0702a845c0e58c4b6875e6d42008bece

Sharing

Copy URL

Twitter E-mail

General

Target

0702a845c0e58c4b6875e6d42008bece
Size

180KB
MD5

0702a845c0e58c4b6875e6d42008bece
SHA1

3cc2ba6824dc8216d877904591de6bb05fb68b71
SHA256

28d770818a0bc04b623c83e8bd90e415f75bc234cb3c54a982b85775700b51dc
SHA512

e0b2b04ac2cccb82004c4b02137a271e784c106b73faee9ecb7b9eed17fee313bcf3d6f2220919eeed93f943720a9afb3b59b53056985b5c8359fc9344bc54b7
SSDEEP

3072:7tWcJBaffSNiDaTbc+uaguKgodmOI+Xc0A9ClCCUdMqRVNOAf2ooYv1:7T6qNEEBtKgYvXy9wv2MqRVNOAZH1

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
0702a845c0e58c4b6875e6d42008bece

Files

0702a845c0e58c4b6875e6d42008bece
.dll windows:4 windows x86 arch:x86

d9e316d0599c2ba4eca21e467f043083

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

advapi32

GetCurrentHwProfileA
ObjectCloseAuditAlarmA
GetExplicitEntriesFromAclW
RevertToSelf
ControlService
ObjectPrivilegeAuditAlarmW
LookupPrivilegeValueW
GetCurrentHwProfileW
ConvertStringSecurityDescriptorToSecurityDescriptorA
RegQueryValueA
SystemFunction009
SystemFunction007
RegQueryInfoKeyW
CryptSetProviderExA
CreateServiceA
RegEnumKeyW
GetEffectiveRightsFromAclW
CreatePrivateObjectSecurity
ElfBackupEventLogFileW
SetNamedSecurityInfoExW
MakeSelfRelativeSD
QueryServiceConfigA
ElfCloseEventLog
CryptDestroyHash
RegDeleteValueA
CryptGetProvParam
RegCreateKeyExA
TrusteeAccessToObjectA
LsaLookupNames
AddAccessAllowedAceEx
StartServiceCtrlDispatcherW
ReadEventLogW
GetAccessPermissionsForObjectW
DecryptFileW
CloseEventLog
AddAccessAllowedAce
LsaAddAccountRights
LsaEnumeratePrivileges
GetTokenInformation
RegReplaceKeyW
CryptSignHashA
CryptExportKey
GetSidIdentifierAuthority
OpenThreadToken
LsaOpenSecret
QueryRecoveryAgentsOnEncryptedFile
GetTrusteeTypeW
QueryServiceConfig2A
LsaAddPrivilegesToAccount
LsaGetRemoteUserName
DuplicateTokenEx
LookupSecurityDescriptorPartsW
SystemFunction002
SetEntriesInAccessListA
RegConnectRegistryA
SystemFunction019
AddAuditAccessObjectAce
GetMultipleTrusteeOperationW
GetAuditedPermissionsFromAclA
LsaSetInformationTrustedDomain
ReportEventA
InitiateSystemShutdownW
CryptGetHashParam
AccessCheckByTypeAndAuditAlarmW
LsaQueryInfoTrustedDomain
SetSecurityDescriptorSacl
LsaQueryDomainInformationPolicy
BuildImpersonateTrusteeA
BuildImpersonateExplicitAccessWithNameW
SystemFunction030
LsaSetTrustedDomainInfoByName
CryptCreateHash
MapGenericMask
ElfNumberOfRecords
GetFileSecurityW
ChangeServiceConfig2W
AddAccessDeniedAceEx
ElfChangeNotify
RegCreateKeyW
CheckTokenMembership
CryptVerifySignatureA
ConvertAccessToSecurityDescriptorW
QueryServiceStatus
ReadEventLogA
RegisterEventSourceW
ConvertSidToStringSidA
GetSecurityDescriptorControl
FileEncryptionStatusW
LsaRemovePrivilegesFromAccount
LsaDeleteTrustedDomain
CryptGetKeyParam
SetEntriesInAclW
ConvertSecurityDescriptorToAccessA
SystemFunction020

