170795412e02bec97853448354430a40

Sharing

Copy URL

Twitter E-mail

General

Target

170795412e02bec97853448354430a40
Size

386KB
MD5

170795412e02bec97853448354430a40
SHA1

4eb0982f50127c99691fc6e584dfd7625931f022
SHA256

b11c4e3891127b2f1e7688d14abe5ab548a389f6a5edeba540bb05cc5d42d1c9
SHA512

89a5cb7e6a383236a8cea87c52df56e682ebfa7dd20a05c4f6cef09d81cbd2d1f71751ac483fd58ea6e44ca254660b06b87ee9e92a749e87fef0d10d25e0c7e3
SSDEEP

12288:z2eyKQ/eg2rlF2dkxxswXxVswgu1tLJHYWpzw6Ok3:lYAv8wXHgublHYWZOk

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
170795412e02bec97853448354430a40

Files

170795412e02bec97853448354430a40
.exe windows:5 windows x86 arch:x86

3ab06efadab55e2539733001560b9035

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

regapi

RegPdQueryA
RegPdEnumerateW
RegWdDeleteW
RegUserConfigDelete
WaitForTSConnectionsPolicyChanges
RegWinStationAccessCheck
RegCdQueryW
RegIsMachinePolicyAllowHelp
RegMergeUserConfigWithUserParameters
RegWinStationQuerySecurityA
RegQueryUtilityCommandList
RegUserConfigQuery
RegWdQueryW
RegWinStationSetNumValueW
RegWinStationQueryW
RegSAMUserConfig
RegWdCreateW
RegPdCreateA
RegConsoleShadowQueryA
RegPdQueryW
RegBuildNumberQuery
RegDefaultUserConfigQueryA
RegGetUserConfigFromUserParameters
RegCdQueryA
RegUserConfigSet
RegWinStationQueryValueW
RegQueryOEMId
RegCloseServer
RegCdCreateW
RegCdCreateA
RegFreeUtilityCommandList
RegWinStationCreateA
RegCdEnumerateW
RegWinStationEnumerateA
RegWdEnumerateA
RegCdDeleteA
RegDefaultUserConfigQueryW
RegWdDeleteA
RegGetMachinePolicy
RegGetTServerVersion
RegPdEnumerateA
RegCdEnumerateA
RegConsoleShadowQueryW
RegIsTServer
RegPdDeleteA

kernel32

ExpungeConsoleCommandHistoryW
VirtualFree
CreateDirectoryExA
SetConsolePalette
ContinueDebugEvent
HeapQueryInformation
SetFirmwareEnvironmentVariableW
Toolhelp32ReadProcessMemory
EnumCalendarInfoExA
OpenFile
VirtualAlloc
QueryActCtxW
LocalAlloc
SetTimerQueueTimer
GetCurrencyFormatW
SetLastError
IsDBCSLeadByteEx
GetFileAttributesExW
GetQueuedCompletionStatus
SetPriorityClass
LockFile
lstrcmpiW
LoadLibraryA
GetPrivateProfileStructA
SetFileAttributesA
GetAtomNameA
DeleteFileA
VDMOperationStarted
GetNumberOfConsoleFonts
RequestWakeupLatency
BaseUpdateAppcompatCache
IsDebuggerPresent
GetNumberOfConsoleMouseButtons
GetConsoleFontInfo
ReplaceFileA
SetUnhandledExceptionFilter
GetModuleFileNameA
WritePrivateProfileStringA
FindResourceExA
SetConsoleMaximumWindowSize
GetDiskFreeSpaceW
SetFilePointer
GetDiskFreeSpaceA
GetComputerNameW
RegisterConsoleOS2
GetEnvironmentStringsW
GetCurrentThread
GetHandleContext
SetVolumeLabelW
CreateProcessInternalA
HeapSummary
SetConsoleHardwareState
WriteProfileSectionA
GetConsoleAliasExesLengthW
GetCPInfo
RegisterWowBaseHandlers
SetCriticalSectionSpinCount
FindFirstChangeNotificationW
UnlockFileEx
ReleaseMutex
GetUserDefaultLCID
SetConsoleMenuClose
GetModuleFileNameW
CallNamedPipeA
QueryPerformanceCounter
Thread32First
HeapUnlock
SetCommMask
BaseDumpAppcompatCache
GetProcessTimes
GetDriveTypeW
ReadConsoleW

mfcsubs

??0CSyncObject@@QAE@PBG@Z
?FreeExtra@CStringArray@@QAEXXZ
??M@YG_NPBGABVCString@@@Z
?FormatV@CString@@IAEXPBGPAD@Z
?GetNextAssoc@CMapStringToPtr@@QBEXAAPAU__POSITION@@AAVCString@@AAPAX@Z
??4CString@@QAEABV0@ABV0@@Z
?IsEmpty@CString@@QBEHXZ
??O@YG_NPBGABVCString@@@Z
?FreeExtra@CString@@QAEXXZ
?SetAt@CMapStringToPtr@@QAEXPBGPAX@Z
?AfxExtractSubString@@YGHAAVCString@@PBGHG@Z
??0CString@@QAE@XZ
?Release@CString@@KGXPAUCStringData@@@Z
?Format@CString@@QAAXIZZ
??M@YG_NABVCString@@PBG@Z
?AssignCopy@CString@@IAEXHPBG@Z
??P@YG_NABVCString@@0@Z
?AfxLoadString@@YGHIPAGI@Z
??4CString@@QAEABV0@PBG@Z
?SetSize@CStringArray@@QAEXHH@Z
?MakeReverse@CString@@QAEXXZ
??_FCMapStringToPtr@@QAEXXZ
?Compare@CString@@QBEHPBG@Z
??YCString@@QAEABV0@G@Z
?GetSize@CStringArray@@QBEHXZ
?Find@CString@@QBEHPBG@Z

