1170b120508a10c520e4acf05155df17

Sharing

Copy URL Twitter E-mail

General

Target

1170b120508a10c520e4acf05155df17
Size

448KB
MD5

1170b120508a10c520e4acf05155df17
SHA1

f01207702cd87fa17e14649c58c93cf5deaa13b4
SHA256

152ba8d555250fc1440f3d798dc0f81e04f138ebc0d1df32e37ed6a043d5ecda
SHA512

5140369c6ca29b685f5a44571666717c0880ce78a2963e95a448de22ba38f4d80ee58251340176496f37fc668be7a98b776fc347134ef4ba3f486b1f3e1d3e60
SSDEEP

12288:+i7iJZq/XASsYGssQt9O0qzT8NaCnxWnV6WlhWM:P4Qz9Gsso80qzoNznxWM2h7

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
1170b120508a10c520e4acf05155df17

Files

1170b120508a10c520e4acf05155df17
.exe windows:5 windows x86 arch:x86

f652845cac8bac93841e514c3f9c81e0

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

msvcrt

malloc
_except_handler3
wcslen
wcscpy
wcscat
memmove
free
vfwprintf
_errno
fputs
atoi
wcschr
_initterm
_adjust_fdiv
??2@YAPAXI@Z
??3@YAXPAX@Z
__isascii
swscanf
sprintf
wcstoul
wcstok
_wcsicmp
wcstol
_wtoi
_wtol
wcsrchr
_snwprintf
_vsnprintf
_iob
fflush
strcspn
fwprintf
strchr
fopen
getenv
fseek
ftell
fclose
fprintf
isxdigit
isdigit
isupper
_snprintf
strncmp
wcscmp
swprintf
_wcsnicmp
wcsncpy
wcsstr

atl

ord22
ord18
ord21
ord16
ord32
ord15

kernel32

GetComputerNameA
GetProcAddress
lstrcmpA
GetEnvironmentVariableA
GetVersionExA
GetTimeFormatA
FileTimeToLocalFileTime
GetEnvironmentVariableA
GetConsoleOutputCP
GetFileType
GetComputerNameExA
EnterCriticalSection
LeaveCriticalSection
GetLastError
lstrlenA
WideCharToMultiByte
MultiByteToWideChar
FileTimeToSystemTime
FormatMessageA
CompareFileTime
WriteFile
GetStdHandle
OutputDebugStringA
SetLastError
GetDateFormatA
WriteConsoleA
GetWindowsDirectoryA
GetSystemTime
SystemTimeToFileTime
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
TerminateProcess
GetSystemTimeAsFileTime
GetCurrentProcessId
DebugBreak
QueryPerformanceCounter
CreateThread
WaitForSingleObject
GetExitCodeThread
GetSystemDirectoryA
Sleep
DuplicateHandle
CreateEventA
RegisterWaitForSingleObject
UnregisterWait
LoadLibraryA
FreeLibrary
GetACP
CreateFileA
GetFileSize
ReadFile
LocalReAlloc
LocalAlloc
LocalFree
DisableThreadLibraryCalls
DeleteCriticalSection
InitializeCriticalSection
lstrcmpiA
GetModuleFileNameA
GetModuleHandleA
GetCurrentThread
GetCurrentProcess
CloseHandle
GetCurrentThreadId
InterlockedDecrement
InterlockedIncrement
GetTickCount

advapi32

RegOpenKeyW
RegCreateKeyW
AllocateAndInitializeSid
AccessCheckByType
LsaOpenPolicy
LsaNtStatusToWinError
LsaQueryInformationPolicy
LsaFreeMemory
LsaClose
FreeSid
RegQueryInfoKeyW
GetSecurityDescriptorLength
RegOpenCurrentUser
MakeAbsoluteSD
MakeSelfRelativeSD
DuplicateToken
CryptAcquireContextA
CryptGenRandom
CryptReleaseContext
RegDeleteValueW
IsValidSecurityDescriptor
OpenThreadToken
RegEnumKeyExW
EqualSid
RegConnectRegistryW
OpenProcessToken
GetTokenInformation
SetSecurityDescriptorOwner
GetLengthSid
CopySid
RegEnumValueW
RegSetValueExW
RegQueryValueExW
RegOpenKeyExW
RegCreateKeyExW
RegCloseKey
RegDeleteKeyW

