52aa6ca033bb7f7f84ec456caebeeb1c

Sharing

Copy URL Twitter E-mail

General

Target

52aa6ca033bb7f7f84ec456caebeeb1c
Size

82KB
MD5

52aa6ca033bb7f7f84ec456caebeeb1c
SHA1

a6cf14b2e0e5578109a43a3fc5b6e1fb61ebeb7a
SHA256

73fafe2cd54d0e4eec002616a4b5ecab49ff616aaa4b659e89f9b8005e5b12d3
SHA512

b74cad6958fc61736bde89f33e1b85ef43d0510dcf756bbe31e1d001836ce97506ab736ab241ebcf4e8477581e75117763eeb3f6df0753af051fc35eb1a1a9d8
SSDEEP

1536:BdTrolqP45LAlbxZxv8So70eUy0zKzfTpnX3GWv7d3Kb/lielLEaROq:BR6qwJytDvLeAshXWWzd3M3FEasq

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
52aa6ca033bb7f7f84ec456caebeeb1c

Files

52aa6ca033bb7f7f84ec456caebeeb1c
.exe windows:4 windows x86 arch:x86

c31f7064e148d37e7a729f08fa3de9d5

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

ole32

CoReleaseServerProcess
CoCreateInstanceEx
StgCreateDocfile
CoTaskMemRealloc
OleDuplicateData
CoSetProxyBlanket
OleCreateFromDataEx
OleSetAutoConvert
StgCreateStorageEx
CoInitialize
StgIsStorageILockBytes
OleCreateFromFileEx
CoCreateFreeThreadedMarshaler
ReadFmtUserTypeStg
OleRegEnumVerbs
CoInitializeSecurity
MonikerRelativePathTo
ReadStringStream
StgOpenStorageOnILockBytes
CreateAntiMoniker
GetHGlobalFromILockBytes
ReleaseStgMedium
OleConvertOLESTREAMToIStorageEx
StringFromGUID2
DoDragDrop
CoLockObjectExternal
CoGetStandardMarshal
UtGetDvtd16Info
CoBuildVersion
OleCreateMenuDescriptor
PropVariantCopy
CoIsOle1Class
OleDraw
SetDocumentBitStg
OleCreateLinkFromData
CoCopyProxy
CoCreateInstance
CreateClassMoniker
IIDFromString
OleSetMenuDescriptor
RegisterDragDrop
CoGetCallerTID
StgGetIFillLockBytesOnFile
StgOpenStorage
CoRevertToSelf
MkParseDisplayName
SetConvertStg
OleTranslateAccelerator
OleCreateLinkFromDataEx
CoFreeLibrary
OleCreateLinkToFileEx
OleQueryLinkFromData
OleCreateStaticFromData
OleSetClipboard
CreateDataAdviseHolder
OleDoAutoConvert
CoMarshalHresult
StgGetIFillLockBytesOnILockBytes
CoRegisterSurrogate
UpdateDCOMSettings
OleCreateEx
OleCreateLinkToFile
OleCreateLinkEx
OleGetAutoConvert
OleConvertIStorageToOLESTREAMEx
CoDisconnectObject
OleQueryCreateFromData
ReadClassStm
WriteClassStm
CoResumeClassObjects
CoQueryAuthenticationServices
CoRevokeClassObject
CoRegisterClassObject
GetHookInterface
CoTaskMemAlloc
OleCreateEmbeddingHelper
CoUnmarshalHresult
IsEqualGUID
RevokeDragDrop
OleRegEnumFormatEtc
CoTaskMemFree
OleLoad
CoFreeAllLibraries
DllDebugObjectRPCHook
CoGetMarshalSizeMax
OleSetContainedObject
EnableHookObject
PropVariantClear
GetHGlobalFromStream
CoMarshalInterface
OleConvertOLESTREAMToIStorage
CoGetMalloc
CoGetTreatAsClass
GetDocumentBitStg
GetConvertStg
OleCreateFromData
OleCreateFromFile
OleIsRunning

