6419721cdc0d63e3410cd9cbe4c8b6ad

Sharing

Copy URL

Twitter E-mail

General

Target

6419721cdc0d63e3410cd9cbe4c8b6ad
Size

87KB
MD5

6419721cdc0d63e3410cd9cbe4c8b6ad
SHA1

99c9e59eb13ec4115d4d8d8d92daab5ffb3f05d4
SHA256

7df908a3c85466d427ae5a387249861d3ad89c1927a2dea5317c3f96b442e7e9
SHA512

03a78d51223a83651654b70a123c79655842d789c5dea73606b7956cc2897d006a7729e64d245d9c5f3e6bdf14350f666230c46c2dc0bc0cbf08d4fa56cdfb45
SSDEEP

1536:QpzmeW4KjmlE565dIroMNxChcCi9AlZe6H91oCbszsivbH8:2mPdjt6jcoDhcCiE1Lb2Zb8

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
6419721cdc0d63e3410cd9cbe4c8b6ad

Files

6419721cdc0d63e3410cd9cbe4c8b6ad
.exe windows:4 windows x86 arch:x86

29ee9163304aa656b2dc01b0f744d1d2

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

user32

DdeCreateDataHandle
GetScrollPos
RegisterWindowMessageW
WinHelpW
GetPropA
GetDesktopWindow
GetMessagePos
GetMenuItemID
GetClassLongW
DdeCreateStringHandleW
GetPriorityClipboardFormat
SwitchDesktop
LookupIconIdFromDirectoryEx
SetCursorPos
CreateDialogIndirectParamW
OemToCharW
SetWindowsHookA
CloseWindowStation
TabbedTextOutW
BroadcastSystemMessageA
LoadAcceleratorsW
EndPaint
GetWindowModuleFileNameW
CharToOemW
DdeNameService
RegisterClassExW
DrawFrame
IsCharAlphaNumericA
SystemParametersInfoW
MoveWindow
LoadKeyboardLayoutW
DefFrameProcA
DdeAddData
MessageBoxW
ReleaseCapture
GetMonitorInfoA
DlgDirSelectComboBoxExW
DrawTextExA
GetCursor
SendMessageCallbackA
ModifyMenuA
CharLowerBuffA
SetWindowsHookExA
GetWindowTextLengthA
OemToCharBuffA
ValidateRgn
GetWindowTextW
EndDialog
SystemParametersInfoA
CharPrevW
CreateDesktopA
GetCapture
UnregisterDeviceNotification
LockWindowUpdate
IsChild
GetWindowTextA
GetClipCursor
InflateRect
FindWindowExW
LoadIconW
BeginDeferWindowPos
SetMessageQueue
PeekMessageA
EnumWindowStationsA
InsertMenuItemW
IsIconic
SetProcessDefaultLayout
SetSysColors
GetWindowRgn
CharLowerA
GetMenuBarInfo
SetRectEmpty
DdeDisconnectList
DdeConnectList
DialogBoxIndirectParamA
GetWindowWord
PostQuitMessage
ShowOwnedPopups
UnhookWindowsHookEx
GetDoubleClickTime
BlockInput
DrawIcon
SetScrollPos
MessageBoxExW
IsZoomed
SetWindowTextA
DdeQueryStringA
BroadcastSystemMessageW
EnumClipboardFormats
GetDlgItemTextA
SetDlgItemInt
GetClientRect
RemovePropA
LoadBitmapW
DrawTextA
SetClipboardData
SetWindowRgn
OpenDesktopA
OpenWindowStationW
GetMonitorInfoW
EnumDisplayMonitors
BeginPaint
OemToCharA
SetFocus
WaitForInputIdle
GetTitleBarInfo
DragDetect
TranslateAcceleratorW
OpenClipboard
CreateDialogParamA
DdePostAdvise
DdeQueryConvInfo
RegisterClipboardFormatA
SendMessageW
CharNextW
SetSystemCursor
WINNLSGetIMEHotkey
BroadcastSystemMessage
GetUserObjectInformationA
CheckRadioButton
SetWindowContextHelpId
MessageBeep
DlgDirListW
ShowWindowAsync
DestroyWindow
EnumDesktopsW
MonitorFromWindow
ChangeMenuW
MapVirtualKeyExA
GetMenuDefaultItem
ToAsciiEx
GetKeyboardLayoutList
VkKeyScanExA
IsWindowUnicode
GetMenuItemCount
AnyPopup
DrawIconEx
GetClassInfoExW
SetMenuItemInfoW

