388950a33049416e34a66284a233d006

Sharing

Copy URL Twitter E-mail

General

Target

388950a33049416e34a66284a233d006
Size

455KB
MD5

388950a33049416e34a66284a233d006
SHA1

fd1e46c828410013d638a25b4803c88b12cf3cbc
SHA256

fcecb7e69736c9c48144d6a676953750fe2fd03351b4e3076a190331c8545875
SHA512

33badec7688260946e066a6f247aebac15e1700556527d049e011ab109cdb79aff22b8b1d9336033b794f12ba1f892ff06142404ebe9283d5ccf782f772af937
SSDEEP

12288:+Q4fA7T44pVktXB+DKu6MzcSC53SHoL8GAwGTW/Xl2LWuzg/qtXagjU:ctX5u6o0CH+1IX

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
388950a33049416e34a66284a233d006

Files

388950a33049416e34a66284a233d006
.exe windows:4 windows x86 arch:x86

fa536b8050aae41dfa4e31e99e8987a7

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

ntdll

RtlAdjustPrivilege
NtAllocateVirtualMemory

user32

EnableWindow
PeekMessageW
SetDlgItemTextW
CreateDialogParamW
UpdateWindow
ShowWindow
SetWindowPos
SendDlgItemMessageW
OemToCharA
CharPrevW
EndDialog
ExitWindowsEx
GetDlgItem
CharNextW
GetWindowRect
DialogBoxParamW
CharUpperW
IsWindow
GetDC
CharNextA
GetSystemMetrics
MsgWaitForMultipleObjects
DestroyWindow
LoadStringW
MessageBeep
DispatchMessageW
SendMessageW
SetWindowTextW
GetDesktopWindow
ReleaseDC
GetDlgItemTextW
MessageBoxW

advapi32

BuildTrusteeWithNameA
RegEnumKeyW
AdjustTokenPrivileges
RegQueryInfoKeyW
CreateServiceW
RegOpenKeyExA
AllocateAndInitializeSid
OpenProcessToken
RegOpenKeyExW
RegSetValueW
LookupPrivilegeValueW
RegCloseKey
CredRenameW
CancelOverlappedAccess
ConvertSidToStringSidA
RegLoadKeyW
EqualSid
RegSetValueExW
RegQueryValueExW
RegSaveKeyW
ControlTraceA
RegQueryValueExA
RegUnLoadKeyW
RegCreateKeyExW

shlwapi

PathFileExistsW
PathAddBackslashW
PathBuildRootW
PathRemoveFileSpecW
StrChrW
PathAppendW
StrStrIW
StrRChrW
PathCombineW

gdi32

CreateFontIndirectW
GetObjectW
GetDeviceCaps
DeleteObject
GetStockObject

version

VerQueryValueW
GetFileVersionInfoW
GetFileVersionInfoSizeW

setupapi

SetupFindNextLine
SetupDefaultQueueCallbackW
SetupInitDefaultQueueCallbackEx
SetupSetDirectoryIdW
SetupOpenInfFileW
SetupFindFirstLineW
SetupOpenAppendInfFileW
SetupCloseFileQueue
SetupGetStringFieldW
SetupQueueCopyW
SetupTermDefaultQueueCallback
SetupInstallFromInfSectionW
SetupGetLineTextW
SetupOpenFileQueue
SetupCommitFileQueueW
SetupCloseInfFile

ole32

CoTaskMemFree
OleInitialize
OleUninitialize

kernel32

FindFirstFileW
GetProcAddress
GetWindowsDirectoryW
GetSystemInfo
GetSystemTimeAsFileTime
LocalAlloc
Sleep
SetLastError
RtlUnwind
WideCharToMultiByte
GetFullPathNameW
SetFileTime
UnhandledExceptionFilter
DeleteFileW
InterlockedExchange
MapViewOfFileEx
LocalFree
CopyFileW
FindResourceExW
CreateProcessW
SizeofResource
GetPrivateProfileIntW
GetPrivateProfileStringW
GetCurrentProcessId
WriteFile
GetFileSize
GetTickCount
MapViewOfFile
WritePrivateProfileSectionW
GetFileTime
GetProfileStringW
GetCurrentThreadId
CreateFileMappingW
QueryPerformanceCounter
GetTempFileNameW
GetUserDefaultUILanguage
MultiByteToWideChar
lstrlenA
LoadResource
GetStartupInfoA
WritePrivateProfileStringW
lstrcmpiW
GetShortPathNameW
SetFilePointer
SetUnhandledExceptionFilter
MoveFileExW
GetDriveTypeW
MoveFileW
UnmapViewOfFile
CompareStringW
EnumResourceLanguagesW
GetTempPathW
GetCurrentProcess
GetModuleFileNameW
GetDiskFreeSpaceW
TerminateProcess
GetEnvironmentVariableW
LockResource
GetSystemDirectoryW
lstrlenW
FindResourceW
LoadLibraryExW
GetFileAttributesW
CreateFileW
GetVolumeInformationW
GetLastError
DisableThreadLibraryCalls
RemoveDirectoryW
CloseHandle
ReadFile
LocalReAlloc
LoadLibraryW
SetFileAttributesW
InterlockedCompareExchange
lstrcmpW
GetLocalTime
FindNextFileW
SearchPathW
FormatMessageW
GetVersionExW
lstrcmpiA
ExpandEnvironmentStringsW
CreateDirectoryW
GetSystemDefaultUILanguage
MulDiv
GetPrivateProfileSectionW
FreeLibrary

rpcrt4

RpcStringFreeW

msvcrt

_adjust_fdiv
_wcsnicmp
_setjmp3
memset
_initterm
_XcptFilter
malloc
_wcsicmp
_amsg_exit
free
bsearch
longjmp
_vsnprintf
_ultow
memcpy
_wtol
_vsnwprintf
_wtoi
memmove

Sections

.text
Size: 11KB - Virtual size: 10KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 434KB - Virtual size: 433KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 936KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 36B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

fa536b8050aae41dfa4e31e99e8987a7

Headers

File Characteristics

Imports

ntdll

user32

advapi32

shlwapi

gdi32

version

setupapi

ole32

kernel32

rpcrt4

msvcrt

Sections

.text Size: 11KB - Virtual size: 10KB

.rsrc Size: 434KB - Virtual size: 433KB

.data Size: 4KB - Virtual size: 936KB

.reloc Size: 512B - Virtual size: 36B

.rdata Size: 4KB - Virtual size: 4KB

.text
Size: 11KB - Virtual size: 10KB

.rsrc
Size: 434KB - Virtual size: 433KB

.data
Size: 4KB - Virtual size: 936KB

.reloc
Size: 512B - Virtual size: 36B

.rdata
Size: 4KB - Virtual size: 4KB