wldap32

ord27
ord203
ord69
ord73
ord14
ord145
ord13
ord41
ord36
ord210
ord224
ord79
ord155
ord147
ord142
ord140
ord26
ord113
ord65
ord40
ord194
ord133
ord10
ord12
ord18
ord16
ord167
ord127
ord208
ord122

ole32

CoCreateInstance
CoTaskMemAlloc
CoCreateGuid
CoUninitialize
CoInitialize
CoGetCallerTID
CoSetProxyBlanket
CoTaskMemFree

oleaut32

CreateErrorInfo
SystemTimeToVariantTime
VARIANT_UserSize
VARIANT_UserMarshal
VARIANT_UserUnmarshal
VARIANT_UserFree
SetErrorInfo
LoadRegTypeLi
VariantInit
VariantClear
SysStringByteLen
SysAllocStringByteLen
SysFreeString
SysAllocString

secur32

QuerySecurityContextToken
DeleteSecurityContext
AcceptSecurityContext
InitializeSecurityContextW
EnumerateSecurityPackagesW
FreeContextBuffer
AcquireCredentialsHandleW
QueryCredentialsAttributesW
FreeCredentialsHandle

user32

wsprintfW
GetDesktopWindow
LoadStringW

rpcrt4

RpcCancelThreadEx
NdrClientCall2
NdrOleAllocate
NdrOleFree
IUnknown_QueryInterface_Proxy
IUnknown_AddRef_Proxy
IUnknown_Release_Proxy
CStdStubBuffer_QueryInterface
CStdStubBuffer_AddRef
CStdStubBuffer_Connect
CStdStubBuffer_Disconnect
CStdStubBuffer_Invoke
CStdStubBuffer_IsIIDSupported
CStdStubBuffer_CountRefs
CStdStubBuffer_DebugServerQueryInterface
CStdStubBuffer_DebugServerRelease
NdrDllUnregisterProxy
NdrDllRegisterProxy
NdrCStdStubBuffer_Release
NdrDllCanUnloadNow
NdrDllGetClassObject
RpcBindingSetAuthInfoW
RpcBindingFree
RpcNetworkIsProtseqValidW
RpcStringBindingComposeW
RpcBindingFromStringBindingW
RpcEpResolveBinding
RpcMgmtInqServerPrincNameW
RpcStringFreeW

cryptui

CryptUIDlgFreeCAContext
CryptUIDlgSelectCA

crypt32

CryptMsgGetParam
CryptMsgClose
CertVerifyCertificateChainPolicy
CertFreeCertificateChain
CertFindExtension
CryptDecodeObject
CryptSignMessage
CertNameToStrW
CryptMsgUpdate
CryptFindOIDInfo
CryptEncodeObject
CertFindCTLInStore
CertDeleteCTLFromStore
CertAddEncodedCTLToStore
CryptMsgEncodeAndSignCTL
CertGetCertificateContextProperty
CertDuplicateStore
CertGetCertificateChain
CertCreateCertificateContext
CertFindCertificateInStore
CertOpenStore
CertDuplicateCertificateContext
CertFreeCertificateContext
CertCloseStore
CertStrToNameW
CryptMsgOpenToDecode
CryptEncodeObjectEx
CryptDecodeObjectEx
CertGetNameStringW

Sections

.text
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 425KB - Virtual size: 428KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.orpc
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 11KB - Virtual size: 36KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

f652845cac8bac93841e514c3f9c81e0

Headers

DLL Characteristics

File Characteristics

Imports

msvcrt

atl

kernel32

advapi32

wldap32

ole32

oleaut32

secur32

user32

rpcrt4

cryptui

crypt32

Sections

.text Size: 8KB - Virtual size: 8KB

.rdata Size: 425KB - Virtual size: 428KB

.data Size: 1KB - Virtual size: 4KB

.tls Size: 512B - Virtual size: 4KB

.orpc Size: 512B - Virtual size: 4KB

.rsrc Size: 11KB - Virtual size: 36KB

.text
Size: 8KB - Virtual size: 8KB

.rdata
Size: 425KB - Virtual size: 428KB

.data
Size: 1KB - Virtual size: 4KB

.tls
Size: 512B - Virtual size: 4KB

.orpc
Size: 512B - Virtual size: 4KB

.rsrc
Size: 11KB - Virtual size: 36KB