321f18db270bc2f4f813de2d50862acd

Sharing

Copy URL Twitter E-mail

General

Target

321f18db270bc2f4f813de2d50862acd
Size

822KB
MD5

321f18db270bc2f4f813de2d50862acd
SHA1

ba069e887dd1d2c2ef08a3a8046b644f53df8f09
SHA256

75fd6e33420f532cc38ece6d0728bf29703b370e17d0250da853a41c866bc370
SHA512

f401c194b25fab081f3e2760a338d9b610aea75a2294dbe01d1becec2bb5e6a0faecd6490a05b9bf26e23aa3426c381b544b06601aa726920017c24ea5c3b1f3
SSDEEP

12288:ibocFwQGPt0tvuU0lmXyOfAZFRM1v92gxd:SRGQGwvu2XyQSRM992e

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
321f18db270bc2f4f813de2d50862acd

Files

321f18db270bc2f4f813de2d50862acd
.exe windows:5 windows x86 arch:x86

7705f8625aa29354451d9b56691dd4e9

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_ISOLATION
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

VirtualProtect
FreeLibrary
VirtualProtect
ReadFile
QueryPerformanceCounter
GetModuleFileNameA
LoadLibraryW
SetLastError
ReadFile
CreateEventW
VirtualProtect
EnterCriticalSection
UnhandledExceptionFilter
Sleep
MultiByteToWideChar
VirtualProtect
CreateEventW
GetProcAddress
GetSystemTimeAsFileTime
GetLastError
CreateEventW
HeapFree
EnterCriticalSection
EnterCriticalSection
GetCurrentThreadId
GetSystemTimeAsFileTime
GetProcessHeap
VirtualAlloc
GetProcAddress
MultiByteToWideChar
lstrlenA
CreateEventW
GetLastError
InterlockedIncrement
GetModuleFileNameW
CreateEventW
lstrcmpiW
GetCurrentProcessId
VirtualProtect
InterlockedDecrement
GetSystemTimeAsFileTime
GetCurrentThreadId
DisableThreadLibraryCalls
Sleep
CreateEventW
GetTickCount
GetModuleFileNameW

advapi32

LsaQueryInfoTrustedDomain
TrusteeAccessToObjectA
LookupAccountNameW
RegDeleteKeyA
SystemFunction010
LsaDelete
CreatePrivateObjectSecurity
LockServiceDatabase
LsaSetInformationPolicy
GetFileSecurityW
BuildTrusteeWithNameA
GetAccessPermissionsForObjectW
SystemFunction028
LsaSetInformationTrustedDomain
LsaStorePrivateData
RegSetKeySecurity
ElfClearEventLogFileA
BuildImpersonateExplicitAccessWithNameA
LsaEnumeratePrivileges
CryptGetDefaultProviderA
AccessCheckByType
InitiateSystemShutdownA
InitiateSystemShutdownA
QueryAllTracesA
CryptDestroyKey
BuildTrusteeWithObjectsAndSidA
ObjectOpenAuditAlarmW
CryptEnumProviderTypesW
WmiOpenBlock
GetEffectiveRightsFromAclA
ElfOldestRecord
GetServiceKeyNameW
LsaLookupNames
CreateProcessWithLogonW
ImpersonateSelf
ObjectDeleteAuditAlarmW
ConvertSidToStringSidA
SystemFunction004
LsaSetInformationTrustedDomain
RegConnectRegistryA
CreateServiceW
LsaQuerySecret
LsaRemovePrivilegesFromAccount
DeregisterEventSource
RegCreateKeyExW
BuildImpersonateTrusteeW
I_ScGetCurrentGroupStateW
AdjustTokenGroups
LookupAccountSidW

user32

EndDialog
ReleaseDC
CharNextW
GetParent
KillTimer
SetFocus
GetDesktopWindow
GetWindowRect
GetParent
ReleaseDC
ReleaseDC
DispatchMessageW
GetFocus
ReleaseDC
InvalidateRect
GetWindowRect
LoadStringW
BeginPaint
LoadCursorW
EndPaint
DefWindowProcW
SendMessageW
SetWindowTextW
KillTimer
DefWindowProcW
IsWindow
SendMessageW
KillTimer
SetTimer
GetSystemMetrics
GetDC
IsDlgButtonChecked
SetTimer
BeginPaint
GetSystemMetrics
GetSystemMetrics
PostQuitMessage
GetWindowRect
KillTimer
CharNextW
GetSystemMetrics
BeginPaint
SetTimer
EnableWindow
DispatchMessageW
ReleaseDC
KillTimer
GetWindowRect
KillTimer
SetCursor
GetFocus
SendMessageW
KillTimer
LoadStringW

gdi32

CreateRectRgn
GetBrushOrgEx
GetWindowOrgEx
CreateFontIndirectA
PatBlt
CreateRectRgn
Ellipse
GetWindowExtEx
SelectObject
GetWindowExtEx
CreateFontA
SetPixel
CreatePen
LineTo
GetBrushOrgEx
SetBrushOrgEx
GetCurrentObject
SetBkColor
Ellipse
Polygon
SelectObject
GetPixel
SetWindowOrgEx
GetBrushOrgEx
CreateCompatibleDC
Ellipse
SetWindowOrgEx
SetTextColor
GetBkMode
SetBrushOrgEx
StretchBlt
CreatePen
CreatePen
Ellipse
CreateFontIndirectA
BitBlt
GetPixel
CreateFontA
GetCurrentObject
PatBlt
SetBkColor
SetBkColor
CreateRectRgn
SetBkMode
PatBlt
GetPixel
SetBrushOrgEx
GetWindowExtEx
SetPixel

Sections

.text
Size: 734KB - Virtual size: 992KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rdata
Size: 5KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 82KB - Virtual size: 84KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

7705f8625aa29354451d9b56691dd4e9

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

advapi32

user32

gdi32

Sections

.text Size: 734KB - Virtual size: 992KB

.data Size: - Virtual size: 4KB

.rdata Size: 5KB - Virtual size: 8KB

.rsrc Size: 82KB - Virtual size: 84KB

.text
Size: 734KB - Virtual size: 992KB

.data
Size: - Virtual size: 4KB

.rdata
Size: 5KB - Virtual size: 8KB

.rsrc
Size: 82KB - Virtual size: 84KB