7b636aaa4dc7f7fe46695451a2b7107e

Sharing

Copy URL Twitter E-mail

General

Target

7b636aaa4dc7f7fe46695451a2b7107e
Size

86KB
MD5

7b636aaa4dc7f7fe46695451a2b7107e
SHA1

792b6584dd839e31f78317e7211efa73b06ddd15
SHA256

23a47f5b7c10fc572c06492560c17c9c22ae5f42058308035270601e838b0a6f
SHA512

42626012790773fd4a558f1b0ac3a859aff54f5a405b3bf22c4d1639ac1e89d3fbfe6e712c545455e347dc182f33021d6ccda885b2658a15e3277d882a664c9b
SSDEEP

1536:VkBG9KyenwNXVuXb6a6JfVjWP/XiYRGiPGA4DHlOWUIb3171cWm2ERhsOHyKdK:VGyenUXVuL6JVMPiGpGA4DF7zJ71lETk

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
7b636aaa4dc7f7fe46695451a2b7107e

Files

7b636aaa4dc7f7fe46695451a2b7107e
.exe windows:4 windows x86 arch:x86

0877e2cbd90778b86a9f8440d98da798

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

DeleteAtom
lstrcmp
WriteConsoleW
FatalExit
VirtualQuery
TlsSetValue
HeapUnlock
GetSystemPowerStatus
Thread32First
FillConsoleOutputAttribute
SetCurrentDirectoryA
SetCommMask
ContinueDebugEvent
GetTimeFormatA
ReadConsoleOutputAttribute
SetComputerNameW
LocalSize
ReadFile
Process32Next
GetCommModemStatus
GetProcessWorkingSetSize
PeekConsoleInputA
GetOEMCP
SetVolumeLabelA
FindResourceW
SetThreadPriorityBoost
GetPrivateProfileIntW
WriteFileEx
UnlockFileEx
IsValidCodePage
SetHandleCount
CancelIo
ClearCommBreak
VirtualQueryEx
WritePrivateProfileStructA
SetEnvironmentVariableW
SetThreadContext
GetTapePosition
GlobalSize
EnumDateFormatsW
EnumResourceLanguagesW
SetComputerNameA
GetConsoleTitleW
LocalAlloc
GetLogicalDriveStringsW
FindCloseChangeNotification
GetEnvironmentStringsA
SetConsoleCP
GetSystemDirectoryW
lstrcpyA
lstrcmpi
OpenEventA
GlobalFix
GetLogicalDrives
CreateNamedPipeA
SwitchToThread
GetEnvironmentStringsW
GetBinaryTypeW
HeapWalk
GetStdHandle
TlsFree
SetProcessPriorityBoost
FreeResource
VirtualLock
HeapDestroy
WriteProcessMemory
GetACP
LockResource
EnumTimeFormatsA
GetConsoleCP
SetConsoleCursorInfo
CallNamedPipeW
PeekConsoleInputW
CreateMutexA
LoadModule
FileTimeToSystemTime
CreateIoCompletionPort
FindNextChangeNotification
GlobalMemoryStatus
SetCommState
SetConsoleCursorPosition
SetWaitableTimer
WaitNamedPipeA
GetTempFileNameW
LocalFlags
GetAtomNameA
SetMessageWaitingIndicator
lstrlenW
SetCommBreak
SetConsoleTitleA
SetDefaultCommConfigW
GetCurrentDirectoryW
Module32First
GetCurrentThreadId
GetWindowsDirectoryW
UnmapViewOfFile
GetProcAddress
GlobalLock
SetTapePosition
GetDriveTypeW
MoveFileW
LocalFree
GetModuleFileNameW
CreateFileMappingW
ReadConsoleInputA
CreateFileMappingA
WriteProfileSectionA
CreateSemaphoreW
FindFirstChangeNotificationW
GetExitCodeProcess
VirtualProtect
WaitForSingleObjectEx
IsSystemResumeAutomatic
GetCPInfo
QueryDosDeviceW
CreateConsoleScreenBuffer
IsBadStringPtrW
SearchPathW
CopyFileW
GlobalUnfix
GetDevicePowerState
lstrcatA
LoadLibraryExA
WriteProfileStringW
SetPriorityClass
GetQueuedCompletionStatus
EnumCalendarInfoExA
DeleteFileA
ExitProcess
GetMailslotInfo
UnlockFile
GetNumberOfConsoleInputEvents
WritePrivateProfileSectionA
GetVersion
EnumSystemLocalesW
DefineDosDeviceW
PostQueuedCompletionStatus
GlobalHandle
ReadDirectoryChangesW
GetSystemDirectoryA
CreateThread
CreateToolhelp32Snapshot
GetCurrencyFormatW
CallNamedPipeA
IsBadHugeReadPtr
lstrcmpiW
GetCurrentDirectoryA
GetProcessPriorityBoost
FindResourceExW
VirtualAlloc

