1a2e684908fba5b97e9814a01c1ebb58

Sharing

Copy URL Twitter E-mail

General

Target

1a2e684908fba5b97e9814a01c1ebb58
Size

5.2MB
MD5

1a2e684908fba5b97e9814a01c1ebb58
SHA1

0c720964c8c075125258163f3288fdeb2e73a140
SHA256

39bcd6e8509928680312f17b881aa003ed3851945d1aea5e43be43019985a372
SHA512

596c0928fd354693b1df8a565d1864f4dc2d8e718c9a6f2135bc8bfe0a4f041291ab0905dc1df60398c6128202b50709a609b8a2927b3ddd2e1857541594a364
SSDEEP

98304:XsW+g141SkRZcPb8wkgAQEDiRo3HUdKtR2QqjnKlNaYalQ5P/2Q+BicvLsYyClpN:8vg141veb8wkgAQEDiRo3HUdKtR2QqjF

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
1a2e684908fba5b97e9814a01c1ebb58

Files

1a2e684908fba5b97e9814a01c1ebb58
.exe windows:5 windows x86 arch:x86

47418f6188a28c5f189299db8733bf04

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

version

GetFileVersionInfoSizeW
GetFileVersionInfoW
VerQueryValueW

sensapi

IsNetworkAlive

wininet

HttpAddRequestHeadersW
InternetOpenW
InternetReadFile
InternetConnectW
HttpSendRequestW
InternetSetOptionW
HttpQueryInfoW
HttpOpenRequestW
InternetCloseHandle

kernel32

GetExitCodeProcess
TerminateProcess
GetEnvironmentVariableA
Process32FirstW
Process32NextW
GetModuleHandleA
CreateToolhelp32Snapshot
DeleteFileW
LocalFree
GetFileAttributesExW
GetFileSize
FindFirstFileW
SetFilePointer
GetFileAttributesW
FindClose
FindNextFileW
SetFileAttributesW
CopyFileA
CopyFileW
ReadFile
CreateDirectoryA
RemoveDirectoryA
FindNextFileA
DeleteFileA
HeapAlloc
HeapFree
GetProcessHeap
CreateMutexW
OpenMutexW
ReleaseMutex
GetCommandLineA
CreateThread
GetSystemDirectoryA
GetFullPathNameW
GetFullPathNameA
CreateFileA
MapViewOfFile
UnmapViewOfFile
SetEndOfFile
GetVersionExW
InterlockedCompareExchange
UnlockFile
LockFile
GetTickCount
UnlockFileEx
GetCommandLineW
FormatMessageA
GetFileAttributesA
FlushFileBuffers
GetTempPathW
LockFileEx
GetDiskFreeSpaceW
LoadLibraryA
CreateFileMappingW
GetDiskFreeSpaceA
GetSystemInfo
GetCurrentProcessId
GetTempPathA
GetSystemTime
AreFileApisANSI
DeviceIoControl
InterlockedExchange
IsProcessorFeaturePresent
VirtualFree
VirtualAlloc
HeapDestroy
HeapReAlloc
HeapSize
GetCPInfo
LCMapStringW
LCMapStringA
RtlUnwind
ExitProcess
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetDateFormatA
GetTimeFormatA
GetStartupInfoW
GetModuleFileNameA
FreeEnvironmentStringsW
FormatMessageW
Sleep
LoadLibraryW
OpenProcess
WriteFile
WaitForSingleObject
CreateDirectoryW
CreateProcessW
FreeLibrary
GetEnvironmentVariableW
FindFirstFileA
SetEnvironmentVariableW
GetPrivateProfileIntW
WritePrivateProfileStringW
GetPrivateProfileStringW
WideCharToMultiByte
lstrcpyW
GlobalAddAtomW
DeleteAtom
FindResourceExW
CloseHandle
QueryPerformanceCounter
CreateFileW
GetProcAddress
lstrlenA
MultiByteToWideChar
lstrcmpW
MulDiv
GlobalLock
GlobalUnlock
FlushInstructionCache
GetCurrentProcess
InitializeCriticalSection
DeleteCriticalSection
lstrlenW
GetModuleFileNameW
InterlockedIncrement
InterlockedDecrement
GlobalAlloc
GetEnvironmentStringsW
SetHandleCount
GetFileType
GetStartupInfoA
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
HeapCreate
GetConsoleCP
GetConsoleMode
GetACP
GlobalFree
GlobalHandle
GetLastError
SetLastError
RaiseException
GetCurrentThreadId
LeaveCriticalSection
EnterCriticalSection
GetModuleHandleW
LockResource
LoadResource
SizeofResource
FindResourceW
GetOEMCP
IsValidCodePage
GetTimeZoneInformation
InitializeCriticalSectionAndSpinCount
GetUserDefaultLCID
GetLocaleInfoA
EnumSystemLocalesA
IsValidLocale
GetStringTypeA
GetStringTypeW
GetLocaleInfoW
SetStdHandle
WriteConsoleA
CompareStringA
GetConsoleOutputCP
WriteConsoleW
CompareStringW
SetEnvironmentVariableA
GetSystemTimeAsFileTime
GetStdHandle

