329b3cbc003a220cb32f1ad378641e1a

Sharing

Copy URL Twitter E-mail

General

Target

329b3cbc003a220cb32f1ad378641e1a
Size

535KB
MD5

329b3cbc003a220cb32f1ad378641e1a
SHA1

8ab93fb8fec1f8d166c65c5ad5d7791f67c05c7a
SHA256

db926405c87800f2230ec6306d6a6e46b0160926bdf699f3c25215db343b1bd1
SHA512

677a3a47a6288fdafa3943a78b720dd488fd3117dcfa7fde03ae06804e5aa95be8473f137637a2060b3ad2bdf6b65c543ca2b290e17292b5829d758bb10921f4
SSDEEP

12288:c3SPCG+1FqH/rO9ht/GcvBTkwkIqy5EAldg/8oQP:c3SaG+1FqfrO9ht/GctbLldg/8oQP

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
329b3cbc003a220cb32f1ad378641e1a

Files

329b3cbc003a220cb32f1ad378641e1a
.exe windows:4 windows x86 arch:x86

1e62cf167b1c8598cd506728b606e1b1

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

setupapi

SetupDiGetDeviceRegistryPropertyW
SetupDiGetClassDevsW
SetupDiDestroyDeviceInfoList
SetupDiOpenDeviceInfoW
SetupDiEnumDeviceInterfaces
SetupDiGetDeviceInterfaceDetailW
CM_Locate_DevNodeW
CM_Get_Child
CM_Get_Device_ID_Size
CM_Get_Device_IDW
CM_Get_Sibling
SetupDiGetDeviceInstanceIdW
CM_Get_DevNode_Status_Ex
SetupDiCreateDeviceInfoListExW
SetupDiEnumDeviceInfo
SetupDiGetClassDevsExW
SetupDiCreateDeviceInfoList
CM_Get_Parent
SetupDiSetDeviceRegistryPropertyW
SetupDiGetDeviceInfoListDetailW

iphlpapi

NotifyAddrChange

kernel32

GetExitCodeProcess
InterlockedExchange
GetCurrentThread
InterlockedCompareExchange
SetProcessShutdownParameters
SetConsoleCtrlHandler
LocalFree
GetCommandLineW
Sleep
VerSetConditionMask
VerifyVersionInfoW
CreateFileW
DeviceIoControl
GetDriveTypeW
GetVolumeNameForVolumeMountPointW
GetTickCount
CancelIo
DuplicateHandle
GetProcAddress
OpenProcess
GetVersionExA
SetLastError
CreateFileA
WideCharToMultiByte
FlushFileBuffers
WriteConsoleW
GetConsoleOutputCP
WriteConsoleA
SetStdHandle
GetLocaleInfoW
LoadLibraryA
GetConsoleMode
GetConsoleCP
SetFilePointer
IsValidLocale
TerminateProcess
GetUserDefaultLCID
FindResourceExW
LockResource
GetExitCodeThread
SetWaitableTimer
CreateWaitableTimerW
FindResourceW
GetVersionExW
RaiseException
SetProcessWorkingSetSize
LoadLibraryExW
FreeLibrary
GetCurrentProcess
lstrcmpiW
LoadResource
SizeofResource
GetCurrentThreadId
WaitForSingleObject
TerminateThread
WaitForMultipleObjects
ResumeThread
CreateThread
CreateEventW
InitializeCriticalSection
GetModuleHandleW
SetEvent
lstrlenW
DeleteCriticalSection
LeaveCriticalSection
EnterCriticalSection
GetModuleFileNameW
InterlockedDecrement
InterlockedIncrement
HeapFree
GetProcessHeap
GetLastError
CloseHandle
MultiByteToWideChar
lstrlenA
LCMapStringW
EnumSystemLocalesA
CreateProcessW
LCMapStringA
RtlUnwind
GetStartupInfoW
VirtualQuery
GetSystemInfo
GetCPInfo
GetModuleHandleA
VirtualAlloc
VirtualProtect
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
HeapSize
HeapReAlloc
HeapAlloc
HeapDestroy
GetThreadLocale
GetLocaleInfoA
GetACP
GetStringTypeA
GetSystemTimeAsFileTime
GetCurrentProcessId
QueryPerformanceCounter
GetStartupInfoA
GetFileType
SetHandleCount
GetCommandLineA
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsA
ExitProcess
GetModuleFileNameA
GetStdHandle
WriteFile
IsValidCodePage
GetOEMCP
GetStringTypeW
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
HeapCreate
VirtualFree

