56b0faf0b1a464e4037eef3c30ecf7b2

Sharing

Copy URL Twitter E-mail

General

Target

56b0faf0b1a464e4037eef3c30ecf7b2
Size

93KB
MD5

56b0faf0b1a464e4037eef3c30ecf7b2
SHA1

95f104b18ba2a94abe3ca03705f8454c2c522d75
SHA256

272ab86f49c7da6a381c5e00f434bd574242d6c099b1f559b19cfb0292edaf67
SHA512

a1e234bc3535806b44d1f9778870890366be429216864770aaa4e5b0d44b4f40fcd92fd00f401e6f4668866250861746059914c6ae2c7455e721b271847cec81
SSDEEP

1536:1U7PG1RyJ8rUDoALG3rKz9tVJbUBVmDAsaw80vLtPfxiGD0K2D0K2ytZhR/f2S:Kq1YyUD/i3rV+Oa3D0K2D0KDZD/e

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
56b0faf0b1a464e4037eef3c30ecf7b2

Files

56b0faf0b1a464e4037eef3c30ecf7b2
.exe windows:4 windows x86 arch:x86

eac0f0e85c4d9e4a190c3cd02ff9c70a

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

user32

DragObject
SetSysColors
LoadImageA
CharNextA
GetMenuItemCount
DlgDirSelectExA
EnumDesktopWindows
AttachThreadInput
DdeCreateDataHandle
PostThreadMessageA
GetGUIThreadInfo
GetDlgItem
CharNextExA
CreateWindowExA
RegisterClassA
LoadIconW
InsertMenuA
FindWindowExW
SetWindowsHookA
GetKeyboardLayoutNameA
EnumPropsExA
SetWindowRgn
EnumDisplayDevicesA
DrawFrameControl
DlgDirSelectComboBoxExA
IsWindow
ModifyMenuW
DefWindowProcW
CreateDialogIndirectParamW
SetLastErrorEx
GetMonitorInfoW
MessageBoxIndirectA
ReuseDDElParam
GetWindowLongA
DdeFreeStringHandle
GetWindowInfo
GetMessageW
ShowCaret
TranslateMDISysAccel
VkKeyScanExA
GetClassInfoExW
VkKeyScanA
DefDlgProcA
DdeSetUserHandle
GetInputDesktop
ShowWindowAsync
GetClassNameW
OpenDesktopA
DrawTextExW
SendMessageCallbackW
DrawFrame
GetCursorInfo
LoadCursorFromFileA
OpenDesktopW
CallMsgFilterW
TrackMouseEvent
OpenWindowStationW
DlgDirListA
ChildWindowFromPointEx
GetMenuItemInfoA
SendInput
MessageBoxExA
UnhookWindowsHook
DlgDirSelectComboBoxExW
ToUnicode
GetMenu
SetClassLongW
GetWindowContextHelpId
LoadKeyboardLayoutW
FreeDDElParam
DestroyAcceleratorTable
IsClipboardFormatAvailable
SetWindowWord
ChangeMenuW
DrawIconEx
EnumPropsW
MsgWaitForMultipleObjects
EndTask
DdeReconnect
GetMonitorInfoA
GetClassLongW
GetKBCodePage
SetDlgItemInt
PtInRect
BroadcastSystemMessageW
EnableMenuItem
WindowFromDC
CreatePopupMenu
DdeCmpStringHandles
GetCapture
GetMenuCheckMarkDimensions
GetScrollRange
SetCaretBlinkTime
ValidateRgn
EnumWindowStationsW
DdeGetLastError
SetClipboardData
DrawTextW
CountClipboardFormats
GetMenuContextHelpId
CharLowerBuffA
GetClipboardFormatNameA
GetShellWindow
GetWindowRgn
IsCharAlphaNumericA
IsWindowEnabled
GetMessagePos
MessageBoxW
SetWindowContextHelpId
LoadKeyboardLayoutA
SetWindowTextA
AdjustWindowRectEx
GetKeyboardState
EnumPropsA
CharUpperW
GetScrollInfo
GetClassWord
GetWindowThreadProcessId
CallNextHookEx
GetComboBoxInfo
MapDialogRect
SendDlgItemMessageA
SetMenuItemInfoA
OpenClipboard
EndPaint
GrayStringA
GetMenuInfo
SetPropW
SwitchToThisWindow
IsZoomed
IntersectRect
FrameRect
SetWindowPlacement
GetFocus
SetMenuDefaultItem
RealGetWindowClass
GetScrollPos