ole32

StgOpenStorage
GetRunningObjectTable
CoIsHandlerConnected
CoGetStandardMarshal
CreateDataCache
OleCreateLinkToFileEx
ReadFmtUserTypeStg
OleLoadFromStream
OleInitialize
OleIsCurrentClipboard
CoGetObject
OleGetClipboard
StgOpenStorageOnILockBytes
OleIsRunning
CreateDataAdviseHolder
CoGetCallerTID
CoGetInterfaceAndReleaseStream
IIDFromString
CoRevertToSelf
CLSIDFromString
FreePropVariantArray
StgCreateDocfileOnILockBytes
StgSetTimes
CreateFileMoniker
OleCreateLinkFromDataEx
RevokeDragDrop
CoAddRefServerProcess
CoRegisterChannelHook
CoFreeAllLibraries
OleCreateFromData
StringFromGUID2
CoRegisterPSClsid
OleCreateMenuDescriptor
CoReleaseMarshalData
CoMarshalInterThreadInterfaceInStream
CoGetClassObject
StringFromIID
OleCreateLinkToFile
CoRegisterMessageFilter
DllDebugObjectRPCHook
CoRevokeMallocSpy
CoFreeUnusedLibraries
WriteStringStream
CoQueryAuthenticationServices
CoInitializeSecurity
PropVariantClear
CoRegisterMallocSpy
OleCreateFromDataEx
GetClassFile
OleConvertIStorageToOLESTREAM
OleCreateDefaultHandler
CoCreateInstance
WriteOleStg
GetHGlobalFromStream
CoBuildVersion
CoQueryReleaseObject
BindMoniker
CoGetMalloc
GetHookInterface
CoMarshalInterface
CoRevokeClassObject
GetDocumentBitStg
CoSetProxyBlanket
CoGetInstanceFromFile
CreateItemMoniker
OleCreateFromFile
CoDosDateTimeToFileTime
OleConvertOLESTREAMToIStorageEx
StgGetIFillLockBytesOnFile
CoDisconnectObject
CoImpersonateClient
MkParseDisplayName
WriteClassStg
StgIsStorageFile
OleSaveToStream
CreateGenericComposite
GetConvertStg
WriteFmtUserTypeStg
CoSwitchCallContext
OleTranslateAccelerator
CoGetCurrentProcess
CoGetInstanceFromIStorage
OleSetClipboard
OleCreateLinkFromData
OleSetMenuDescriptor
OleConvertOLESTREAMToIStorage
CoLoadLibrary
ReadStringStream
OleUninitialize
UtGetDvtd16Info
ReadClassStm
ReadOleStg
StgIsStorageILockBytes
OleRegGetMiscStatus
CoMarshalHresult
OleRegEnumVerbs
SetDocumentBitStg
CoResumeClassObjects
OleGetIconOfFile
CoUninitialize
WriteClassStm
CoInitializeEx
UtConvertDvtd32toDvtd16
OleBuildVersion
OleMetafilePictFromIconAndLabel
StgOpenAsyncDocfileOnIFillLockBytes
ProgIDFromCLSID
OleConvertIStorageToOLESTREAMEx
CoGetCurrentLogicalThreadId
ReleaseStgMedium
OleQueryLinkFromData
IsEqualGUID

