01cf73b9a06aedb38b9b7b920ec6fe98

Sharing

Copy URL

Twitter E-mail

General

Target

01cf73b9a06aedb38b9b7b920ec6fe98
Size

4.1MB
MD5

01cf73b9a06aedb38b9b7b920ec6fe98
SHA1

5865258fe97326400fc5de0216884bd50a6e4098
SHA256

bbb8188f1c62441064bfd94603936810d56a8e43c444beab23a19e8a33c1730c
SHA512

401331dbd486e81e0ea92f77021c8c16abb2ed4e70d23ba24b211a895273f535c01350b536e13ae49bf6d1bbebc40cb4332aa2a00f446321afa2a532fb0d336f
SSDEEP

98304:1nLnMqxnsiEnRgxnildnvlpOWnFon/5kbsyEMhDuVvuyJ:1nLnrxn5EnRGnAdnvnn6n2wmM

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
01cf73b9a06aedb38b9b7b920ec6fe98

Files

01cf73b9a06aedb38b9b7b920ec6fe98
.exe windows:5 windows x86 arch:x86

ee854072062ce41602901d1a93e39a8e

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE

Imports

setupapi

SetupDiGetClassDevsA
SetupDiGetClassDevsW
SetupDiGetDeviceInstanceIdW
SetupDiGetDeviceRegistryPropertyW

advapi32

CloseEncryptedFileRaw
CloseServiceHandle
ControlService
CreateProcessAsUserW
CryptAcquireContextA
CryptDecrypt
CryptDestroyKey
CryptGetUserKey
CryptImportKey
CryptReleaseContext
CryptSetKeyParam
DecryptFileW
DuplicateToken
EncryptFileW
EnumDependentServicesW
FreeSid
GetFileSecurityW
GetSecurityDescriptorDacl
GetSecurityDescriptorOwner
GetSidIdentifierAuthority
GetSidSubAuthority
GetSidSubAuthorityCount
GetTokenInformation
GetUserNameW
ImpersonateLoggedOnUser
InitializeSecurityDescriptor
IsValidSid
LogonUserW
LookupAccountNameW
LookupAccountSidW
LookupPrivilegeValueA
OpenEncryptedFileRawW
OpenProcessToken
OpenSCManagerA
OpenSCManagerW
OpenServiceA
OpenServiceW
OpenThreadToken
QueryServiceConfigW
QueryServiceStatus
ReadEncryptedFileRaw
RegCloseKey
RegCreateKeyExW
RegDeleteKeyW
RegDeleteValueW
RegEnumKeyExW
RegEnumValueW
RegGetKeySecurity
RegOpenKeyExA
RegOpenKeyExW
RegQueryInfoKeyA
RegQueryValueExA
RegQueryValueExW
RegSetKeySecurity
RegSetValueExW
RevertToSelf
SetFileSecurityW
SetSecurityDescriptorDacl
SetThreadToken
StartServiceA
StartServiceW

