0d899a452d07c84edb733c6624149cab

Sharing

Copy URL

Twitter E-mail

General

Target

0d899a452d07c84edb733c6624149cab
Size

464KB
MD5

0d899a452d07c84edb733c6624149cab
SHA1

e72f712ce2999328d53a2ca0ef198ef109ac6b94
SHA256

147db8e9e1098da06a0e85993975b3a6e39b04c7138dc1c22387c0502ee8808d
SHA512

edcbcca756d2e88dc949e686a65d728232d11172e773c27b22eb729a49fc50fd407717eb6c957b6ea98fc2546026c4c83263a30ab73f4ba811d8ec2ffb53befb
SSDEEP

12288:eY1+06XyKh4jyU07cL/m9scxOb6M0Bl+FMPA940:eZXy2427cL/AO0AePe

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
0d899a452d07c84edb733c6624149cab

Files

0d899a452d07c84edb733c6624149cab
.exe windows:4 windows x86 arch:x86

42c20c1afe33a696a650e228b5d00956

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

msvcrt

_stricmp
_wcsicmp
wcsrchr
_except_handler3
wcsncpy
_vsnwprintf
_wcsnicmp
wcslen
wcscat
strtoul
_initterm
memmove
_purecall
iswspace
malloc
wcscmp
_ltow
strtok
iswprint
_adjust_fdiv
_itow
free
_wtol
wcscpy
swprintf
wcschr

shlwapi

StrCmpNIW
PathUndecorateW
PathFindFileNameW

netapi32

DsGetDcNameW
NetApiBufferFree
NetGetDCName

wininet

InternetCrackUrlW
InternetCanonicalizeUrlW

wintrust

WTHelperGetProvCertFromChain
WinVerifyTrustEx
WTHelperProvDataFromStateData
TrustIsCertificateSelfSigned
WTHelperGetKnownUsages
WintrustGetDefaultForUsage
WTHelperGetProvSignerFromChain

user32

DestroyIcon
ReleaseDC
SetWindowTextW
SystemParametersInfoA
SetWindowTextA
GetClientRect
DialogBoxParamW
SendMessageA
GetDlgItemTextW
LoadIconA
GetMonitorInfoW
GetWindowRect
SendDlgItemMessageA
ShowWindow
MapDialogRect
IsDlgButtonChecked
GetWindowTextW
SendMessageW
GetDesktopWindow
RegisterClipboardFormatA
CheckRadioButton
CallWindowProcA
MoveWindow
GetDlgItemTextA
FillRect
LoadBitmapW
PostMessageW
SetDlgItemTextW
InvalidateRect
GetWindow
DrawFocusRect
GetDlgItemInt
ReleaseCapture
GetWindowLongA
EndPaint
GetWindowLongW
GetNextDlgTabItem
GetDC
EndDialog
PostMessageA
SetDlgItemInt
EnableWindow
SetWindowLongA
SendDlgItemMessageW
LoadStringW
wsprintfA
GetWindowDC
GetDialogBaseUnits
GetSysColorBrush
CopyRect
GetDlgItem
SetCapture
IsWindowVisible
GetSysColor
SetWindowPos
BeginPaint
MessageBoxW
SetCursor
SetRect
GetUpdateRect
MapWindowPoints
SetFocus
DestroyWindow
SetClassLongA
CreateWindowExW
IsWindowEnabled
CreateWindowExA
DrawTextExW
MonitorFromWindow
GetParent
UpdateWindow
DrawIcon
MessageBoxExW
SetWindowLongW
LoadCursorA
WinHelpW
LoadCursorW
GetFocus
LoadStringA
PeekMessageA

ws2help

WahCloseThread

version

GetFileVersionInfoW
VerQueryValueW
GetFileVersionInfoSizeW

gdi32

CreateFontIndirectA
SelectPalette
CreateCompatibleDC
SetBkColor
CreateDIBitmap
DeleteObject
CreateBitmap
CreatePalette
DeleteDC
GetObjectW
SelectObject
SetPixel
CreateFontIndirectW
CreateCompatibleBitmap
BitBlt
RealizePalette
GetDeviceCaps
GetBkColor
GetObjectA
GetTextExtentPoint32W

advapi32

RegEnumValueA
RegCreateKeyExA
RegOpenKeyExA
QueryServiceConfigA
CryptSetProvParam
GetUserNameW
RegQueryValueExW
EqualSid
OpenSCManagerW
DuplicateToken
CryptAcquireContextA
RegOpenKeyExW
OpenServiceW
StartServiceA
OpenProcessToken
CryptGetKeyParam
RegSetValueExA
RegEnumValueW
AllocateAndInitializeSid
ControlService
RegCloseKey
CryptAcquireContextW
RegQueryValueExA
RegQueryInfoKeyA
CryptGetUserKey
CryptDestroyKey
CloseServiceHandle
RegEnumKeyExA
RegEnumKeyExW
RegSetValueExW
OpenThreadToken
QueryServiceStatus
LockServiceDatabase
GetTokenInformation
CryptReleaseContext
UnlockServiceDatabase
RegCreateKeyExW
StartServiceW
CryptGetProvParam
ChangeServiceConfigA
FreeSid