advapi32

RegCreateKeyW
RegDeleteKeyA
GetAccessPermissionsForObjectA
RegEnumKeyExW
RegCreateKeyExA
GetExplicitEntriesFromAclA
CryptEnumProviderTypesA
GetMultipleTrusteeOperationA
SetThreadToken
LookupAccountSidW
BuildExplicitAccessWithNameW
RegQueryValueExW
CryptVerifySignatureW
ImpersonateNamedPipeClient
CreatePrivateObjectSecurity
CryptAcquireContextA
SetSecurityDescriptorGroup
CryptSetProviderA
SetSecurityInfoExW
BuildImpersonateExplicitAccessWithNameA
RegDeleteValueA
ReportEventA
RegQueryValueW
GetMultipleTrusteeA
QueryServiceStatus
GetAce
ChangeServiceConfigW
GetOldestEventLogRecord
CryptSetProviderExW
EnumServicesStatusW
CryptVerifySignatureA
ObjectDeleteAuditAlarmW
InitiateSystemShutdownW
RegisterServiceCtrlHandlerA
LookupAccountNameA
ChangeServiceConfigA
CancelOverlappedAccess
SetPrivateObjectSecurity
LookupAccountNameW
CryptExportKey
AllocateLocallyUniqueId
CryptGetHashParam
RegEnumKeyW
RegConnectRegistryW
GetAuditedPermissionsFromAclW
AddAuditAccessAce
CryptAcquireContextW
BuildTrusteeWithSidA
ConvertSecurityDescriptorToAccessW
RegOpenKeyW
GetNamedSecurityInfoA
SetEntriesInAccessListA
CreateServiceA
RegQueryValueA
AddAce
CryptGetProvParam
CryptSetProvParam
QueryServiceLockStatusW
GetExplicitEntriesFromAclW
CloseServiceHandle
SetServiceStatus
StartServiceA
GetPrivateObjectSecurity
GetLengthSid
RegQueryValueExA
GetSidSubAuthority
SetNamedSecurityInfoW
RegUnLoadKeyW
LogonUserA
CopySid
CryptDuplicateHash
AddAccessDeniedAce
CryptDestroyHash
RevertToSelf
SetEntriesInAuditListA
GetKernelObjectSecurity
ConvertSecurityDescriptorToAccessNamedA
CryptDuplicateKey
DuplicateToken
RegQueryInfoKeyW
RegCreateKeyExW
ObjectCloseAuditAlarmW
GetSecurityInfoExA
CryptGenKey
RegSaveKeyW
GetFileSecurityW
GetServiceKeyNameA
CryptEnumProviderTypesW
GetServiceDisplayNameW
ImpersonateSelf
ReadEventLogA
EnumDependentServicesW
DestroyPrivateObjectSecurity
CryptCreateHash
CryptGenRandom
CryptContextAddRef
OpenBackupEventLogA
TrusteeAccessToObjectW
GetUserNameA
AreAllAccessesGranted
GetAclInformation
DeregisterEventSource
InitializeSecurityDescriptor
EqualSid
CloseEventLog
OpenServiceA
ObjectOpenAuditAlarmW
GetFileSecurityA
CryptSetProviderW
CryptGetKeyParam
LookupPrivilegeDisplayNameW
AccessCheckAndAuditAlarmW
ReadEventLogW
GetTrusteeTypeA

shlwapi

PathRemoveExtensionW
StrCpyNW
PathIsDirectoryW
PathMatchSpecW
PathIsRelativeA
PathIsFileSpecA
PathIsUNCServerW
SHRegEnumUSKeyA
UrlCanonicalizeA
StrCatBuffA
StrFormatByteSize64A
PathSetDlgItemPathA
SHRegCreateUSKeyA
SHRegWriteUSValueA
PathFindNextComponentA
SHGetThreadRef
PathGetArgsW
StrIsIntlEqualW
StrRChrIW
PathCanonicalizeW
PathStripPathA
StrSpnA
StrRChrIA
StrFormatKBSizeW
PathIsPrefixW
PathIsSystemFolderA
SHRegCreateUSKeyW
ChrCmpIA
SHCopyKeyA
StrCmpIW
PathParseIconLocationW
UrlGetPartA
IntlStrEqWorkerW
PathMakeSystemFolderW
PathCreateFromUrlW
StrRetToStrW
PathUndecorateW
PathGetCharTypeW
GetMenuPosFromID
StrChrIW
IntlStrEqWorkerA
StrCatW
StrToIntExA
SHRegOpenUSKeyA
StrCmpNW
PathFindFileNameA
StrNCatW
SHCopyKeyW
PathRemoveBlanksA
StrChrA
PathRemoveArgsA
PathIsURLA
PathIsNetworkPathW
SHSetValueW
AssocQueryStringByKeyW
SHDeleteValueA
PathRemoveFileSpecW
PathIsRootW
SHEnumValueW
StrCpyW
ColorAdjustLuma
StrFromTimeIntervalW
PathCompactPathW
SHSetThreadRef
AssocQueryKeyW
SHQueryValueExA
PathCanonicalizeA
StrFormatByteSizeW
UrlUnescapeA
PathSkipRootA
PathIsLFNFileSpecA
UrlCombineA
PathIsNetworkPathA
PathMatchSpecA
SHRegDeleteEmptyUSKeyW
PathIsContentTypeW
PathFileExistsA
SHGetValueW
SHIsLowMemoryMachine
StrStrIA
PathSkipRootW
SHQueryInfoKeyA
wvnsprintfA
StrStrW
StrNCatA
AssocQueryStringA
SHEnumValueA
PathUnmakeSystemFolderA
StrCmpNIW
SHRegEnumUSValueW
ColorHLSToRGB
PathAddExtensionW
StrCmpNIA
UrlIsOpaqueW
StrChrIA
StrToIntExW
PathParseIconLocationA
PathFindSuffixArrayA
PathSearchAndQualifyW

