78027e01ac3c9079fa59b0ddbb0acbd3

Sharing

Copy URL

Twitter E-mail

General

Target

78027e01ac3c9079fa59b0ddbb0acbd3
Size

67KB
MD5

78027e01ac3c9079fa59b0ddbb0acbd3
SHA1

1e5930e12dc8a8be76fbd0f562199208ed48c6fd
SHA256

616d1f4bfc7d5b17dea4a6426e7f7c00a0deb0ae907d4f6677a957e6b0bb39e7
SHA512

dfd289cb1fa8306b9e94aa1d675dbb13defa4206e6aa15aedec7660f12496fb82d746d43b33b732941d63d691399db58978f841f5f5b1f760cc77ff6e8864bf4
SSDEEP

1536:uZIpucMwb3xfYrNvbKt+oqDMw82FSFtJV937BGjtpkCr:ZucNbhfMNv+t+oqo4Fabt23hr

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
78027e01ac3c9079fa59b0ddbb0acbd3

Files

78027e01ac3c9079fa59b0ddbb0acbd3
.exe windows:6 windows x86 arch:x86

98e70c93b932f7ed6e4c8f55ee56a940

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

advapi32

RegCreateKeyExW
RegQueryValueExW
RegEnumValueW
RegOpenKeyExW
RegCloseKey
RegSetValueExW
RegCreateKeyW
RegSetValueW
RegOpenKeyW
RegQueryInfoKeyW
RegDeleteKeyW
RegDeleteValueW
RegEnumKeyExW
GetLengthSid
GetNamedSecurityInfoW
SetNamedSecurityInfoW
ConvertStringSidToSidW
AddAccessAllowedAceEx
OpenProcessToken

kernel32

GetProcAddress
HeapSetInformation
LocalFree
SetPriorityClass
FindFirstFileW
FindResourceW
LoadResource
CreateProcessW
GetCurrentProcess
CreateDirectoryW
FindFirstFileExW
GetTickCount
WriteFile
SizeofResource
CreateFileW
lstrcmpW
GetCurrentDirectoryW
FindClose
LockResource
SetCurrentDirectoryW
FindNextFileW
GetShortPathNameW
GetVersionExA
CloseHandle
DeleteFileW
SetFileAttributesW
GetTempFileNameW
InterlockedDecrement
WaitForSingleObject
CompareStringOrdinal
GetTempPathW
ExpandEnvironmentStringsW
GetVersionExW
VirtualAlloc
GetFileAttributesW
LocalAlloc
GetNativeSystemInfo
IsWow64Process
TerminateProcess
UnhandledExceptionFilter
GetSystemTimeAsFileTime
GetCurrentThreadId
GetCurrentProcessId
QueryPerformanceCounter
GetModuleHandleA
SetUnhandledExceptionFilter
GetStartupInfoW
InterlockedCompareExchange
InterlockedExchange
GetEnvironmentVariableW
SetErrorMode
FreeLibrary
GetModuleHandleW
GetSystemDirectoryW
LoadLibraryW
GetModuleFileNameW
GetLastError
Sleep

user32

PostMessageW
LoadStringW
GetShellWindow

msvcrt

_vsnwprintf
_time64
_wcsnicmp
wcsrchr
??2@YAPAXI@Z
_wfopen_s
wcschr
iswalpha
memcpy_s
wcscat_s
rand_s
fgetws
swscanf_s
fclose
_XcptFilter
__p__commode
_amsg_exit
__wgetmainargs
__set_app_type
exit
_exit
_cexit
__p__fmode
__setusermatherr
_initterm
_wcmdln
_CxxThrowException
??1type_info@@UAE@XZ
?terminate@@YAXXZ
_controlfp
_except_handler4_common
??3@YAXPAX@Z
memset

shell32

SHSetLocalizedName
ord190
SHChangeNotify
SHCreateItemFromParsingName
SHGetDesktopFolder
SHGetKnownFolderPath
ord155
ord165
SHGetSpecialFolderPathW
SHGetFolderPathW
CommandLineToArgvW
ord526
SHGetSpecialFolderLocation

ieadvpack

ExecuteCabW
RegRestoreAllW

shlwapi

PathIsNetworkPathW
SHCopyKeyW
SHRegSetUSValueW
ord388
PathFileExistsW
SHDeleteKeyW
StrCmpNIW
PathRemoveExtensionW
PathFindFileNameW
StrCmpIW
SHDeleteValueW
PathRemoveBlanksW
SHGetValueW
SHSetValueW
SHStrDupW
ord158
SHRegDeleteUSValueW
StrStrW
SHRegGetUSValueW

iertutil

ord57
ord37
ord99
ord654
ord650
ord559
ord281
ord282
ord558
ord38
ord33

oleaut32

SysFreeString
VariantInit
VariantClear
SysAllocString

ole32

CoInitializeEx
CoTaskMemFree
PropVariantClear
CoUninitialize
CoCreateInstance
OleUninitialize
OleInitialize

iedkcs32

BrandIEActiveSetup

Sections

.text
Size: 30KB - Virtual size: 29KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 28KB - Virtual size: 31KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

98e70c93b932f7ed6e4c8f55ee56a940

Headers

DLL Characteristics

File Characteristics

Imports

advapi32

kernel32

user32

msvcrt

shell32

ieadvpack

shlwapi

iertutil

oleaut32

ole32

iedkcs32

Sections

.text Size: 30KB - Virtual size: 29KB

.data Size: 512B - Virtual size: 1KB

.idata Size: 4KB - Virtual size: 4KB

.rsrc Size: 2KB - Virtual size: 2KB

.reloc Size: 28KB - Virtual size: 31KB

.text
Size: 30KB - Virtual size: 29KB

.data
Size: 512B - Virtual size: 1KB

.idata
Size: 4KB - Virtual size: 4KB

.rsrc
Size: 2KB - Virtual size: 2KB

.reloc
Size: 28KB - Virtual size: 31KB