a92af254658bdfe536462a65c68154d6[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

a92af254658bdfe536462a65c68154d6.exe
Size

143KB
MD5

a92af254658bdfe536462a65c68154d6
SHA1

e96af2cf0bf6fa23e6091444da3e4cb545054dc4
SHA256

c1bc51193b6f88db436d17edb00a2821cb26dc9296e683053e02755b686ac1db
SHA512

cc447bd44f96164c0d7a571a0c53cc7319aa8bd93e92a037697655cf69e267053eb1af9905c600c1ce48a34fb2eabfb464936d2b836c1533c96e462556da57f4
SSDEEP

3072:O9PzxiRUxVIhvSRhjE2rLWfrXgZOhhVXuhDHvleHW7GgpM:OBDCaRhgCWzgZqEvln7M

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
a92af254658bdfe536462a65c68154d6.exe

Files

a92af254658bdfe536462a65c68154d6.exe
.exe windows:4 windows x86 arch:x86

568f20a1cea8a151cadda0ec5ae3109d

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

shlwapi

UrlCanonicalizeA
PathFindOnPathW
PathIsUNCA
SHDeleteKeyA
SHDeleteValueW
PathCommonPrefixW
UrlIsOpaqueA
StrRetToStrA
UrlIsW
StrCpyNW
StrIsIntlEqualW
PathIsContentTypeA
SHOpenRegStream2A
SHDeleteValueA
UrlCombineA
UrlGetLocationW
SHEnumValueA
PathMakePrettyW
SHRegEnumUSKeyA
StrFromTimeIntervalA
PathGetDriveNumberA
SHRegCreateUSKeyW
PathUndecorateA
AssocQueryStringW
SHGetInverseCMAP
PathSkipRootW
UrlIsNoHistoryA
SHOpenRegStreamW
SHRegGetUSValueA
SHStrDupW
UrlApplySchemeA
SHCopyKeyA
PathIsRelativeW
StrRChrA
PathParseIconLocationA
SHRegQueryInfoUSKeyA
PathIsUNCServerW
ColorRGBToHLS
SHDeleteEmptyKeyA
PathAddExtensionA
SHRegWriteUSValueW
StrCmpNIA
SHQueryInfoKeyA
PathIsFileSpecW
PathSearchAndQualifyW
UrlEscapeA
StrChrIW
StrCSpnIW
SHQueryValueExW
PathIsPrefixA
SHEnumKeyExW
SHRegQueryUSValueW
IntlStrEqWorkerA
StrDupA
ChrCmpIA
PathCombineA
PathBuildRootW
SHRegGetBoolUSValueA
StrRetToBufW
StrCpyW
PathRemoveFileSpecW
UrlHashW
PathGetDriveNumberW
PathFindOnPathA
UrlGetLocationA
SHGetValueA
SHRegDeleteUSValueW
StrRChrIW
UrlCanonicalizeW
PathCompactPathA
PathUnmakeSystemFolderW
ColorHLSToRGB
PathCreateFromUrlW
PathMakePrettyA
StrCatW
AssocQueryKeyW
PathIsNetworkPathA
PathRemoveExtensionA
PathIsRootW
PathUndecorateW
StrSpnW
SHRegCreateUSKeyA
PathAddBackslashW
PathUnquoteSpacesW
PathIsLFNFileSpecA
UrlCompareA
SHQueryInfoKeyW
StrFormatByteSizeW
SHRegOpenUSKeyW
PathSearchAndQualifyA
SHRegQueryUSValueA
wnsprintfW
PathRemoveFileSpecA
SHCreateStreamOnFileA
StrCSpnIA
PathIsLFNFileSpecW
UrlUnescapeA
PathUnmakeSystemFolderA
StrCmpIW
SHRegWriteUSValueA
PathIsDirectoryA
PathIsURLW
StrToIntExA
SHRegEnumUSKeyW
PathSkipRootA

