28e86f74aaa0f2a154c4fae59630dc59

Sharing

Copy URL Twitter E-mail

General

Target

28e86f74aaa0f2a154c4fae59630dc59
Size

187KB
MD5

28e86f74aaa0f2a154c4fae59630dc59
SHA1

ea9bf32b8d28b496f7f76a19b817b3a505b96113
SHA256

02b836328eb9bcfddcce4ed4cf30ffe28f6292bf1c6b66d635fc88cdf30afb4a
SHA512

0692a593328ffdb4b0dee39ba8918d665d15ea7d8b19b3cf9f489a519ee890070c4b2f57d2770c93d6681964a08938b8e1f7cddd654d9c3eab3b9b26a50adf99
SSDEEP

3072:Dym/vGo93agMOgwkancsgb0KJzRrQA1KRI41up5Pil9cdruKWi6tF5oFmPdsiRPE:Dym/eo93TgCncBTJzRriRIGupBiswKWC

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
28e86f74aaa0f2a154c4fae59630dc59

Files

28e86f74aaa0f2a154c4fae59630dc59
.exe windows:4 windows x86 arch:x86

2a4240a038f9da21a5abc8de90011c28

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

wtsapi32

WTSUnRegisterSessionNotification
WTSRegisterSessionNotification

ws2_32

WSALookupServiceBeginW
WSALookupServiceEnd
WSANSPIoctl
freeaddrinfo
getaddrinfo
WSAIoctl
WSALookupServiceNextW

verifier

VerifierSetFlags

shlwapi

PathRemoveFileSpecW

version

VerQueryValueW
GetFileVersionInfoSizeW
GetFileVersionInfoW

winmm

waveOutReset
waveOutSetVolume
waveOutClose
waveOutOpen
waveOutPrepareHeader
waveOutUnprepareHeader
waveOutWrite
waveOutGetPitch
waveOutGetVolume

advapi32

CredGetSessionTypes
CredDeleteW
RegCreateKeyW
RegOpenKeyExW
RegOpenKeyA
RegCreateKeyExW
RegFlushKey
GetUserNameW
RegDeleteValueA
RegOpenKeyExA
RegQueryInfoKeyA
GetSecurityDescriptorLength
GetUserNameA
RegEnumValueW
RegDeleteValueW
RegSetValueExW
TraceMessage
CredFree
CredUnmarshalCredentialW
GetTraceEnableFlags
CryptReleaseContext
GetFileSecurityW
RegQueryValueExA
RegEnumKeyExW
RegisterTraceGuidsW
GetTraceLoggerHandle
RegCreateKeyExA
CredWriteDomainCredentialsW
CredWriteW
UnregisterTraceGuids
RegQueryValueExW
SetFileSecurityW
RegOpenKeyW
CryptAcquireContextW
RegQueryInfoKeyW
CredReadDomainCredentialsW
RegCloseKey
GetTraceEnableLevel
RegEnumKeyExA
RegDeleteKeyW
RegSetValueExA
CredReadW
CryptGenRandom
RegConnectRegistryW

crypt32

CertGetEnhancedKeyUsage
CertGetCertificateContextProperty
CertGetNameStringW
CryptMsgUpdate
CertGetCertificateChain
CertAddCertificateContextToStore
CryptDecodeObject
CryptMsgOpenToDecode
CertOpenStore
CertFreeCertificateChain
CryptVerifyDetachedMessageSignature
CryptMsgClose
CertVerifySubjectCertificateContext
CryptProtectData
CryptBinaryToStringW
CertDuplicateCertificateChain
CertVerifyCertificateChainPolicy
CertCreateCertificateContext
CertFindExtension
CryptSignMessage
CertDuplicateCertificateContext
CertCompareCertificate
CryptStringToBinaryW
CertFreeCertificateContext
CertFindCertificateInStore
CertCloseStore

kernel32

AddAtomA
BackupRead
VirtualAlloc
GetLastError

user32

DefDlgProcW
IsZoomed
InflateRect
RegisterHotKey
GetKeyboardLayout
GetLastActivePopup
EmptyClipboard
wsprintfW
GetWindowLongW
GetWindowThreadProcessId
FlashWindow
SetScrollInfo
IsChild
GetCursorPos
CreateCursor
GetMonitorInfoW
RegisterClassExW
IsWindowVisible
SetWindowLongW
GetWindowDC
CallNextHookEx
GetParent
DestroyWindow
SystemParametersInfoW
GetWindowTextW
SetWindowRgn
MoveWindow
GetClipboardFormatNameW
PostThreadMessageW
CountClipboardFormats
CloseClipboard
DialogBoxParamW
SetCursorPos
SetCursor
DestroyCursor
AttachThreadInput
CharPrevW
DestroyIcon
GetSysColor
RegisterWindowMessageW
GetDesktopWindow
SetParent
GetRawInputData
EndPaint
CopyRect
PtInRect
EnumPropsA
ClientToScreen
IsClipboardFormatAvailable
OffsetRect
DispatchMessageW
ReleaseDC
SetClipboardData
IsWindowEnabled
GetLastInputInfo
ChangeClipboardChain
DlgDirListW
DestroyAcceleratorTable
GetKeyboardState
SetActiveWindow
RegisterClassW
EndDialog
LoadCursorW
SetCapture
BeginDeferWindowPos
GetKeyboardLayoutNameA
GetMessageW
SetFocus
SetTimer
GetActiveWindow
SetWindowPlacement
GetClassNameW
GetWindowPlacement
UpdateWindow
GetClassInfoW
LoadStringW
UnhookWindowsHookEx
CallWindowProcW
GetDC
FillRect
MessageBeep
GetClipboardViewer
EqualRect
RegisterClipboardFormatW
CreateIconIndirect
ShowCursor
SetDlgItemTextW
LoadImageW
PostQuitMessage
CreateWindowExW
GetWindowRect
GetKeyboardType
FindWindowExW
keybd_event
SetScrollPos
GetForegroundWindow
SendMessageW
DefWindowProcW
CheckDlgButton
IsIconic
GetClientRect
CharLowerW
UnregisterDeviceNotification
DeferWindowPos
GetSystemMenu
LockWindowUpdate
GetCapture
PostMessageW
SetRect
GetKeyState
SetForegroundWindow
CharNextW
InvalidateRect
GetClassInfoExW
EnumClipboardFormats
GetSystemMetrics
BeginPaint
FindWindowW
SetRectEmpty
OpenClipboard
GetAsyncKeyState
CloseWindow
SetWindowTextW
CopyIcon
PeekMessageW
ShowScrollBar
UnregisterHotKey
MapVirtualKeyW
DrawTextW
MapWindowPoints
SystemParametersInfoA
UnionRect
EndDeferWindowPos
GetFocus
BringWindowToTop
KillTimer
SetClipboardViewer
RedrawWindow
RegisterRawInputDevices
SendInput
IsWindow
ScreenToClient
RegisterDeviceNotificationW
SetWindowPos
MsgWaitForMultipleObjectsEx
GetClipboardData
SetWindowsHookExW
EnableMenuItem
GetWindow
MonitorFromWindow
AdjustWindowRect
ReleaseCapture
GetDlgItem
IntersectRect
GetGUIThreadInfo
ShowWindow
GetMessageExtraInfo
UnregisterClassW
GetKeyboardLayoutNameW
IsDlgButtonChecked
EnableWindow
GetSysColorBrush
LoadIconW

