1d6c95ef055dcaaa1459958bc3057fed

Sharing

Copy URL

Twitter E-mail

General

Target

1d6c95ef055dcaaa1459958bc3057fed
Size

693KB
MD5

1d6c95ef055dcaaa1459958bc3057fed
SHA1

a58bf67c02ca3cf7affa12f28196de8f6350bc99
SHA256

dc54d710d4cb8521c0f322442f00437c645f6e59980f34e6973cc3bd8460fa8d
SHA512

4f9349f849b7807d4a8499fc5fb2a1ced71be498009abfcba656932ef16b97163d4afd307b286ee26225166d4fbb75e23c221a3ebc77b0c9f2897f93eaab1313
SSDEEP

12288:GF+pYGcXeb2Vm3YXKwhPwPCIuZxC7eE3xlCZj8xe6qEA2u:pYsb2EoV1IuZcb3x4Zj8xe6O2u

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
1d6c95ef055dcaaa1459958bc3057fed

Files

1d6c95ef055dcaaa1459958bc3057fed
.exe .vbs windows:5 windows x86 arch:x86 polyglot

9bb1fd7a0dcc4f73c00da2e0a1518086

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_REMOVABLE_RUN_FROM_SWAP
IMAGE_FILE_NET_RUN_FROM_SWAP

Imports

advapi32

RegSaveKeyA
AbortSystemShutdownA
RegOpenKeyExW
RegCloseKey
RegQueryValueExA
EnumServicesStatusExA
OpenServiceW
RegOpenKeyExA
RegSetValueExA
RegCreateKeyExA
RegDeleteKeyA
RegEnumKeyExA
FreeSid
RegSetKeySecurity
SetSecurityDescriptorOwner
SetSecurityDescriptorDacl
InitializeSecurityDescriptor
AllocateAndInitializeSid
CloseServiceHandle
ControlService
StartServiceA
OpenServiceA
OpenSCManagerA
RegDeleteValueA
RegOpenKeyA
GetServiceDisplayNameA
QueryServiceStatus
SetFileSecurityA
AddAccessAllowedAce
InitializeAcl
EnumDependentServicesA
RegFlushKey
GetFileSecurityA
RegQueryInfoKeyA
AddAce
SetFileSecurityW
GetAclInformation
CopySid
GetLengthSid
RegSetValueExW
RegQueryValueExW
RegCreateKeyExW
AdjustTokenPrivileges
RegUnLoadKeyA
RegLoadKeyA
OpenProcessToken
DeregisterEventSource
ReportEventA
RegisterEventSourceA
GetTokenInformation
SetNamedSecurityInfoA
GetNamedSecurityInfoA
UnlockServiceDatabase
ChangeServiceConfigA
QueryServiceConfigA
LockServiceDatabase
InitiateSystemShutdownA

comctl32

CreatePropertySheetPageW
PropertySheetW

crypt32

CertAddCertificateContextToStore
CertSetCertificateContextProperty
CertCreateCertificateContext
CryptEncodeObject
CertOpenStore
CertCloseStore
CertFreeCertificateContext

gdi32

StretchBlt
GetDIBits
CreateCompatibleDC
DeleteObject
CreateFontIndirectA
GetDeviceCaps
BitBlt
SelectObject

