12727635b659d17538d4740c138d0a2d

Sharing

Copy URL Twitter E-mail

General

Target

12727635b659d17538d4740c138d0a2d
Size

180KB
MD5

12727635b659d17538d4740c138d0a2d
SHA1

ffb8f01fb6c20e6a2f64dbc1dc12ee50b1a00381
SHA256

e6d3669acb1ed78dc933c6fd75b067729398ba15328e9a6d930ab1668d354bc0
SHA512

0e0efc3d908ca6c193a0e660f81a6fbf568ef6e6687efe98b828a398a9fe9083c63a62866ec3a61173997780c231a1ad07658538b9562e32a914250b6f9bd289
SSDEEP

3072:tLzzuJ2zB8hIadM86+9XbfIUwpdHO/2uoOgLxoVmyu50m3lPDjxCdA8d2NeO+4Lo:gHCF+hZmV5LieZJkRieW

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
12727635b659d17538d4740c138d0a2d

Files

12727635b659d17538d4740c138d0a2d
.exe windows:4 windows x86 arch:x86

867c25a892f41d6f3a0ec911067abe30

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

newdev

UpdateDriverForPlugAndPlayDevicesW

mprapi

MprConfigServerDisconnect
MprConfigServerConnect
MprConfigGetFriendlyName

rpcrt4

UuidCreate

user32

CreateWindowExW
GetDlgItem
DestroyWindow
IsWindow
EnumChildWindows
SendMessageA
GetWindowThreadProcessId

shell32

SHGetFolderPathW

kernel32

Sleep
RtlUnwind
CreateFileW
CreateEventA
HeapReAlloc
CompareStringW
GetStringTypeW
GetCalendarInfoW
HeapSize
GetEnvironmentStrings
HeapDestroy
GetProcessHeap
WriteConsoleA
ReadFile
CreateThread
CreateFileMappingA
GetSystemDirectoryW
UnmapViewOfFile
SetFilePointer
GetCommandLineA
CreateFileA
LoadLibraryA
CloseHandle
WideCharToMultiByte
MultiByteToWideChar
GetTimeFormatA
WaitForSingleObject
LoadLibraryExW
GetEnvironmentVariableW
SetEnvironmentVariableA
MoveFileExW
TlsFree
GetOEMCP
WriteFile
GetStdHandle
RaiseException
SystemTimeToFileTime
GetTempPathW
QueryPerformanceCounter
SetWaitableTimer
GetConsoleCP
IsValidCodePage
TlsSetValue
SetEndOfFile
GetExitCodeProcess
GetFileType
GetCurrentProcess
ExitProcess
GetTimeZoneInformation
GetModuleHandleW
FreeEnvironmentStringsA
GetDateFormatA
LCMapStringA
SetLastError
SetHandleCount
SetUnhandledExceptionFilter
VirtualFree
EnumResourceNamesA
EnterCriticalSection
SetStdHandle
VirtualAlloc
IsDebuggerPresent
FileTimeToSystemTime
InterlockedIncrement
InitializeCriticalSection
GetFileAttributesW
FreeEnvironmentStringsW
LeaveCriticalSection
SetEvent
GetModuleFileNameA
GetACP
GetTickCount
InitializeCriticalSection
GetSystemTimeAsFileTime
HeapAlloc
LocalAlloc
TlsGetValue
FreeLibrary
GetLocaleInfoA
TlsAlloc
GetConsoleOutputCP
HeapCreate
InterlockedDecrement
MapViewOfFile
GetCurrentThreadId
GetEnvironmentStringsW
ResetEvent
GetConsoleMode
CreateWaitableTimerA
DeviceIoControl
DeleteFileW
GetProcAddress
DeleteCriticalSection
UnhandledExceptionFilter
CompareStringA
GetStartupInfoA
GetModuleHandleA
ExpandEnvironmentStringsW
LocalFree
HeapFree
FileTimeToLocalFileTime
GetLastError
CreateProcessW
CancelWaitableTimer
CopyFileW
GetVersionExA
TerminateProcess
LCMapStringW
GetCPInfo
CreateDirectoryW
WriteConsoleW
SetFileAttributesW
GetVersionExW
GetSystemTime
FlushFileBuffers
GetCurrentProcessId
GetStringTypeA