kernel32

GetNumberOfConsoleInputEvents
GetThreadLocale
EnumSystemLocalesW
UpdateResourceW
GetCurrencyFormatW
Thread32First
VirtualAlloc
WriteConsoleOutputCharacterW
GetTapeStatus
DebugBreak
WriteFileGather
VirtualProtect
GetProcessWorkingSetSize
BackupWrite
SetLocaleInfoW
PostQueuedCompletionStatus
IsBadWritePtr
GetSystemInfo
UnmapViewOfFile
SetConsoleScreenBufferSize
RequestDeviceWakeup
GetModuleFileNameA
EnumTimeFormatsW
AddAtomA
MultiByteToWideChar
WriteProfileSectionW
ScrollConsoleScreenBufferW
CreateMutexA
CancelIo
ClearCommError
lstrcpyW
MoveFileW
GetLocaleInfoW
EnumCalendarInfoExA
EnumSystemCodePagesA
EndUpdateResourceA
SetLastError
EnumResourceLanguagesW
ExpandEnvironmentStringsA
WriteConsoleInputA
GetStringTypeExA
GetVolumeInformationA
QueueUserAPC
GlobalUnWire
CreateEventW
GetFileSize
GetPrivateProfileIntW
RequestWakeupLatency
GetNumberFormatW
GlobalHandle
GetTapeParameters
GetBinaryTypeA
SetCurrentDirectoryW
FindNextFileW
GetModuleFileNameW
GetDateFormatW
CreateFileMappingW
GetWindowsDirectoryA
SetCommTimeouts
GetMailslotInfo
GlobalWire
GetSystemTime
FindFirstChangeNotificationW
Module32Next
SetFileApisToOEM
FindResourceW
SetMessageWaitingIndicator
UnlockFile
EnumResourceNamesA
ResetWriteWatch
OpenEventA
GetBinaryTypeW
GetLargestConsoleWindowSize
WaitForSingleObjectEx
WriteTapemark
GetLongPathNameA
GetEnvironmentStringsA
SetTapeParameters
CallNamedPipeA
lstrcmp
GlobalAddAtomW
WritePrivateProfileStringW
FindFirstFileExW
ConnectNamedPipe
FindAtomA
EndUpdateResourceW
IsDBCSLeadByte
ExitProcess
GetVersionExA
GetLocaleInfoA
FillConsoleOutputCharacterW
SetFileAttributesA
WriteProcessMemory
SetConsoleCursorPosition
GetProfileSectionW
TransmitCommChar
FindClose
SetVolumeLabelW
lstrcpynW
HeapCreate
CreateConsoleScreenBuffer
WritePrivateProfileSectionA
OpenSemaphoreW
GetNumberOfConsoleMouseButtons
FindNextFileA
OutputDebugStringW
GetPrivateProfileSectionNamesA
CreateDirectoryW
CallNamedPipeW
LocalHandle
SearchPathW
FreeResource
lstrlenA
EscapeCommFunction
OpenMutexW
GetSystemDirectoryW
VirtualFreeEx
SetSystemTime
SetTapePosition
GetFullPathNameW
SetHandleCount
CloseHandle
LoadLibraryExW
GlobalFindAtomA
GetCurrentDirectoryA
CreateMutexW
OpenFileMappingA
DeleteFileA
CreateFileA
GlobalFlags
CreateToolhelp32Snapshot
GetFileAttributesExW
GetPrivateProfileSectionW
WriteProfileStringA
SetThreadContext
LoadLibraryA
GetFileInformationByHandle
GetNamedPipeHandleStateW
lstrcmpA
ReadFileEx
WaitForMultipleObjects
GetDiskFreeSpaceExA
SetConsoleCtrlHandler
MapViewOfFile

