5f481f783f9763c465a54d59199b3875

Sharing

Copy URL Twitter E-mail

General

Target

5f481f783f9763c465a54d59199b3875
Size

86KB
MD5

5f481f783f9763c465a54d59199b3875
SHA1

aee15a3ebbd5a118ab995cdf6fb06eb88030b3cb
SHA256

cb7f5d12e6bfdc7b1f2b3e8fe7696ef7ee0c5267de2830f48d980990fc741224
SHA512

c76b9245b3a6fb9633373bf115cd01a2b3ac3f181017f4c92851db340725409a9901532716b222dba5a6f91f1879317fcf3d3ec2add66d43c4c9f2c6b1b97360
SSDEEP

1536:TW9ZOAL02uriXhZbSQcW+2BOsZIRVR5RzZZVpABwG+KlWeTAeY1LSY1L11n3/Iu9:T4HztXhZrcWjb2RVBVyauPT85J51R3/R

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
5f481f783f9763c465a54d59199b3875

Files

5f481f783f9763c465a54d59199b3875
.exe windows:4 windows x86 arch:x86

1610e802f8af607b8266a8c602c6beac

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

user32

ShowCursor
GetPropW
DdeImpersonateClient
WinHelpW
CallMsgFilterA
GetMenuItemID
MonitorFromRect
RegisterClipboardFormatW
SendMessageA
GetSysColor
DrawStateA
CreateIcon
GetClipboardFormatNameW
CallWindowProcA
IsDialogMessageW
LoadBitmapW
TranslateMDISysAccel
SetForegroundWindow
SetClassLongW
EnumDisplaySettingsExW
SetMenu
CallMsgFilter
DrawStateW
CallNextHookEx
SetDlgItemTextA
EnumDesktopsW
UpdateWindow
FrameRect
RemovePropW
AppendMenuA
DdeQueryStringW
EqualRect
DdeQueryConvInfo
ChangeMenuA
GetWindowContextHelpId
SetClassLongA
DlgDirSelectComboBoxExW
RegisterClassA
TileWindows
OpenInputDesktop
ChangeMenuW
TranslateMessage
DdeDisconnect
SetWindowPlacement
GetActiveWindow
GetClassWord
CascadeChildWindows
CloseWindowStation
SetCapture
GetWindowRect
IsDlgButtonChecked
OemToCharW
DrawFrame
CheckDlgButton
ChangeDisplaySettingsA
BroadcastSystemMessageW
PostMessageA
GetMenuInfo
LoadCursorW
SendNotifyMessageW
SendMessageCallbackA
DdeGetLastError
InvertRect
EndDialog
ValidateRect
DialogBoxParamA
GetOpenClipboardWindow
MessageBoxW
CharUpperA
CopyIcon
SetMenuItemInfoW
GetInputState
TrackPopupMenuEx
GetProcessDefaultLayout
GetKeyNameTextA
RegisterWindowMessageW
LoadStringW
IsCharUpperA
RedrawWindow
BeginPaint
GetClipboardViewer
SetClipboardData
GetTabbedTextExtentW
NotifyWinEvent
GetMenuStringA
EnumDisplayDevicesA
GetSysColorBrush
SetDlgItemTextW
CharLowerW
DdeFreeStringHandle
UnhookWindowsHook
VkKeyScanW
EnumPropsExA
GetMenuStringW
UnhookWinEvent
InternalGetWindowText
BlockInput
SetShellWindow
EnableScrollBar
ShowOwnedPopups
OemKeyScan
DefDlgProcA
MoveWindow
ReuseDDElParam
GetWindowThreadProcessId
SetRectEmpty
DdeAddData
GetWindowTextLengthW
DdeAccessData
EnumPropsW
DrawMenuBar
DeleteMenu
TrackPopupMenu
DdeInitializeW
SwitchDesktop
OpenWindowStationW
GetUserObjectInformationW
PtInRect
PeekMessageW
GetTitleBarInfo
HiliteMenuItem
DefMDIChildProcW
DestroyIcon
GetClassInfoExW
SetMenuContextHelpId
SendMessageTimeoutA
SetTimer