iphlpapi

GetBestInterfaceEx

netapi32

NetApiBufferFree
NetGetJoinInformation

cryptui

CryptUIDlgViewCertificateW

shell32

Shell_NotifyIconW
DragQueryFileW
ExtractIconW
SHFileOperationW
SHAppBarMessage

wininet

InternetGetCookieW

secur32

GetUserNameExW
AcquireCredentialsHandleW
InitializeSecurityContextW
EncryptMessage
QuerySecurityPackageInfoW
FreeCredentialsHandle
DeleteSecurityContext
FreeContextBuffer
DecryptMessage

msimg32

GradientFill

setupapi

SetupDiEnumDeviceInterfaces
SetupDiGetDeviceRegistryPropertyW
SetupDiOpenClassRegKeyExW
SetupDiCreateDeviceInfoList
SetupDiOpenDeviceInfoW
SetupDiGetClassDevsW
SetupDiOpenDevRegKey
SetupDiGetDeviceInstanceIdW
SetupDiGetDeviceInterfaceDetailW
SetupDiDestroyDeviceInfoList
SetupDiEnumDeviceInfo

urlmon

CopyStgMedium

credui

CredUIPromptForCredentialsW
CredUIParseUserNameW

rpcrt4

IUnknown_Release_Proxy
CStdStubBuffer_CountRefs
NdrOleFree
NdrCStdStubBuffer_Release
CStdStubBuffer_DebugServerRelease
MesHandleFree
MesEncodeDynBufferHandleCreate
CStdStubBuffer_Invoke
CStdStubBuffer_DebugServerQueryInterface
NdrMesTypeEncode2
CStdStubBuffer_QueryInterface
MesDecodeBufferHandleCreate
IUnknown_QueryInterface_Proxy
NdrOleAllocate
CStdStubBuffer_AddRef
CStdStubBuffer_Disconnect
CStdStubBuffer_IsIIDSupported
NdrDllUnregisterProxy
NdrDllCanUnloadNow
CStdStubBuffer_Connect
IUnknown_AddRef_Proxy
NdrMesTypeFree2
NdrDllGetClassObject
NdrMesTypeDecode2
NdrDllRegisterProxy

ole32

CoTaskMemRealloc
CoCreateInstance
CoInitialize
ReleaseStgMedium
CoGetMalloc
OleUninitialize
OleInitialize
OleLoadFromStream
WriteClassStm
OleRegGetMiscStatus
OleRegGetUserType
OleSetClipboard
OleIsCurrentClipboard
StringFromCLSID
CLSIDFromString
OleRegEnumVerbs
CreateOleAdviseHolder
CoUninitialize
CoTaskMemAlloc
CoTaskMemFree
OleGetClipboard
CoInitializeEx
CreateDataAdviseHolder
OleSaveToStream

Sections

.text
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 43KB - Virtual size: 1.9MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 10KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 28B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.rdata
Size: 13KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 383KB - Virtual size: 382KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

2a4240a038f9da21a5abc8de90011c28

Headers

DLL Characteristics

File Characteristics

Imports

wtsapi32

ws2_32

verifier

shlwapi

version

winmm

advapi32

crypt32

kernel32

user32

iphlpapi

netapi32

cryptui

shell32

wininet

secur32

msimg32

setupapi

urlmon

credui

rpcrt4

ole32

Sections

.text Size: 1KB - Virtual size: 1KB

.data Size: 43KB - Virtual size: 1.9MB

.idata Size: 10KB - Virtual size: 10KB

.reloc Size: 512B - Virtual size: 28B

.rdata Size: 13KB - Virtual size: 12KB

.rsrc Size: 383KB - Virtual size: 382KB

.text
Size: 1KB - Virtual size: 1KB

.data
Size: 43KB - Virtual size: 1.9MB

.idata
Size: 10KB - Virtual size: 10KB

.reloc
Size: 512B - Virtual size: 28B

.rdata
Size: 13KB - Virtual size: 12KB

.rsrc
Size: 383KB - Virtual size: 382KB