091d65f5b00d5413002e5f9fc94cbceb

Sharing

Copy URL Twitter E-mail

General

Target

091d65f5b00d5413002e5f9fc94cbceb
Size

323KB
MD5

091d65f5b00d5413002e5f9fc94cbceb
SHA1

5555b8b3a1e71ebac6b7c1b06367230dae80003c
SHA256

f90869b2cb87366517c55b7942b9e4f895538f049bc8129c0ebe0a136a6f4cb5
SHA512

07a399c5a4732e2829f2cd3c9625bd4f7ac39d491dbe538839679b18d001a029204f40e8d18ec23e5a48aa98b0dd047e292fc786fedd8b4ec9dab97a7efde30b
SSDEEP

6144:8bQqfUJ0ojDFB47UhXBh2yJ5HcOSSSHZERuV1VCJD:8bBg0UDT47U5r2Q+mRuQD

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
091d65f5b00d5413002e5f9fc94cbceb

Files

091d65f5b00d5413002e5f9fc94cbceb
.exe windows:6 windows x86 arch:x86

9162049698b1e1fe97141761334e7434

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_REMOVABLE_RUN_FROM_SWAP
IMAGE_FILE_NET_RUN_FROM_SWAP

Imports

advapi32

RegDeleteKeyW
RegEnumValueW
RegOpenKeyExW
RegCloseKey
CloseServiceHandle
OpenSCManagerW
OpenServiceW
QueryServiceStatusEx
OpenProcessToken
DuplicateTokenEx
LookupPrivilegeValueW
AdjustTokenPrivileges

kernel32

GetTempFileNameW
FindFirstFileW
FindResourceExW
SetEnvironmentVariableW
CreateDirectoryW
InitializeCriticalSectionAndSpinCount
GetVersionExW
MoveFileW
FindClose
RemoveDirectoryW
FindNextFileW
GetUserDefaultUILanguage
GetWindowsDirectoryW
DeleteFileW
WaitForSingleObject
SetEvent
GetTickCount
InitializeCriticalSection
GetSystemDirectoryW
Sleep
FormatMessageW
GetExitCodeProcess
CreateEventW
WaitForMultipleObjects
CreateThread
lstrcmpiW
FreeLibrary
GetCurrentProcess
CreateProcessW
OpenProcess
LoadLibraryW
GetProcAddress
SetFilePointer
WriteFile
CreateFileW
FlushFileBuffers
SetLastError
GetLocalTime
MoveFileExW
GetTempPathW
SetProcessShutdownParameters
SetFileAttributesW
EnumResourceNamesW
LoadResource
GetLocaleInfoW
LocalAlloc
EnumUILanguagesW
LockResource
EnumResourceLanguagesW
MulDiv
InterlockedDecrement
RaiseException
GetSystemDefaultLangID
GetUserDefaultLangID
GlobalMemoryStatusEx
GetCurrentDirectoryW
ExpandEnvironmentStringsW
LocalFree
CloseHandle
GetModuleHandleW
DeleteCriticalSection
GetCommandLineW
CreateMutexW
FindResourceW
OutputDebugStringW
ResumeThread
CreateFileMappingW
IsWow64Process
MapViewOfFile
UnhandledExceptionFilter
GetSystemTimeAsFileTime
GetCurrentProcessId
GetCurrentThreadId
QueryPerformanceCounter
GetModuleHandleA
SetUnhandledExceptionFilter
OutputDebugStringA
GetStartupInfoA
InterlockedCompareExchange
GetEnvironmentVariableW
lstrlenA
lstrcmpiA
lstrlenW
WideCharToMultiByte
InterlockedExchange
GetVersionExA
GetLastError
SizeofResource
EnterCriticalSection
LeaveCriticalSection
TerminateProcess
GetModuleFileNameW
GetSystemInfo

