3a552c197fc7d5398adaae969e8c51ce

Sharing

Copy URL Twitter E-mail

General

Target

3a552c197fc7d5398adaae969e8c51ce
Size

80KB
MD5

3a552c197fc7d5398adaae969e8c51ce
SHA1

eceb8712f3d8f9352131ae716c82eb8d45abd6e5
SHA256

d48c673ca7f7ab2173883f1a5100e90f9777be9d0266d4c7f78da891ae731d1a
SHA512

e6fdff2fcc08a552e6e89150ecf73e9a6523a7ad209fe6d54a3a8d7abd1372010ae46989b6aefd226b7b31ee40501b8eb915d67de23a0b88bff7c4dee4207b73
SSDEEP

1536:rFuW51Y3Zu30fNR5H+OfE2Ww+0G3pFYB6vIT/0EBjE:r0WIZLH+h3XYB6vIIEBA

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
3a552c197fc7d5398adaae969e8c51ce

Files

3a552c197fc7d5398adaae969e8c51ce
.exe windows:4 windows x86 arch:x86

ff36aa4979a1721a758da63ccfffd868

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

advapi32

MakeSelfRelativeSD
CryptExportKey
GetNumberOfEventLogRecords
RegOpenKeyExA
RegRestoreKeyW
QueryServiceConfigA
ObjectOpenAuditAlarmA
RegEnumKeyW
InitiateSystemShutdownW
GetNamedSecurityInfoExW
RegDeleteKeyW
RegSetValueW
SetEntriesInAuditListW
OpenProcessToken
RegisterEventSourceA
InitializeAcl
CryptSignHashW
SetEntriesInAclA
ObjectOpenAuditAlarmW
SetNamedSecurityInfoExW
AdjustTokenGroups
GetSecurityDescriptorControl
OpenBackupEventLogW
BuildImpersonateExplicitAccessWithNameA
RegOpenKeyW
GetSecurityDescriptorSacl
GetTrusteeNameW
CryptEnumProviderTypesA
GetServiceKeyNameW
GetMultipleTrusteeW
LookupPrivilegeValueW
RegOpenKeyExW
CloseEventLog
GetOverlappedAccessResults
OpenSCManagerA
GetServiceDisplayNameW
NotifyChangeEventLog
RegFlushKey
RegUnLoadKeyW
GetTrusteeTypeW
GetSecurityInfoExW
RegLoadKeyA
GetMultipleTrusteeOperationA
CreateProcessAsUserA
RegCreateKeyW
EqualPrefixSid
GetSidSubAuthorityCount
CryptSetProvParam
DuplicateToken
OpenServiceW
LookupAccountNameW
LookupPrivilegeValueA
GetMultipleTrusteeOperationW
RegDeleteValueA
IsValidAcl
RegCreateKeyA
CryptGetDefaultProviderW
BuildTrusteeWithSidW
GetTrusteeNameA
LookupPrivilegeNameW
RegOpenKeyA
ConvertSecurityDescriptorToAccessA
SetAclInformation
RegSetValueExW
ReportEventA
AreAnyAccessesGranted
RegSetValueA
GetAuditedPermissionsFromAclA
QueryServiceLockStatusA
QueryServiceObjectSecurity
SetSecurityInfo
CreateProcessAsUserW
RevertToSelf
PrivilegedServiceAuditAlarmA
RegisterServiceCtrlHandlerW
AreAllAccessesGranted
GetEffectiveRightsFromAclA
GetPrivateObjectSecurity
SetThreadToken
GetSecurityDescriptorDacl
RegConnectRegistryW
CryptDestroyHash
CryptGenKey
BuildTrusteeWithNameA
RegQueryInfoKeyA
RegCreateKeyExW
RegSaveKeyA
OpenBackupEventLogA
RegRestoreKeyA
GetNamedSecurityInfoExA
OpenSCManagerW
SetNamedSecurityInfoW
LookupAccountSidA
GetServiceDisplayNameA
RegEnumKeyA
RegDeleteKeyA
DeleteService
BuildSecurityDescriptorA
ImpersonateLoggedOnUser
SetServiceObjectSecurity
RegQueryInfoKeyW
SetEntriesInAuditListA
BuildExplicitAccessWithNameW
ImpersonateSelf
RegUnLoadKeyA
CryptDuplicateKey
GetSidSubAuthority
QueryServiceConfigW
GetSecurityInfoExA
CryptSetKeyParam
BuildImpersonateTrusteeA
EnumDependentServicesA
MapGenericMask
DuplicateTokenEx
IsValidSecurityDescriptor
RegSetKeySecurity
OpenServiceA
SetSecurityDescriptorSacl
RegCreateKeyExA
ControlService

