235fba27c372393ab7f1c7687e3904d5

Sharing

Copy URL Twitter E-mail

General

Target

235fba27c372393ab7f1c7687e3904d5
Size

7.0MB
MD5

235fba27c372393ab7f1c7687e3904d5
SHA1

67145328f8a1a5c3e8eb5af27ecceaae2cc765c5
SHA256

4ab869d88f04ea0085374c2383fdaefc64563a5cbab51077017ffd831ce05542
SHA512

7a589e409ca95463665a60510a98e735bee620efddb40aed0f861df30cf376d32db52c2306f943d3a36d398064621b6d34129c2dd5e8730c5d4a643c643d5daa
SSDEEP

49152:bozMlTzQ/7YGsTj1VrXcp0AUkQ0j9CmJrwK6HG7ZWbD72Hv1wOhLnis2b+ptAs8M:b1MbQ9yDAD7KjjqYusjmqMhT6

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
235fba27c372393ab7f1c7687e3904d5

Files

235fba27c372393ab7f1c7687e3904d5
.exe windows:6 windows x64 arch:x64

91b6dee46d1e9cb862048488e244bc70

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

advapi32

RegCreateKeyExW
RegCloseKey
RegOpenKeyExW
RegSetValueExW
RegQueryValueExW
EventWriteTransfer
EventRegister
EventUnregister
RegEnumKeyExW
RegQueryInfoKeyW
RegEnumValueW
RegDeleteTreeW
RegDeleteKeyW
RegGetValueW
RegDeleteValueW
GetTokenInformation
IsValidSid
GetSidSubAuthorityCount
GetSidSubAuthority
AllocateAndInitializeSid
FreeSid
EqualSid
OpenProcessToken
CreateWellKnownSid
RevertToSelf
OpenThreadToken
ConvertStringSecurityDescriptorToSecurityDescriptorW
OpenSCManagerW
CloseServiceHandle
OpenServiceW
QueryServiceStatusEx
QueryServiceConfigW
StartServiceW
ControlService
EnumDependentServicesW
ChangeServiceConfigW
GetLengthSid
CopySid
InitializeAcl
AddAccessAllowedAce
InitializeSecurityDescriptor
SetSecurityDescriptorDacl
GetSecurityDescriptorDacl
ConvertSidToStringSidA
CheckTokenMembership
RegNotifyChangeKeyValue
EventWrite
RegGetValueA
SetNamedSecurityInfoW
GetSecurityDescriptorControl
SetEntriesInAclW
BuildTrusteeWithSidW
GetNamedSecurityInfoW
ConvertStringSecurityDescriptorToSecurityDescriptorA