user32

GetDlgItemTextW
IsWindowUnicode
SetMenuItemInfoA
CloseWindowStation
CharLowerW
SetClassWord
DlgDirListW
OpenIcon
GetWindowTextA
CloseClipboard
ShowWindowAsync
InsertMenuW
GetMonitorInfoA
SystemParametersInfoW
UpdateWindow
DestroyCursor
SetCursorPos
GetParent
EndTask
GetClipboardOwner
EnumWindows
ShowOwnedPopups
CheckMenuItem
DialogBoxParamA
DdeAddData
GetMenuDefaultItem
GetSystemMetrics
CreateIcon
UnionRect
WinHelpW
SetMessageExtraInfo
ScrollDC
GetMenuItemInfoA
GetAltTabInfo
FreeDDElParam
SetDlgItemTextA
UnregisterHotKey
ChangeMenuW
IsCharLowerW
EndDialog
SetLastErrorEx
SetUserObjectInformationW
SetDebugErrorLevel
WaitMessage
GetKBCodePage
GetKeyState
EnumDesktopsW
GetMessageTime
DrawAnimatedRects
GetThreadDesktop
CreateWindowExA
SetScrollRange
SetWindowsHookExW
GetScrollBarInfo
SetScrollPos
SetRect
DdeQueryConvInfo
SetWindowTextA
GetMenuItemCount
SubtractRect
ReleaseCapture
HiliteMenuItem
SetPropA
AppendMenuW
SendMessageCallbackW
CreateIconFromResource
EnumPropsExA
CallWindowProcA
FindWindowExW
InsertMenuItemA
GetClientRect
MessageBoxA
GetClassNameA
DefWindowProcW
TabbedTextOutW
TrackPopupMenuEx
EnumDisplaySettingsA
GetFocus
GetMenuInfo
ShowCaret
GetWindowDC
SendMessageCallbackA
GetWindowLongA
UnregisterClassA
DrawEdge
IsCharAlphaA
GetKeyboardLayout
TileChildWindows
VkKeyScanExA
ChangeDisplaySettingsA
GetDC
SwitchDesktop
GetMenuCheckMarkDimensions
AdjustWindowRectEx
CharToOemBuffW
SetKeyboardState
EqualRect
UnregisterClassW
OpenClipboard
ShowWindow
DrawIcon
FrameRect
EndMenu
CharUpperBuffA
CreateIconIndirect
DdeGetData
ScrollWindow
ScreenToClient
GetSystemMenu
GetInputState
EnumDesktopWindows
GetGUIThreadInfo
IsDialogMessageA
SetCaretBlinkTime
GetAsyncKeyState
IsCharUpperA
GetWindowModuleFileNameA
PtInRect
GetWindowWord
SwapMouseButton
DdeUnaccessData
DdeReconnect
SetWindowRgn
GetNextDlgGroupItem
MsgWaitForMultipleObjectsEx
MapVirtualKeyA
SystemParametersInfoA
OemToCharA
CharToOemW
CascadeWindows
CharNextA
GrayStringA
DdeInitializeW
DdeClientTransaction
DdeFreeStringHandle