shlwapi

SHQueryInfoKeyW
PathFindFileNameW
PathSkipRootA
PathCompactPathExA
PathIsUNCServerShareW
StrToIntA
UrlCombineA
PathIsUNCServerShareA
PathIsRootW
PathRemoveExtensionA
StrRChrIW
UrlIsNoHistoryA
PathRelativePathToW
UrlCompareW
StrToIntExA
SHDeleteValueW
SHDeleteEmptyKeyA
StrRStrIA
SHDeleteKeyA
PathSearchAndQualifyW
SHAutoComplete
PathRenameExtensionA
StrCpyW
StrDupA
PathSearchAndQualifyA
StrRetToStrA
PathFindSuffixArrayA
SHDeleteValueA
PathMakePrettyW
AssocQueryKeyW
PathParseIconLocationW
UrlCombineW
UrlCreateFromPathA
PathIsSystemFolderA
SHSetThreadRef
PathIsUNCW
StrFormatByteSizeA
StrCatW
PathGetArgsA
StrChrIW
PathCommonPrefixW
SHDeleteKeyW
PathRemoveExtensionW
wvnsprintfW
PathFileExistsW
StrStrW
StrChrA
StrToIntExW
AssocQueryStringW
StrRetToBufW
SHRegQueryInfoUSKeyW
PathUnquoteSpacesA
ColorHLSToRGB
SHRegCreateUSKeyA
PathIsSystemFolderW
SHRegSetUSValueW
UrlGetPartA
StrChrIA
PathCompactPathA
ChrCmpIW
PathRemoveBackslashW
StrRetToStrW
PathIsPrefixA
PathGetCharTypeW
PathIsSameRootA
AssocQueryStringByKeyW
PathAppendA
wvnsprintfA
SHRegCreateUSKeyW
StrRChrA
PathFindSuffixArrayW
PathIsRelativeA
SHRegQueryUSValueA
PathMakeSystemFolderA
StrIsIntlEqualA
StrDupW
PathIsLFNFileSpecW
StrFromTimeIntervalA
StrCSpnW
PathAppendW
PathIsPrefixW
PathSkipRootW
PathFileExistsA
PathAddBackslashA
PathFindNextComponentA
SHStrDupA
StrNCatA
PathUnmakeSystemFolderA
PathIsURLA
StrPBrkW
StrTrimA
PathSetDlgItemPathW
StrCmpW
PathUndecorateA
SHRegOpenUSKeyW
PathIsLFNFileSpecA
PathUnmakeSystemFolderW
UrlHashA
SHRegEnumUSKeyA
StrFormatKBSizeA
UrlUnescapeA
PathRelativePathToA
PathStripPathA
SHGetValueA
PathUnquoteSpacesW
SHEnumKeyExW
StrSpnA
StrCatBuffW

