44cb35d061efba9085577725f4f80853

Sharing

Copy URL Twitter E-mail

General

Target

44cb35d061efba9085577725f4f80853
Size

449KB
MD5

44cb35d061efba9085577725f4f80853
SHA1

bdef950b0fdb428fc71cf11f843ea7cae9e904b0
SHA256

f96a393c40dcab70f73d4cb0ff4c2ec03debd2e83da154ffef9e44963ec7b026
SHA512

e274e362974d5d7b01c8a6af0fc62aa45be6b481f247c520b33e8f03590e3861c3133ec9fe5985dd9f014957f4b6ca0504a10348d01a309395191b7fb62c4e21
SSDEEP

12288:vEJECrtGzpjn+oZD2wPZT/oQB9y0iz0cXe/F:IECroz2wx7oO9y0izJXe/

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
44cb35d061efba9085577725f4f80853

Files

44cb35d061efba9085577725f4f80853
.exe windows:4 windows x86 arch:x86

a6c8e5f27b9eb7b853a59ceb3d7d63b1

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

gdi32

GetDeviceCaps
DeleteObject
CreateFontIndirectW

crypt32

CertGetCRLFromStore
CertFindCTLInStore
CertSetCertificateContextProperty
CertAddCertificateContextToStore
CryptMsgUpdate
CryptFindLocalizedName
CertDeleteCRLFromStore
CertFreeCRLContext
CertDeleteCTLFromStore
CertOpenStore
CryptMsgGetParam
CertGetCertificateChain
CertCloseStore
CryptDecodeObject
CertDuplicateCertificateContext
CertDuplicateCRLContext
CertEnumPhysicalStore
CertEnumSystemStore
CertFindExtension
CertGetCertificateContextProperty
CryptFindCertificateKeyProvInfo
CryptQueryObject
CertGetCTLContextProperty
CryptEnumOIDInfo
CertAddCRLContextToStore
CryptMsgEncodeAndSignCTL
CertControlStore
CertGetEnhancedKeyUsage
CertCompareCertificate
CertGetSubjectCertificateFromStore
CertFreeCTLContext
CertFreeCertificateChain
CertEnumCertificatesInStore
CertDuplicateCTLContext
CertEnumCTLsInStore
CertEnumCRLsInStore
CertFreeCertificateContext
CertAddSerializedElementToStore
CertAddCTLContextToStore
CertGetNameStringW
CryptMsgClose
CertDeleteCertificateFromStore
CryptUnregisterOIDInfo
CertAddEncodedCTLToStore
CertGetStoreProperty
CryptMsgOpenToDecode
CertAddStoreToCollection
CertFindCertificateInStore
CryptFindOIDInfo
CertNameToStrW

advpack

AdvInstallFile

user32

WinHelpW
GetDC
SetWindowsHookExW
ShowWindow
MessageBoxW
GetMenu
wsprintfW
RegisterClipboardFormatW
PostMessageW
EnumPropsA
GetWindowRect
GetCursorPos
EnableMenuItem
GetSystemMetrics
LoadStringW
GetParent
EnableWindow
DrawStateA
SendMessageW
GetSubMenu
DlgDirListA
SetMenu
GetWindowLongW
SystemParametersInfoW
GetDlgCtrlID
LoadMenuW
CallNextHookEx
InvalidateRect
LoadBitmapW
GetDlgItem
GetSysColor
GetClientRect
SetWindowTextW
DestroyIcon
UnhookWindowsHookEx
ScreenToClient
ChildWindowFromPointEx
SetWindowLongW

wintrust

WTHelperGetFileHash

certcli

CAFreeCertTypeProperty
CAGetCAProperty
CAGetCertTypeProperty
CAEnumNextCertType
CACountCAs
CAFindCertTypeByName
CACloseCertType
CACloseCA
CAGetCertTypePropertyEx
CAGetCertTypeFlags
CAFreeCAProperty
CAGetCACertificate
CAGetCertTypeExtensions
CAEnumNextCA
CAEnumFirstCA
CAEnumCertTypes

ntdsapi

DsUnBindW
DsCrackNamesW
DsBindW
DsFreeNameResultW

kernel32

GetUserDefaultLangID
TerminateProcess
GetSystemTimeAsFileTime
GlobalFree
InterlockedDecrement
GetWindowsDirectoryW
GlobalLock
GetFileSizeEx
InitializeCriticalSection
GetSystemWindowsDirectoryW
GetModuleHandleW
CreateEventW
SetEvent
ResetEvent
LoadLibraryA
GetSystemTime
FileTimeToSystemTime
CloseHandle
LeaveCriticalSection
GetTimeFormatW
LoadLibraryW
CreateFileW
MapViewOfFileEx
SetUnhandledExceptionFilter
GetCommandLineW
lstrlenW
DeleteCriticalSection
WaitForSingleObject
GetFileTime
CreateFileMappingW
MultiByteToWideChar
VirtualAlloc
FreeLibrary
LocalAlloc
GetModuleFileNameW
SystemTimeToFileTime
GetModuleHandleA
OpenEventW
GetShortPathNameW
lstrcmpiW
EnterCriticalSection
GetTickCount
UnmapViewOfFile
FileTimeToLocalFileTime
GetVersionExW
OutputDebugStringA
GetCurrentProcessId
ReadFile
GetCurrentProcess
FindResourceW
InterlockedIncrement
CompareStringW
LoadResource
GlobalUnlock
GetCurrentThreadId
IsBadWritePtr
GlobalAlloc
GetFileSize
IsBadReadPtr
GetProcAddress
lstrcpynW
LocalFree
lstrcpyW
GetDateFormatW
UnhandledExceptionFilter
SetLastError
MapViewOfFile
CompareFileTime
FormatMessageW
QueryPerformanceCounter
GetLastError
GetComputerNameExW

version

GetFileVersionInfoSizeW
VerQueryValueW
GetFileVersionInfoW

Sections

.text
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 108KB - Virtual size: 1.8MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 6KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 267KB - Virtual size: 267KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rdata
Size: 65KB - Virtual size: 64KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 28B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

a6c8e5f27b9eb7b853a59ceb3d7d63b1

Headers

DLL Characteristics

File Characteristics

Imports

gdi32

crypt32

advpack

user32

wintrust

certcli

ntdsapi

kernel32

version

Sections

.text Size: 1KB - Virtual size: 1KB

.data Size: 108KB - Virtual size: 1.8MB

.idata Size: 6KB - Virtual size: 5KB

.rsrc Size: 267KB - Virtual size: 267KB

.rdata Size: 65KB - Virtual size: 64KB

.reloc Size: 512B - Virtual size: 28B

.text
Size: 1KB - Virtual size: 1KB

.data
Size: 108KB - Virtual size: 1.8MB

.idata
Size: 6KB - Virtual size: 5KB

.rsrc
Size: 267KB - Virtual size: 267KB

.rdata
Size: 65KB - Virtual size: 64KB

.reloc
Size: 512B - Virtual size: 28B