19d78524c0e8c26f750e3ef4a3f07a6b

Sharing

Copy URL Twitter E-mail

General

Target

19d78524c0e8c26f750e3ef4a3f07a6b
Size

2.6MB
MD5

19d78524c0e8c26f750e3ef4a3f07a6b
SHA1

eaee58e80d14e12cf01b5c34521c634d93ef71ca
SHA256

cb7ac6b3fe6c91c1620fa08229aa5ee0c2dcf78e7b4b040d1dc9e08c2bf7ba13
SHA512

b13d8cf58d6411eb8335e3a1661083a685c6016a485bfaed5f73b499a09e01337767a61e0021d1421dd5bc3d4b90318f5e1fca724d363a393cbd7da70d9f2682
SSDEEP

49152:SLLixjU5KQNyL5T97+mbEIddypeHpaw3JAsqP+PxXj35ESP:SbVN2nTbEo4YN3WzixzpT

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
19d78524c0e8c26f750e3ef4a3f07a6b

Files

19d78524c0e8c26f750e3ef4a3f07a6b
.exe windows:5 windows x86 arch:x86

b7908d090f3a2b4d88cf255de8b01baa

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

user32

CharUpperW
SetWindowTextA
MoveWindow
PostMessageA
CheckMenuItem
MessageBoxW
LoadIconW
CreateWindowExA
FillRect
SystemParametersInfoW
RegisterWindowMessageA
SetWindowLongW
GetAsyncKeyState
GetDlgItemTextA
CharLowerW
GetActiveWindow
CallWindowProcA
EndPaint
LoadStringW
wsprintfW
ClientToScreen
GetForegroundWindow
SetCursor
SetWindowTextW
GetWindow
FindWindowA
CallWindowProcW
GetSysColor
GetDlgCtrlID
GetParent
WinHelpW
MessageBeep
GetProcessWindowStation
PostQuitMessage
GetWindowTextW
SetTimer

advapi32

GetSidSubAuthority
UnregisterTraceGuids
RegOpenKeyW
FreeSid
RegCreateKeyW
RegEnumKeyW
ChangeServiceConfigW
SetNamedSecurityInfoW
RegEnumValueA
RegisterEventSourceW
RegEnumKeyExA
GetUserNameA
CryptDestroyHash
CryptAcquireContextA
SetThreadToken
OpenThreadToken
GetSecurityDescriptorControl
RegNotifyChangeKeyValue
AdjustTokenPrivileges
InitializeSecurityDescriptor
AddAccessAllowedAce
RegQueryValueA
RegCreateKeyA
CryptGetHashParam
RegQueryValueExW
RegEnumKeyA
LsaFreeMemory
LookupPrivilegeValueW
QueryServiceStatus
RegSetValueExA

rpcrt4

NdrOleFree
RpcRevertToSelf
NdrStubForwardingFunction
UuidToStringA
IUnknown_AddRef_Proxy
NdrStubCall2
NdrOleAllocate
RpcServerRegisterIfEx
RpcRaiseException
RpcImpersonateClient
NdrCStdStubBuffer2_Release
RpcStringBindingParseW
NdrDllGetClassObject
CStdStubBuffer_CountRefs
IUnknown_QueryInterface_Proxy
RpcStringFreeA
RpcServerUseProtseqEpW
NdrDllRegisterProxy
CStdStubBuffer_IsIIDSupported
RpcBindingFree
UuidToStringW
NdrDllCanUnloadNow
IUnknown_Release_Proxy
RpcStringBindingComposeW
RpcBindingSetAuthInfoW
RpcServerRegisterAuthInfoW
RpcBindingFromStringBindingW
NdrCStdStubBuffer_Release
RpcServerUnregisterIf
RpcBindingVectorFree
NdrServerCall2
CStdStubBuffer_DebugServerRelease
NdrClientCall2

kernel32

VirtualFree
GetCurrentThread
ExitProcess
VirtualAlloc
GetEnvironmentStringsW
GetEnvironmentStrings
GetFileAttributesA
GetStringTypeA
GetOEMCP
CreateMutexA
LoadLibraryExA
WriteConsoleW
GetComputerNameW
GetLastError
ReleaseMutex
SystemTimeToFileTime
LocalFree
GetDriveTypeA
IsBadWritePtr
InterlockedExchange
OutputDebugStringW
GetModuleFileNameW
GetStdHandle
FreeLibrary
lstrcatA
CreateMutexW
lstrcpyA
RtlUnwind
GetCurrentThreadId
OpenEventA
LockResource
LoadLibraryW
GetCurrentDirectoryW
lstrcmpA
EnterCriticalSection
WriteFile
SetEndOfFile
ExpandEnvironmentStringsW
GetFileAttributesW
FindNextFileW
GetCommandLineA
GetCPInfo
GetSystemTime
FindFirstFileA
GetFileSize
GetCurrentProcessId
lstrcmpiW
InitializeCriticalSection
GetVersionExA
lstrcmpiA
GlobalAlloc
GetTickCount
GetCurrentProcess
GetWindowsDirectoryW
GetVersionExW