ole32

StgIsStorageFile
StgGetIFillLockBytesOnFile
CoLoadLibrary
OleDoAutoConvert
ReadClassStg
OleRegGetMiscStatus
CreateDataAdviseHolder
StgSetTimes
CoInitializeEx
OleCreateFromData
OleCreateEmbeddingHelper
OleCreateStaticFromData
OleCreate
CoResumeClassObjects
StgCreateStorageEx
CoGetTreatAsClass
WriteClassStg
CoMarshalInterThreadInterfaceInStream
OleCreateFromFileEx
GetHookInterface
OleMetafilePictFromIconAndLabel
CoRevokeMallocSpy
CoFreeLibrary
CoUnmarshalHresult
CreatePointerMoniker
CoImpersonateClient
OleCreateLinkFromData
OleRegEnumFormatEtc
OleQueryCreateFromData
OleGetIconOfClass
ReadFmtUserTypeStg
OleDraw
OleIsCurrentClipboard
ReadOleStg
PropVariantClear
OleLoad
SetConvertStg
FreePropVariantArray
OleIsRunning
CoCreateGuid
CoDosDateTimeToFileTime
GetClassFile
ReadStringStream
GetConvertStg
OleLoadFromStream
CoQueryAuthenticationServices
OleCreateMenuDescriptor
CreateObjrefMoniker
StgOpenAsyncDocfileOnIFillLockBytes
CoRegisterSurrogate
ProgIDFromCLSID
CreateILockBytesOnHGlobal
StgOpenStorage
PropVariantCopy
OleBuildVersion
CoFileTimeToDosDateTime
StgOpenStorageEx
CoCreateInstanceEx
CoGetCurrentProcess
RegisterDragDrop
WriteClassStm
OleSaveToStream
CreateDataCache
StringFromCLSID
CoSwitchCallContext
CoInitialize
CoTaskMemRealloc
UtGetDvtd32Info
CreateAntiMoniker
CoRegisterPSClsid
OleSetContainedObject
CreateOleAdviseHolder
CoRevertToSelf
CoRegisterChannelHook
ReadClassStm
OleUninitialize
DllDebugObjectRPCHook
CoGetMarshalSizeMax
CreateItemMoniker
OleLockRunning
StgCreateDocfile
CreateGenericComposite
OleTranslateAccelerator
CoUninitialize
CoUnmarshalInterface
CreateClassMoniker
OleCreateFromDataEx
CoFileTimeNow
OleSetMenuDescriptor
SetDocumentBitStg
CoGetStandardMarshal
CoGetCallContext
CoGetInterfaceAndReleaseStream
CoBuildVersion
CoQueryReleaseObject
CoIsOle1Class
CoMarshalHresult
CoSuspendClassObjects
OleCreateLinkEx
GetHGlobalFromILockBytes
OleSave
IIDFromString
OleCreateLinkFromDataEx
GetRunningObjectTable
UtGetDvtd16Info
BindMoniker

user32

GetListBoxInfo
DdeCreateStringHandleA
LoadMenuIndirectA
LoadCursorFromFileW
IsCharLowerA
GetUpdateRect
IsDialogMessageA
SetShellWindow
CharNextW
GetCaretPos
SetSysColors
DdeQueryConvInfo
CloseDesktop
GetNextDlgTabItem
RemovePropW
BeginDeferWindowPos
ToAsciiEx
CharPrevA
EnumDesktopWindows
CreateIconFromResourceEx
SetWindowsHookExA
SetScrollPos
SetDoubleClickTime
LoadBitmapW
DdeCreateDataHandle
UnregisterClassW
EnumPropsW
IsChild
GetMessageA
LookupIconIdFromDirectoryEx
UnregisterClassA
GetGuiResources
DragObject
GetWindowModuleFileNameA
MessageBoxW
GetCursorInfo
RegisterClassA
FrameRect
GetDoubleClickTime
CharToOemBuffW
SetWindowTextA
TranslateAcceleratorW
MessageBoxIndirectA
IsWindow
TrackPopupMenu
ShowWindowAsync
GetKeyboardLayout
TileWindows
RegisterClassW
ChangeDisplaySettingsW
GetCaretBlinkTime
CreateIcon
DrawStateA
SetCapture
DefDlgProcA
DdeKeepStringHandle
SetClassLongA
SendMessageCallbackA
SetFocus
EnumDisplaySettingsExW
CharPrevExA
GetScrollPos
CharNextA
AttachThreadInput
ReuseDDElParam
RegisterWindowMessageW
DlgDirListW
DrawFrame
EnumWindowStationsW
MapVirtualKeyExA
MenuItemFromPoint
ChangeClipboardChain
DdeSetUserHandle
DdeAccessData
CreateDialogParamA
UnregisterDeviceNotification
DdeConnect
InsertMenuItemW
EndTask
InsertMenuW
GetAncestor
CharToOemW
GetSystemMetrics
DialogBoxIndirectParamW
IsZoomed
GrayStringW
DdeNameService
AppendMenuW
DispatchMessageA
TabbedTextOutA
PostQuitMessage
WINNLSGetIMEHotkey
GetClassInfoExW
EnumDisplaySettingsA
CheckDlgButton
GetClipboardFormatNameA
GetClipCursor
CharNextExA
PtInRect
SendMessageTimeoutA
DdePostAdvise
CreateWindowExA
VkKeyScanExA
GetWindowThreadProcessId
DlgDirListComboBoxA
CreateMenu
SetMenuContextHelpId
SwapMouseButton
CreateDesktopA
SetForegroundWindow
RedrawWindow
PostMessageA
EndDialog
DrawTextExW
DdeGetLastError
SetWindowPlacement
ImpersonateDdeClientWindow
GetWindowContextHelpId
HideCaret
GetMenuContextHelpId
DestroyMenu
GetClassInfoW
ExcludeUpdateRgn
FindWindowExW
OemToCharA
CreateWindowStationW
GetPriorityClipboardFormat
DestroyAcceleratorTable

