f69a255160d6c27cd3763f2e6f164a15

Sharing

Copy URL Twitter E-mail

General

Target

f69a255160d6c27cd3763f2e6f164a15
Size

212KB
MD5

f69a255160d6c27cd3763f2e6f164a15
SHA1

c507e108f0e7b225af244956408c0003a09a3a9c
SHA256

38de15f1e278b0935cb3577c659b4340db500d3fdee13cded18209f8257fee0c
SHA512

a42e47b9ab1fcfd8858d169c38cc6e04509b8454a8b23d2a50bf7090099688259b32da755292c4c7c9c1d3be1f4dd5c40c87dec8b8518d01f14e1b463d2be8a8
SSDEEP

6144:3KFaqqDLl0Df+J3XAJGkry8eaXGRWqM5pmrDBOpXkSlUP3:3KFvqnl0DfUnA1eaXGRA5pmRIdlO3

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
f69a255160d6c27cd3763f2e6f164a15

Files

f69a255160d6c27cd3763f2e6f164a15
.exe windows:5 windows x86 arch:x86

1ce91d6c99b0ce4c4a79b165ce7cf815

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

FindNextFileW
VirtualProtect
CreateToolhelp32Snapshot
GetFileTime
CloseHandle
FileTimeToLocalFileTime
GetVolumeNameForVolumeMountPointW
DeleteFileW
GetFileInformationByHandle
LocalFree
GetSystemTime
WriteProcessMemory
SetFileAttributesW
CreateThread
ExpandEnvironmentStringsW
GetNativeSystemInfo
GetVersionExW
GlobalLock
GlobalUnlock
ExitProcess
SetEvent
lstrcmpiA
WTSGetActiveConsoleSessionId
SetThreadPriority
GetCommandLineW
SetErrorMode
GetComputerNameW
lstrlenW
CreateEventW
GetFileAttributesExW
OpenEventW
DuplicateHandle
lstrcmpiW
MoveFileExW
TerminateProcess
GetPrivateProfileStringW
GetPrivateProfileIntW
CreateRemoteThread
GetUserDefaultUILanguage
ExitThread
GetModuleHandleA
GetThreadContext
SetThreadContext
GetProcessId
ResetEvent
GetLocalTime
MapViewOfFile
UnmapViewOfFile
CreateFileMappingW
TlsAlloc
TlsFree
SetHandleInformation
CreatePipe
TlsGetValue
TlsSetValue
MultiByteToWideChar
CreateFileW
GetTimeZoneInformation
ReadFile
Thread32Next
GetFileAttributesW
lstrcpynW
HeapCreate
Process32NextW
WaitForMultipleObjects
QueryDosDeviceW
RemoveDirectoryW
Process32FirstW
LoadLibraryA
FindClose
VirtualAllocEx
VirtualProtectEx
GetProcAddress
GetLastError
OpenMutexW
GetFileSizeEx
GetTempPathW
GetCurrentProcessId
FlushFileBuffers
HeapDestroy
ReadProcessMemory
Sleep
LoadLibraryW
VirtualFreeEx
WideCharToMultiByte
Thread32First
OpenProcess
WriteFile
VirtualQueryEx
SetFileTime
IsBadReadPtr
GetProcessHeap
GetCurrentThread
GetModuleHandleW
CreateDirectoryW
HeapFree
GetLogicalDriveStringsW
SetFilePointerEx
WaitForSingleObject
GetCurrentProcess
SystemTimeToFileTime
HeapAlloc
CreateProcessW
FreeLibrary
SetEndOfFile
FindFirstFileW
CreateMutexW
HeapReAlloc
GetTempFileNameW
FileTimeToDosDateTime
GetEnvironmentVariableW
ReleaseMutex
GetCurrentThreadId
SetLastError
GetTickCount
EnterCriticalSection
VirtualAlloc
LeaveCriticalSection
InitializeCriticalSection
VirtualFree
GetModuleFileNameW

user32

RegisterClassW
CallWindowProcA
CallWindowProcW
DefWindowProcW
DefFrameProcW
RegisterClassA
CreateDesktopW
SetProcessWindowStation
GetThreadDesktop
CloseWindowStation
CreateWindowStationW
GetProcessWindowStation
OpenDesktopW
CloseDesktop
SetThreadDesktop
GetUserObjectInformationW
DefMDIChildProcA
MessageBoxA
GetKeyboardLayoutList
GetKeyboardState
GetClipboardData
ToUnicode
GetTopWindow
LoadImageW
MsgWaitForMultipleObjects
GetUpdateRgn
CharLowerW
CharToOemW
GetDC
TranslateMessage
CharLowerA
DefDlgProcA
SwitchDesktop
DefMDIChildProcW
DefWindowProcA
GetDCEx
FillRect
DrawEdge
IntersectRect
EqualRect
PrintWindow
RegisterWindowMessageW
GetMenuItemID
SetKeyboardState
GetSubMenu
MenuItemFromPoint
GetMenu
GetMenuItemRect
TrackPopupMenuEx
SystemParametersInfoW
GetClassNameW
GetMenuState
GetMenuItemCount
PostThreadMessageW
HiliteMenuItem
EndMenu
GetShellWindow
DrawIcon
CharLowerBuffA
GetIconInfo
GetSystemMetrics
MapVirtualKeyW
ExitWindowsEx
EndPaint
ReleaseDC
CharUpperW
SetWindowLongW
RegisterClassExA
GetWindowDC
DefDlgProcW
DefFrameProcA
OpenInputDesktop
BeginPaint
GetWindow
DispatchMessageW
GetMessageA
GetWindowRect
GetMessageW
SetCapture
PostMessageW
GetParent
GetWindowInfo
GetClassLongW
GetCapture
SetCursorPos
GetWindowLongW
GetAncestor
PeekMessageW
PeekMessageA
SetWindowPos
GetCursorPos
GetUpdateRect
WindowFromPoint
RegisterClassExW
SendMessageTimeoutW
IsWindow
ReleaseCapture
SendMessageW
MapWindowPoints
GetMessagePos
GetWindowThreadProcessId
IsRectEmpty
OpenWindowStationW