user32

wsprintfW
MessageBoxW
PostMessageW
EnumWindows
GetSystemMetrics
SetCursor
RemovePropW
SetPropW
DrawFocusRect
GetPropW
PostQuitMessage
MapDialogRect
DispatchMessageW
LoadAcceleratorsW
TranslateMessage
KillTimer
GetMessageW
SetWindowContextHelpId
SendDlgItemMessageW
EndDialog
RegisterWindowMessageW
GetWindowTextLengthW
BeginPaint
EndPaint
IsChild
GetFocus
SetFocus
GetWindow
GetClassNameW
SetTimer
CharNextW
RedrawWindow
GetClassInfoExW
TranslateAcceleratorW
UnregisterClassA
CreateWindowExW
DestroyWindow
CreateAcceleratorTableW
ClientToScreen
MoveWindow
SetCapture
ReleaseCapture
InvalidateRgn
CallWindowProcW
InvalidateRect
GetDC
ReleaseDC
GetDesktopWindow
DestroyAcceleratorTable
GetWindowLongW
SetWindowLongW
DefWindowProcW
LoadCursorW
RegisterClassExW
DialogBoxIndirectParamW
EnableWindow
GetActiveWindow
IsWindow
GetParent
GetWindowTextW
GetWindowRect
ScreenToClient
GetClientRect
SetWindowPos
ShowWindow
GetDlgItemTextW
SetWindowTextA
SendMessageW
LoadIconW
GetDlgItem
SetDlgItemTextW
SetWindowTextW
GetSysColor
FillRect

advapi32

CryptGetHashParam
CryptHashData
CryptDestroyHash
InitializeSecurityDescriptor
RegEnumKeyExW
GetLengthSid
GetTokenInformation
OpenProcessToken
RegSetValueExW
RegFlushKey
RegQueryValueExW
RegCreateKeyExW
RegDeleteKeyW
RegDeleteValueW
RegOpenKeyExW
RegCloseKey
CryptAcquireContextW
SetNamedSecurityInfoW
LookupPrivilegeValueW
GetNamedSecurityInfoW
InitializeAcl
AllocateAndInitializeSid
AddAccessAllowedAce
SetEntriesInAclW
FreeSid
RegSetKeySecurity
AdjustTokenPrivileges
CryptDeriveKey
CryptReleaseContext
CryptAcquireContextA
CryptEncrypt
CryptCreateHash
CryptDestroyKey
SetSecurityDescriptorDacl

ole32

StringFromGUID2
OleLockRunning
CreateStreamOnHGlobal
CoCreateInstance
CoTaskMemAlloc
CLSIDFromProgID
CLSIDFromString
OleInitialize
CoInitialize
CoGetClassObject
CoUninitialize
CoCreateGuid
OleUninitialize

shell32

SHGetFolderPathA
ShellExecuteW
SHGetSpecialFolderPathW
ord680
ShellExecuteExW
SHGetFolderPathW

oleaut32

SysAllocString
OleCreateFontIndirect
SysStringLen
LoadRegTypeLi
LoadTypeLi
VariantClear
VariantInit
SysAllocStringLen
SysFreeString

shlwapi

PathFileExistsW

gdi32

CreateFontIndirectW
CreateSolidBrush
CreateCompatibleDC
CreateCompatibleBitmap
SelectObject
DeleteObject
BitBlt
DeleteDC
GetStockObject
SetTextColor
GetDeviceCaps
GetObjectW

crypt32

CertCloseStore
CertFindCertificateInStore
CertFreeCertificateContext
CertGetNameStringW
CryptQueryObject
CryptMsgClose
CryptProtectData
CryptMsgGetParam

wintrust

WinVerifyTrust

Sections

.text
Size: 983KB - Virtual size: 982KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 218KB - Virtual size: 218KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 15KB - Virtual size: 24KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 9.3MB - Virtual size: 9.3MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 43KB - Virtual size: 43KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

47418f6188a28c5f189299db8733bf04

Headers

DLL Characteristics

File Characteristics

Imports

version

sensapi

wininet

kernel32

user32

advapi32

ole32

shell32

oleaut32

shlwapi

gdi32

crypt32

wintrust

Sections

.text Size: 983KB - Virtual size: 982KB

.rdata Size: 218KB - Virtual size: 218KB

.data Size: 15KB - Virtual size: 24KB

.rsrc Size: 9.3MB - Virtual size: 9.3MB

.reloc Size: 43KB - Virtual size: 43KB

.text
Size: 983KB - Virtual size: 982KB

.rdata
Size: 218KB - Virtual size: 218KB

.data
Size: 15KB - Virtual size: 24KB

.rsrc
Size: 9.3MB - Virtual size: 9.3MB

.reloc
Size: 43KB - Virtual size: 43KB