ole32

IsValidPtrOut
HICON_UserMarshal
CoImpersonateClient
OleCreateLink
OleBuildVersion
StgOpenAsyncDocfileOnIFillLockBytes
CoSwitchCallContext
PropVariantClear
HGLOBAL_UserFree
CLSIDFromProgIDEx
OleLockRunning
OleCreateFromFileEx
HGLOBAL_UserMarshal
CoAllowSetForegroundWindow
ComPs_NdrDllCanUnloadNow
CoGetObjectContext
CoInstall
IsEqualGUID
OpenOrCreateStream
CoSetCancelObject
OleCreateLinkFromData
HBRUSH_UserFree
CoGetStdMarshalEx
CoGetObject
CoSetProxyBlanket
OleCreateFromDataEx
CoUnmarshalInterface
CoGetTreatAsClass
CoCancelCall
UtGetDvtd32Info
UtConvertDvtd32toDvtd16
OleRegEnumVerbs
CoGetContextToken
FreePropVariantArray
OleSave
CoUnloadingWOW
CoSuspendClassObjects
ReadFmtUserTypeStg
HENHMETAFILE_UserMarshal

sqlunirl

_CreateProcess_@40
_CreateFont@56
_IsCharLower_@4
_BeginUpdateResource_@8
_MessageBoxEx_@20
_OpenMutex_@12
_CopyFileEx_@24
_IsCharAlphaNumeric_@4
_CallNamedPipe_@28
_SetComputerName_@4
_MoveFileEx_@12
_GetLogColorSpace_@12
_ReplaceText_@4
_EnumFontFamilies_@16
_LookupAccountName_@28
_SHFileOperation_@4
_UpdateResource_@24
_GetPrivateProfileStruct_@20
_GetClassInfo@12
_TextOut@20
_EnumProps_@8
_FindFirstFileEx_@24
_GlobalAddAtom_@4
_GetCharABCWidths_@16
_OpenEvent_@12
_WritePrivateProfileString_@16
_SendMessageTimeout_@28
_GetOpenFileName@4
_FindText_@4
_NDdeIsValidShareName_@4
_GetToolsFilePath@16
_DlgDirListComboBox_@20
_LookupPrivilegeValue_@12
_CreateProcessAsUser_@44
_RemoveDirectory_@4

d3d8thk

OsThunkDdWaitForVerticalBlank
OsThunkDdFlipToGDISurface
OsThunkDdLockD3D
OsThunkDdCreateDirectDrawObject
OsThunkDdReleaseDC
OsThunkDdSetExclusiveMode
OsThunkD3dContextCreate
OsThunkDdGetScanLine
OsThunkDdCreateSurfaceObject
OsThunkDdSetGammaRamp
OsThunkDdGetFlipStatus
OsThunkDdRenderMoComp
OsThunkDdSetColorKey
OsThunkDdQueryMoCompStatus
OsThunkDdDestroyMoComp
OsThunkDdCreateMoComp
OsThunkDdCanCreateD3DBuffer
OsThunkDdBeginMoCompFrame
OsThunkDdColorControl
OsThunkDdGetMoCompGuids
OsThunkDdAlphaBlt
OsThunkDdUnattachSurface
OsThunkDdCreateSurfaceEx
OsThunkDdUnlock
OsThunkDdDestroyD3DBuffer
OsThunkDdReenableDirectDrawObject
OsThunkDdCanCreateSurface
OsThunkDdUnlockD3D
OsThunkD3dDrawPrimitives2
OsThunkDdResetVisrgn
OsThunkDdAttachSurface

Sections

.text
Size: 89KB - Virtual size: 89KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 124KB - Virtual size: 124KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 595KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 171KB - Virtual size: 171KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 1024B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

3ab06efadab55e2539733001560b9035

Headers

DLL Characteristics

File Characteristics

Imports

regapi

kernel32

mfcsubs

ole32

sqlunirl

d3d8thk

Sections

.text Size: 89KB - Virtual size: 89KB

.rdata Size: 124KB - Virtual size: 124KB

.data Size: 512B - Virtual size: 595KB

.rsrc Size: 171KB - Virtual size: 171KB

.reloc Size: 1024B - Virtual size: 1024B

.text
Size: 89KB - Virtual size: 89KB

.rdata
Size: 124KB - Virtual size: 124KB

.data
Size: 512B - Virtual size: 595KB

.rsrc
Size: 171KB - Virtual size: 171KB

.reloc
Size: 1024B - Virtual size: 1024B