1db0a42782badb883a325f55b57472ee5a60ad8b4f159c36bab977875f9164ba

Sharing

Copy URL Twitter E-mail

General

Target

1db0a42782badb883a325f55b57472ee5a60ad8b4f159c36bab977875f9164ba
Size

6.3MB
MD5

fec892a356f25e70c8d8eddceda667a5
SHA1

c8b86555f3b18f928aac996570136de63fe9acfc
SHA256

1db0a42782badb883a325f55b57472ee5a60ad8b4f159c36bab977875f9164ba
SHA512

6bca89085266167e2abf7f6464a4fe4faaacd8e3062ee299fae86f230a5ee42f52498be74675bd905c208dd313024482a86bda17090851e2d7a09748cacfdfbe
SSDEEP

98304:RMOo6hFtoW5imuC99Q0Ad7KfB6TcfgffntNCZB7ulALCFczohevb7AIo36OxQNEO:M6h0I9YtosIfgeK0bdOOONB0vV4Y

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
1db0a42782badb883a325f55b57472ee5a60ad8b4f159c36bab977875f9164ba

Files

1db0a42782badb883a325f55b57472ee5a60ad8b4f159c36bab977875f9164ba
.exe windows:6 windows x86 arch:x86

81b728841fc51ac35f7c2cba238cb72b

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

wintrust

WinVerifyTrust

crypt32

CertFreeCertificateContext
CertGetNameStringW
CryptVerifyMessageSignature
CertGetCertificateChain
CertFreeCertificateChain
CertVerifyCertificateChainPolicy
CryptProtectData
CryptUnprotectData
CertComparePublicKeyInfo

imagehlp

ImageGetCertificateHeader
ImageEnumerateCertificates
ImageGetCertificateData

kernel32

lstrcmpW
lstrcmpiA
GlobalFree
InitializeCriticalSection
GetTickCount
ReleaseMutex
CreateFileMappingW
OpenFileMappingW
OpenMutexW
WritePrivateProfileStringW
WritePrivateProfileSectionW
ResetEvent
CreateEventW
LCIDToLocaleName
OpenFileMappingA
CreateMutexA
CompareFileTime
CreateEventA
TerminateThread
SetThreadUILanguage
GetThreadUILanguage
GetLogicalDriveStringsW
GlobalMemoryStatusEx
GetSystemDirectoryW
GetLocaleInfoW
GlobalAlloc
WaitForMultipleObjects
GetCommandLineA
CreateDirectoryA
CreateFileA
DeleteFileA
FindFirstFileA
FindNextFileA
GetFileAttributesA
GetFileAttributesW
SetEndOfFile
SetFileAttributesA
SetFileAttributesW
SetFilePointerEx
GetTempPathA
GetTempFileNameA
OpenEventA
GetVersionExA
GetModuleFileNameA
GetModuleHandleA
LoadLibraryA
GetPrivateProfileIntA
GetPrivateProfileStringA
WritePrivateProfileStringA
CopyFileA
MoveFileExA
EnumSystemGeoID
QueryDosDeviceW
OutputDebugStringW
QueryPerformanceCounter
QueryPerformanceFrequency
GetLocalTime
VirtualQuery
FlushViewOfFile
lstrcmpiW
OpenFile
GetOEMCP
AreFileApisANSI
TryEnterCriticalSection
HeapCreate
GetFullPathNameW
GetDiskFreeSpaceW
OutputDebugStringA
LockFile
GetFullPathNameA
UnlockFileEx
HeapValidate
GetDiskFreeSpaceA
WaitForSingleObjectEx
GetSystemInfo
FileTimeToLocalFileTime
UnlockFile
FormatMessageW
FlushFileBuffers
ExpandEnvironmentStringsW
K32GetModuleFileNameExW
K32GetMappedFileNameW
SetUnhandledExceptionFilter
SetErrorMode
IsBadStringPtrA
GetLocaleInfoEx
LoadLibraryExW
FreeLibraryAndExitThread
GetThreadTimes
UnregisterWait
RegisterWaitForSingleObject
SetThreadAffinityMask
GetProcessAffinityMask
GetNumaHighestNodeNumber
DeleteTimerQueueTimer
ChangeTimerQueueTimer
CreateTimerQueueTimer
GetLogicalProcessorInformation
GetThreadPriority
SetThreadPriority
SignalObjectAndWait
CreateTimerQueue
GetStartupInfoW
UnhandledExceptionFilter
LoadLibraryExA
VirtualFree
VirtualAlloc
IsProcessorFeaturePresent
FlushInstructionCache
InterlockedPushEntrySList
InterlockedPopEntrySList
InitializeSListHead
LCMapStringW
CompareStringW
TlsFree
TlsSetValue
TlsGetValue
FindNextFileW
InitializeCriticalSectionAndSpinCount
GetCPInfo
EncodePointer
SetFileTime
GetFileInformationByHandle
DuplicateHandle
FindFirstFileExW
GetCurrentDirectoryW
SetCurrentDirectoryW
GetExitCodeThread
SwitchToThread
InitOnceComplete
InitOnceBeginInitialize
GetStringTypeW
ReleaseSemaphore
InterlockedFlushSList
FindFirstFileW
FindClose
QueryDepthSList
UnregisterWaitEx
RtlUnwind
ExitThread
GetModuleHandleExW
GetTimeZoneInformation
ExitProcess
GetFileType
SetStdHandle
GetConsoleMode
ReadConsoleW
GetConsoleOutputCP
GetFileSizeEx
GetDateFormatW
GetTimeFormatW
IsValidLocale
GetUserDefaultLCID
MoveFileExW
CopyFileW
GetTempPathW
RemoveDirectoryW
GetTempFileNameW
GetFileAttributesExW
LockFileEx
EnumSystemLocalesW
IsValidCodePage
GetACP
GetEnvironmentStringsW
FreeEnvironmentStringsW
WriteConsoleW
FreeResource
GetWindowsDirectoryW
GetPrivateProfileStringW
GetPrivateProfileIntW
lstrlenW
lstrlenA
Process32NextW
Process32FirstW
CreateToolhelp32Snapshot
GetUserGeoID
GetGeoInfoW
GetModuleHandleW
IsWow64Process
IsProcessInJob
ReadProcessMemory
OpenProcess
GetProcessId
CreateProcessW
GetCurrentThread
TerminateProcess
GetCurrentProcess
IsDebuggerPresent
SetEnvironmentVariableW
GetEnvironmentVariableW
GetSystemDefaultLangID
lstrcpynW
LoadLibraryW
GetProcAddress
FreeLibrary
GetVersionExW
CreateFileMappingA
UnmapViewOfFile
MapViewOfFile
MultiByteToWideChar
FormatMessageA
GetModuleFileNameW
Sleep
CreateThread
WaitForSingleObject
WriteFile
WideCharToMultiByte
FindResourceW
SizeofResource
LockResource
LoadResource
FindResourceExW
GetStdHandle
OpenEventW
SetEvent
SetFilePointer
ReadFile
GetFileSize
CreateFileW
GetCommandLineW
IsBadReadPtr
LocalFree
GetCurrentThreadId
CreateMutexW
LeaveCriticalSection
EnterCriticalSection
SetLastError
CloseHandle
GetLongPathNameW
GetTickCount64
GetCurrentProcessId
DeleteCriticalSection
InitializeCriticalSectionEx
GetProcessHeap
HeapSize
HeapFree
HeapReAlloc
HeapAlloc
HeapDestroy
GetLastError
RaiseException
DecodePointer
VirtualProtect
GetDriveTypeW
DeleteFileW
CreateDirectoryW
SystemTimeToFileTime
FileTimeToSystemTime
GetSystemTimeAsFileTime
TlsAlloc
GetSystemTime
HeapCompact