kernel32

GetUserDefaultLCID
LoadLibraryA
LCMapStringW
FreeLibrary
GetSystemTimeAsFileTime
GetCurrentThreadId
FlsAlloc
TlsAlloc
FlsFree
TlsFree
FlsGetValue
TlsGetValue
FlsSetValue
TlsSetValue
GetTickCount64
GetProcAddress
GetModuleHandleExW
K32GetProcessMemoryInfo
GlobalMemoryStatusEx
DeleteCriticalSection
InitializeCriticalSectionEx
LeaveCriticalSection
EnterCriticalSection
ReleaseSRWLockShared
AcquireSRWLockShared
ReleaseSRWLockExclusive
AcquireSRWLockExclusive
InitializeSRWLock
GetCurrentProcessId
FileTimeToSystemTime
GetUserDefaultLocaleName
IsValidCodePage
SetLastError
WideCharToMultiByte
GetSystemTime
SystemTimeToFileTime
GetCPInfoExW
CreateEventExW
GetStringTypeW
RaiseException
LoadLibraryExW
GetModuleHandleW
VerSetConditionMask
VerifyVersionInfoW
GetVersionExW
GetProcessTimes
TerminateProcess
GetModuleFileNameA
GetShortPathNameA
K32GetModuleFileNameExW
CreateProcessW
FindResourceW
SizeofResource
LoadResource
OpenProcess
GetDiskFreeSpaceExW
CreateFileW
DeviceIoControl
SetErrorMode
GetComputerNameW
FormatMessageW
FormatMessageA
LocalFree
GetLogicalProcessorInformation
GetNativeSystemInfo
GetSystemDirectoryW
CreateActCtxW
ActivateActCtx
HeapFree
OutputDebugStringA
FindActCtxSectionStringW
DeactivateActCtx
QueryActCtxW
LoadLibraryW
HeapAlloc
GetProcessHeap
ReleaseMutex
OpenMutexW
WaitForSingleObjectEx
lstrlenW
GetPriorityClass
GetExitCodeProcess
ProcessIdToSessionId
GetCurrentThread
GetExitCodeThread
WaitForMultipleObjects
WaitForMultipleObjectsEx
SignalObjectAndWait
GetProcessAffinityMask
GetLogicalProcessorInformationEx
CreateWaitableTimerW
SetWaitableTimerEx
CancelWaitableTimer
QueryDepthSList
TryEnterCriticalSection
InitializeSListHead
InterlockedPushEntrySList
InterlockedPopEntrySList
RtlCaptureStackBackTrace
MapViewOfFile
ReadFile
SetFilePointerEx
GetFileSizeEx
GetTempPathW
GetTempFileNameW
GetTickCount
SetEvent
CreateDirectoryW
FindNextFileW
FindFirstFileW
lstrcmpW
RemoveDirectoryW
CopyFileW
GetFileAttributesW
CreateFileMappingW
FlushViewOfFile
GetFileType
SetEndOfFile
SetFilePointer
GetOverlappedResult
UnlockFile
LockFile
SetFileInformationByHandle
GetFileInformationByHandleEx
GetLongPathNameW
GetFullPathNameW
CreateMutexW
ReleaseSemaphore
OpenEventA
CreateEventA
OpenMutexA
CreateMutexA
OpenSemaphoreA
CreateSemaphoreA
OpenFileMappingA
GlobalFree
LocalAlloc
DeleteFileA
GetTempPathA
GetCommandLineW
SetEnvironmentVariableW
GetTimeZoneInformation
IsValidLocale
CreateEventW
WaitForSingleObject
CreateThread
WakeConditionVariable
WakeAllConditionVariable
SleepConditionVariableSRW
CloseThreadpoolTimer
SetThreadpoolTimer
WaitForThreadpoolTimerCallbacks
CreateThreadpoolTimer
CloseThreadpoolWait
SetThreadpoolWait
WaitForThreadpoolWaitCallbacks
CreateThreadpoolWait
CreateThreadpoolWork
SubmitThreadpoolWork
ResetEvent
QueryPerformanceCounter
QueryPerformanceFrequency
VirtualProtectEx
GetSystemInfo
LockResource
FlushFileBuffers
CancelIoEx
WerRegisterMemoryBlock
WerUnregisterMemoryBlock
QueryFullProcessImageNameW
IsProcessorFeaturePresent
CreateIoCompletionPort
PostQueuedCompletionStatus
GetThreadIOPendingFlag
GetQueuedCompletionStatus
IsDebuggerPresent
GetStartupInfoW
CreateMemoryResourceNotification
GetSystemPowerStatus
IsSystemResumeAutomatic
QueryUnbiasedInterruptTime
OutputDebugStringW
RtlCaptureContext
GetModuleHandleA
VirtualFree
VirtualAlloc
LCMapStringEx
LCIDToLocaleName
LocaleNameToLCID
GetPhysicallyInstalledSystemMemory
GetProductInfo
SwitchToThread
DecodePointer
AreFileApisANSI
HeapCreate
GetDiskFreeSpaceW
InitializeCriticalSection
GetFullPathNameA
UnlockFileEx
HeapValidate
HeapSize
GetDiskFreeSpaceA
GetFileAttributesA
HeapReAlloc
HeapCompact
HeapDestroy
LockFileEx
GetSystemDefaultLCID
GetLocalTime
LoadLibraryExA
VirtualQuery
WriteConsoleW
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetOEMCP
GetACP
SetStdHandle
EnumSystemLocalesW
GetTimeFormatW
GetDateFormatW
GetCommandLineA
ExitProcess
GetStdHandle
ExitThread
GetConsoleCP
ReadConsoleW
GetConsoleMode
UnregisterWaitEx
VirtualProtect
FreeLibraryAndExitThread
GetThreadTimes
UnregisterWait
RegisterWaitForSingleObject
SetThreadAffinityMask
GetNumaHighestNodeNumber
ChangeTimerQueueTimer
GetThreadPriority
SetThreadPriority
CreateTimerQueue
InterlockedFlushSList
RtlUnwindEx
SetUnhandledExceptionFilter
UnhandledExceptionFilter
RtlVirtualUnwind
RtlLookupFunctionEntry
GetLocaleInfoW
CompareStringW
GetCPInfo
InitializeCriticalSectionAndSpinCount
EncodePointer
RtlPcToFileHeader
DuplicateHandle
DeleteTimerQueueTimer
GetFileSize
CreateFileMappingA
CloseHandle
CreateFileA
UnmapViewOfFile
CreateTimerQueueTimer
GetUserGeoID
FindFirstFileExW
FindClose
SetFileAttributesW
DeleteFileW
GetModuleFileNameW
MultiByteToWideChar
GetStringTypeExW
GetFileAttributesExW
ExpandEnvironmentStringsW
IsWow64Process
CompareStringEx
GetLastError
GlobalAlloc
Sleep
GetCurrentProcess
WriteFile
RtlUnwind