advapi32

CryptGetHashParam
OpenProcessToken
GetSidSubAuthority
CryptAcquireContextW
OpenThreadToken
GetSidSubAuthorityCount
GetTokenInformation
RegCreateKeyExW
CryptReleaseContext
RegQueryValueExW
CreateProcessAsUserW
InitializeSecurityDescriptor
SetSecurityDescriptorDacl
SetNamedSecurityInfoW
LookupPrivilegeValueW
CryptCreateHash
ConvertStringSecurityDescriptorToSecurityDescriptorW
RegOpenKeyExW
GetSecurityDescriptorSacl
SetSecurityDescriptorSacl
CryptDestroyHash
AdjustTokenPrivileges
RegCloseKey
RegSetValueExW
CryptHashData
ConvertSidToStringSidW
EqualSid
IsWellKnownSid
GetLengthSid
InitiateSystemShutdownExW
SetSecurityInfo
RegCreateKeyW
RegQueryInfoKeyW
RegDeleteValueW
RegEnumValueW
RegEnumKeyExW
RegEnumKeyW
CreateProcessAsUserA

shlwapi

PathMatchSpecW
StrStrIW
StrStrIA
PathIsURLW
PathQuoteSpacesW
PathRenameExtensionW
StrCmpNIW
wvnsprintfA
StrCmpNIA
UrlUnescapeA
PathRemoveBackslashW
PathUnquoteSpacesW
PathAddExtensionW
PathCombineW
SHDeleteKeyW
PathSkipRootW
SHDeleteValueW
PathAddBackslashW
PathRemoveFileSpecW
PathFindFileNameW
PathIsDirectoryW
wvnsprintfW

shell32

ShellExecuteW
CommandLineToArgvW
SHGetFolderPathW

secur32

GetUserNameExW

ole32

CoSetProxyBlanket
CoUninitialize
CLSIDFromString
StringFromGUID2
CoInitializeSecurity
CoInitialize
CoInitializeEx
CoCreateInstance

gdi32

DeleteObject
GetDIBits
GetDeviceCaps
CreateDIBSection
SelectObject
CreateCompatibleDC
DeleteDC
RestoreDC
SaveDC
SetRectRgn
GdiFlush
SetViewportOrgEx
CreateCompatibleBitmap

ws2_32

send
closesocket
WSASetLastError
freeaddrinfo
socket
bind
recv
sendto
WSAEventSelect
inet_addr
WSASend
gethostbyname
getpeername
recvfrom
WSAIoctl
listen
accept
shutdown
getsockname
WSAGetLastError
select
getaddrinfo
WSAStartup
WSAAddressToStringW
connect
setsockopt

crypt32

PFXExportCertStoreEx
CertDuplicateCertificateContext
CertEnumCertificatesInStore
CertCloseStore
CertOpenSystemStoreW
CertDeleteCertificateFromStore
PFXImportCertStore
CryptUnprotectData

wininet

InternetReadFile
InternetSetOptionA
HttpOpenRequestA
HttpSendRequestA
InternetQueryOptionA
InternetSetStatusCallbackA
HttpAddRequestHeadersA
HttpAddRequestHeadersW
InternetSetStatusCallbackW
GetUrlCacheEntryInfoW
HttpEndRequestW
HttpEndRequestA
InternetSetFilePointer
HttpOpenRequestW
HttpSendRequestW
InternetReadFileExA
InternetQueryDataAvailable
HttpSendRequestExW
HttpSendRequestExA
InternetCrackUrlA
InternetCloseHandle
HttpQueryInfoA
InternetConnectA
InternetQueryOptionW
InternetOpenA

oleaut32

SysFreeString
VariantInit
SysAllocString
VariantClear

netapi32

NetUserEnum
NetApiBufferFree
NetUserGetInfo

version

VerQueryValueW
GetFileVersionInfoSizeW
GetFileVersionInfoW

winmm

PlaySoundW
waveOutSetVolume
waveOutGetVolume
PlaySoundA

Sections

.text
Size: 199KB - Virtual size: 199KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

1ce91d6c99b0ce4c4a79b165ce7cf815

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

advapi32

shlwapi

shell32

secur32

ole32

gdi32

ws2_32

crypt32

wininet

oleaut32

netapi32

version

winmm

Sections

.text Size: 199KB - Virtual size: 199KB

.data Size: 2KB - Virtual size: 10KB

.reloc Size: 8KB - Virtual size: 8KB

.text
Size: 199KB - Virtual size: 199KB

.data
Size: 2KB - Virtual size: 10KB

.reloc
Size: 8KB - Virtual size: 8KB