gdi32

GetDeviceCaps
GetObjectW
SetTextColor
CreateFontIndirectW

user32

GetDlgCtrlID
SendMessageW
SetDlgItemTextW
CreateDialogParamW
GetSysColorBrush
ShowWindow
SendDlgItemMessageW
EndDialog
GetDlgItem
LoadIconW
IsDialogMessageW
TranslateMessage
KillTimer
PostMessageW
LoadImageW
PostQuitMessage
GetMessageW
SetTimer
DestroyWindow
GetWindowThreadProcessId
CopyRect
SetWindowPos
GetDesktopWindow
SystemParametersInfoW
BringWindowToTop
OffsetRect
SetForegroundWindow
GetWindowRect
CharToOemW
ExitWindowsEx
ReleaseDC
GetDC
UpdateWindow
UnregisterClassA
DispatchMessageW
CharNextW
FindWindowW
LoadStringW

msvcrt

_write
_lseeki64
__getmainargs
_CxxThrowException
calloc
memset
free
_fileno
_isatty
_errno
ungetc
_amsg_exit
_initterm
_acmdln
_wcsicmp
??2@YAPAXI@Z
_vsnwprintf
??_V@YAXPAX@Z
??_U@YAPAXI@Z
iswdigit
_wtol
iswalpha
_wcsnicmp
wcschr
??3@YAXPAX@Z
_read
__pioinfo
exit
_ismbblead
__badioinfo
wcstombs
_cexit
_exit
_XcptFilter
iswctype
ferror
wctomb
_itoa
_snprintf
_iob
localeconv
isxdigit
isleadbyte
__mb_cur_max
mbtowc
isdigit
_controlfp
?terminate@@YAXXZ
??1type_info@@UAE@XZ
_onexit
_lock
__dllonexit
_unlock
realloc
memcpy
__set_app_type
__p__fmode
__p__commode
__setusermatherr
malloc

comctl32

ord334
ord336
ord328
ord339
InitCommonControlsEx
ord332
ord329

ntdll

RtlUnwind

ole32

CoCreateInstance
CLSIDFromString
CoInitializeEx
CoUninitialize
CoTaskMemFree
CoSetProxyBlanket

oleaut32

SysFreeString
SysAllocString
SysStringLen
VariantClear
VariantInit
SysReAllocString
SysAllocStringLen
SysStringByteLen

shell32

SHCreateDirectoryExW
CommandLineToArgvW
SHGetFolderPathW

version

GetFileVersionInfoSizeW
VerQueryValueW
GetFileVersionInfoW

shlwapi

PathIsDirectoryW
PathIsRelativeW
PathRemoveFileSpecW
SHGetValueW
PathRemoveExtensionW
PathFindFileNameW
PathStripPathW
PathFileExistsW
PathFindExtensionW
SHRegSetUSValueW
ord388
SHDeleteKeyW
StrChrW
SHRegGetUSValueW
SHRegGetValueW
SHSetValueW
PathIsFileSpecW
StrCmpNIW
ord158

uxtheme

IsThemeActive

crypt32

CertVerifyCertificateChainPolicy

wintrust

WTHelperGetProvSignerFromChain
WinVerifyTrust
WTHelperProvDataFromStateData

Sections

.text
Size: 116KB - Virtual size: 115KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 41KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 336KB - Virtual size: 336KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

9162049698b1e1fe97141761334e7434

Headers

DLL Characteristics

File Characteristics

Imports

advapi32

kernel32

gdi32

user32

msvcrt

comctl32

ntdll

ole32

oleaut32

shell32

version

shlwapi

uxtheme

crypt32

wintrust

Sections

.text Size: 116KB - Virtual size: 115KB

.data Size: 3KB - Virtual size: 41KB

.rsrc Size: 336KB - Virtual size: 336KB

.reloc Size: 6KB - Virtual size: 6KB

.text
Size: 116KB - Virtual size: 115KB

.data
Size: 3KB - Virtual size: 41KB

.rsrc
Size: 336KB - Virtual size: 336KB

.reloc
Size: 6KB - Virtual size: 6KB