comctl32

ImageList_GetIconSize
ImageList_Create
ord8
ImageList_GetImageInfo
ord4
InitCommonControlsEx
ImageList_SetImageCount
ord16
InitializeFlatSB
FlatSB_SetScrollRange
PropertySheetA
ImageList_GetImageCount
ImageList_SetIconSize
ImageList_SetOverlayImage
ImageList_LoadImageW
ord17
FlatSB_SetScrollProp
ImageList_Write
PropertySheetW
FlatSB_GetScrollRange
ord7
UninitializeFlatSB
DestroyPropertySheetPage
DrawStatusTextW
ImageList_LoadImageA
ImageList_SetFilter
FlatSB_EnableScrollBar
ImageList_Copy
FlatSB_ShowScrollBar
ord3
ImageList_Remove
ImageList_Add
ImageList_Draw
ord6
FlatSB_GetScrollPos
CreateToolbarEx
ImageList_ReplaceIcon
ImageList_AddIcon
ImageList_DragMove
ImageList_GetDragImage
ImageList_DragEnter
ImageList_BeginDrag
FlatSB_SetScrollPos
CreatePropertySheetPageW
ImageList_SetBkColor
ImageList_Duplicate
ImageList_Destroy
FlatSB_SetScrollInfo
ImageList_Merge
ImageList_Replace
ImageList_DrawEx
ImageList_GetIcon
FlatSB_GetScrollProp
_TrackMouseEvent
CreatePropertySheetPageA
ord13
ImageList_DrawIndirect
ord5
ord2
ImageList_GetImageRect
ImageList_Read
ord14
FlatSB_GetScrollInfo
ImageList_AddMasked
ImageList_EndDrag
ImageList_GetBkColor
ImageList_DragLeave
CreateStatusWindowW
ord15
ImageList_DragShowNolock
ImageList_SetDragCursorImage

kernel32

VirtualAlloc
CreateMailslotA
CancelIo
GetCommProperties
GetNumberFormatW
GetNextVDMCommand
GetVersion
Heap32ListNext
TerminateThread
GetConsoleKeyboardLayoutNameW
ReadConsoleW
ClearCommBreak
LoadResource
SetThreadAffinityMask
CreateJobObjectW
CreateToolhelp32Snapshot
GetProcAddress
SetConsoleCursorPosition
OpenConsoleW
FindVolumeMountPointClose
OpenMutexA
LoadLibraryA
EnterCriticalSection
EnumDateFormatsA
ReadFileScatter
GetAtomNameA
RtlUnwind
RegisterWowExec
GetLargestConsoleWindowSize
GetModuleHandleA
GetProfileIntA
GetHandleInformation
EnumTimeFormatsA
GlobalFree
GetProcessHeaps
IsValidLocale
SetFilePointerEx
GetConsoleCursorInfo
MoveFileWithProgressA
Heap32ListFirst
GetVolumePathNameW
Process32Next
LockResource
SystemTimeToFileTime
OutputDebugStringA
SuspendThread
LocalFileTimeToFileTime
GetProcessTimes
IsBadCodePtr
GetStartupInfoW
SetFileApisToOEM
lstrcatW
CompareFileTime
GetSystemTime
WriteProcessMemory
MultiByteToWideChar
Sleep
EnumResourceLanguagesA
CreateDirectoryExA
GetFileAttributesExA
CreateFileA
GetShortPathNameW
SearchPathA
SetVolumeMountPointA
CreateMutexA
lstrcpyA
EnumResourceTypesA
UTUnRegister
CreateHardLinkW
CmdBatNotification
InterlockedExchangeAdd
GetVersionExW
DosDateTimeToFileTime
_lclose
AddAtomW
ReadConsoleOutputAttribute
TransactNamedPipe
GetCurrentThread

shell32

SHQueryRecycleBinW
RegenerateUserEnvironment
SHInvokePrinterCommandA
StrRChrIA
ExtractIconW
StrChrIW
ord179
InternalExtractIconListW
SHGetSpecialFolderLocation
StrCmpNW
ShellAboutA
StrChrIA
ord180
SHLoadInProc
SheGetDirA
SHGetDesktopFolder
SHGetInstanceExplorer
DoEnvironmentSubstA
SHGetDataFromIDListA
ShellExecuteExA
StrRChrA
StrRStrIW
RealShellExecuteExA
StrCmpNA
RealShellExecuteExW
DuplicateIcon
SHGetSettings
SheChangeDirExW
SHFileOperationA
StrNCmpW
DragQueryFileAorW
SHGetSpecialFolderPathA
StrStrIW
ExtractAssociatedIconW
CheckEscapesW
SHFileOperationW
SHEmptyRecycleBinW
ShellAboutW
DragQueryFileW
FindExecutableA
SHChangeNotify
Shell_NotifyIconA
StrNCmpIW
SHFormatDrive
ExtractAssociatedIconExW
StrChrA
StrStrW
SHGetSpecialFolderPathW
ExtractAssociatedIconA

