException
EnterCriticalSection
GetCurrentThreadId
lstrlenW
CreateThread
GetCurrentProcess
FindResourceExW
FlushInstructionCache
SizeofResource
LockResource
LoadResource
FindResourceW
GetFileType
SetHandleCount
OpenProcess
CloseHandle
DeleteFileW
GetLastError
MoveFileExW
FindFirstFileW
TerminateProcess
FindNextFileW
WaitForSingleObject
FindClose
RemoveDirectoryW
GetExitCodeProcess
LoadLibraryW
GetProcAddress
FreeLibrary
GetModuleFileNameW
GetSystemDirectoryW
LocalFree
WideCharToMultiByte
MultiByteToWideChar
CreateFileW
WriteFile
CreateFileMappingW
MapViewOfFile
UnmapViewOfFile
CreateMutexW
ReleaseMutex
InitializeCriticalSection
DeleteCriticalSection
GetCurrentProcessId
VerSetConditionMask
VerifyVersionInfoW
SetFileAttributesW
CreateProcessW
GetFileSize
ReadFile
InterlockedDecrement
GetLocaleInfoW
lstrlenA
GetSystemDefaultLangID
lstrcmpiW
lstrcpyW
SetLastError
CompareStringW
GetVersionExA
InterlockedCompareExchange
HeapFree
GetProcessHeap
HeapAlloc
LoadLibraryA
IsProcessorFeaturePresent
VirtualFree
VirtualAlloc
HeapDestroy
HeapReAlloc
HeapSize
InterlockedExchange
GetACP
GetLocaleInfoA
GetThreadLocale
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
GetModuleHandleA
ExitProcess
GetStartupInfoW
GetSystemTimeAsFileTime
RtlUnwind
GetStdHandle
GetModuleFileNameA
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
InterlockedIncrement
HeapCreate
GetCPInfo
GetOEMCP
IsValidCodePage
LCMapStringA
LCMapStringW
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW

shlwapi

PathFileExistsW
PathAppendW
UrlEscapeW
PathCompactPathExW
PathStripPathW
PathCombineW
PathRemoveExtensionW

user32

GetClientRect
CheckRadioButton
GetWindowLongW
SystemParametersInfoW
GetWindow
DefWindowProcW
SetWindowLongW
DestroyWindow
GetParent
CallWindowProcW
SendMessageW
CheckDlgButton
SetDlgItemTextW
IsWindowVisible
GetWindowThreadProcessId
CharLowerW
EnumWindows
GetWindowRect
GetWindowTextW
GetWindowTextLengthW
GetDlgItem
ReleaseCapture
SetFocus
GetClassNameW
SetRectEmpty
ScreenToClient
GetDC
GetFocus
FillRect
GetMessageW
wvsprintfW
TranslateMessage
ReleaseDC
DispatchMessageW
PtInRect
BeginPaint
OffsetRect
RegisterClassExW
EndPaint
DrawTextW
InvalidateRect
GetClassInfoExW
IsWindowEnabled
UpdateWindow
CreateWindowExW
SetCapture
GetCapture
KillTimer
GetDlgCtrlID
CharNextW
SetTimer
GetCursorPos
GetSysColor
SetCursor
LoadCursorW
UnregisterClassA
MessageBoxW
LoadStringW
SetWindowTextW
ShowWindow
PostMessageW
GetActiveWindow
IsDlgButtonChecked
SetWindowPos
MapWindowPoints
IsWindow
GetDesktopWindow
ExitWindowsEx
DrawFocusRect

uxtheme

IsAppThemed
DrawThemeParentBackground

ole32

CoInitializeEx
CoInitializeSecurity
StringFromGUID2
CoCreateGuid
CoCreateInstance
CoTaskMemAlloc
CoTaskMemFree
CoUninitialize

oleaut32

SysAllocString
VariantClear
VariantInit
SysFreeString

comctl32

ImageList_SetBkColor
ImageList_LoadImageW
ImageList_Draw
InitCommonControlsEx
DestroyPropertySheetPage
PropertySheetW
CreatePropertySheetPageW
ImageList_GetImageInfo
ImageList_GetIconSize
ImageList_Destroy
_TrackMouseEvent

gdi32

GetObjectW
GetStockObject
DeleteObject
SelectObject
SetBkMode
DeleteDC
GetTextExtentExPointW
SetTextColor
TextOutW
CreatePen
Rectangle
CreateFontIndirectW
CreateSolidBrush
BitBlt
CreateCompatibleDC
CreateCompatibleBitmap

psapi

EnumProcesses
GetModuleFileNameExW
EnumProcessModules

shell32

ShellExecuteExW
SHGetFolderPathW
SHCreateDirectoryExW
ShellExecuteW

wininet

InternetConnectW
InternetCloseHandle
InternetReadFile
InternetQueryDataAvailable
InternetOpenW
HttpQueryInfoW
HttpOpenRequestW
HttpSendRequestW
InternetCrackUrlW

iphlpapi

GetAdaptersInfo

Sections

.text
Size: 276KB - Virtual size: 275KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 62KB - Virtual size: 61KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 9KB - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 11.1MB - Virtual size: 11.1MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 47KB - Virtual size: 47KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

c608286c39c50db3b8add888af1109ee

Headers

DLL Characteristics

File Characteristics

Imports

advapi32

kernel32

shlwapi

user32

uxtheme

ole32

oleaut32

comctl32

gdi32

psapi

shell32

wininet

iphlpapi

Sections

.text Size: 276KB - Virtual size: 275KB

.rdata Size: 62KB - Virtual size: 61KB

.data Size: 9KB - Virtual size: 17KB

.rsrc Size: 11.1MB - Virtual size: 11.1MB

.reloc Size: 47KB - Virtual size: 47KB

.text
Size: 276KB - Virtual size: 275KB

.rdata
Size: 62KB - Virtual size: 61KB

.data
Size: 9KB - Virtual size: 17KB

.rsrc
Size: 11.1MB - Virtual size: 11.1MB

.reloc
Size: 47KB - Virtual size: 47KB