user32

InsertMenuItemA
RemovePropW
SwitchDesktop
WINNLSEnableIME
SetDlgItemTextW
GetDoubleClickTime
CheckMenuRadioItem
DestroyWindow
GetDCEx
EnumPropsExW
GetWindowLongA
LoadCursorFromFileA
SetMenuItemInfoA
GetMenuItemID
BroadcastSystemMessageW
GetInputDesktop
GetMessageTime
DdeReconnect
GetWindowContextHelpId
SetSystemCursor
SetWindowsHookW
WinHelpW
RealChildWindowFromPoint
EnableScrollBar
GetKeyState
ReplyMessage
SetThreadDesktop
SetShellWindow
SetScrollRange
MenuItemFromPoint
ShowCaret
GetClipboardFormatNameW
GetInputState
RegisterDeviceNotificationW
CreateMDIWindowA
SetWindowPos
ChangeDisplaySettingsExW
GetKeyboardType
WaitMessage
DrawFrameControl
PostMessageA
CascadeChildWindows
SetRect
SetWindowRgn
UnloadKeyboardLayout
DrawTextExW
DdeConnect
CharToOemBuffW
ScrollWindow
IsCharAlphaNumericW
DeferWindowPos
DdeInitializeW
TranslateAcceleratorW
DdePostAdvise
IsDialogMessageA
SetScrollPos
OpenClipboard
ExitWindowsEx
DlgDirSelectComboBoxExW
ScrollWindowEx
IsCharLowerW
EnableWindow
CharLowerW
WinHelpA
DdeUninitialize
TabbedTextOutA
CopyImage
OemKeyScan
SetUserObjectInformationA
EnumPropsW
ShowOwnedPopups
RegisterDeviceNotificationA
GetMenuDefaultItem
BeginPaint
SetWindowTextW
TrackMouseEvent
OpenDesktopA
CreateCaret
InflateRect
FindWindowExW
EndMenu
CharNextA
EnumDesktopsA
DestroyAcceleratorTable
ToUnicode
GetIconInfo
BeginDeferWindowPos
LoadAcceleratorsW
CharUpperA
SetCaretPos
ChildWindowFromPointEx
CreateDialogParamA
GrayStringA
SetParent
RegisterWindowMessageA
CreateDialogParamW
SendMessageCallbackW
CreateDialogIndirectParamW
DlgDirListA
SetClassWord
ChangeMenuA
SetTimer
CreateDesktopW
GetKeyNameTextW
RealGetWindowClass
SetPropW
ReuseDDElParam
InsertMenuA
GetMonitorInfoW

Sections

.text
Size: 68KB - Virtual size: 68KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 16KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 95B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

0877e2cbd90778b86a9f8440d98da798

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

ole32

advapi32

shlwapi

user32

Sections

.text Size: 68KB - Virtual size: 68KB

.rdata Size: 16KB - Virtual size: 16KB

.data Size: 512B - Virtual size: 95B

.text
Size: 68KB - Virtual size: 68KB

.rdata
Size: 16KB - Virtual size: 16KB

.data
Size: 512B - Virtual size: 95B