kernel32

FindNextFileA
GetModuleFileNameA
GetConsoleCursorInfo
GetACP
ReadConsoleInputA
SetThreadContext
ScrollConsoleScreenBufferW
ReadFileEx
FileTimeToLocalFileTime
FindFirstFileExA
OutputDebugStringA
WriteConsoleInputW
WaitForSingleObjectEx
FillConsoleOutputAttribute
GetSystemPowerStatus
UpdateResourceW
MultiByteToWideChar
DebugBreak
GetFileTime
EnumTimeFormatsW
GetPriorityClass
CreateFileMappingA
MapViewOfFileEx
GetVersionExA
CreateDirectoryW
MoveFileExW
ReadConsoleInputW
GetDiskFreeSpaceExA
LoadLibraryW
GetProfileSectionW
GlobalFlags
FindResourceW
lstrcpyn
SignalObjectAndWait
FindAtomA
CreateEventA
GetNamedPipeHandleStateW
GetFileAttributesExA
GetConsoleScreenBufferInfo
SetEnvironmentVariableW
GetProfileIntW
FindCloseChangeNotification
SetProcessShutdownParameters
GetSystemTime
CreateThread
IsValidCodePage
EnumResourceLanguagesA
GetThreadLocale
SetErrorMode
Toolhelp32ReadProcessMemory
GetSystemDirectoryA
WriteProfileSectionA
VirtualAllocEx
LocalFree
SetVolumeLabelA
BuildCommDCBAndTimeoutsW
GetCompressedFileSizeA
GlobalAddAtomA
CreateNamedPipeA
GetWindowsDirectoryA
OutputDebugStringW
EnumSystemLocalesA
TlsGetValue
ResetWriteWatch
RemoveDirectoryW
IsSystemResumeAutomatic
WriteFile
FindNextFileW
SetUnhandledExceptionFilter
OpenEventW
WritePrivateProfileStructW
TlsFree
VerLanguageNameW
SetConsoleScreenBufferSize
VirtualProtect
GlobalMemoryStatus
FindResourceA
IsBadCodePtr
IsBadStringPtrA
SetConsoleTextAttribute
SetFileApisToOEM
GetTempFileNameW
CreateMutexA
LockFileEx
LocalAlloc
PurgeComm
ReadFile
SetThreadIdealProcessor
SetThreadPriority
PulseEvent
ResumeThread
lstrcatA
LoadLibraryExW
GetHandleInformation
GetFullPathNameW
SetVolumeLabelW
InitAtomTable
GetPrivateProfileStructA
HeapValidate
GetLastError
GetCalendarInfoW
EnumDateFormatsW
GlobalLock
SetFileApisToANSI
VirtualQuery
ReadDirectoryChangesW
LoadModule
SetEvent
SetThreadExecutionState
IsValidLocale
GetQueuedCompletionStatus
FreeResource
SetConsoleCursorInfo
CreateTapePartition
Module32Next
GetNamedPipeHandleStateA
DebugActiveProcess
BackupRead
VirtualAlloc
FileTimeToSystemTime
WaitNamedPipeW
GetProcessHeap

Sections

.text
Size: 62KB - Virtual size: 61KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 16KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

ff36aa4979a1721a758da63ccfffd868

Headers

DLL Characteristics

File Characteristics

Imports

advapi32

shlwapi

ole32

user32

kernel32

Sections

.text Size: 62KB - Virtual size: 61KB

.rdata Size: 16KB - Virtual size: 16KB

.data Size: 512B - Virtual size: 4KB

.text
Size: 62KB - Virtual size: 61KB

.rdata
Size: 16KB - Virtual size: 16KB

.data
Size: 512B - Virtual size: 4KB