crypt32

PFXImportCertStore
CertGetCTLContextProperty
CryptAcquireCertificatePrivateKey
CertAddCRLContextToStore
CertFindCertificateInStore
CryptFormatObject
CryptMsgUpdate
PFXExportCertStoreEx
CertSetCertificateContextProperty
CryptEnumOIDInfo
CertGetEnhancedKeyUsage
CertVerifyTimeValidity
CryptEncodeObject
CertAddCTLContextToStore
CryptSIPRetrieveSubjectGuid
CryptMsgOpenToDecode
CertDuplicateCertificateContext
CertEnumCTLsInStore
CryptGetDefaultOIDFunctionAddress
CertGetNameStringW
CertNameToStrW
CertGetCRLFromStore
CertGetSubjectCertificateFromStore
CryptMsgDuplicate
CryptFreeOIDFunctionAddress
CertCreateCTLContext
CertGetCertificateContextProperty
CryptBinaryToStringA
CertFindExtension
CryptMsgEncodeAndSignCTL
CertSetCTLContextProperty
CertFreeCertificateContext
CertFindCRLInStore
CertSaveStore
PFXExportCertStore
CryptMsgControl
CertFreeCertificateChain
CryptMsgVerifyCountersignatureEncoded
CertEnumCertificatesInStore
CertCreateCertificateChainEngine
CryptQueryObject
CryptInitOIDFunctionSet
CertGetStoreProperty
CertFreeCRLContext
CertFindAttribute
CryptFindLocalizedName
CertCompareCertificate
CertFreeCertificateChainEngine
CertCloseStore
CertDeleteCertificateFromStore
CertAddCertificateContextToStore
PFXVerifyPassword
CertFreeCTLContext
CertGetCertificateChain
CryptMsgGetParam
CryptFindOIDInfo
CertEnumPhysicalStore
CertOpenStore
CryptFindCertificateKeyProvInfo
CryptGetDefaultOIDDllList
CertFindCTLInStore
CertSetEnhancedKeyUsage
CertCreateCertificateContext
CryptDecodeObjectEx
CertGetPublicKeyLength
CryptDecodeObject
CryptMsgClose
CertDuplicateStore
CertEnumSystemStore
CertGetValidUsages

kernel32

GetVersionExA
TerminateProcess
GetTimeFormatA
MultiByteToWideChar
SetFilePointer
CreateFileMappingA
DeleteFileW
GetDateFormatW
LoadResource
LocalFree
LoadLibraryA
GlobalFree
ExpandEnvironmentStringsW
LocalAlloc
LockResource
lstrcmpA
InitializeCriticalSection
GetCurrentProcessId
SystemTimeToFileTime
GetCurrentThreadId
FindResourceA
QueryPerformanceCounter
GetFileSize
GetCurrentThread
CreateFileW
UnmapViewOfFile
lstrlenW
CompareStringW
SetLastError
EnterCriticalSection
GetLastError
GetACP
lstrcpyA
Beep
CloseHandle
GlobalUnlock
GetModuleHandleW
GlobalAlloc
WideCharToMultiByte
CreateFileA
GlobalLock
LocalReAlloc
WriteFile
SetUnhandledExceptionFilter
lstrlenA
GetComputerNameExW
GetUserDefaultLCID
InterlockedCompareExchange
UnhandledExceptionFilter
CompareStringA
GetLocalTime
GetComputerNameW
GetProcAddress
GetModuleHandleA
GetCurrentProcess
LeaveCriticalSection
ExpandEnvironmentStringsA
FileTimeToLocalFileTime
lstrcatA
FormatMessageW
MulDiv
DisableThreadLibraryCalls
GetCurrentDirectoryW
MapViewOfFile
GetSystemTimeAsFileTime
SetEndOfFile
DeleteCriticalSection
FreeResource
FreeLibrary
DelayLoadFailureHook
LoadLibraryExA
LoadLibraryW
Sleep
GetTickCount
GetTimeFormatW
CompareFileTime
GetModuleFileNameW
FileTimeToSystemTime
GetDateFormatA

rpcrt4

RpcStringFreeA
RpcNetworkIsProtseqValidA
RpcStringBindingComposeA
RpcEpResolveBinding
UuidCreate
UuidToStringA
RpcBindingFromStringBindingA
NdrClientCall2
RpcBindingFree

ntdll

NtAllocateVirtualMemory

Sections

.text
Size: 55KB - Virtual size: 55KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 28B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.rsrc
Size: 32KB - Virtual size: 31KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 76KB - Virtual size: 952KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 299KB - Virtual size: 299KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

42c20c1afe33a696a650e228b5d00956

Headers

File Characteristics

Imports

msvcrt

shlwapi

netapi32

wininet

wintrust

user32

ws2help

version

gdi32

advapi32

crypt32

kernel32

rpcrt4

ntdll

Sections

.text Size: 55KB - Virtual size: 55KB

.reloc Size: 512B - Virtual size: 28B

.rsrc Size: 32KB - Virtual size: 31KB

.data Size: 76KB - Virtual size: 952KB

.rdata Size: 299KB - Virtual size: 299KB

.text
Size: 55KB - Virtual size: 55KB

.reloc
Size: 512B - Virtual size: 28B

.rsrc
Size: 32KB - Virtual size: 31KB

.data
Size: 76KB - Virtual size: 952KB

.rdata
Size: 299KB - Virtual size: 299KB