setupapi

SetupDiGetDeviceRegistryPropertyW
SetupDiGetClassDevsA
SetupDiBuildClassInfoList
SetupDiGetDeviceRegistryPropertyA
SetupDiGetClassDescriptionW
SetupDiCallClassInstaller
SetupGetInfFileListA
SetupDiClassGuidsFromNameW
SetupDiGetClassDevsW
SetupDiCreateDeviceInfoList
SetupCloseInfFile
SetupDiDestroyDeviceInfoList
SetupDiGetDeviceInstallParamsA
CMP_WaitNoPendingInstallEvents
SetupDiGetDeviceInstanceIdW
SetupOpenInfFileA
SetupDiClassNameFromGuidW
SetupDiSetClassInstallParamsW
SetupDiCreateDeviceInfoA
SetupGetLineTextA
SetupDiEnumDeviceInfo
SetupDiSetDeviceRegistryPropertyW
SetupCopyOEMInfW
SetupDiDeleteDeviceInfo
CM_Get_DevNode_Status

iphlpapi

GetIpAddrTable

advapi32

RegSetValueExW
RegRestoreKeyW
GetTokenInformation
FreeSid
FreeInheritedFromArray
IsValidSecurityDescriptor
GetSecurityDescriptorControl
StartServiceA
RegDeleteValueW
QueryServiceStatus
AllocateAndInitializeSid
CloseServiceHandle
GetAclInformation
OpenSCManagerW
SetSecurityDescriptorDacl
RegEnumKeyExW
OpenServiceW
AdjustTokenPrivileges
AddAce
GetAce
GetInheritanceSourceW
GetSecurityInfo
SetEntriesInAclW
ControlService
QueryServiceLockStatusW
EnumDependentServicesW
RegCloseKey
CreateServiceW
RegCreateKeyExW
SetSecurityInfo
RegQueryValueExW
IsValidAcl
RegOpenKeyExW
RegGetKeySecurity
LookupPrivilegeValueA
LookupAccountSidW
SetEntriesInAclA
DeleteService
LookupPrivilegeDisplayNameA
OpenProcessToken
InitializeAcl
LockServiceDatabase
ChangeServiceConfigW
RegSaveKeyW
InitializeSecurityDescriptor
QueryServiceConfigW
EqualSid
LookupPrivilegeNameA
ChangeServiceConfig2W
UnlockServiceDatabase
RegDeleteKeyW
GetNamedSecurityInfoW
SetNamedSecurityInfoW
RegEnumValueW

ole32

CoGetMalloc
CoUninitialize
CoSetProxyBlanket
CoTaskMemFree
CoCreateInstance
CoQueryProxyBlanket
CoInitializeEx
CoInitializeSecurity
StringFromGUID2

Sections

.text
Size: 93KB - Virtual size: 93KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.bss
Size: 78KB - Virtual size: 77KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 252KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

867c25a892f41d6f3a0ec911067abe30

Headers

File Characteristics

Imports

newdev

mprapi

rpcrt4

user32

shell32

kernel32

setupapi

iphlpapi

advapi32

ole32

Sections

.text Size: 93KB - Virtual size: 93KB

.rdata Size: 6KB - Virtual size: 6KB

.bss Size: 78KB - Virtual size: 77KB

.rsrc Size: 1024B - Virtual size: 252KB

.text
Size: 93KB - Virtual size: 93KB

.rdata
Size: 6KB - Virtual size: 6KB

.bss
Size: 78KB - Virtual size: 77KB

.rsrc
Size: 1024B - Virtual size: 252KB