advapi32

SetEntriesInAccessListA
OpenEventLogA
GetLengthSid
InitializeAcl
RegRestoreKeyA
AddAccessAllowedAce
SetSecurityDescriptorSacl
RegQueryValueExW
CryptGetProvParam
GetCurrentHwProfileA
GetKernelObjectSecurity
GetAclInformation
EnumDependentServicesW
GetSecurityInfoExW
RegEnumValueA
DeregisterEventSource
InitializeSecurityDescriptor
RegRestoreKeyW
CreateProcessAsUserW
GetOldestEventLogRecord
AdjustTokenGroups
SetEntriesInAccessListW
RegSaveKeyW
CryptEnumProvidersW
LookupPrivilegeValueA
CryptGetDefaultProviderW
OpenBackupEventLogA
StartServiceCtrlDispatcherA
DuplicateToken
CryptGenKey
GetPrivateObjectSecurity
SetTokenInformation
ConvertSecurityDescriptorToAccessW
RegSaveKeyA
GetSecurityDescriptorControl
InitiateSystemShutdownW
BuildSecurityDescriptorW
CryptDuplicateKey
SetAclInformation
CryptAcquireContextW
CryptEncrypt
CopySid
CryptSetProvParam
SetServiceBits
CryptGetDefaultProviderA
SetNamedSecurityInfoExA
GetSecurityDescriptorLength
BuildTrusteeWithSidW
ObjectOpenAuditAlarmA
ReportEventW
GetSecurityDescriptorDacl
GetSecurityInfo
PrivilegeCheck
GetNamedSecurityInfoExA
SetNamedSecurityInfoA
GetNumberOfEventLogRecords
GetUserNameA
PrivilegedServiceAuditAlarmW
RegUnLoadKeyW
RegEnumKeyExA
BuildTrusteeWithSidA
AdjustTokenPrivileges
NotifyChangeEventLog
LookupSecurityDescriptorPartsW
LookupSecurityDescriptorPartsA
RegLoadKeyA
ClearEventLogW
AccessCheck
GetFileSecurityW
RegQueryValueW
SetSecurityInfoExA
TrusteeAccessToObjectA
QueryServiceConfigW
IsValidSid
CryptDestroyKey
OpenEventLogW
GetOverlappedAccessResults
CryptGenRandom
AbortSystemShutdownW
StartServiceA
GetSecurityDescriptorOwner
NotifyBootConfigStatus
LookupAccountNameW
RegEnumKeyW
GetEffectiveRightsFromAclA
SetServiceStatus
CryptAcquireContextA
RegisterEventSourceA
CryptSetProviderA
LogonUserW
StartServiceCtrlDispatcherW
RegQueryValueExA
BuildImpersonateExplicitAccessWithNameW
SetSecurityDescriptorDacl
CryptVerifySignatureA
CryptSetKeyParam
GetAuditedPermissionsFromAclW
IsValidAcl
CryptDestroyHash
GetSecurityDescriptorGroup
ConvertSecurityDescriptorToAccessNamedA
MakeSelfRelativeSD
GetNamedSecurityInfoExW
RegDeleteKeyW
CryptImportKey
EqualSid
RegQueryInfoKeyW
CreatePrivateObjectSecurity

ole32

CoReleaseMarshalData
CoRegisterClassObject
IIDFromString
OleCreateLinkToFileEx
ReadOleStg
StgGetIFillLockBytesOnFile
IsEqualGUID
OleLockRunning
StgIsStorageILockBytes
CreateAntiMoniker
CoFileTimeToDosDateTime
OleRegGetMiscStatus
OleSetContainedObject
UpdateDCOMSettings
PropVariantClear
CoCreateInstance
CoGetPSClsid
CoIsHandlerConnected
StringFromIID
CoMarshalInterThreadInterfaceInStream
StgOpenStorageOnILockBytes
OleCreateFromData
OleSave
OleRegEnumVerbs
CoRevokeClassObject
CoQueryAuthenticationServices
CreatePointerMoniker
StringFromGUID2
PropVariantCopy
OleCreateEmbeddingHelper
CoGetMalloc
CreateDataCache
FreePropVariantArray
CreateFileMoniker
WriteOleStg
CoUnmarshalHresult
ReadFmtUserTypeStg
CoRegisterSurrogate
CreateILockBytesOnHGlobal
OleSaveToStream
OleSetClipboard
CoResumeClassObjects
CoInitializeEx
IsAccelerator
OleCreate
CoFreeUnusedLibraries
CoMarshalHresult
CoRevokeMallocSpy
CoQueryClientBlanket
CoSuspendClassObjects
StgIsStorageFile
OleIsCurrentClipboard
OleRegGetUserType
CreateItemMoniker
GetClassFile
GetHGlobalFromILockBytes
CoReleaseServerProcess
OleQueryLinkFromData
UtGetDvtd16Info
CoIsOle1Class
UtConvertDvtd16toDvtd32
OleCreateStaticFromData
CoDosDateTimeToFileTime
GetConvertStg
OleCreateFromFileEx
OleDoAutoConvert
CoCreateInstanceEx
CoGetInstanceFromIStorage
OleCreateLinkFromDataEx
DoDragDrop
StringFromCLSID
OleGetIconOfClass
CoRegisterChannelHook
OleTranslateAccelerator
OleRun
OleInitialize
UtConvertDvtd32toDvtd16
CoMarshalInterface
WriteStringStream
OpenOrCreateStream
CoDisconnectObject
ReadClassStg
OleConvertOLESTREAMToIStorageEx
OleGetIconOfFile
GetHookInterface
CoGetCallerTID
OleBuildVersion
SetDocumentBitStg
CreateStreamOnHGlobal
CoInitialize
OleCreateEx
OleCreateDefaultHandler
WriteFmtUserTypeStg
GetHGlobalFromStream
CoGetInstanceFromFile
CoTreatAsClass
OleCreateFromFile
DllDebugObjectRPCHook
OleQueryCreateFromData
CoAddRefServerProcess
OleLoadFromStream
CoGetCurrentLogicalThreadId
CoInitializeSecurity
ReadStringStream
CLSIDFromProgID
GetDocumentBitStg
CoGetTreatAsClass
StgCreateDocfile
StgOpenAsyncDocfileOnIFillLockBytes
CoFileTimeNow
CoGetMarshalSizeMax
OleGetClipboard