user32

LoadBitmapW
ModifyMenuW
ToUnicode
FindWindowExA
GetScrollInfo
MapDialogRect
DdeQueryStringW
CharToOemA
RegisterWindowMessageW
SendMessageTimeoutA
IsDialogMessageW
GetClassInfoW
DrawStateA
DrawEdge
GetPropA
CascadeWindows
SetMenuItemInfoW
ChangeDisplaySettingsW
MessageBeep
FindWindowExW
CreateIconFromResource
LoadKeyboardLayoutA
SwitchDesktop
UnhookWindowsHook
GetWindowDC
SetDoubleClickTime
CharToOemBuffW
GetSysColor
IsCharLowerA
GetKeyState
DdeInitializeW
PtInRect
CheckRadioButton
UnregisterDeviceNotification
DeleteMenu
VkKeyScanExA
EnumWindowStationsW
GetDoubleClickTime
DefWindowProcA
GetDialogBaseUnits
DefDlgProcA
RegisterClassW
CreateDialogParamW
SetScrollRange
GetTopWindow
SetClipboardData
PeekMessageW
GetKeyNameTextW
BroadcastSystemMessage
CharLowerBuffW
SetWindowTextW
LockWindowUpdate
ShowWindow
DdeAbandonTransaction
GetWindowRgn
DefMDIChildProcA
ReleaseDC
SetMenuDefaultItem
GetClassNameA
ChangeDisplaySettingsA
GetQueueStatus
InvertRect
DdePostAdvise
HiliteMenuItem
RealGetWindowClass
GetWindowModuleFileNameA
DrawMenuBar
GetTabbedTextExtentW
GetUserObjectSecurity
LoadMenuW
SetDebugErrorLevel
DrawStateW
EnumDesktopWindows
IsCharAlphaNumericA
GetIconInfo
SetWindowWord
LoadCursorW
CharPrevA
IsWindowVisible
LookupIconIdFromDirectoryEx
WindowFromPoint
CreateWindowExW
ReplyMessage
LoadBitmapA
CreateMDIWindowA
GetMenu
RegisterDeviceNotificationW
IsDlgButtonChecked
OemToCharW
GetFocus
GetSystemMetrics
GetMessageExtraInfo
OpenInputDesktop
CopyIcon
EnableScrollBar
SetSysColors
GetLastActivePopup
TrackPopupMenu
DialogBoxParamW
SetMessageExtraInfo
DrawAnimatedRects
CopyRect
GetInputState
WinHelpA
SetScrollPos
MessageBoxW
WINNLSEnableIME
CreateWindowStationA
DlgDirListComboBoxA
GetClassInfoExA
ScrollWindowEx
GetMenuDefaultItem
GetKBCodePage
GetTitleBarInfo
GetKeyboardLayoutList
IsMenu
DefFrameProcA
EnableWindow
EditWndProc
EnumWindows
PackDDElParam
MonitorFromRect
OffsetRect
GetClassWord
ChildWindowFromPointEx
ValidateRgn
GetKeyboardLayout
TranslateMessage

shlwapi

SHOpenRegStream2A
StrCatBuffW
StrRChrA
PathCompactPathA
SHRegQueryInfoUSKeyW
PathIsSystemFolderW
PathBuildRootA
PathAddExtensionW
PathIsURLW
PathQuoteSpacesW
PathRemoveArgsW
SHAutoComplete
SHStrDupA
SHRegCreateUSKeyW
StrFromTimeIntervalW
UrlGetLocationA
SHRegCreateUSKeyA
PathGetDriveNumberW
SHGetValueW
PathMatchSpecW
PathFindOnPathW
StrFormatByteSizeW
PathRelativePathToA
StrFormatByteSizeA
PathGetDriveNumberA
StrCpyW
PathAddBackslashW
PathRemoveFileSpecW
SHRegGetBoolUSValueA
SHRegGetUSValueW
PathFindSuffixArrayW
PathIsSameRootW
StrRStrIA
PathIsPrefixA
StrPBrkA
SHRegQueryUSValueA
SHQueryInfoKeyW
PathRelativePathToW
PathFindExtensionW
StrIsIntlEqualA
StrToIntExW
PathIsSystemFolderA
SHSetValueA
StrPBrkW
PathIsUNCServerA
PathAddBackslashA
PathIsURLA
StrFormatKBSizeA
StrSpnW
UrlHashW
SHCopyKeyW
PathQuoteSpacesA
SHRegDuplicateHKey
SHRegEnumUSKeyW
PathFindFileNameA
SHGetInverseCMAP
PathRemoveBlanksA
PathRemoveFileSpecA
SHIsLowMemoryMachine
SHDeleteEmptyKeyW
SHCreateShellPalette
SHRegSetUSValueW
PathFileExistsW
StrTrimA
StrTrimW
PathParseIconLocationW
PathUnquoteSpacesA
SHRegOpenUSKeyA
PathUndecorateA
PathRemoveArgsA
UrlCanonicalizeW
SHSkipJunction
UrlCompareW
StrCatW
StrChrA
SHDeleteKeyW
UrlEscapeA
StrCmpNIA
StrStrW
StrFromTimeIntervalA
PathIsNetworkPathA
StrToIntW
StrToIntA
UrlGetPartA
StrCmpIW
PathUndecorateW
UrlCombineA
PathStripPathW
SHRegDeleteEmptyUSKeyW
StrFormatKBSizeW
AssocQueryStringA
PathFindExtensionA
SHDeleteEmptyKeyA
StrRetToBufW
PathCanonicalizeA
PathGetArgsW
PathCompactPathW
StrDupW
UrlCompareA
PathRemoveBackslashW
StrFormatByteSize64A
StrDupA
UrlApplySchemeA
StrCmpNA
SHSetValueW
StrCmpNIW
PathIsRelativeW
SHRegQueryUSValueW
StrStrIW
PathIsDirectoryEmptyA
PathIsRootA
PathMakePrettyW
StrRetToStrA
AssocQueryStringW
ColorHLSToRGB
SHEnumKeyExW