user32

DrawTextW
ChangeWindowMessageFilterEx
LoadIconW
SetCursor
MessageBoxExW
SetWindowTextA
SetPropW
SetPropA
SetForegroundWindow
SetActiveWindow
UpdateWindow
KillTimer
SetFocus
DefDlgProcW
CreateDialogParamW
BringWindowToTop
AttachThreadInput
wvsprintfW
FindWindowW
SendMessageTimeoutW
wsprintfW
FindWindowExA
GetClientRect
SendMessageA
RegisterClassW
RegisterWindowMessageW
WaitForInputIdle
MonitorFromWindow
GetWindowRect
SetWindowTextW
GetSystemMetrics
GetDlgItem
IsWindowVisible
MoveWindow
ShowWindow
MessageBoxW
GetPropA
SendMessageTimeoutA
LoadStringW
PostThreadMessageW
GetWindowTextW
CallWindowProcW
GetForegroundWindow
GetWindowLongW
SetTimer
DefWindowProcW
SendMessageW
PeekMessageW
GetWindowThreadProcessId
GetShellWindow
GetMonitorInfoW
MonitorFromPoint
GetCursorPos
ReleaseDC
GetDC
FindWindowExW
GetPropW
PostMessageW
LoadCursorW
GetDesktopWindow
SetWindowLongW
DestroyWindow
IsWindow
CreateWindowExW
GetClassInfoExW
RegisterClassExW
PostQuitMessage
DispatchMessageW
TranslateMessage
GetMessageW
UnregisterClassW
LoadImageW
DialogBoxParamW
SetWindowPos
CreateDialogIndirectParamW

gdi32

SelectObject
GetTextExtentPoint32W
GetStockObject
DeleteObject
GetDeviceCaps
CreateFontIndirectW
SetTextColor

