507e379f2f82682151b099b0f916023aba54110b4a7096f89c72538132f05489

Sharing

Copy URL Twitter E-mail

General

Target

507e379f2f82682151b099b0f916023aba54110b4a7096f89c72538132f05489
Size

1.2MB
MD5

801fafa4e6ef5fdb718cdd67e6764052
SHA1

d7345fc2afbd0b19276127b109ee149a5fb6286c
SHA256

507e379f2f82682151b099b0f916023aba54110b4a7096f89c72538132f05489
SHA512

116a4b12a9c335976853381da70d3640d66070840473f169053cf56a51737a9ed5c0229273f9437a66aa45d8f0d462881d116f2ea19d64fe4cbafc9e2ebf0984
SSDEEP

24576:AuLJMqDo90AMA9X0DWt/xRUPC5DhMmiedYWEt22mtgeMPvBqVaybVpxf15i6:Auxo90ApeaJRUPCzMedYWEEtgKVaEBfT

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
507e379f2f82682151b099b0f916023aba54110b4a7096f89c72538132f05489

Files

507e379f2f82682151b099b0f916023aba54110b4a7096f89c72538132f05489
.exe windows:6 windows x86 arch:x86

828a446b68271e5f00cbb8c04ca1d03f

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

shlwapi

PathIsDirectoryW

kernel32

CreateFileA
FlushFileBuffers
InitializeCriticalSectionEx
RaiseException
DecodePointer
DeleteCriticalSection
LocalFree
CreateEventW
SetEvent
ResetEvent
GetFileSize
OpenEventW
GetFileAttributesW
GetFileAttributesExW
FormatMessageA
HeapSize
SetStdHandle
GetProcessHeap
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineW
CreateFileW
WriteFile
CallNamedPipeW
ReadFile
OutputDebugStringW
GetExitCodeProcess
lstrcmpiW
CreateProcessW
SetCurrentDirectoryW
Process32FirstW
GetCurrentThread
Process32NextW
GetLastError
CreateToolhelp32Snapshot
OpenProcess
DuplicateHandle
TerminateProcess
SetThreadAffinityMask
CloseHandle
ReleaseMutex
WaitForSingleObject
CreateMutexW
FreeLibrary
GetSystemDirectoryW
GetModuleFileNameW
GetTickCount
WideCharToMultiByte
GetSystemInfo
GetNativeSystemInfo
MultiByteToWideChar
GetModuleHandleA
OutputDebugStringA
GetCommandLineA
GetOEMCP
GetACP
IsValidCodePage
HeapReAlloc
EnumSystemLocalesW
GetUserDefaultLCID
IsValidLocale
GetTimeFormatW
GetDateFormatW
GetConsoleCP
GetModuleHandleExW
ExitThread
RtlUnwind
CreateTimerQueue
UnregisterWaitEx
QueryDepthSList
InterlockedFlushSList
InterlockedPushEntrySList
InterlockedPopEntrySList
ReleaseSemaphore
VirtualFree
VirtualProtect
GetTimeZoneInformation
ReadConsoleW
GetConsoleMode
GetFileType
HeapAlloc
HeapFree
GetStdHandle
ExitProcess
DeleteFileW
RemoveDirectoryW
SetEnvironmentVariableW
GetCurrentProcess
GetProcAddress
LoadLibraryW
Sleep
WriteConsoleW
FormatMessageW
FindClose
FindFirstFileExW
FindNextFileW
SetEndOfFile
SetFilePointerEx
EnterCriticalSection
LeaveCriticalSection
TryEnterCriticalSection
GetCurrentThreadId
QueryPerformanceCounter
SetLastError
InitializeCriticalSectionAndSpinCount
SwitchToThread
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
GetSystemTimeAsFileTime
GetModuleHandleW
EncodePointer
CompareStringW
LCMapStringW
GetLocaleInfoW
GetStringTypeW
GetCPInfo
WaitForSingleObjectEx
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsProcessorFeaturePresent
IsDebuggerPresent
GetStartupInfoW
GetCurrentProcessId
InitializeSListHead
SignalObjectAndWait
CreateThread
SetThreadPriority
GetThreadPriority
GetLogicalProcessorInformation
CreateTimerQueueTimer
ChangeTimerQueueTimer
DeleteTimerQueueTimer
GetNumaHighestNodeNumber
GetProcessAffinityMask
RegisterWaitForSingleObject
UnregisterWait
GetThreadTimes
FreeLibraryAndExitThread
LoadLibraryExW
GetVersionExW
VirtualAlloc

user32

DispatchMessageW
MessageBoxA
GetMessageW
TranslateMessage

advapi32

SetSecurityDescriptorDacl
RegQueryValueExW
RegOpenKeyExA
GetAce
EqualSid
AllocateAndInitializeSid
SetNamedSecurityInfoW
GetNamedSecurityInfoW
DeleteAce
FreeSid
BuildTrusteeWithSidW
RegDeleteKeyW
RegEnumKeyExW
RegCreateKeyExW
RegOpenKeyExW
RegNotifyChangeKeyValue
RegCloseKey
RegQueryInfoKeyW
RegQueryValueExA
RegSetValueExW
RegQueryInfoKeyA
InitializeSecurityDescriptor

shell32

SHCreateDirectoryExW

ole32

CoCreateInstance
CLSIDFromProgID
CoInitializeEx
StringFromCLSID
CoTaskMemFree
CoRegisterClassObject
CoRevokeClassObject
CoUninitialize

oleaut32

LoadTypeLibEx
SysAllocString
VariantInit
SafeArrayPutElement
SafeArrayCreateVector
SysFreeString
LoadTypeLi
SysAllocStringLen
SafeArrayDestroy
SafeArrayUnaccessData
SafeArrayCreate
SafeArrayAccessData
VariantClear
SysStringLen
UnRegisterTypeLi

winusb

WinUsb_QueryInterfaceSettings
WinUsb_WritePipe
WinUsb_QueryPipe
WinUsb_Free
WinUsb_Initialize

setupapi

SetupDiGetDeviceInterfaceDetailW
SetupDiGetClassDevsW
SetupDiEnumDeviceInfo
SetupDiEnumDeviceInterfaces
SetupDiDestroyDeviceInfoList

hid

HidD_FlushQueue
HidD_GetAttributes
HidD_GetHidGuid

Sections

.text
Size: 619KB - Virtual size: 619KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 154KB - Virtual size: 154KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 11KB - Virtual size: 79KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 428KB - Virtual size: 628KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

828a446b68271e5f00cbb8c04ca1d03f

Headers

DLL Characteristics

File Characteristics

Imports

shlwapi

kernel32

user32

advapi32

shell32

ole32

oleaut32

winusb

setupapi

hid

Sections

.text Size: 619KB - Virtual size: 619KB

.rdata Size: 154KB - Virtual size: 154KB

.data Size: 11KB - Virtual size: 79KB

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 428KB - Virtual size: 628KB

.text
Size: 619KB - Virtual size: 619KB

.rdata
Size: 154KB - Virtual size: 154KB

.data
Size: 11KB - Virtual size: 79KB

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 428KB - Virtual size: 628KB