01dd138460a4cadd1ea77c2d7b6dd363

Sharing

Copy URL

Twitter E-mail

General

Target

01dd138460a4cadd1ea77c2d7b6dd363
Size

225KB
MD5

01dd138460a4cadd1ea77c2d7b6dd363
SHA1

47fdc4cfd9174fb2788417eb2adf6863670bd08b
SHA256

3a0058aa661fdb2004173b52b803ff6bdacb42d25e0a0bca49d4a40ce2dfef88
SHA512

26fc90de06b3ab5c6b15714c2e649a3e2f22146b6bae1901d87de7caf73253aa78473e7dc448e8fdcb4558e871b908e08f687e1cc51a09add5678aa489b8ce5f
SSDEEP

6144:9/26kJC3oghja3DpYGaYxKrNV0eS1HeMa74bqUV:UC4gNobaYoN2eS1GlUV

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
01dd138460a4cadd1ea77c2d7b6dd363

Files

01dd138460a4cadd1ea77c2d7b6dd363
.exe .vbs windows:5 windows x86 arch:x86 polyglot

0bb79b5c820db3a7f3b56a2dbe1bdbc4

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

comctl32

CreatePropertySheetPageW
PropertySheetW

user32

RegisterClassA
CreateWindowExA
GetMessageA
TranslateMessage
DispatchMessageA
DefWindowProcA
MessageBoxW
wvsprintfW
GetWindowTextA
GetWindow
GetWindowThreadProcessId
FindWindowExA
CloseDesktop
EnumWindows
SetThreadDesktop
GetThreadDesktop
OpenDesktopA
CloseWindowStation
EnumDesktopsA
SetProcessWindowStation
GetProcessWindowStation
OpenWindowStationA
EnumWindowStationsA
LoadIconA
MessageBoxA
SetDlgItemTextA
DialogBoxParamA
SetWindowTextA
DialogBoxParamW
SendDlgItemMessageA
ShowWindow
SendMessageA
GetDlgItem
LoadStringW
LoadStringA
EndDialog
SetForegroundWindow
SendMessageW
PostMessageA
SetWindowTextW
SetWindowLongA
GetWindowLongA
GetParent
DestroyWindow
SetDlgItemTextW
KillTimer
IsDlgButtonChecked
SetTimer
CheckDlgButton
EnableWindow

ntdll

_chkstk
wcslen
wcscpy
_snwprintf
strtoul
NtClose
NtAdjustPrivilegesToken
NtOpenProcessToken
NtQueryInformationProcess
RtlFreeUnicodeString
RtlAnsiStringToUnicodeString
RtlInitAnsiString
RtlCharToInteger
LdrAccessResource
LdrFindResource_U
NtQuerySystemInformation
NtShutdownSystem
RtlUnicodeStringToAnsiString
_itoa
strncat
_strcmpi
strrchr
_stricmp
_snprintf
_vsnprintf
strstr
strncpy
strchr
RtlUnwind
sprintf
_strnicmp
NtQueryVirtualMemory

ole32

CoInitialize
CoUninitialize
CoCreateInstance
CoInitializeEx

updspapi

UpdSpStringTableInitialize
UpdSpStringTableInitializeEx
UpdSpStringTableAddString
UpdSpStringTableAddStringEx
UpdSpStringTableLookUpString
UpdSpStringTableLookUpStringEx
UpdSpGetLineCountA
UpdSpSetDynamicStringA
UpdSpGetTargetPathA
UpdSpStringTableDestroy
UpdSpPromptForDiskA
UpdSpSetDirectoryIdA
UpdSpGetSourceInfoA
UpdSpOpenFileQueue
UpdSpGetFieldCount
UpdSpInitDefaultQueueCallbackEx
UpdSpCloseInfFile
UpdSpStringTableEnum
UpdSpScanFileQueueA
UpdSpCopyErrorA
UpdSpFindNextMatchLineW
UpdSpGetMultiSzFieldW
UpdSpGetStringFieldW
UpdSpCommitFileQueueA
UpdSpDefaultQueueCallbackW
UpdSpDefaultQueueCallbackA
UpdSpInstallFromInfSectionA
UpdSpOpenAppendInfFileA
UpdSpDecompressOrCopyFileA
UpdSpGetLineTextW
UpdSpGetIntField
UpdSpGetBinaryField
UpdSpGetLineTextA
UpdSpOpenInfFileA
UpdSpFindFirstLineA
UpdSpGetStringFieldA
UpdSpFindNextLine
UpdSpGetTargetPathW
UpdSpInstallFilesFromInfSectionA
UpdSpFindFirstLineW
UpdSpGetLineByIndexA

msvcrt

memmove
isdigit
calloc
swprintf
wcscmp
toupper
strspn
atol
strpbrk
_close
_lseek
_read
_open
mbstowcs
getenv
_ultoa
_wtoi64
strcspn
strtok
wcstoul
exit
_itow
_c_exit
_exit
_XcptFilter
_cexit
_acmdln
__getmainargs
_initterm
__setusermatherr
_adjust_fdiv
__p__commode
__p__fmode
__set_app_type
_controlfp
_strdup
_vsnwprintf
_mbslwr
free
_wcsicmp
malloc