advapi32

RegQueryValueExW
LookupAccountNameW
SetFileSecurityW
RegQueryInfoKeyA
CancelOverlappedAccess
RevertToSelf
CryptCreateHash
RegCreateKeyW
OpenBackupEventLogW
RegCreateKeyExA
SetAclInformation
ReadEventLogA
GetOldestEventLogRecord
LookupPrivilegeDisplayNameA
CryptDecrypt
QueryServiceLockStatusA
GetFileSecurityW
DestroyPrivateObjectSecurity
GetMultipleTrusteeA
RegLoadKeyW
OpenEventLogW
RegReplaceKeyW
CopySid
ObjectPrivilegeAuditAlarmA
SetPrivateObjectSecurity
LookupPrivilegeNameA
RegisterEventSourceA
ObjectDeleteAuditAlarmA
SetTokenInformation
GetAce
CryptHashSessionKey
SetServiceStatus
AreAnyAccessesGranted
BuildExplicitAccessWithNameW
CryptHashData
ControlService
RegNotifyChangeKeyValue
SetSecurityDescriptorGroup
ReadEventLogW
CryptDestroyKey
SetNamedSecurityInfoExA
OpenServiceA
RegEnumKeyExA
MapGenericMask
CryptAcquireContextW
RegOpenKeyExW
IsValidSecurityDescriptor
RegEnumKeyA
LookupPrivilegeNameW
GetServiceDisplayNameA
BuildSecurityDescriptorW
GetSecurityDescriptorDacl
LookupAccountSidW
PrivilegeCheck
RegDeleteKeyA
CryptSetProviderExW
BackupEventLogA
CryptDeriveKey
SetNamedSecurityInfoA
GetSecurityDescriptorControl
LookupSecurityDescriptorPartsW
CloseEventLog
NotifyBootConfigStatus
AccessCheckAndAuditAlarmW
ReportEventW
FreeSid
DeleteAce
ObjectCloseAuditAlarmW
GetAuditedPermissionsFromAclA
GetMultipleTrusteeOperationW
CryptGetDefaultProviderW
LogonUserA
GetServiceKeyNameW
RegSaveKeyW
GetAccessPermissionsForObjectW
RegDeleteValueA
CryptDuplicateHash
ConvertAccessToSecurityDescriptorW
CryptGetDefaultProviderA
InitializeSid
CryptEnumProvidersW
InitializeSecurityDescriptor
ObjectCloseAuditAlarmA
RegisterServiceCtrlHandlerW
ConvertSecurityDescriptorToAccessW
CryptSetProviderA
GetSecurityInfoExW
RegOpenKeyA
StartServiceW
CryptGetProvParam
ChangeServiceConfigW
GetExplicitEntriesFromAclW
QueryServiceConfigA
AddAce
ConvertAccessToSecurityDescriptorA
GetSecurityDescriptorOwner
RegUnLoadKeyW
StartServiceCtrlDispatcherA
GetMultipleTrusteeOperationA
RegLoadKeyA
CryptVerifySignatureW
GetEffectiveRightsFromAclA
OpenProcessToken
ImpersonateSelf
RegOpenKeyExA
SetSecurityDescriptorSacl
GetAccessPermissionsForObjectA
ObjectOpenAuditAlarmA
SetServiceBits
GetCurrentHwProfileA
EqualSid
ObjectDeleteAuditAlarmW
InitializeAcl
AllocateAndInitializeSid
SetSecurityDescriptorDacl
ReportEventA
SetSecurityInfoExA
CryptGetKeyParam
RegQueryValueA
OpenSCManagerW
SetEntriesInAccessListA
QueryServiceConfigW