kernel32

GetComputerNameW
LocalSize
Process32Next
IsDebuggerPresent
FillConsoleOutputAttribute
ReadFileEx
GetCommMask
SetMessageWaitingIndicator
CreateNamedPipeA
BeginUpdateResourceA
WritePrivateProfileStructW
VirtualProtectEx
ReadConsoleInputA
FreeLibraryAndExitThread
GetTempFileNameW
FindAtomW
FileTimeToSystemTime
VirtualAlloc
OpenWaitableTimerW
DeviceIoControl
CreateMailslotW
GetTimeFormatA
FreeConsole
SetEnvironmentVariableA
GetStartupInfoA
OutputDebugStringW
SetNamedPipeHandleState
SetWaitableTimer
GetCommConfig
MapViewOfFile
BeginUpdateResourceW
GetLogicalDrives
GetWindowsDirectoryA
Heap32ListNext
GetProcessHeaps
CreateEventW
GetConsoleCP
ExpandEnvironmentStringsA
GetFileAttributesW
GlobalMemoryStatus
GetAtomNameA
TransactNamedPipe
GetNamedPipeInfo
SleepEx
BuildCommDCBA
CreateMutexA
VirtualProtect
EnumSystemLocalesW
GlobalUnfix
GetShortPathNameA
SetProcessPriorityBoost
BackupWrite
ScrollConsoleScreenBufferW
RemoveDirectoryA
ReadConsoleOutputW
SetCurrentDirectoryW
GetCurrentThreadId
QueueUserAPC
GetTempFileNameA
FindFirstFileA
LocalHandle
SetMailslotInfo
FindResourceExW
GetProfileSectionA
GetLongPathNameA
SetProcessWorkingSetSize
DeleteFileA
lstrcatA
SetSystemTime
ConvertThreadToFiber
CreateProcessW
GetPrivateProfileIntA
GetModuleFileNameA
CompareFileTime
ReadConsoleW
SetConsoleTextAttribute
GetWindowsDirectoryW
GetProcAddress
GetPrivateProfileSectionA
TlsFree
CreateDirectoryExA
GetDiskFreeSpaceExW
SetCalendarInfoW
HeapWalk
DefineDosDeviceA
SetProcessAffinityMask
lstrcmpiW
CopyFileA
lstrcmpW
IsBadStringPtrW
ContinueDebugEvent
SetFileApisToANSI
GetProfileStringW
GetQueuedCompletionStatus
SearchPathA
GetMailslotInfo
FindResourceExA
FindAtomA
PostQueuedCompletionStatus
SetHandleCount
GetVersion
FormatMessageA
FileTimeToLocalFileTime
MoveFileExW
GetTapeParameters
SetLastError
SetEnvironmentVariableW
BackupRead
FindFirstChangeNotificationA
CreateSemaphoreW
CreateDirectoryW
GetCPInfoExW
lstrcmpiA
GetTempPathW
SuspendThread
BuildCommDCBW
InitAtomTable
Process32First
GlobalHandle
GetEnvironmentVariableW
FreeLibrary
WriteConsoleOutputCharacterA
WaitForMultipleObjects
ReadConsoleOutputAttribute
GlobalGetAtomNameA
EnumDateFormatsW
CreateMailslotA
LocalFileTimeToFileTime
GetSystemPowerStatus
IsBadWritePtr
GetFileAttributesExW
FindNextFileW
GetModuleHandleW
ResetEvent
OpenEventW
GetExitCodeProcess
MoveFileA
EnumSystemCodePagesA
GetNumberOfConsoleMouseButtons
TerminateProcess
EnumCalendarInfoExW
lstrcpy
TlsAlloc
LCMapStringA
SetDefaultCommConfigA
EnumTimeFormatsA
SetLocalTime
lstrcatW
WriteFile
CreateWaitableTimerA
IsBadStringPtrA
ExpandEnvironmentStringsW
FatalExit
WritePrivateProfileSectionA
DeleteAtom
ReadConsoleOutputCharacterW
UnmapViewOfFile
VirtualAllocEx

