08d46a915ee0068ff5b38bd13b2036e9

Sharing

Copy URL Twitter E-mail

General

Target

08d46a915ee0068ff5b38bd13b2036e9
Size

181KB
MD5

08d46a915ee0068ff5b38bd13b2036e9
SHA1

53e79a0b95d853eefd7fb1b8fd7c6e4358477ffe
SHA256

5752f530f72e647ae0e7428d8c4b1685ed07e4adea61eca7473d1cd4c4988c62
SHA512

a53561c08033c6da5eda4aae2fe0b38d1863aa40797b6db35ec21eea2cea6bd4641f172828cf86bf417a36774d0b2fed3e1af95e896ea8a3374eb50449091d5c
SSDEEP

3072:pyKiMqn2GACoBRvSKWj9ldZrDnIsEx/wuSiS5XUlRR:BiMG1oBRv3WjLdZrDnIsEx/PS5XoRR

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
08d46a915ee0068ff5b38bd13b2036e9

Files

08d46a915ee0068ff5b38bd13b2036e9
.exe windows:4 windows x86 arch:x86

ab05cd2474c1d476935ae1229490d9c5

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

FindResourceW
LoadLibraryExW
GetCommandLineW
OutputDebugStringW
GetFileAttributesW
CopyFileW
DeviceIoControl
CreateFileW
FindFirstFileW
FindClose
GetProcAddress
LeaveCriticalSection
EnterCriticalSection
ReleaseMutex
LoadResource
OpenThread
ResumeThread
SetThreadPriority
DeleteFileW
GetExitCodeThread
FindNextFileW
GetDriveTypeW
SetPriorityClass
CreateDirectoryW
GetSystemTimeAsFileTime
GetCurrentProcessId
GetTickCount
QueryPerformanceCounter
GetStartupInfoW
GetModuleHandleA
ExitProcess
GetVersionExA
SizeofResource
MultiByteToWideChar
FreeLibrary
SetEvent
InterlockedDecrement
InterlockedIncrement
CreateEventW
CreateThread
GetCurrentThreadId
lstrcatW
lstrcpynW
Sleep
GetCurrentThread
GetCurrentProcess
WaitForSingleObject
CloseHandle
GetModuleHandleW
GetModuleFileNameW
GetPrivateProfileStringW
CreateMutexW
lstrcmpiW
GetLastError
DeleteCriticalSection
InitializeCriticalSection
RaiseException
lstrcpyW
lstrlenW
GetVersionExW
GetThreadLocale
GetLocaleInfoA
GetACP
ReadDirectoryChangesW
InterlockedExchange

user32

wsprintfW
CharNextW
LoadStringW
CharUpperW
MessageBoxW
TranslateMessage
DispatchMessageW
GetMessageW
PostThreadMessageW

advapi32

CreateServiceW
OpenThreadToken
OpenProcessToken
RegEnumKeyExW
SetServiceStatus
RegisterEventSourceW
ReportEventW
DeregisterEventSource
ControlService
DeleteService
OpenSCManagerW
OpenServiceW
CloseServiceHandle
GetTokenInformation
SetSecurityDescriptorGroup
SetSecurityDescriptorOwner
InitializeSecurityDescriptor
IsValidSid
GetLengthSid
CopySid
RegQueryInfoKeyW
RegSetValueExW
RegQueryValueExW
RegOpenKeyExW
RegCreateKeyExW
RegCloseKey
RegDeleteValueW
RegDeleteKeyW
StartServiceCtrlDispatcherW
RegCreateKeyW
SetSecurityDescriptorDacl
RegisterServiceCtrlHandlerW

shell32

SHGetFolderPathW
SHGetSpecialFolderPathW

ole32

CoInitializeSecurity
StringFromGUID2
CoInitialize
CoUninitialize
CoTaskMemRealloc
CoTaskMemFree
CoTaskMemAlloc
CoRegisterClassObject
CoRevokeClassObject
CoCreateInstance

oleaut32

VarUI4FromStr
RegisterTypeLi
SysFreeString
SysAllocString
LoadTypeLi
UnRegisterTypeLi

shlwapi

PathFindExtensionW

msvcp71

?_Nomemory@std@@YAXXZ
??0?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@PBGI@Z
??$?MGU?$char_traits@G@std@@V?$allocator@G@1@@std@@YA_NABV?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@0@0@Z
?find@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QBEIPBGI@Z
?copy@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QBEIPAGII@Z
?find_last_of@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QBEIPBGI@Z
??4?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAEAAV01@PBG@Z
??4?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAEAAV01@ABV01@@Z
??0?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@XZ
?npos@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@2IB
??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@@Z
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBD@Z
??1?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@XZ
??Y?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAEAAV01@ABV01@@Z
??0?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@ABV01@@Z
??0?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@PBG@Z
??Y?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAEAAV01@PBG@Z

msvcr71

_c_exit
_onexit
__dllonexit
?terminate@@YAXXZ
??1type_info@@UAE@XZ
__security_error_handler
_callnewh
memset
_controlfp
__set_app_type
__p__fmode
__p__commode
_adjust_fdiv
__setusermatherr
_initterm
__wgetmainargs
_amsg_exit
_wcmdln
_purecall
_wfopen
exit
_cexit
_XcptFilter
malloc
free
_CxxThrowException
_except_handler3
??3@YAXPAX@Z
__CxxFrameHandler
_wmakepath
_wsplitpath
_putws
vswprintf
??0exception@@QAE@ABV0@@Z
??_V@YAXPAX@Z
wcsncpy
realloc
_vsnwprintf
fclose
wcscpy
wcslen
??1exception@@UAE@XZ
??0exception@@QAE@XZ
swprintf
_waccess
_wtoi
wcscmp
_wcsupr
_exit

Sections

.text
Size: 56KB - Virtual size: 55KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 24KB - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 8KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.crdata
Size: 80KB - Virtual size: 80KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

ab05cd2474c1d476935ae1229490d9c5

Headers

File Characteristics

Imports

kernel32

user32

advapi32

shell32

ole32

oleaut32

shlwapi

msvcp71

msvcr71

Sections

.text Size: 56KB - Virtual size: 55KB

.rdata Size: 24KB - Virtual size: 20KB

.data Size: 4KB - Virtual size: 1KB

.rsrc Size: 8KB - Virtual size: 6KB

.crdata Size: 80KB - Virtual size: 80KB

.text
Size: 56KB - Virtual size: 55KB

.rdata
Size: 24KB - Virtual size: 20KB

.data
Size: 4KB - Virtual size: 1KB

.rsrc
Size: 8KB - Virtual size: 6KB

.crdata
Size: 80KB - Virtual size: 80KB