ole32

StgOpenStorage
OleIsRunning
OleRun
PropVariantCopy
OleInitialize
CoGetInterfaceAndReleaseStream
CoResumeClassObjects
OleCreateMenuDescriptor
UtConvertDvtd32toDvtd16
StgGetIFillLockBytesOnFile
CoGetMalloc
CoGetTreatAsClass
UtGetDvtd32Info
OleCreateEx
CoRegisterSurrogate
CreatePointerMoniker
WriteClassStm
CoGetCurrentLogicalThreadId
CoRegisterMallocSpy
CreateFileMoniker
OleCreateFromDataEx
StringFromCLSID
OleGetIconOfFile
RegisterDragDrop
CoInitializeSecurity
CoMarshalInterThreadInterfaceInStream
CoQueryProxyBlanket
CoSuspendClassObjects
CoGetObject
CoRevertToSelf
CoRegisterMessageFilter
OleRegEnumVerbs
OleRegEnumFormatEtc
StgSetTimes
OleLoadFromStream
CoQueryReleaseObject
OleSaveToStream
OleCreateEmbeddingHelper
OleCreateLink
OleSetContainedObject
CoGetInstanceFromIStorage
StringFromGUID2
OleNoteObjectVisible
StgCreateDocfile
OleGetIconOfClass
CoTaskMemFree
CreateClassMoniker
CoReleaseMarshalData
CoMarshalInterface
CoGetCurrentProcess
ReadFmtUserTypeStg
CoLoadLibrary
StgCreateStorageEx
CreateOleAdviseHolder
OleRegGetMiscStatus
CreateDataAdviseHolder
StgOpenStorageEx
GetHookInterface
OleConvertOLESTREAMToIStorage
GetRunningObjectTable
CoInitializeEx
OleSetClipboard
CoSetProxyBlanket
OpenOrCreateStream
OleDoAutoConvert
OleCreateLinkToFile
CreateItemMoniker
MkParseDisplayName
OleGetAutoConvert
OleCreateFromFileEx
StgOpenAsyncDocfileOnIFillLockBytes
OleCreateFromFile
MonikerCommonPrefixWith
WriteStringStream
SetConvertStg
OleConvertIStorageToOLESTREAM
OleCreateFromData
CoGetMarshalSizeMax
CoRegisterClassObject
CoIsOle1Class
IsEqualGUID
CoIsHandlerConnected
GetHGlobalFromStream
CreateAntiMoniker
ReleaseStgMedium
CoGetInstanceFromFile
CoGetCallerTID
OleMetafilePictFromIconAndLabel
PropVariantClear
CoMarshalHresult
GetConvertStg
CoGetPSClsid
DoDragDrop
ProgIDFromCLSID
GetDocumentBitStg
CoTaskMemAlloc
OleLoad
CreateStreamOnHGlobal
EnableHookObject
CoUninitialize
OleDuplicateData
OleQueryLinkFromData
StringFromIID

kernel32

GetPrivateProfileSectionA
GetCurrentThread
SizeofResource
OpenFileMappingW
GetCommandLineW
GetTempPathW
VirtualProtectEx
ReadFile
EnumTimeFormatsA
GlobalUnlock
GetFileTime
MapViewOfFile
CreateDirectoryW
EndUpdateResourceW
FindFirstFileExA
VirtualProtect
WaitCommEvent
CreateNamedPipeA
GetBinaryTypeW
LoadLibraryExA
GetSystemInfo
WaitForDebugEvent
ConvertThreadToFiber
FormatMessageW
GlobalDeleteAtom
OpenMutexW
FoldStringW
IsBadStringPtrW
WriteProfileStringW
FlushConsoleInputBuffer
QueueUserAPC
GetFileAttributesExW
GetLocaleInfoW
GetWriteWatch
AddAtomA
CreateThread
OpenEventW
GetProcessTimes
GetThreadSelectorEntry
HeapUnlock
GetShortPathNameA
GetFileSize
GetDiskFreeSpaceExA
CompareFileTime
VirtualQueryEx
VerLanguageNameA
IsBadReadPtr
GetVersionExW
Beep
WriteConsoleInputA
VirtualAlloc
LoadLibraryExW
EndUpdateResourceA
SetEnvironmentVariableW
UnlockFile
CopyFileA
GetConsoleCursorInfo
LocalReAlloc
DefineDosDeviceW
GetProfileSectionA
TlsSetValue
GetProcessHeaps
QueryPerformanceFrequency
Sleep
OpenSemaphoreA
SetLocaleInfoA
SetTapePosition
SetVolumeLabelA
lstrcmp
GetShortPathNameW
SetCalendarInfoW
GlobalLock
GetNumberFormatA
GetProcAddress
GetVersionExA
GetPrivateProfileIntW
lstrcmpW
GetThreadPriorityBoost
GetDiskFreeSpaceW
EnumTimeFormatsW
SetCommState
ReadFileScatter
ReadConsoleInputW
FindFirstChangeNotificationW
SleepEx
GetProcessShutdownParameters
IsBadHugeReadPtr
ContinueDebugEvent
LocalShrink
VirtualAllocEx
SetCommConfig
GetAtomNameA
ResetEvent
GetTimeFormatA
SystemTimeToTzSpecificLocalTime
ScrollConsoleScreenBufferW
FindResourceW
SetProcessPriorityBoost
SetThreadPriorityBoost
PurgeComm
SetThreadContext
DisableThreadLibraryCalls
CreateTapePartition
WriteProfileSectionA
GetPrivateProfileStructA
ClearCommBreak
GetTapePosition
PeekConsoleInputA
CallNamedPipeA
LocalAlloc
GetLargestConsoleWindowSize
Process32Next
GetCalendarInfoW
CopyFileW
GetCompressedFileSizeA
CopyFileExA
GetStringTypeW
GetOEMCP
GetAtomNameW
Heap32ListNext
GetEnvironmentStrings
GetCommTimeouts
ReadConsoleOutputAttribute
SetStdHandle
FindAtomW
GetBinaryType
GetCurrentProcess
GetModuleFileNameW
IsValidCodePage
lstrlenA
HeapLock
GetOverlappedResult
ResetWriteWatch
MoveFileExW
SetSystemTimeAdjustment

