ab8ce8b98d3cef0712cb244e6c60afd838369ecda0547dd0d56da5dde4168d78

Sharing

Copy URL Twitter E-mail

General

Target

ab8ce8b98d3cef0712cb244e6c60afd838369ecda0547dd0d56da5dde4168d78
Size

727KB
MD5

c161cb96663d22fd84b27aad4eee692e
SHA1

474e4210fafd8d6faab2bd42f3beb41b251ab731
SHA256

ab8ce8b98d3cef0712cb244e6c60afd838369ecda0547dd0d56da5dde4168d78
SHA512

5e27cacb875e9369ebc424d4637c9f7573f44581e92eed9d1006cf8f84a8cff03d5db18c6dd26a274dbb61e7ab2c58fb06ae1a077660552667cde5315f876b0a
SSDEEP

12288:OAM9hyu158QRxo5Ow47Anh0gx1oX0/dVaK4A3GvjnG16LKx0SxB3qoVB:OAM9hyu15m5OwiAnh0gx1N/V3GLnUIaB

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
ab8ce8b98d3cef0712cb244e6c60afd838369ecda0547dd0d56da5dde4168d78

Files

ab8ce8b98d3cef0712cb244e6c60afd838369ecda0547dd0d56da5dde4168d78
.exe windows:6 windows x86 arch:x86

3bd7c1c1e079e5059c1b693ccecd2bd1

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

SetEnvironmentVariableW
GetEnvironmentVariableW
CreateProcessW
GetProcessId
AssignProcessToJobObject
ExitProcess
GetCommandLineW
LocalFree
Sleep
SetProcessShutdownParameters
lstrcmpA
CreateJobObjectW
SetInformationJobObject
GetExitCodeProcess
MoveFileW
FindFirstChangeNotificationW
FindNextChangeNotification
CreateThread
GetSystemDefaultLCID
GetACP
GetUserDefaultLocaleName
InitializeCriticalSectionEx
RaiseException
DecodePointer
DeleteCriticalSection
CreateDirectoryW
DeleteFileW
GetFileSizeEx
TerminateProcess
WriteConsoleW
SetStdHandle
GetProcessHeap
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineA
GetOEMCP
IsValidCodePage
FindNextFileW
FindFirstFileExW
FindClose
SetCurrentDirectoryW
WaitForSingleObject
HeapReAlloc
GetFileAttributesExW
EnumSystemLocalesW
GetUserDefaultLCID
IsValidLocale
GetLocaleInfoW
LCMapStringW
CompareStringW
GetTimeFormatW
GetDateFormatW
ReadConsoleW
SetFilePointerEx
ReadFile
GetConsoleMode
GetConsoleOutputCP
FlushFileBuffers
GetFileType
HeapAlloc
HeapFree
GetTimeZoneInformation
WriteFile
GetStdHandle
GetModuleHandleExW
LoadLibraryExW
FreeLibrary
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
SetLastError
RtlUnwind
InitializeSListHead
GetSystemTimeAsFileTime
GetCurrentThreadId
GetCurrentProcessId
QueryPerformanceCounter
GetStartupInfoW
lstrlenW
CompareFileTime
GetFileTime
CreateFileW
K32EnumProcesses
QueryFullProcessImageNameW
OpenProcess
CreateMutexW
OpenMutexW
GetModuleFileNameW
CloseHandle
GetLastError
ReleaseMutex
HeapSize
IsProcessorFeaturePresent
GetCurrentProcess
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetProcAddress
GetModuleHandleW
CreateEventW
WaitForSingleObjectEx
ResetEvent
SetEvent
InitializeCriticalSectionAndSpinCount
GetCPInfo
CompareStringEx
GetStringTypeW
GetLocaleInfoEx
LCMapStringEx
EncodePointer
WideCharToMultiByte
MultiByteToWideChar
LeaveCriticalSection
EnterCriticalSection
OutputDebugStringW
IsDebuggerPresent
SetEndOfFile

user32

RegisterClassExW
DestroyIcon
GetWindowRect
LoadIconW
AppendMenuW
CreatePopupMenu
GetCursorPos
SetLayeredWindowAttributes
GetClassNameW
GetWindowTextW
GetWindowTextLengthW
EnumWindows
WaitForInputIdle
LoadImageW
RegisterHotKey
UnregisterHotKey
TrackPopupMenu
GetWindow
GetParent
GetDesktopWindow
IsWindow
SetTimer
KillTimer
GetSystemMetrics
DispatchMessageW
TranslateMessage
GetMessageW
GetWindowThreadProcessId
LoadCursorW
DefWindowProcW
ShutdownBlockReasonDestroy
ShutdownBlockReasonCreate
PostQuitMessage
SetWindowPos
GetLayeredWindowAttributes
SetWindowLongW
GetWindowLongW
GetForegroundWindow
SendMessageW
MessageBoxW
SetForegroundWindow
IsWindowVisible
RegisterWindowMessageW
LoadStringW
UpdateWindow
ShowWindow
CreateWindowExW
DestroyMenu
PostMessageW

advapi32

CheckTokenMembership
FreeSid
AllocateAndInitializeSid
RegDeleteKeyValueW
RegSetValueExW
RegCreateKeyExW
RegCloseKey
RegGetValueW
RegOpenKeyExW

shell32

SHGetStockIconInfo
ord155
SHOpenFolderAndSelectItems
ord190
CommandLineToArgvW
ShellExecuteW
Shell_NotifyIconW
ShellExecuteExW

ole32

CoUninitialize
CoCreateInstance
CoInitialize
CoInitializeEx

oleaut32

SysAllocString
SysFreeString
VariantInit

shlwapi

PathFileExistsW
StrCmpW
PathCombineW
StrStrW
PathIsDirectoryW
PathIsDirectoryEmptyW
PathRemoveFileSpecW

urlmon

URLDownloadToFileW
URLOpenBlockingStreamW

Sections

.text
Size: 524KB - Virtual size: 523KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 135KB - Virtual size: 134KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 17KB - Virtual size: 40KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 25KB - Virtual size: 24KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 25KB - Virtual size: 24KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

3bd7c1c1e079e5059c1b693ccecd2bd1

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

advapi32

shell32

ole32

oleaut32

shlwapi

urlmon

Sections

.text Size: 524KB - Virtual size: 523KB

.rdata Size: 135KB - Virtual size: 134KB

.data Size: 17KB - Virtual size: 40KB

.rsrc Size: 25KB - Virtual size: 24KB

.reloc Size: 25KB - Virtual size: 24KB

.text
Size: 524KB - Virtual size: 523KB

.rdata
Size: 135KB - Virtual size: 134KB

.data
Size: 17KB - Virtual size: 40KB

.rsrc
Size: 25KB - Virtual size: 24KB

.reloc
Size: 25KB - Virtual size: 24KB