kernel32

BackupWrite
CancelIo
CloseHandle
CompareStringW
CreateDirectoryW
CreateEventA
CreateEventW
CreateFileA
CreateFileMappingA
CreateFileW
CreateHardLinkW
CreateMutexA
CreatePipe
CreateProcessA
CreateProcessW
CreateSemaphoreA
CreateTapePartition
CreateThread
CreateToolhelp32Snapshot
DebugBreak
DecodePointer
DeleteCriticalSection
DeleteFileW
DeviceIoControl
DuplicateHandle
EncodePointer
EnterCriticalSection
EnumResourceLanguagesW
EnumResourceNamesW
ExitProcess
ExitThread
ExpandEnvironmentStringsW
FileTimeToSystemTime
FindClose
FindCloseChangeNotification
FindFirstChangeNotificationW
FindFirstFileW
FindFirstVolumeMountPointW
FindFirstVolumeW
FindNextChangeNotification
FindNextFileW
FindNextVolumeMountPointW
FindNextVolumeW
FindResourceExW
FindVolumeClose
FindVolumeMountPointClose
FlushFileBuffers
FormatMessageA
FormatMessageW
FreeLibrary
GetACP
GetCPInfo
GetCommandLineA
GetCommandLineW
GetCompressedFileSizeW
GetComputerNameExW
GetCurrentDirectoryW
GetCurrentProcess
GetCurrentProcessId
GetCurrentThread
GetCurrentThreadId
GetDateFormatW
GetDiskFreeSpaceA
GetDiskFreeSpaceExW
GetDiskFreeSpaceW
GetDriveTypeA
GetDriveTypeW
GetEnvironmentStrings
GetExitCodeProcess
GetExitCodeThread
GetFileAttributesExW
GetFileAttributesW
GetFileInformationByHandle
GetFileTime
GetFileType
GetLastError
GetLocalTime
GetLocaleInfoA
GetLocaleInfoW
GetLogicalDriveStringsW
GetLogicalDrives
GetModuleFileNameA
GetModuleFileNameW
GetModuleHandleA
GetModuleHandleW
GetNumberFormatW
GetOEMCP
GetProcAddress
GetProcessHeap
GetProcessWorkingSetSize
GetStartupInfoA
GetStdHandle
GetStringTypeW
GetSystemDefaultLangID
GetSystemInfo
GetSystemTimeAsFileTime
GetTapeParameters
GetTapePosition
GetTapeStatus
GetTempFileNameW
GetTempPathW
GetThreadLocale
GetThreadPriority
GetTickCount
GetTimeFormatW
GetTimeZoneInformation
GetUserDefaultLangID
GetUserDefaultUILanguage
GetVersion
GetVersionExA
GetVolumeInformationW
GetVolumeNameForVolumeMountPointW
GetVolumePathNameW
GetWindowsDirectoryW
GlobalMemoryStatusEx
HeapAlloc
HeapFree
InitializeCriticalSection
InitializeCriticalSectionAndSpinCount
InterlockedDecrement
InterlockedExchange
IsDBCSLeadByteEx
IsDebuggerPresent
IsProcessorFeaturePresent
LCMapStringA
LCMapStringW
LeaveCriticalSection
LoadLibraryA
LoadLibraryExA
LoadLibraryExW
LoadLibraryW
LoadResource
LocalAlloc
LocalFileTimeToFileTime
LocalFree
LockFileEx
LockResource
MapViewOfFile
MoveFileExW
MoveFileW
MultiByteToWideChar
OpenFileMappingA
OpenMutexW
OpenProcess
OutputDebugStringA
OutputDebugStringW
Process32FirstW
Process32NextW
PulseEvent
QueryDosDeviceA
QueryDosDeviceW
QueryPerformanceCounter
RaiseException
ReadFile
ReleaseMutex
ReleaseSemaphore
RemoveDirectoryW
ResetEvent
RtlUnwind
SetConsoleCtrlHandler
SetEndOfFile
SetEnvironmentVariableA
SetErrorMode
SetEvent
SetFileAttributesW
SetFilePointer
SetFileTime
SetHandleCount
SetLastError
SetProcessWorkingSetSize
SetTapeParameters
SetTapePosition
SetThreadPriority
SetVolumeLabelA
SetVolumeLabelW
Sleep
SystemTimeToFileTime
TerminateProcess
TerminateThread
TlsAlloc
TlsFree
TlsGetValue
TlsSetValue
UnlockFileEx
UnmapViewOfFile
VirtualAlloc
VirtualFree
VirtualProtect
VirtualQuery
WaitForMultipleObjects
WaitForSingleObject
WideCharToMultiByte
WriteFile
WriteTapemark
lstrcmpiA
lstrcmpiW

mpr

WNetCloseEnum
WNetEnumResourceW
WNetGetProviderNameW
WNetGetUniversalNameW
WNetOpenEnumW

user32

CloseDesktop
CreateDesktopW
CreateWindowExA
DefWindowProcA
DestroyIcon
DestroyWindow
DispatchMessageA
EnumThreadWindows
FindWindowA
FindWindowW
GetClassInfoA
GetDesktopWindow
GetMessageA
GetProcessWindowStation
GetSystemMetrics
GetUserObjectInformationA
GetWindowLongW
IsCharAlphaNumericW
IsCharAlphaW
MessageBoxA
MessageBoxW
PeekMessageW
RegisterClassA
RegisterClassExA
SetWindowLongA
TranslateMessage
UnregisterClassA
wsprintfA
wsprintfW
wvsprintfW

ole32

CoInitializeSecurity
CoSetProxyBlanket
CoTaskMemFree
CoUninitialize

ws2_32

WSACreateEvent
WSAEnumNetworkEvents
WSAEventSelect
WSAGetOverlappedResult
WSARecv
WSAResetEvent
WSASend
WSASetEvent
WSAWaitForMultipleEvents
send
WSAStringToAddressW

Sections

.text
Size: 2.3MB - Virtual size: 2.3MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 10KB - Virtual size: 14.1MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 5KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.idata
Size: 9KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.edata
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 365KB - Virtual size: 368KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.7f642
Size: 1.4MB - Virtual size: 1.4MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

ee854072062ce41602901d1a93e39a8e

Headers

File Characteristics

Imports

setupapi

advapi32

kernel32

mpr

user32

ole32

ws2_32

Sections

.text Size: 2.3MB - Virtual size: 2.3MB

.data Size: 10KB - Virtual size: 14.1MB

.tls Size: 5KB - Virtual size: 8KB

.rdata Size: 512B - Virtual size: 4KB

.idata Size: 9KB - Virtual size: 12KB

.edata Size: 512B - Virtual size: 4KB

.rsrc Size: 365KB - Virtual size: 368KB

.7f642 Size: 1.4MB - Virtual size: 1.4MB

.text
Size: 2.3MB - Virtual size: 2.3MB

.data
Size: 10KB - Virtual size: 14.1MB

.tls
Size: 5KB - Virtual size: 8KB

.rdata
Size: 512B - Virtual size: 4KB

.idata
Size: 9KB - Virtual size: 12KB

.edata
Size: 512B - Virtual size: 4KB

.rsrc
Size: 365KB - Virtual size: 368KB

.7f642
Size: 1.4MB - Virtual size: 1.4MB