1afdbfaa9479846e350fc106502f47dd

Sharing

Copy URL

Twitter E-mail

General

Target

1afdbfaa9479846e350fc106502f47dd
Size

2.8MB
MD5

1afdbfaa9479846e350fc106502f47dd
SHA1

3593e4e283804820a7e4b1e7ac9dfe02b16615b8
SHA256

6f22002d636c04e8f0906bd483ce6dbf3af3601afa98faf6f38589f16d1ca009
SHA512

14ec3651514d8bba69480380f220b29cb47af9b179f7ee61f882768a0f25e4b603495ac600fe0b08a5b56fbd6fd106683ba7888e75e5408c8bc4482adfbe245c
SSDEEP

49152:ysfwPbIviKnS98d5FtKRYCK9y2f3DxtCoQR7o2e39JUDoQrvYrjpk8PltSp:p3S9W7wgy2PtczGDPpk8tm

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
1afdbfaa9479846e350fc106502f47dd

Files

1afdbfaa9479846e350fc106502f47dd
.exe windows:4 windows x86 arch:x86

685f51ceb4b13c8ed4698fa1373d37d4

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

shell32

SHFileOperationW
CommandLineToArgvW
SHGetPathFromIDListW
ShellExecuteW
Shell_NotifyIconW
SHCreateDirectoryExW
SHGetSpecialFolderPathW
SHBrowseForFolderW
SHGetSpecialFolderLocation

msi

ord141
ord70
ord169
ord32
ord160
ord159
ord92
ord137
ord88
ord8
ord195
ord118

netapi32

Netbios

advapi32

QueryServiceStatusEx
RegCreateKeyExW
RegEnumKeyW
RegQueryValueExW
StartServiceW
OpenServiceW
ChangeServiceConfigW
RegDeleteValueW
RegSetValueExW
RegCreateKeyW
CloseServiceHandle
RegCloseKey
OpenSCManagerW
QueryServiceStatus
RegOpenKeyExW
RegEnumKeyExW
RegDeleteKeyW
RegQueryInfoKeyW
QueryServiceConfigW

shlwapi

PathStripToRootW
PathAppendW
PathFileExistsW

version

GetFileVersionInfoW
VerQueryValueW
GetFileVersionInfoSizeW

psapi

EnumProcessModules
GetModuleFileNameExW

ws2_32

htonl
htons
WSACleanup
send
inet_addr
closesocket
gethostbyname
WSAStartup
connect
socket
inet_ntoa
recv

kernel32

FlushFileBuffers
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineA
GetStartupInfoA
GetFileType
SetHandleCount
HeapCreate
HeapDestroy
SetLastError
TlsFree
TlsSetValue
TlsAlloc
TlsGetValue
IsValidCodePage
GetOEMCP
GetConsoleMode
GetConsoleCP
LCMapStringW
LCMapStringA
GetCPInfo
GetStringTypeW
GetStringTypeA
ExitProcess
RtlUnwind
GetStartupInfoW
FormatMessageW
LocalFree
GetLastError
GetSystemDirectoryW
GetVersionExW
SetFileAttributesW
LeaveCriticalSection
CreateProcessW
GetModuleFileNameW
EnterCriticalSection
FindFirstFileW
CloseHandle
CreateMutexW
GetCurrentDirectoryW
GetFileAttributesW
InitializeCriticalSection
DeleteCriticalSection
GetCurrentThreadId
VirtualFree
VirtualAlloc
FreeResource
GetDriveTypeW
FindResourceW
LoadResource
CreateDirectoryW
SizeofResource
ReadFile
CreateFileW
MultiByteToWideChar
LockResource
GlobalLock
GlobalUnlock
GlobalAlloc
Sleep
CopyFileW
CreateThread
SuspendThread
GetPrivateProfileStringW
LoadLibraryW
MoveFileExW
GetProcAddress
RemoveDirectoryW
FindClose
GetPrivateProfileIntW
WideCharToMultiByte
GetDiskFreeSpaceExW
FreeLibrary
FindNextFileW
DeleteFileW
ResumeThread
GetTickCount
GetWindowsDirectoryW
WritePrivateProfileStringW
QueryPerformanceFrequency
QueryPerformanceCounter
MoveFileW
IsBadWritePtr
IsBadReadPtr
DeleteFileA
lstrcatA
GetACP
lstrcmpW
Process32FirstW
RemoveDirectoryA
CreateToolhelp32Snapshot
Process32NextW
WaitForSingleObject
lstrcmpiW
TerminateProcess
OpenProcess
SetFilePointer
LoadLibraryA
VirtualQuery
GetCurrentProcess
GetModuleFileNameA
GetModuleHandleA
GetCommandLineW
GetModuleHandleW
GetSystemTimeAsFileTime
GetProcessTimes
GetCurrentProcessId
GetProcessAffinityMask
SetProcessAffinityMask
RaiseException
InterlockedIncrement
InterlockedDecrement
GetVersion
DeviceIoControl
CreatePipe
DuplicateHandle
GetStdHandle
GetProcessHeap
GetVersionExA
HeapSize
HeapReAlloc
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
HeapAlloc
HeapFree
InterlockedExchange
InterlockedCompareExchange
GetUserDefaultLCID
GetLocaleInfoA
EnumSystemLocalesA
IsValidLocale
SetStdHandle
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
GetLocaleInfoW
CreateFileA
SetEndOfFile
GetThreadLocale
WriteFile
LocalAlloc

