0098198ecb3d0ff6f68dec68ccad833d

Sharing

Copy URL Twitter E-mail

General

Target

0098198ecb3d0ff6f68dec68ccad833d
Size

6.9MB
MD5

0098198ecb3d0ff6f68dec68ccad833d
SHA1

5d7d515906ed82d7e4ddf3ae92dae30d4aca14e4
SHA256

f04e6c38abc571814f3c0ecea394aa3c3319808ad85cda3708177b2cc5efa638
SHA512

6b11519869ae96033f4454e8f7a36e6a393112c3b07a976f1331ad46c00e5669d96ae28af4a464d5caa457d43590048cc5d2ae15c15773487b4ef9050c2ffa59
SSDEEP

98304:5mf30DA1bi31fgspUoWMgW+lZmjqv5JvehL7DNBuNQ6hWt1Ngj4ALK1aKdPg6DZi:5A3dbilIroWMgjZmjqrehL7hB4woh

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
0098198ecb3d0ff6f68dec68ccad833d

Files

0098198ecb3d0ff6f68dec68ccad833d
.exe windows:5 windows x86 arch:x86

03569bfdcaa674cacc162a008700f8ef

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

msi

ord150
ord88
ord141
ord32
ord118
ord78
ord113
ord159
ord205
ord169
ord70
ord92
ord160
ord8

kernel32

GetModuleHandleW
FlushFileBuffers
GetCurrentProcess
Sleep
VerSetConditionMask
VerifyVersionInfoW
CreateDirectoryW
SetLastError
GetModuleFileNameW
GetTempPathW
WaitForSingleObject
FormatMessageW
LoadLibraryW
LocalFree
CreateProcessW
FreeLibrary
lstrcpyW
GetTempFileNameW
GetExitCodeProcess
InterlockedDecrement
OpenProcess
CreateToolhelp32Snapshot
Process32NextW
FileTimeToSystemTime
Process32FirstW
FileTimeToLocalFileTime
lstrcmpiW
GetProcessTimes
GetCommandLineW
GetCommandLineA
GetCPInfo
GetOEMCP
IsValidCodePage
GetProcAddress
FindResourceW
LoadResource
FindResourceExW
CloseHandle
DeleteFileW
LockResource
CreateFileW
WriteFile
lstrlenW
SizeofResource
GetProcessHeap
DeleteCriticalSection
HeapDestroy
DecodePointer
HeapAlloc
RaiseException
HeapReAlloc
GetLastError
HeapSize
InitializeCriticalSectionAndSpinCount
HeapFree
GetEnvironmentStringsW
FreeEnvironmentStringsW
SetStdHandle
GetConsoleCP
GetConsoleMode
SetFilePointerEx
WriteConsoleW
GetACP
GetStdHandle
FindNextFileW
FindFirstFileExW
FindClose
WideCharToMultiByte
MultiByteToWideChar
GetModuleHandleExW
ExitProcess
RtlUnwind
LoadLibraryExW
TlsFree
LCMapStringW
GetStringTypeW
IsDebuggerPresent
OutputDebugStringW
EnterCriticalSection
LeaveCriticalSection
SetEvent
ResetEvent
WaitForSingleObjectEx
CreateEventW
UnhandledExceptionFilter
SetUnhandledExceptionFilter
TerminateProcess
IsProcessorFeaturePresent
GetStartupInfoW
QueryPerformanceCounter
GetCurrentProcessId
GetCurrentThreadId
GetSystemTimeAsFileTime
InitializeSListHead
EncodePointer
TlsAlloc
TlsGetValue
TlsSetValue
GetFileType

user32

ExitWindowsEx
MessageBoxW
wsprintfW

advapi32

RegDeleteValueW
EqualSid
GetTokenInformation
LookupPrivilegeValueW
AdjustTokenPrivileges
RegCreateKeyExW
RegSetValueExW
OpenProcessToken
GetSecurityDescriptorSacl
SetSecurityDescriptorDacl
GetSecurityDescriptorDacl
RegCloseKey
GetAclInformation
GetSecurityDescriptorGroup
GetSidSubAuthority
GetSidLengthRequired
GetSecurityDescriptorControl
CopySid
InitializeSid
GetSecurityDescriptorOwner
IsValidSid
AddAce
InitializeSecurityDescriptor
InitializeAcl
RegOpenKeyExW
GetLengthSid
GetSecurityDescriptorLength
RegQueryValueExW
MakeSelfRelativeSD
MakeAbsoluteSD
DeregisterEventSource
RegisterEventSourceW
ReportEventW

shell32

SHGetFolderPathW
SHFileOperationW

ole32

OleRun
CoSetProxyBlanket
CoCreateInstance
CoInitialize
CoTaskMemFree

oleaut32

SystemTimeToVariantTime
VariantInit
SysFreeString
SysAllocString
VarDateFromStr
VariantTimeToSystemTime
VarBstrFromDate
VariantChangeType
VariantClear

wtsapi32

WTSSendMessageW
WTSEnumerateSessionsW
WTSFreeMemory
WTSQuerySessionInformationW

Sections

.text
Size: 103KB - Virtual size: 103KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 37KB - Virtual size: 37KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 512B - Virtual size: 9B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.gfids
Size: 512B - Virtual size: 264B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 6.8MB - Virtual size: 6.8MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

03569bfdcaa674cacc162a008700f8ef

Headers

DLL Characteristics

File Characteristics

Imports

msi

kernel32

user32

advapi32

shell32

ole32

oleaut32

wtsapi32

Sections

.text Size: 103KB - Virtual size: 103KB

.rdata Size: 37KB - Virtual size: 37KB

.data Size: 2KB - Virtual size: 5KB

.tls Size: 512B - Virtual size: 9B

.gfids Size: 512B - Virtual size: 264B

.rsrc Size: 6.8MB - Virtual size: 6.8MB

.text
Size: 103KB - Virtual size: 103KB

.rdata
Size: 37KB - Virtual size: 37KB

.data
Size: 2KB - Virtual size: 5KB

.tls
Size: 512B - Virtual size: 9B

.gfids
Size: 512B - Virtual size: 264B

.rsrc
Size: 6.8MB - Virtual size: 6.8MB