user32

LoadIconA

winspool.drv

DeletePrinterDriverA
DeletePrinter
SetPrinterDataExW
AddJobW
EnumJobsA
ord205
DeletePrinterDriverW
ConvertUnicodeDevModeToAnsiDevmode
ADVANCEDSETUPDIALOG
EnumPrintProcessorDatatypesW
AddPortW
EnumPrinterKeyW
DeleteFormW
ord210
DeletePrintProvidorA
AddPrinterDriverExA
DocumentPropertiesW
DeletePrinterConnectionA
DeletePrintProvidorW
FindClosePrinterChangeNotification
GetPrinterDataA
EnumPrintProcessorDatatypesA
DeletePortA
DeletePrintProcessorA
AddMonitorW
PlayGdiScriptOnPrinterIC
EnumPrinterDataExW
SetFormW
AddPrinterConnectionW
AddJobA
QueryRemoteFonts
GetJobW
DevicePropertySheets
DocumentEvent
DeletePrinterConnectionW
EnumPrinterDataExA

msvcrt

wcspbrk
_mbsdec
_mbsupr
_mbsnset
_mbsinc
_mbsnccnt
_mbsicoll
wprintf
_strerror
__RTtypeid
__p__iob
ungetc
_wfindnext
scanf
is_wctype
fwprintf
isdigit
__wgetmainargs
strcmp
_mbccpy
_mbsnbcat
_getch
strstr
_mbsncpy
exp
_ismbcpunct
_spawnlp
vswprintf
getc
_fgetwchar
_ecvt
_fileno
_getpid
__p___argv
_spawnle
_wgetdcwd
_adj_fdiv_m16i
fprintf
srand
fputc
_Gettnames
getwc
_logb
asin
fwrite
fputs
fread
_cputs
printf
_CItan
_ismbbkana
_sys_nerr
_fputwchar
_mbsnicoll
_spawnl
_spawnve
_CxxThrowException
strcat
_spawnv
_mbslwr
_mbctombb
fopen
_fpieee_flt
_HUGE
_unlink
_CIlog10
_acmdln
_ltoa
fgetc
fmod
ftell
__p___initenv
__CxxLongjmpUnwind
_getdllprocaddr
_adj_fdiv_m32i
_get_osfhandle
ferror
_safe_fprem
_toupper
_ismbblead
_mbsnbcoll
_ismbcsymbol
_mbscspn
strncat
_wexecle
cosh
_isctype
wcsstr
ispunct
strtol
memset
iswpunct
fsetpos
wcsftime
_controlfp
vsprintf
__p__acmdln
fclose
_wcslwr
_fstat
_wexecve
_atoi64
tolower
ldexp
_CIsin
feof
sprintf
_adj_fdivr_m16i
fseek
_callnewh
_strdup
_putch
_j0
_wpopen
_mbscat
__p__osver
__threadhandle

Exports

Exports

Akjuxzjoqp
Cdsbvcm
Dwdzibkch
Emsnac
Emsowu
Govem
Lojpi
Qeowiy
Rwyjiaibn
Sazwdcwode
Wkkdofxv

Sections

.text
Size: 32KB - Virtual size: 30KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 16KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 120KB - Virtual size: 118KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 8KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

d9e316d0599c2ba4eca21e467f043083

Headers

File Characteristics

Imports

advapi32

comctl32

kernel32

shell32

user32

winspool.drv

msvcrt

Exports

Exports

Sections

.text Size: 32KB - Virtual size: 30KB

.rdata Size: 16KB - Virtual size: 12KB

.data Size: 120KB - Virtual size: 118KB

.reloc Size: 8KB - Virtual size: 5KB

.text
Size: 32KB - Virtual size: 30KB

.rdata
Size: 16KB - Virtual size: 12KB

.data
Size: 120KB - Virtual size: 118KB

.reloc
Size: 8KB - Virtual size: 5KB