user32

GetActiveWindow
LoadBitmapW
GetDC
CallNextHookEx
EndPaint
ExitWindowsEx
RegisterClassExW
GetClassInfoExW
GetDesktopWindow
CharLowerA
SetCursor
EnumWindows
SetDlgItemTextW
GetWindowThreadProcessId
PtInRect
CharNextW
GetWindowRect
CreateDialogParamW
GetDlgCtrlID
OffsetRect
DestroyWindow
SetWindowPos
GetClientRect
PostMessageW
DrawTextW
GetWindowTextW
SetTimer
ShowWindow
DefWindowProcW
DialogBoxParamW
GetClassNameW
GetKeyState
DrawIconEx
MapVirtualKeyW
GetWindow
SetWindowRgn
SetWindowsHookExW
UnhookWindowsHookEx
BeginPaint
GetParent
TrackMouseEvent
GetDlgItem
SetWindowTextW
EnableWindow
TranslateMessage
LoadAcceleratorsW
DispatchMessageW
EndDialog
MessageBoxW
TranslateAcceleratorW
GetMessageW
SendMessageW
ReleaseCapture
DestroyIcon
LoadImageW
InvalidateRect
KillTimer
UpdateWindow
CreateWindowExW
IsWindow
GetFocus
GetDlgItemTextW
SetFocus
SetClassLongW
PostQuitMessage
ScreenToClient
GetWindowDC
GetCursorPos
ReleaseDC
LoadCursorW
IsWindowVisible
SetWindowLongW
GetWindowLongW
BringWindowToTop

gdi32

CreateFontW
CreateCompatibleDC
CombineRgn
SetBkColor
OffsetRgn
CreateRectRgn
BitBlt
CreateCompatibleBitmap
GetStockObject
DeleteObject
SelectObject
DeleteDC
GetTextExtentExPointW
GetTextExtentPointW
SetTextColor
SetBkMode

ole32

CoInitializeEx
CoUninitialize
CoCreateInstance
CoInitialize
CreateStreamOnHGlobal
StringFromCLSID

oleaut32

SysStringLen
SysFreeString
SysAllocString

Sections

.text
Size: 424KB - Virtual size: 421KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 84KB - Virtual size: 80KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 437KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 41.5MB - Virtual size: 41.5MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

685f51ceb4b13c8ed4698fa1373d37d4

Headers

File Characteristics

Imports

shell32

msi

netapi32

advapi32

shlwapi

version

psapi

ws2_32

kernel32

user32

gdi32

ole32

oleaut32

Sections

.text Size: 424KB - Virtual size: 421KB

.rdata Size: 84KB - Virtual size: 80KB

.data Size: 12KB - Virtual size: 437KB

.rsrc Size: 41.5MB - Virtual size: 41.5MB

.text
Size: 424KB - Virtual size: 421KB

.rdata
Size: 84KB - Virtual size: 80KB

.data
Size: 12KB - Virtual size: 437KB

.rsrc
Size: 41.5MB - Virtual size: 41.5MB