advapi32

ConvertSecurityDescriptorToAccessNamedA
DeleteService
GetCurrentHwProfileW
AreAnyAccessesGranted
CryptImportKey
GetPrivateObjectSecurity
ObjectCloseAuditAlarmW
CryptContextAddRef
LookupPrivilegeNameW
EnumServicesStatusW
ControlService
GetFileSecurityW
RegRestoreKeyA
GetMultipleTrusteeOperationW
SetNamedSecurityInfoExA
DeleteAce
GetAccessPermissionsForObjectA
BuildSecurityDescriptorW
SetNamedSecurityInfoExW
AddAce
AddAccessDeniedAce
GetKernelObjectSecurity
RegEnumValueA
CryptDecrypt
AccessCheckAndAuditAlarmW
CreatePrivateObjectSecurity
ImpersonateSelf
InitiateSystemShutdownA
QueryServiceConfigW
GetEffectiveRightsFromAclW
GetServiceDisplayNameW
CryptGetKeyParam
BuildTrusteeWithNameW
ReportEventA
GetAce
OpenEventLogW
GetSidSubAuthority
AbortSystemShutdownA
EnumDependentServicesW
ReadEventLogW
GetSecurityDescriptorDacl
IsTextUnicode
NotifyBootConfigStatus
RegEnumKeyExW
RegReplaceKeyA
OpenThreadToken
SetTokenInformation
EnumDependentServicesA
LookupPrivilegeValueA
GetSecurityDescriptorOwner
CryptSetProviderW
SetEntriesInAuditListA
SetSecurityDescriptorDacl
LookupPrivilegeNameA
OpenEventLogA
CryptGenKey
ImpersonateNamedPipeClient
LookupAccountSidA
CryptEncrypt
GetSecurityDescriptorLength
QueryServiceStatus
BuildTrusteeWithNameA
DuplicateToken
LookupAccountSidW
CryptSetProviderA
LookupPrivilegeValueW
CreateServiceW
CryptGetDefaultProviderA
IsValidSecurityDescriptor
TrusteeAccessToObjectW
OpenProcessToken
RegEnumKeyA
ChangeServiceConfigW
RegLoadKeyW
CryptSetHashParam
ConvertAccessToSecurityDescriptorW
GetNamedSecurityInfoExA
ReadEventLogA
RegEnumKeyExA
BuildImpersonateExplicitAccessWithNameW
ObjectOpenAuditAlarmW
LookupPrivilegeDisplayNameA
GetSecurityInfo
GetSecurityInfoExW
GetUserNameW
SetNamedSecurityInfoW
ChangeServiceConfigA
CryptGetHashParam
SetSecurityInfo
LookupSecurityDescriptorPartsW
GetTrusteeTypeA
GetLengthSid
GetAclInformation
GetServiceKeyNameW
CryptAcquireContextW
RegCreateKeyExW
ConvertSecurityDescriptorToAccessW
SetEntriesInAuditListW
RegSaveKeyA
RegConnectRegistryW
RegQueryMultipleValuesA
StartServiceW
GetSidLengthRequired
RegCloseKey

Sections

.text
Size: 63KB - Virtual size: 63KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 17KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 312B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

c31f7064e148d37e7a729f08fa3de9d5

Headers

DLL Characteristics

File Characteristics

Imports

ole32

user32

shlwapi

kernel32

advapi32

Sections

.text Size: 63KB - Virtual size: 63KB

.rdata Size: 17KB - Virtual size: 16KB

.data Size: 512B - Virtual size: 312B

.text
Size: 63KB - Virtual size: 63KB

.rdata
Size: 17KB - Virtual size: 16KB

.data
Size: 512B - Virtual size: 312B