2852ff46a54f1688954d8f83633c73d6

Sharing

Copy URL

Twitter E-mail

General

Target

2852ff46a54f1688954d8f83633c73d6
Size

120KB
MD5

2852ff46a54f1688954d8f83633c73d6
SHA1

adcb287b898510c57dd718a1d92e9ed1de579691
SHA256

e552f95ff47e79c95f68686ecd070f1e8115008a2a14fbd86a39203c4854e2c1
SHA512

9fc5225309ca6de1769ec439d104d2885b7b5f0d05e77b4aa5ea3f7a638c3ad948b65904a8198b3f6387977b18e62e1af6456f15bb7b83b52222f4efc4198311
SSDEEP

1536:OJCvX7kqc0SmFa+XYwjRuH2xdb9dF4NFynLJaZM/2Vj7jo2PjtkDsZVtxb2z:mCDcf+njRK2nh/nxeV7o2PjtkDstl

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2852ff46a54f1688954d8f83633c73d6

Files

2852ff46a54f1688954d8f83633c73d6
.exe windows:4 windows x86 arch:x86

25bb495f520d9c0faa30a11b9dbb77ed

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

dlaapi_w

TfsGetConfigString
DLAOperationStatus
TfsPnpDevice
TfsCancelCallback
TfsGetDriveStatus2
TfsInitInstance
TfsInitCallbacks1
TfsTermInstance
TfsGetFileSystemStatus
TfsGetIniFileName
TfsGetDriveClientFolder
DLAOperationStart
DLAOperationFree
TfsGetUserNotificationCode
TfsCallOnUserNotification
TfsGetDriveCaps
TfsCommand
TfsProcessEjectRequestNotify

dlacresw

GetResourceHandle

kernel32

GetCurrentProcess
IsBadCodePtr
SetSystemPowerState
IsBadReadPtr
lstrlenA
lstrcpyA
lstrcmpiA
GlobalUnlock
GlobalLock
InterlockedIncrement
InterlockedDecrement
CreateThread
SetEvent
WaitForMultipleObjects
GetPrivateProfileStringA
WriteFile
ReadFile
GetTempFileNameA
GetTempPathA
LocalAlloc
UnmapViewOfFile
lstrcatA
GetProfileStringA
GetModuleHandleA
GetStartupInfoA
GetCommandLineA
GetVersion
ExitProcess
HeapFree
HeapAlloc
TerminateProcess
UnhandledExceptionFilter
GetModuleFileNameA
FreeEnvironmentStringsA
FreeEnvironmentStringsW
WideCharToMultiByte
GetEnvironmentStrings
GetEnvironmentStringsW
SetHandleCount
GetStdHandle
GetFileType
GetEnvironmentVariableA
HeapDestroy
HeapCreate
VirtualFree
RtlUnwind
HeapReAlloc
HeapSize
VirtualAlloc
SetFilePointer
GetStringTypeA
GetStringTypeW
GetCPInfo
GetACP
GetOEMCP
SetStdHandle
FlushFileBuffers
LCMapStringA
LCMapStringW
SetEndOfFile
OpenFileMappingA
CreateFileMappingA
MapViewOfFile
MultiByteToWideChar
FindFirstFileA
DeleteFileA
FindNextFileA
FindClose
FormatMessageA
LocalFree
FreeLibrary
GetVersionExA
CreateMutexA
LoadLibraryA
GetProcAddress
WritePrivateProfileStringA
GetTickCount
GetPrivateProfileIntA
DeviceIoControl
SetErrorMode
CreateFileA
lstrcpynA
GetDriveTypeA
GetVolumeInformationA
CreateEventA
WaitForSingleObject
CloseHandle
GetLastError
GetFileSize

user32

EnableMenuItem
GetSystemMenu
GetWindowLongA
GetDesktopWindow
SetWindowLongA
EnableWindow
IsWindow
TranslateMessage
GetWindowRect
ScreenToClient
GetParent
MoveWindow
GetClientRect
IsZoomed
IsIconic
FillRect
InvalidateRect
CheckDlgButton
SetDlgItemTextA
GetDlgItemTextA
SetFocus
ExitWindowsEx
MessageBoxA
LoadStringA
RegisterClipboardFormatA
GetActiveWindow
CreateDialogParamA
SetWindowTextA
SetWindowPos
SetForegroundWindow
SetActiveWindow
GetMessageA
PeekMessageA
IsDialogMessageA
DispatchMessageA
LoadCursorA
SetCursor
ShowWindow
EndDialog
SetTimer
CharUpperA
KillTimer
PostQuitMessage
SendMessageA
DefWindowProcA
FindWindowA
RegisterClassA
CreateWindowExA
DestroyWindow
PostMessageA
wsprintfA
GetDlgItem
GetWindowTextA
IsDlgButtonChecked
BroadcastSystemMessage
DialogBoxParamA

gdi32

StretchBlt
DeleteObject
CreateCompatibleDC
SelectObject
SetBkColor
CreateBitmap
SetTextColor
DeleteDC

advapi32

AdjustTokenPrivileges
InitializeSecurityDescriptor
SetSecurityDescriptorDacl
GetUserNameA
RegCreateKeyExA
RegSetValueExA
RegOpenKeyExA
RegQueryValueExA
RegCloseKey
OpenProcessToken
RegEnumValueA
RegDeleteValueA
RegNotifyChangeKeyValue
RegCreateKeyA
RegOpenKeyA
RegDeleteKeyA
RegQueryInfoKeyA
RegEnumKeyExA
LookupPrivilegeValueA

shell32

DragQueryFileA
SHGetMalloc
SHGetSpecialFolderLocation
SHGetPathFromIDListA
ShellExecuteA

ole32

CoInitialize
CoUninitialize
CoRevokeClassObject
CoGetMalloc
CoCreateInstance
ReleaseStgMedium
CoRegisterClassObject

Sections

.text
Size: 60KB - Virtual size: 59KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 8KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 20KB - Virtual size: 24KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 28KB - Virtual size: 48KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

25bb495f520d9c0faa30a11b9dbb77ed

Headers

File Characteristics

Imports

dlaapi_w

dlacresw

kernel32

user32

gdi32

advapi32

shell32

ole32

Sections

.text Size: 60KB - Virtual size: 59KB

.rdata Size: 8KB - Virtual size: 6KB

.data Size: 20KB - Virtual size: 24KB

.rsrc Size: 28KB - Virtual size: 48KB

.text
Size: 60KB - Virtual size: 59KB

.rdata
Size: 8KB - Virtual size: 6KB

.data
Size: 20KB - Virtual size: 24KB

.rsrc
Size: 28KB - Virtual size: 48KB