ole32

OleDraw
StgSetTimes
UtConvertDvtd16toDvtd32
OleGetIconOfClass
CoRevokeClassObject
PropVariantClear
CoUnmarshalInterface
DllDebugObjectRPCHook
ReadClassStg
CoMarshalInterThreadInterfaceInStream
RevokeDragDrop
CoGetCurrentProcess
SetDocumentBitStg
ReadFmtUserTypeStg
CoSuspendClassObjects
OleQueryCreateFromData
OleCreateLinkEx
StgGetIFillLockBytesOnFile
CoGetMalloc
EnableHookObject
CoDisconnectObject
CoMarshalInterface
OleMetafilePictFromIconAndLabel
CoQueryProxyBlanket
OleCreateMenuDescriptor
CreateDataCache
CoIsHandlerConnected
CoRevokeMallocSpy
CreateGenericComposite
OleConvertIStorageToOLESTREAMEx
IsEqualGUID
OleRun
WriteStringStream
OleCreateLinkToFileEx
StgIsStorageFile
OleConvertOLESTREAMToIStorageEx
OpenOrCreateStream
CLSIDFromString
OleRegGetMiscStatus
CoIsOle1Class
OleCreateLinkFromData
UtGetDvtd16Info
CreateOleAdviseHolder
UtGetDvtd32Info
CreateBindCtx
MkParseDisplayName
CoRegisterChannelHook
OleLockRunning
OleDoAutoConvert
OleSetClipboard
CoResumeClassObjects
CoGetCallContext
CoGetInstanceFromFile
CoGetCallerTID
CoReleaseServerProcess
OleInitialize
OleCreateFromFileEx
CreateClassMoniker
OleSetContainedObject
OleDuplicateData
OleFlushClipboard
MonikerCommonPrefixWith
CoReleaseMarshalData
OleBuildVersion
OleLoad
MonikerRelativePathTo
CoRegisterMessageFilter
SetConvertStg
StgOpenStorageEx
CoTaskMemAlloc
OleSetAutoConvert
OleCreateFromFile
CoMarshalHresult
CoGetTreatAsClass
StgIsStorageILockBytes
CoCreateFreeThreadedMarshaler
GetConvertStg
OleCreate
CoGetObject
GetHookInterface
PropVariantCopy
UpdateDCOMSettings
CoGetMarshalSizeMax
CoInitializeEx
StgOpenAsyncDocfileOnIFillLockBytes
OleIsCurrentClipboard
OleRegEnumFormatEtc
CoFileTimeToDosDateTime
StgOpenStorage
StringFromIID
StgCreateDocfileOnILockBytes
WriteClassStm
CoInitializeSecurity

advapi32

GetTrusteeTypeW
GetServiceKeyNameW
InitializeSecurityDescriptor
RegOpenKeyExA
LookupAccountSidA
AllocateAndInitializeSid
CryptSetKeyParam
SetPrivateObjectSecurity
GetAclInformation
CloseEventLog
EqualPrefixSid
QueryServiceObjectSecurity
SetServiceBits
GetSecurityDescriptorSacl
CryptDuplicateKey
CryptDuplicateHash
GetNumberOfEventLogRecords
RegisterServiceCtrlHandlerA
FindFirstFreeAce
GetServiceKeyNameA
CryptGenRandom
CreateServiceW
SetSecurityDescriptorGroup
RegCreateKeyExA
RegSetKeySecurity
SetFileSecurityA
BuildExplicitAccessWithNameW
QueryServiceLockStatusW
GetLengthSid
GetOldestEventLogRecord
PrivilegeCheck
DeleteService
TrusteeAccessToObjectA
DuplicateTokenEx
GetSecurityDescriptorDacl
IsValidSecurityDescriptor
LookupPrivilegeDisplayNameW
CryptHashSessionKey
SetSecurityDescriptorOwner
ClearEventLogW
GetAccessPermissionsForObjectW
LookupPrivilegeNameW
GetExplicitEntriesFromAclW
EnumServicesStatusA
LogonUserW
SetNamedSecurityInfoW
QueryServiceStatus
LookupAccountNameW
SetKernelObjectSecurity
SetEntriesInAccessListA
ObjectDeleteAuditAlarmW
BuildSecurityDescriptorW
TrusteeAccessToObjectW
OpenEventLogW
MakeAbsoluteSD
ConvertAccessToSecurityDescriptorA
GetMultipleTrusteeA
GetTrusteeTypeA
SetEntriesInAuditListW
RevertToSelf
EnumDependentServicesW
CryptEnumProvidersW
CryptGetDefaultProviderA
SetEntriesInAclA
RegOpenKeyA
ObjectCloseAuditAlarmW
OpenThreadToken
SetServiceStatus
GetSidSubAuthorityCount
GetServiceDisplayNameW
BuildTrusteeWithNameW
ImpersonateLoggedOnUser
CryptCreateHash
AddAccessDeniedAce
RegOpenKeyExW
RegEnumKeyExA
RegReplaceKeyA
RegConnectRegistryA
ReadEventLogA
SetAclInformation
AccessCheckAndAuditAlarmA
AllocateLocallyUniqueId
RegQueryValueExA
BuildTrusteeWithSidA
BuildImpersonateTrusteeW
CreateProcessAsUserW
GetSidIdentifierAuthority
GetSecurityDescriptorControl
UnlockServiceDatabase
PrivilegedServiceAuditAlarmA
StartServiceCtrlDispatcherW
GetCurrentHwProfileA
DuplicateToken
GetSecurityInfoExA
ObjectPrivilegeAuditAlarmW
RegLoadKeyA
RegQueryInfoKeyA
ObjectCloseAuditAlarmA
CryptHashData
RegNotifyChangeKeyValue
GetCurrentHwProfileW
RegDeleteKeyA
AdjustTokenGroups
StartServiceA
InitializeSid
LookupPrivilegeNameA
CreateProcessAsUserA
BuildTrusteeWithSidW
GetAce
CryptEnumProviderTypesW
GetAccessPermissionsForObjectA
SetSecurityInfo
LookupSecurityDescriptorPartsA
AbortSystemShutdownW