advapi32

GetSecurityInfoExA
UnlockServiceDatabase
InitiateSystemShutdownW
GetSecurityDescriptorOwner
OpenProcessToken
LookupPrivilegeValueA
CryptGetHashParam
CryptEnumProviderTypesW
CryptGetProvParam
GetTokenInformation
BuildImpersonateTrusteeW
StartServiceA
TrusteeAccessToObjectA
EnumServicesStatusW
RegNotifyChangeKeyValue
ControlService
RegCreateKeyA
RegSetKeySecurity
StartServiceCtrlDispatcherA
ChangeServiceConfigW
CryptDeriveKey
CryptAcquireContextA
ReportEventW
InitiateSystemShutdownA
AdjustTokenPrivileges
RegQueryValueA
InitializeAcl
BuildSecurityDescriptorA
RegEnumValueW
GetMultipleTrusteeOperationA
DestroyPrivateObjectSecurity
RegOpenKeyA
RegisterServiceCtrlHandlerA
MakeSelfRelativeSD
AddAce
AddAuditAccessAce
RegReplaceKeyA
CryptHashData
ObjectPrivilegeAuditAlarmA
CryptGetDefaultProviderA
CryptEnumProvidersA
GetSecurityInfoExW
RegSetValueA
GetAccessPermissionsForObjectW
CryptDestroyKey
GetPrivateObjectSecurity
SetNamedSecurityInfoExW
LookupSecurityDescriptorPartsA
GetCurrentHwProfileW
GetLengthSid
ClearEventLogA
SetFileSecurityW
MapGenericMask
AbortSystemShutdownA
ConvertSecurityDescriptorToAccessA
RevertToSelf
CryptSignHashW
GetServiceKeyNameW
GetAuditedPermissionsFromAclA
RegCreateKeyExW
ReportEventA
GetExplicitEntriesFromAclW
GetNumberOfEventLogRecords
OpenSCManagerW
SetEntriesInAccessListA
AccessCheckAndAuditAlarmA
CreatePrivateObjectSecurity
CryptAcquireContextW
ReadEventLogA
GetSidSubAuthority
LogonUserA
QueryServiceConfigW
GetServiceDisplayNameA
CryptVerifySignatureW
GetSecurityDescriptorControl
EnumDependentServicesA
SetSecurityInfo
RegLoadKeyA
RegQueryMultipleValuesA
StartServiceCtrlDispatcherW
RegLoadKeyW
DuplicateToken
CopySid
SetServiceObjectSecurity
SetAclInformation
RegSetValueExA
IsTextUnicode
CreateServiceW
GetMultipleTrusteeA
GetTrusteeTypeW
GetMultipleTrusteeW
CryptExportKey
AccessCheck
RegEnumKeyW
EnumServicesStatusA
CloseEventLog
RegSetValueW
SetSecurityInfoExW
BuildExplicitAccessWithNameW
BuildImpersonateExplicitAccessWithNameW
LookupAccountSidA
RegReplaceKeyW
CryptGetKeyParam
LockServiceDatabase
RegRestoreKeyA
EqualPrefixSid
GetOverlappedAccessResults
CryptEnumProviderTypesA

kernel32

VirtualProtect
LoadLibraryExA
GetPrivateProfileSectionW
GetLocaleInfoA
WriteConsoleOutputCharacterW
SetCalendarInfoW
HeapUnlock
GlobalUnWire
SetCommMask
LockResource
GetTempFileNameA
ReadConsoleOutputCharacterA
GetDiskFreeSpaceExA
GetThreadPriority
GetLargestConsoleWindowSize
GetFullPathNameA
DefineDosDeviceW
FlushInstructionCache
DeleteFileA
CreateFileMappingW
CreateProcessW
ConvertDefaultLocale
TlsGetValue
FindResourceA
WaitCommEvent
GetPrivateProfileStructA
CreateDirectoryExA
GetConsoleCursorInfo
TlsFree
SetMailslotInfo
GetThreadContext
GetCommTimeouts
GetComputerNameW
EnumCalendarInfoExW
WriteProfileStringA
GetSystemDirectoryA
GetMailslotInfo
GlobalUnlock
ReadConsoleInputA
GetModuleHandleW
SetLocaleInfoA
SetCommBreak
Beep
WriteConsoleInputW
FindFirstFileExW
MoveFileW
ReadDirectoryChangesW
WriteProcessMemory
HeapCreate
SetThreadExecutionState
GetBinaryType
DeleteFileW
CreateMailslotW
VirtualAlloc
GetFileType
GetAtomNameA
GetProfileStringW
VerLanguageNameA
QueueUserAPC
GetDiskFreeSpaceA
SetCurrentDirectoryA
SetLocaleInfoW
GetProcessVersion
FillConsoleOutputAttribute
GetLocaleInfoW
Module32Next
CloseHandle
GetEnvironmentVariableW
EnumSystemLocalesW
LocalAlloc
GetCompressedFileSizeW
SetSystemTime
GetStdHandle
LockFile
WriteFile
CreateNamedPipeA
GetCPInfo
OutputDebugStringA
FindNextFileW
GetProcessHeaps
RemoveDirectoryW
CallNamedPipeW
OpenSemaphoreA
CreateFileA
GetCurrentThread
CreateWaitableTimerW
GetCPInfoExA
GetNamedPipeHandleStateW
FindResourceExA
CreateConsoleScreenBuffer
SetVolumeLabelA
OpenFileMappingA
CreateRemoteThread
FlushConsoleInputBuffer
LocalFree
SetThreadAffinityMask
ReadConsoleA
GetCurrencyFormatW
ReadConsoleOutputA
GetDefaultCommConfigW
MoveFileExA
BeginUpdateResourceW
ConnectNamedPipe
MultiByteToWideChar
GetProfileSectionW
FindResourceW
SetConsoleCursorInfo
FlushFileBuffers
RequestWakeupLatency
GetCurrentProcess
GetLogicalDriveStringsA
OpenEventA
WriteConsoleW
WriteFileGather
GetPrivateProfileStringW
IsDebuggerPresent
GetNumberFormatA
GetModuleHandleA
SetEvent
VirtualFreeEx
ScrollConsoleScreenBufferA
WritePrivateProfileStructA
SetLastError
GetCurrentProcessId
ClearCommError
PeekNamedPipe
LocalSize
SetThreadLocale
GetVolumeInformationW
WriteConsoleOutputAttribute
IsBadReadPtr
lstrcpy
lstrcmp
QueryDosDeviceW
VirtualQuery
GetProcessTimes
GetPrivateProfileStructW
SetFileApisToANSI
GetVersionExW
FindFirstChangeNotificationA