shell32

SHGetPathFromIDListA
SHGetPathFromIDListW
SHGetSpecialFolderLocation
ShellExecuteExA
CommandLineToArgvW
ShellExecuteW
ShellExecuteExW
SHFileOperationW

ole32

CoUninitialize
CoInitialize
CoCreateInstance
CoCreateGuid
CoTaskMemFree

advapi32

GetNamedSecurityInfoW
StartServiceW
SetSecurityDescriptorDacl
InitializeSecurityDescriptor
ConvertSidToStringSidW
RegDeleteTreeA
RegSetValueExA
RegSetValueW
RegSetValueA
RegQueryValueExA
RegQueryValueW
RegQueryValueA
RegQueryInfoKeyW
RegQueryInfoKeyA
RegOpenKeyExA
RegOpenKeyW
RegOpenKeyA
RegFlushKey
RegEnumValueW
RegEnumValueA
RegEnumKeyExA
RegDeleteValueA
RegDeleteKeyW
RegDeleteKeyA
RegCreateKeyExW
RegCreateKeyExA
RegCreateKeyA
RegDeleteTreeW
RegSetValueExW
RegDeleteValueW
RegCreateKeyW
CryptDecrypt
CryptEncrypt
CryptImportKey
CryptExportKey
CryptGetUserKey
CryptDestroyKey
CryptDeriveKey
CryptGenKey
LookupAccountSidW
GetUserNameW
RegEnumKeyExW
CryptDestroyHash
CryptHashData
CryptCreateHash
CryptGetHashParam
CryptReleaseContext
CryptAcquireContextW
RevertToSelf
MapGenericMask
ImpersonateSelf
GetFileSecurityW
AccessCheck
SetNamedSecurityInfoW
RegQueryValueExW
RegOpenKeyExW
RegCloseKey
CreateProcessWithTokenW
SetTokenInformation
SetFileSecurityW
GetTokenInformation
GetSidSubAuthorityCount
GetSidSubAuthority
GetSecurityDescriptorSacl
GetLengthSid
FreeSid
EqualSid
DuplicateTokenEx
AllocateAndInitializeSid
OpenThreadToken
OpenProcessToken
CreateProcessAsUserW
ConvertStringSecurityDescriptorToSecurityDescriptorW
QueryServiceStatus
OpenServiceW
OpenSCManagerW
CloseServiceHandle

shlwapi

PathBuildRootW
PathCanonicalizeA
StrChrIW
PathFindFileNameW
PathAppendW
SHDeleteKeyW
SHDeleteKeyA
PathFileExistsA
PathGetDriveNumberW
PathFileExistsW

comctl32

InitCommonControlsEx

urlmon

CoInternetParseUrl
ObtainUserAgentString

authz

AuthzFreeResourceManager
AuthzInitializeResourceManager
AuthzAccessCheck
AuthzInitializeContextFromToken
AuthzFreeContext

version

GetFileVersionInfoSizeW
GetFileVersionInfoW
VerQueryValueW
GetFileVersionInfoSizeA
GetFileVersionInfoA
VerQueryValueA

wininet

InternetErrorDlg
HttpQueryInfoA
HttpSendRequestA
HttpOpenRequestA
InternetSetOptionW
InternetSetOptionA
InternetQueryOptionW
InternetQueryOptionA
InternetReadFile
InternetConnectA
InternetCloseHandle
InternetOpenA
InternetCrackUrlA
HttpQueryInfoW
HttpAddRequestHeadersW
InternetCrackUrlW
InternetOpenW
InternetConnectW
InternetReadFileExA
InternetReadFileExW
HttpOpenRequestW
HttpSendRequestW

uxtheme

SetWindowTheme

winspool.drv

GetPrinterDriverDirectoryW

Sections

.text
Size: 3.8MB - Virtual size: 3.8MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 821KB - Virtual size: 820KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 180KB - Virtual size: 226KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 770KB - Virtual size: 770KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 788KB - Virtual size: 792KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

81b728841fc51ac35f7c2cba238cb72b

Headers

DLL Characteristics

File Characteristics

Imports

wintrust

crypt32

imagehlp

kernel32

user32

gdi32

shell32

ole32

advapi32

shlwapi

comctl32

urlmon

authz

version

wininet

uxtheme

winspool.drv

Sections

.text Size: 3.8MB - Virtual size: 3.8MB

.rdata Size: 821KB - Virtual size: 820KB

.data Size: 180KB - Virtual size: 226KB

.rsrc Size: 770KB - Virtual size: 770KB

.reloc Size: 788KB - Virtual size: 792KB

.text
Size: 3.8MB - Virtual size: 3.8MB

.rdata
Size: 821KB - Virtual size: 820KB

.data
Size: 180KB - Virtual size: 226KB

.rsrc
Size: 770KB - Virtual size: 770KB

.reloc
Size: 788KB - Virtual size: 792KB