shlwapi

PathRemoveBackslashA
StrCmpNIW
StrNCatW
SHCopyKeyW
UrlCreateFromPathW
PathFindExtensionA
PathIsSystemFolderA
PathSearchAndQualifyW
SHEnumValueA
PathRemoveBlanksA
SHRegWriteUSValueW
UrlCombineA
UrlGetLocationA
SHRegDeleteEmptyUSKeyW
StrSpnA
UrlIsOpaqueW
SHRegDeleteUSValueA
SHSkipJunction
SHDeleteKeyW
PathIsRootA
PathFindOnPathA
PathIsUNCServerShareW
StrRChrIA
StrFormatKBSizeW
PathStripToRootA
PathIsUNCServerShareA
ChrCmpIW
SHOpenRegStreamA
SHRegGetUSValueW
SHGetInverseCMAP
StrTrimW
StrRStrIA
PathIsLFNFileSpecA
UrlUnescapeA
StrDupA
SHDeleteKeyA
PathIsLFNFileSpecW
SHSetValueW
StrFormatByteSizeA
SHStrDupW
UrlGetPartA
ColorRGBToHLS
PathCreateFromUrlW
UrlUnescapeW
PathCombineW
SHRegQueryInfoUSKeyW
StrFromTimeIntervalA
StrRetToBufA
PathFindSuffixArrayA
UrlCombineW
StrIsIntlEqualW
StrStrA
StrRStrIW
StrToIntW
UrlCompareW
SHRegEnumUSValueA
StrCmpNA
PathGetDriveNumberW
UrlHashW
PathIsContentTypeW
PathIsFileSpecW
PathQuoteSpacesA
wnsprintfA
PathMakeSystemFolderW
StrCpyNW
SHRegCreateUSKeyW
PathAddExtensionA
SHRegEnumUSKeyA
StrRetToStrA
StrCSpnA
SHStrDupA
PathIsURLW
PathCompactPathW
PathIsRootW
UrlIsNoHistoryA
SHRegOpenUSKeyW
PathSkipRootA
UrlHashA
PathUnquoteSpacesA
PathMatchSpecA
PathIsUNCW
PathIsDirectoryW
SHRegSetUSValueA
SHEnumValueW
SHRegGetBoolUSValueW
PathIsNetworkPathW
PathGetCharTypeA
SHRegDeleteUSValueW
PathBuildRootW
PathBuildRootA
SHGetValueW
PathCreateFromUrlA
SHRegGetBoolUSValueA
UrlEscapeW
PathSetDlgItemPathW
PathSearchAndQualifyA
PathRemoveFileSpecA
PathRemoveBlanksW
ChrCmpIA
PathRemoveArgsW

Sections

.text
Size: 68KB - Virtual size: 68KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 16KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 241B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

1610e802f8af607b8266a8c602c6beac

Headers

DLL Characteristics

File Characteristics

Imports

user32

advapi32

ole32

kernel32

shlwapi

Sections

.text Size: 68KB - Virtual size: 68KB

.rdata Size: 16KB - Virtual size: 16KB

.data Size: 512B - Virtual size: 241B

.text
Size: 68KB - Virtual size: 68KB

.rdata
Size: 16KB - Virtual size: 16KB

.data
Size: 512B - Virtual size: 241B