imagehlp

EnumerateLoadedModules64

kernel32

GetFullPathNameA
ExitProcess
SetUnhandledExceptionFilter
SetEnvironmentVariableA
GetSystemInfo
lstrlenA
FreeResource
LockResource
LoadResource
FindResourceA
LoadLibraryExA
GetTempPathA
GetCurrentProcess
GetDiskFreeSpaceExA
GetDiskFreeSpaceA
GetCompressedFileSizeA
GetComputerNameA
ReleaseSemaphore
SetEndOfFile
InterlockedDecrement
GetCurrentThread
GetExitCodeThread
CreateSemaphoreA
MoveFileA
QueryPerformanceCounter
GetCurrentThreadId
GetCurrentProcessId
GetSystemTimeAsFileTime
TerminateProcess
DosDateTimeToFileTime
HeapCreate
HeapDestroy
GlobalAlloc
LocalFileTimeToFileTime
SetFileTime
GetFileInformationByHandle
GlobalLock
GlobalHandle
GlobalUnlock
GlobalFree
FileTimeToDosDateTime
OpenFileMappingA
GetVolumeInformationA
DuplicateHandle
GetSystemDefaultLangID
GetModuleFileNameW
ReleaseMutex
CopyFileW
GetTempFileNameW
GetVersionExW
ExpandEnvironmentStringsW
SearchPathW
lstrcpyW
lstrcpynW
GetDriveTypeW
lstrlenW
GetLocalTime
OpenEventA
GetFileSizeEx
GetFullPathNameW
InterlockedIncrement
CreateRemoteThread
VirtualAllocEx
WriteProcessMemory
CreateEventW
QueryDosDeviceA
DefineDosDeviceA
lstrcpynA
LoadLibraryW
FindFirstFileW
lstrcmpiW
FindNextFileW
MapViewOfFileEx
CreateProcessA
GetExitCodeProcess
FlushFileBuffers
HeapFree
GetProcessHeap
HeapAlloc
FlushViewOfFile
CreateFileW
DeleteFileW
GetFileTime
GetStartupInfoA
DelayLoadFailureHook
lstrcmpA
GetWindowsDirectoryW
GetVolumeInformationW
SetErrorMode
GetCommandLineA
GetCommandLineW
CreateMutexA
CreateProcessW
WaitForSingleObject
GetModuleHandleA
FormatMessageW
ReadFile
GetTickCount
CreateEventA
CreateThread
SetThreadPriority
WaitForMultipleObjects
SetEvent
RemoveDirectoryA
EnterCriticalSection
LeaveCriticalSection
FileTimeToLocalFileTime
FileTimeToSystemTime
DeviceIoControl
GetFileAttributesExA
VirtualFree
WritePrivateProfileStringA
SetCurrentDirectoryA
GetModuleFileNameA
GetEnvironmentVariableA
InitializeCriticalSection
Sleep
GetThreadLocale
GetLocaleInfoA
GetPrivateProfileStringA
VirtualAlloc
SetFilePointer
WriteFile
InterlockedCompareExchange
GetSystemDirectoryA
GetTempFileNameA
CopyFileA
OpenProcess
MoveFileExA
SetFileAttributesA
GetVersionExA
LocalAlloc
LocalFree
SetLastError
CreateFileA
GetFileSize
CreateFileMappingA
MapViewOfFile
UnmapViewOfFile
CloseHandle
GetDriveTypeA
ExpandEnvironmentStringsA
FindFirstFileA
FindNextFileA
FindClose
MultiByteToWideChar
WideCharToMultiByte
lstrcmpiA
FormatMessageA
GetFileAttributesA
CreateDirectoryA
GetSystemDirectoryW
LoadLibraryA
GetProcAddress
GetLastError
GetWindowsDirectoryA
DeleteFileA
RaiseException
FreeLibrary
VirtualProtect
TlsFree
TlsAlloc
TlsGetValue
GetSystemTime
InitializeCriticalSectionAndSpinCount
GetVersion
TlsSetValue
DeleteCriticalSection

mpr

WNetGetUserA
WNetGetUniversalNameA

msvcrt

strncpy
_except_handler3
strchr
_stricmp
sprintf
strrchr
mbstowcs
malloc
free
_vsnprintf
strncmp
memmove
vsprintf
strncat
_wcsdup
_errno
_open
_read
_write
_close
_lseek
remove
_tempnam
wcscat
_vsnwprintf
ctime
wcscpy
rename
wcsstr
_itoa
_local_unwind2
_memicmp
atoi
realloc
_c_exit
_exit
_XcptFilter
_cexit
exit
_acmdln
__getmainargs
_initterm
__setusermatherr
_adjust_fdiv
__p__commode
__p__fmode
__set_app_type
_controlfp
swprintf
wcslen
_strnicmp
memchr
_strcmpi
_snprintf
?terminate@@YAXXZ
??1type_info@@UAE@XZ
wcstoul
_snwprintf
_mbslwr
strstr
_strdup
calloc
getenv
strtoul
_wcsicmp
_ltoa
_mbsupr
wcschr
fprintf
strcspn
isdigit
wcsrchr
wcscmp
wcsncat
wcsncpy
toupper
strspn
atol
strpbrk
isspace
_ultoa
_wtoi64
_wcslwr
strtok
_itow
?what@exception@@UBEPBDXZ
??1exception@@UAE@XZ
??0exception@@QAE@ABQBD@Z
__CxxFrameHandler
??3@YAXPAX@Z
??0exception@@QAE@ABV0@@Z
_CxxThrowException
fclose
??2@YAPAXI@Z
fopen

ntdll

NtQuerySystemTime
RtlFreeUnicodeString
RtlInitUnicodeString
RtlUnicodeStringToAnsiString
NtClose
NtAdjustPrivilegesToken
NtOpenProcessToken
NtQueryInformationProcess
RtlCharToInteger
LdrAccessResource
LdrFindResource_U
NtQuerySystemInformation
NtShutdownSystem
RtlFreeHeap
RtlAllocateHeap
RtlRaiseStatus
NtYieldExecution
NtSetSystemInformation
NtCreateSection
NtOpenFile
NtOpenSection
NtOpenDirectoryObject
RtlCompareUnicodeString
NtCreateFile
RtlDosPathNameToNtPathName_U
RtlTimeToTimeFields
LdrUnloadDll
NtFreeVirtualMemory
NtQueryInformationThread
NtWaitForSingleObject
RtlCreateUserThread
NtWriteVirtualMemory
NtAllocateVirtualMemory
NtOpenProcess
LdrGetProcedureAddress
LdrLoadDll
RtlDestroyHeap
RtlSetDaclSecurityDescriptor
RtlCreateSecurityDescriptor
RtlGetAce
RtlAddAccessAllowedAce
RtlCreateAcl
RtlLengthSid
RtlAllocateAndInitializeSid
RtlCreateHeap
DbgPrint
RtlFreeAnsiString
RtlInitAnsiString
RtlAnsiStringToUnicodeString