shlwapi

StrCmpNA
PathRenameExtensionW
StrStrA
SHRegCloseUSKey
StrRStrIA
UrlCreateFromPathW
PathRemoveExtensionW
SHSkipJunction
SHRegEnumUSKeyA
PathSetDlgItemPathA
SHSetValueW
UrlCanonicalizeW
SHRegEnumUSValueW
SHRegGetUSValueW
StrChrIW
PathIsUNCServerW
SHGetThreadRef
PathIsURLA
SHDeleteKeyA
SHEnumValueW
PathIsContentTypeA
PathIsLFNFileSpecA
SHCopyKeyA
PathCommonPrefixW
PathUnquoteSpacesA
AssocQueryKeyA
StrCmpIW
PathMakePrettyW
PathCompactPathExW
PathIsDirectoryA
UrlGetLocationA
PathBuildRootW
SHSetValueA
ColorHLSToRGB
PathCanonicalizeW
UrlApplySchemeW
AssocQueryStringW
PathGetDriveNumberW
SHAutoComplete
ColorAdjustLuma
IntlStrEqWorkerW
PathUnquoteSpacesW
SHRegQueryInfoUSKeyA
PathIsDirectoryEmptyW
UrlIsW
SHCreateStreamOnFileA
PathStripToRootW
PathFindFileNameA
StrCmpNIW
StrIsIntlEqualA
UrlApplySchemeA
PathSkipRootW
SHRegQueryInfoUSKeyW
UrlUnescapeW
SHDeleteValueW
StrFormatKBSizeW
StrToIntW
PathAddBackslashA
UrlCombineW
StrToIntExA
SHRegGetBoolUSValueA
PathRemoveExtensionA
PathFindSuffixArrayA
StrDupW
wnsprintfW
PathCombineW
ColorRGBToHLS
StrIsIntlEqualW
StrTrimW
PathFindExtensionA
PathAddBackslashW
SHRegEnumUSValueA
PathIsUNCServerA
UrlIsOpaqueW
PathMakeSystemFolderW
SHCreateShellPalette
SHRegGetUSValueA
UrlCreateFromPathA
PathIsRelativeA
StrRChrW
PathIsURLW
PathBuildRootA
PathIsUNCW
PathRelativePathToA
PathCreateFromUrlW
SHDeleteKeyW
PathIsRelativeW
SHRegDuplicateHKey
UrlIsA
SHEnumKeyExA
wnsprintfA
PathRemoveBackslashA
PathParseIconLocationW
PathUndecorateA
ChrCmpIW
PathFindFileNameW
SHGetValueW
UrlGetPartA
PathIsNetworkPathA
PathIsFileSpecW
SHRegSetUSValueW
wvnsprintfA
SHRegCreateUSKeyW
StrFormatByteSize64A
PathRemoveFileSpecW
StrCatW
PathSearchAndQualifyA
StrCSpnIW

Sections

.text
Size: 68KB - Virtual size: 68KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 17KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 262B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

29ee9163304aa656b2dc01b0f744d1d2

Headers

DLL Characteristics

File Characteristics

Imports

user32

kernel32

ole32

advapi32

shlwapi

Sections

.text Size: 68KB - Virtual size: 68KB

.rdata Size: 17KB - Virtual size: 16KB

.data Size: 512B - Virtual size: 262B

.text
Size: 68KB - Virtual size: 68KB

.rdata
Size: 17KB - Virtual size: 16KB

.data
Size: 512B - Virtual size: 262B