73f29a960ef03fd8a940e7407e839ebd

Sharing

Copy URL Twitter E-mail

General

Target

73f29a960ef03fd8a940e7407e839ebd
Size

1.3MB
MD5

73f29a960ef03fd8a940e7407e839ebd
SHA1

b16658bd83099f2488bcd0b3a1540b5144c9c6b0
SHA256

a56592f300d98a5fc5bb1a96fb1d56e8d7b09eb40766e08b8550713908e1a94c
SHA512

39d611cf8c24c82e15304ab2d3ac3bfee07fb064eacfe5d37a0b860edcc6c36f8a8ad8c13ebafc3506a81fc516d086c5988475058ca6c3f9b9c470ba29b9e732
SSDEEP

24576:Zts/5WRP2wxxl1dPyV4E9XrU/8EsY16mtFzO3nzUf4xfZIo:8/5yP2wHl1N29Xrm8EsO6i4nzUf4xfZ5

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
73f29a960ef03fd8a940e7407e839ebd

Files

73f29a960ef03fd8a940e7407e839ebd
.exe windows:5 windows x86 arch:x86

49a8350366df7e2297a5da869317c8d3

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

msi

ord113
ord88
ord92
ord141
ord169
ord16
ord8
ord70
ord118
ord160
ord159
ord32

comctl32

ImageList_Add
InitCommonControlsEx
ImageList_Create
ord17

wtsapi32

WTSQuerySessionInformationW
WTSFreeMemory

kernel32

GetExitCodeProcess
AttachConsole
FreeConsole
CreateDirectoryW
SetFileAttributesW
GetTempPathW
GetTempFileNameW
GetLocaleInfoW
GetProcAddress
GetModuleHandleW
GetVersionExW
lstrlenW
GetSystemDefaultLCID
GetUserDefaultLCID
lstrcpyW
lstrcatW
GetPrivateProfileStringW
lstrcmpiW
ExpandEnvironmentStringsW
GetVersion
GetSystemTime
SystemTimeToFileTime
FileTimeToSystemTime
GetWindowsDirectoryW
SetCurrentDirectoryW
CreateMutexW
GetCommandLineW
LocalFree
GetCurrentProcess
GetUserDefaultUILanguage
EnumResourceNamesW
MultiByteToWideChar
WideCharToMultiByte
FormatMessageW
GetLastError
LoadResource
SizeofResource
LockResource
WriteFile
DeleteFileW
GetStringTypeW
GetStringTypeA
LCMapStringA
SetFilePointer
FlushFileBuffers
GetConsoleMode
GetConsoleCP
CreateFileA
GetLocaleInfoA
GetSystemTimeAsFileTime
GetCurrentProcessId
QueryPerformanceCounter
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsA
LCMapStringW
IsValidCodePage
GetOEMCP
GetACP
GetCPInfo
GetFileType
SetHandleCount
InitializeCriticalSectionAndSpinCount
LoadLibraryA
GetModuleFileNameA
GetStdHandle
HeapDestroy
HeapCreate
HeapReAlloc
VirtualAlloc
Sleep
GetTickCount
UnmapViewOfFile
CloseHandle
VirtualQuery
MapViewOfFile
GetModuleHandleA
CreateFileMappingW
CreateFileW
SetStdHandle
SetEndOfFile
GetProcessHeap
ReadFile
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
FindResourceExW
VirtualFree
DeleteCriticalSection
HeapSize
InterlockedDecrement
GetCurrentThreadId
SetLastError
InterlockedIncrement
TlsFree
TlsSetValue
TlsAlloc
TlsGetValue
RtlUnwind
RaiseException
GetStartupInfoA
GetCommandLineA
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
TerminateProcess
LeaveCriticalSection
EnterCriticalSection
HeapAlloc
HeapFree
ExitProcess

user32

ExitWindowsEx
wsprintfW
FindWindowW
SendInput
CharLowerBuffW
GetSystemMetrics
DefWindowProcW
LoadIconW
LoadCursorW
IsWindow
DestroyWindow
CreateWindowExW
MessageBoxW
ScreenToClient
LoadStringW
DialogBoxParamW
EndDialog
IsDlgButtonChecked
SetFocus
UpdateWindow
InvalidateRect
GetDC
SetParent
ShowWindow
DrawTextW
GetWindowTextW
SendMessageW
GetWindowRect
GetClientRect
GetDlgItem
SetWindowTextW
LoadBitmapW
RegisterClassExW

gdi32

CreateFontW
GetDeviceCaps
Rectangle
SelectObject
CreatePen
CreateSolidBrush
GetStockObject
SetTextColor
SetBkMode

advapi32

AdjustTokenPrivileges
LookupPrivilegeValueW
OpenProcessToken
RegSetValueExW
RegCreateKeyExW
QueryServiceStatusEx
ControlService
CloseServiceHandle
StartServiceW
OpenServiceW
OpenSCManagerW
RegCloseKey
RegQueryValueExW
RegOpenKeyExW

shell32

SHGetFolderPathW
CommandLineToArgvW
ShellExecuteW
ShellExecuteExW

ole32

StringFromGUID2
CoCreateInstance
CoCreateGuid
IIDFromString
CoUninitialize
CoInitialize

oleaut32

VariantInit
SysAllocString
SysFreeString

Sections

.text
Size: 148KB - Virtual size: 148KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 60KB - Virtual size: 59KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 5KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 19.2MB - Virtual size: 19.2MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 60KB - Virtual size: 60KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

49a8350366df7e2297a5da869317c8d3

Headers

DLL Characteristics

File Characteristics

Imports

msi

comctl32

wtsapi32

kernel32

user32

gdi32

advapi32

shell32

ole32

oleaut32

Sections

.text Size: 148KB - Virtual size: 148KB

.rdata Size: 60KB - Virtual size: 59KB

.data Size: 5KB - Virtual size: 13KB

.rsrc Size: 19.2MB - Virtual size: 19.2MB

.reloc Size: 60KB - Virtual size: 60KB

.text
Size: 148KB - Virtual size: 148KB

.rdata
Size: 60KB - Virtual size: 59KB

.data
Size: 5KB - Virtual size: 13KB

.rsrc
Size: 19.2MB - Virtual size: 19.2MB

.reloc
Size: 60KB - Virtual size: 60KB