advapi32

InitiateSystemShutdownA
RegQueryValueExA
RegOpenKeyExA
OpenServiceW
EnumServicesStatusExA
RegQueryInfoKeyA
RegEnumKeyExA
RegOpenKeyA
RegCloseKey
AbortSystemShutdownA
RegCreateKeyExW
RegSetValueExW
RegOpenKeyExW
GetFileSecurityA
LockServiceDatabase
QueryServiceConfigA
ChangeServiceConfigA
UnlockServiceDatabase
GetNamedSecurityInfoA
SetNamedSecurityInfoA
FreeSid
AdjustTokenPrivileges
RegisterEventSourceA
ReportEventA
DeregisterEventSource
OpenProcessToken
AllocateAndInitializeSid
GetTokenInformation
GetLengthSid
RegQueryValueExW
EnumDependentServicesA
OpenSCManagerA
StartServiceA
OpenServiceA
QueryServiceStatus
CloseServiceHandle
GetServiceDisplayNameA
ControlService
SetFileSecurityA
RegCreateKeyExA
RegRestoreKeyA
RegEnumKeyA
RegDeleteKeyA
RegDeleteValueA
RegSetValueExA

kernel32

DelayLoadFailureHook
CopyFileA
GetStartupInfoA
CreateProcessW
DeleteFileW
MapViewOfFile
DuplicateHandle
GetSystemDefaultLangID
GetModuleFileNameW
ReleaseMutex
CopyFileW
GetWindowsDirectoryW
GetTempFileNameW
lstrlenW
VirtualFree
GetVersionExW
ExpandEnvironmentStringsW
SearchPathW
lstrcpyW
lstrcpynW
GetDriveTypeW
GetLocalTime
SearchPathA
CompareStringA
OpenEventA
GetTempFileNameA
CreateFileW
SetEndOfFile
InterlockedIncrement
OpenProcess
CreateRemoteThread
VirtualAllocEx
WriteProcessMemory
CreateEventA
CreateEventW
lstrcmpiA
QueryDosDeviceA
DefineDosDeviceA
lstrcmpA
LoadLibraryW
lstrcmpiW
CreateDirectoryA
FormatMessageW
GetFileSize
LocalFree
LocalAlloc
CreateFileMappingA
MapViewOfFileEx
FindResourceA
LoadResource
UnmapViewOfFile
ReadFile
ExpandEnvironmentStringsA
FindFirstFileA
FindNextFileA
FindClose
DeviceIoControl
GetSystemDirectoryA
GetDiskFreeSpaceA
CreateProcessA
GetExitCodeProcess
FlushFileBuffers
UnhandledExceptionFilter
TerminateProcess
GetSystemTimeAsFileTime
GetCurrentProcessId
GetCurrentThreadId
GetTickCount
QueryPerformanceCounter
InterlockedCompareExchange
FreeLibrary
GetVersionExA
GetSystemInfo
GetCommandLineA
GetCommandLineW
GetEnvironmentVariableA
CreateMutexA
SetUnhandledExceptionFilter
FormatMessageA
lstrcpynA
lstrcpyA
SetEvent
WaitForSingleObject
GetModuleHandleA
CreateThread
GetCurrentProcess
GetWindowsDirectoryA
SetCurrentDirectoryA
LoadLibraryA
Sleep
VirtualAlloc
DeleteFileA
WideCharToMultiByte
SetFileAttributesA
MultiByteToWideChar
GetProcAddress
SetFilePointer
CreateFileA
WriteFile
CloseHandle
RemoveDirectoryA
MoveFileExA
lstrlenA
GetFullPathNameA
ExitProcess
SetLastError
GetModuleFileNameA
SetEnvironmentVariableA
GetFileAttributesA
MoveFileA
GetLastError

gdi32

GetObjectA
CreateFontIndirectA

shell32

SHChangeNotify
SHGetSpecialFolderPathA

version

GetFileVersionInfoA
VerQueryValueA
GetFileVersionInfoSizeA

psapi

GetModuleFileNameExA

rpcrt4

UuidFromStringA

imagehlp

EnumerateLoadedModules64

shlwapi

PathGetArgsA
PathUnquoteSpacesA

Sections

.text
Size: 169KB - Virtual size: 169KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 398KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 44KB - Virtual size: 43KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.TOT
Size: 9KB - Virtual size: 9KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

0bb79b5c820db3a7f3b56a2dbe1bdbc4

Headers

DLL Characteristics

File Characteristics

Imports

comctl32

user32

ntdll

ole32

updspapi

msvcrt

advapi32

kernel32

gdi32

shell32

version

psapi

rpcrt4

imagehlp

shlwapi

Sections

.text Size: 169KB - Virtual size: 169KB

.data Size: 2KB - Virtual size: 398KB

.rsrc Size: 44KB - Virtual size: 43KB

.TOT Size: 9KB - Virtual size: 9KB

.text
Size: 169KB - Virtual size: 169KB

.data
Size: 2KB - Virtual size: 398KB

.rsrc
Size: 44KB - Virtual size: 43KB

.TOT
Size: 9KB - Virtual size: 9KB