user32

CharUpperBuffW
UnregisterClassA
MsgWaitForMultipleObjects
PeekMessageW
LoadCursorW
TranslateMessage
GetSysColorBrush
DispatchMessageW
RegisterClassW
CreateWindowExW
UnregisterClassW
DestroyWindow
DefWindowProcW
CharNextW
wsprintfW
GetMessageW
LoadStringW
PostThreadMessageW

advapi32

StartServiceCtrlDispatcherW
ControlService
QueryServiceStatusEx
DuplicateTokenEx
CreateProcessAsUserW
DuplicateToken
GetTokenInformation
EqualSid
CheckTokenMembership
DeleteService
GetSecurityDescriptorGroup
SetSecurityDescriptorGroup
GetSecurityDescriptorLength
GetSecurityDescriptorOwner
SetSecurityDescriptorOwner
ConvertStringSecurityDescriptorToSecurityDescriptorW
GetSecurityDescriptorControl
MakeSelfRelativeSD
GetSecurityDescriptorSacl
GetSidSubAuthority
ConvertSecurityDescriptorToStringSecurityDescriptorW
InitializeAcl
AddAce
SetNamedSecurityInfoW
MakeAbsoluteSD
IsValidSid
GetSecurityDescriptorDacl
CopySid
InitializeSecurityDescriptor
ChangeServiceConfig2W
GetLengthSid
ChangeServiceConfigW
SetServiceStatus
GetAclInformation
DeregisterEventSource
SetSecurityDescriptorDacl
CreateServiceW
ReportEventW
RegisterEventSourceW
LookupAccountNameW
RegisterServiceCtrlHandlerW
GetSidLengthRequired
InitializeSid
OpenThreadToken
QueryServiceConfigW
OpenServiceW
OpenSCManagerW
CloseServiceHandle
RegEnumValueW
RegQueryValueExW
RegDeleteKeyW
RegSetValueExW
RegOpenKeyExW
RegDeleteValueW
RegCreateKeyExW
RegEnumKeyExW
RegQueryInfoKeyW
RegCloseKey
SetThreadToken

ole32

CoCreateInstance
OleRun
CoInitializeEx
CoTaskMemRealloc
CoTaskMemAlloc
CoTaskMemFree
CoSuspendClassObjects
CoResumeClassObjects
CoRevokeClassObject
CoInitializeSecurity
CoRegisterClassObject
StringFromGUID2
CoRevertToSelf
CoImpersonateClient
StringFromCLSID
CLSIDFromString
ProgIDFromCLSID
CoUninitialize

oleaut32

SysFreeString
SafeArrayDestroy
SafeArrayUnlock
SysStringLen
SafeArrayGetLBound
VariantChangeType
SafeArrayGetVartype
LoadRegTypeLi
LoadTypeLi
VarUI4FromStr
SysAllocStringLen
SysStringByteLen
SysAllocStringByteLen
VariantCopyInd
SafeArrayRedim
SafeArrayCreate
UnRegisterTypeLi
RegisterTypeLi
SetErrorInfo
CreateErrorInfo
GetErrorInfo
VariantCopy
SysAllocString
SafeArrayGetUBound
VariantInit
SafeArrayLock
VariantClear
SafeArrayCopy

shlwapi

PathRemoveFileSpecW
PathQuoteSpacesW

userenv

UnloadUserProfile

Sections

.text
Size: 408KB - Virtual size: 408KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 110KB - Virtual size: 109KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 6KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

1e62cf167b1c8598cd506728b606e1b1

Headers

File Characteristics

Imports

setupapi

iphlpapi

kernel32

user32

advapi32

ole32

oleaut32

shlwapi

userenv

Sections

.text Size: 408KB - Virtual size: 408KB

.rdata Size: 110KB - Virtual size: 109KB

.data Size: 6KB - Virtual size: 14KB

.rsrc Size: 6KB - Virtual size: 6KB

.text
Size: 408KB - Virtual size: 408KB

.rdata
Size: 110KB - Virtual size: 109KB

.data
Size: 6KB - Virtual size: 14KB

.rsrc
Size: 6KB - Virtual size: 6KB