ole32

IIDFromString
CoCreateInstance
CoSetProxyBlanket
CoTaskMemFree
CLSIDFromString
StringFromGUID2
CoCreateGuid
CoCreateFreeThreadedMarshaler
CoInitializeEx
CoTaskMemAlloc
CreateStreamOnHGlobal
CoRevokeInitializeSpy
CoInitialize
CoUninitialize
CoRegisterInitializeSpy

oleaut32

VariantInit
SysAllocString
SysFreeString
VariantClear

wintrust

WintrustAddActionID
WintrustRemoveActionID

iphlpapi

GetAdaptersInfo

gdi32

GetDeviceCaps

winspool.drv

AddPrinterW
DeletePrinter
XcvDataW
OpenPrinterW
DeletePrinterDriverExW
ClosePrinter
InstallPrinterDriverFromPackageW
UploadPrinterDriverPackageW

Sections

.text
Size: 4.1MB - Virtual size: 4.1MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 2.0MB - Virtual size: 2.0MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 162KB - Virtual size: 165KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 177KB - Virtual size: 177KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 524KB - Virtual size: 1.2MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

91b6dee46d1e9cb862048488e244bc70

Headers

DLL Characteristics

File Characteristics

Imports

advapi32

kernel32

ole32

oleaut32

wintrust

iphlpapi

gdi32

winspool.drv

Sections

.text Size: 4.1MB - Virtual size: 4.1MB

.rdata Size: 2.0MB - Virtual size: 2.0MB

.data Size: 162KB - Virtual size: 165KB

.pdata Size: 177KB - Virtual size: 177KB

.didat Size: 1KB - Virtual size: 1KB

.rsrc Size: 4KB - Virtual size: 3KB

.reloc Size: 524KB - Virtual size: 1.2MB

.text
Size: 4.1MB - Virtual size: 4.1MB

.rdata
Size: 2.0MB - Virtual size: 2.0MB

.data
Size: 162KB - Virtual size: 165KB

.pdata
Size: 177KB - Virtual size: 177KB

.didat
Size: 1KB - Virtual size: 1KB

.rsrc
Size: 4KB - Virtual size: 3KB

.reloc
Size: 524KB - Virtual size: 1.2MB