gdi32

CreateBitmap
GetPaletteEntries
GetTextExtentPoint32W
CreateHalftonePalette
ScaleWindowExtEx
SetMapMode
ExtTextOutW
CreateCompatibleBitmap
GetBkColor
StretchBlt
LineTo
SelectObject
GetPixel
EndPage
IntersectClipRect
GetGlyphOutlineA
FillRgn
PatBlt
ScaleViewportExtEx
PtVisible
UnrealizeObject
GetObjectW
GetTextExtentPoint32A
GetBkMode
DeleteMetaFile
CreateDCA
GetMapMode
CreatePatternBrush
CreatePen
CreateFontIndirectA
SetStretchBltMode
CreateCompatibleDC
StretchDIBits
DeleteObject
CreateFontIndirectW
GetObjectType
SetViewportOrgEx
MoveToEx
GetTextMetricsA
GetTextAlign
SetROP2
CreateMetaFileA
ExtTextOutA
SetTextColor
EnumFontFamiliesExW
SetViewportExtEx
ExcludeClipRect
GetRgnBox
GetCurrentObject
SetBkColor
CreatePalette
GetClipBox
LPtoDP
Rectangle
GetBitmapBits

ntdll

wcsncpy
NtEnumerateValueKey
RtlCopyUnicodeString
NtPowerInformation
RtlDestroyHeap
NtOpenProcessToken
RtlDeleteElementGenericTable
NtOpenEvent
NtClose
NtOpenThread
RtlUpcaseUnicodeChar
RtlDetermineDosPathNameType_U
RtlInitString
RtlCreateUserThread
RtlEnterCriticalSection
NtDuplicateObject
RtlNtStatusToDosError
RtlAppendUnicodeStringToString
NtCreateFile
sprintf
RtlRunDecodeUnicodeString
NtWaitForSingleObject
RtlCopySid
NtQueryValueKey
RtlRaiseStatus
NtQueryDirectoryObject
NtAdjustPrivilegesToken
RtlCreateUnicodeString
NtQueryInformationProcess
NtSetVolumeInformationFile
RtlOemStringToUnicodeString

version

VerQueryValueW
VerQueryValueA
VerLanguageNameA
GetFileVersionInfoSizeA
VerFindFileW
GetFileVersionInfoA
GetFileVersionInfoW
GetFileVersionInfoSizeW

shell32

CommandLineToArgvW
ShellExecuteW
SHBrowseForFolderA
SHGetMalloc
ShellExecuteExW
SHGetDesktopFolder
ShellExecuteA
SHGetPathFromIDListW
SHBrowseForFolderW
SHChangeNotify
SHGetFileInfoW
SHFileOperationW
SHGetSpecialFolderPathW
DragQueryFileA
SHGetFolderPathW
SHGetSpecialFolderLocation

shlwapi

StrCmpIW
StrToIntExW
StrCatW
StrDupW
StrRChrW
StrCpyW
PathRemoveFileSpecA
SHGetValueW
StrStrIW
PathIsUNCW
PathFileExistsW
SHDeleteKeyA
PathStripToRootA
PathIsRelativeW
StrCmpNIW
PathGetDriveNumberW
StrCpyNW
PathIsURLW
SHDeleteKeyW
StrRetToBufW
UrlUnescapeW
StrChrW
PathRemoveFileSpecW
PathIsRootW
StrCatBuffW
PathAppendW
SHDeleteValueW
StrStrIA
PathRemoveExtensionW
StrCmpW
PathRemoveBackslashW
PathStripToRootW
PathSkipRootW
StrTrimW
SHSetValueW
UrlCanonicalizeW
StrCmpNIA
PathFindExtensionW
StrChrIW

Sections

DATA
Size: 7KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.CRT
Size: 10KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.code
Size: 2.6MB - Virtual size: 2.6MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.idata
Size: 2KB - Virtual size: 3.1MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.CRT
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 10KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

b7908d090f3a2b4d88cf255de8b01baa

Headers

File Characteristics

Imports

user32

advapi32

rpcrt4

kernel32

gdi32

ntdll

version

shell32

shlwapi

Sections

DATA Size: 7KB - Virtual size: 6KB

.CRT Size: 10KB - Virtual size: 9KB

.code Size: 2.6MB - Virtual size: 2.6MB

.idata Size: 2KB - Virtual size: 3.1MB

.CRT Size: 1KB - Virtual size: 1KB

.tls Size: - Virtual size: 6KB

.rsrc Size: 10KB - Virtual size: 9KB

DATA
Size: 7KB - Virtual size: 6KB

.CRT
Size: 10KB - Virtual size: 9KB

.code
Size: 2.6MB - Virtual size: 2.6MB

.idata
Size: 2KB - Virtual size: 3.1MB

.CRT
Size: 1KB - Virtual size: 1KB

.tls
Size: - Virtual size: 6KB

.rsrc
Size: 10KB - Virtual size: 9KB