ole32

DllDebugObjectRPCHook
CoGetInstanceFromFile
CoQueryClientBlanket
OleMetafilePictFromIconAndLabel
OleCreateFromDataEx
CoLockObjectExternal
StgCreateStorageEx
OleFlushClipboard
StgCreateDocfile
CoImpersonateClient
StgOpenStorage
WriteOleStg
OleCreateEx
CoGetCurrentLogicalThreadId
IsAccelerator
OleGetClipboard
StgOpenAsyncDocfileOnIFillLockBytes
PropVariantClear
CoRegisterSurrogate
CoReleaseMarshalData
MonikerCommonPrefixWith
OleCreateLinkFromData
OleLoadFromStream
OleUninitialize
CreateBindCtx
CoGetInstanceFromIStorage
CoAddRefServerProcess
CoTaskMemFree
OleDoAutoConvert
CoQueryProxyBlanket
OleCreate
OleSetContainedObject
OleNoteObjectVisible
CreateGenericComposite
CoInitializeEx
OleConvertOLESTREAMToIStorage
CoFileTimeNow
OleConvertIStorageToOLESTREAMEx
CreateILockBytesOnHGlobal
CoRevertToSelf
GetHGlobalFromILockBytes
CoUninitialize
OleSetClipboard
WriteFmtUserTypeStg
CoGetStandardMarshal
CoDisconnectObject
GetRunningObjectTable
CreateClassMoniker
GetHookInterface
CoQueryReleaseObject
CoFileTimeToDosDateTime
OleSetMenuDescriptor
CoGetCurrentProcess
OleSetAutoConvert
CoMarshalInterface
CoBuildVersion
CoTaskMemRealloc
GetConvertStg
CoRegisterMessageFilter
OleQueryLinkFromData
OleRegGetUserType
CoSuspendClassObjects
StringFromIID
UpdateDCOMSettings
CoSwitchCallContext
MkParseDisplayName
OleCreateFromFileEx
MonikerRelativePathTo
CoGetTreatAsClass
OleGetIconOfFile
CoGetClassObject
CoGetCallerTID
CoIsHandlerConnected
CLSIDFromProgID
OleLoad
CoRegisterClassObject
ProgIDFromCLSID
OleIsRunning
OleCreateFromData
CoDosDateTimeToFileTime
OleCreateLink
ReadFmtUserTypeStg
UtGetDvtd32Info
UtGetDvtd16Info
CoFreeLibrary
CreateDataAdviseHolder
CoGetCallContext
CoRegisterMallocSpy
OleDuplicateData
StgOpenStorageOnILockBytes
CoGetInterfaceAndReleaseStream
CoGetObject
CoTreatAsClass
CreateOleAdviseHolder
OleGetIconOfClass
EnableHookObject
CreatePointerMoniker
StgCreateDocfileOnILockBytes

Sections

.text
Size: 64KB - Virtual size: 63KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 16KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 201B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

568f20a1cea8a151cadda0ec5ae3109d

Headers

DLL Characteristics

File Characteristics

Imports

shlwapi

user32

advapi32

kernel32

ole32

Sections

.text Size: 64KB - Virtual size: 63KB

.rdata Size: 16KB - Virtual size: 16KB

.data Size: 512B - Virtual size: 201B

.text
Size: 64KB - Virtual size: 63KB

.rdata
Size: 16KB - Virtual size: 16KB

.data
Size: 512B - Virtual size: 201B