ole32

CoInitialize
CoCreateInstance
CoUninitialize

oleaut32

SysFreeString

psapi

GetModuleFileNameExA

rpcrt4

UuidFromStringA

shell32

SHGetPathFromIDListA
SHGetMalloc
SHBrowseForFolderA
SHGetSpecialFolderPathA

updspapi

UpdSpFindNextMatchLineW
UpdSpFindFirstLineW
UpdSpGetMultiSzFieldW
UpdSpGetTargetPathW
UpdSpFindNextLine
UpdSpGetFieldCount
UpdSpGetLineTextA
UpdSpSetDynamicStringA
UpdSpGetStringFieldA
UpdSpGetLineByIndexA
UpdSpGetLineCountA
UpdSpInstallFilesFromInfSectionA
UpdSpSetDirectoryIdA
UpdSpCloseInfFile
UpdSpOpenInfFileA
UpdSpGetLineTextW
UpdSpScanFileQueueA
UpdSpGetBinaryField
UpdSpGetIntField
UpdSpQueueCopyA
UpdSpInstallFromInfSectionA
UpdSpGetTargetPathA
UpdSpDecompressOrCopyFileA
UpdSpDefaultQueueCallbackA
UpdSpDefaultQueueCallbackW
UpdSpCloseFileQueue
UpdSpGetSourceFileLocationA
UpdSpGetSourceInfoA
UpdSpOpenFileQueue
UpdSpCommitFileQueueA
UpdSpGetStringFieldW
UpdSpGetLineByIndexW
UpdSpGetLineCountW
UpdSpIterateCabinetA
UpdSpInitDefaultQueueCallbackEx
UpdSpPromptForDiskA
UpdSpCopyErrorA
UpdSpFindFirstLineA

user32

CloseWindowStation
EnumDesktopsA
SetProcessWindowStation
GetProcessWindowStation
OpenWindowStationA
GetThreadDesktop
SetThreadDesktop
EnumWindows
CloseDesktop
GetClientRect
FindWindowExA
GetWindowThreadProcessId
GetWindow
RegisterClassA
CreateWindowExA
DefWindowProcA
MessageBoxW
EnumWindowStationsA
wvsprintfW
OpenDesktopA
GetSystemMetrics
LoadStringA
LoadStringW
MessageBoxA
PostQuitMessage
DestroyWindow
SendMessageA
SetDlgItemTextA
ShowWindow
EnableWindow
GetDlgItem
DispatchMessageA
TranslateMessage
GetMessageA
PostThreadMessageA
SetWindowTextW
RedrawWindow
SetWindowLongA
GetWindowLongA
GetWindowTextA
PostMessageA
EnumChildWindows
SetDlgItemTextW
LoadBitmapA
IsDlgButtonChecked
SetTimer
CheckDlgButton
KillTimer
ReleaseDC
GetDC
SystemParametersInfoA
SetForegroundWindow
SetWindowTextA
EndDialog
DialogBoxParamA
GetDesktopWindow
SetFocus

userenv

ord138
ord121
ord119

version

VerQueryValueA
VerQueryValueW
GetFileVersionInfoA
GetFileVersionInfoSizeA
GetFileVersionInfoW
GetFileVersionInfoSizeW

winspool.drv

GetPrinterDriverDirectoryA

Sections

.text
Size: 571KB - Virtual size: 571KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 4KB - Virtual size: 502KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 117KB - Virtual size: 192KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

9bb1fd7a0dcc4f73c00da2e0a1518086

Headers

DLL Characteristics

File Characteristics

Imports

advapi32

comctl32

crypt32

gdi32

imagehlp

kernel32

mpr

msvcrt

ntdll

ole32

oleaut32

psapi

rpcrt4

shell32

updspapi

user32

userenv

version

winspool.drv

Sections

.text Size: 571KB - Virtual size: 571KB

.data Size: 4KB - Virtual size: 502KB

.rsrc Size: 117KB - Virtual size: 192KB

.text
Size: 571KB - Virtual size: 571KB

.data
Size: 4KB - Virtual size: 502KB

.rsrc
Size: 117KB - Virtual size: 192KB