shlwapi

SHRegDeleteUSValueW
PathIsLFNFileSpecA
StrToIntExW
PathAddExtensionW
PathStripPathW
SHRegEnumUSValueA
SHGetInverseCMAP
SHOpenRegStreamW
PathSkipRootA
StrRetToStrW
AssocQueryStringW
PathRemoveBlanksA
PathGetDriveNumberW
SHRegCreateUSKeyA
SHRegGetUSValueA
PathIsRelativeA
StrRetToBufW
UrlGetLocationW
SHDeleteKeyW
PathGetArgsA
PathFindNextComponentW
IntlStrEqWorkerW
SHEnumKeyExA
StrPBrkW
SHRegDeleteEmptyUSKeyW
PathCommonPrefixW
PathFindOnPathA
StrSpnA
PathIsFileSpecA
SHQueryInfoKeyW
UrlGetPartW
StrChrIW
StrCatW
PathAppendA
PathParseIconLocationA
AssocQueryStringByKeyW
StrFormatKBSizeW
UrlCombineA
UrlUnescapeA
StrToIntExA
SHRegOpenUSKeyA
StrChrW
SHSetValueA
SHIsLowMemoryMachine
PathIsDirectoryEmptyA
StrIsIntlEqualW
PathGetCharTypeA
StrRChrW
StrFormatKBSizeA
SHDeleteKeyA
SHRegEnumUSValueW
SHRegWriteUSValueW
UrlIsOpaqueW
UrlCanonicalizeW
PathRemoveArgsA
SHRegEnumUSKeyW
PathIsRootA
SHQueryInfoKeyA
UrlEscapeW
StrCatBuffW
PathFindExtensionA
PathUnquoteSpacesA
StrFormatByteSize64A
SHAutoComplete
SHOpenRegStream2A
SHDeleteValueW
PathCompactPathExA
PathRemoveFileSpecA
PathSearchAndQualifyA
PathIsRootW
StrChrIA
SHRegQueryInfoUSKeyA
PathParseIconLocationW
PathRenameExtensionW
HashData
SHEnumKeyExW
SHSkipJunction
PathStripToRootA
ChrCmpIA
PathIsNetworkPathW
UrlCompareA
PathUndecorateW
SHRegQueryInfoUSKeyW
StrPBrkA
SHRegDeleteUSValueA
StrCmpW
PathIsPrefixW
StrCatBuffA
PathFindExtensionW
PathMakeSystemFolderA
PathStripPathA
SHRegGetBoolUSValueA
GetMenuPosFromID
PathFileExistsW
SHDeleteEmptyKeyA
PathMakePrettyW
StrCmpNIW
StrRChrIA
PathRemoveBlanksW
SHSetThreadRef
PathUnmakeSystemFolderW
SHEnumValueA
PathUnquoteSpacesW

kernel32

GetSystemTimeAsFileTime
WritePrivateProfileStructA
SetFileApisToANSI
WriteConsoleA
SetConsoleMode
WaitCommEvent
IsBadHugeReadPtr
MapViewOfFileEx
GetTempFileNameA
MultiByteToWideChar
ReadDirectoryChangesW
ReadConsoleInputA
GlobalGetAtomNameA
GetHandleInformation
GetEnvironmentStringsA
LocalLock
UnhandledExceptionFilter
GetSystemPowerStatus
SetVolumeLabelA
HeapCreate
WideCharToMultiByte
GetStartupInfoW
lstrlenA
lstrcmpiA
SetCommTimeouts
SetCommMask
TransmitCommChar
ConnectNamedPipe
SetConsoleActiveScreenBuffer
OpenWaitableTimerA
GetMailslotInfo
GetDefaultCommConfigW
EscapeCommFunction
DefineDosDeviceW
GetUserDefaultLangID
EnumDateFormatsA
GetVersionExA
GetLastError
DeleteFiber
GetCurrencyFormatA
GetThreadPriorityBoost
VirtualAlloc
WriteFileEx
HeapCompact
CreateDirectoryExW
CreateFileMappingW
GetVolumeInformationA
ScrollConsoleScreenBufferA
SetThreadAffinityMask
ResetWriteWatch
lstrcmpiW
PulseEvent
ReadConsoleOutputA
GetFileTime
BuildCommDCBAndTimeoutsW
IsDBCSLeadByte
GetDefaultCommConfigA
IsValidCodePage
SetConsoleTextAttribute
RaiseException
SetFileApisToOEM
GetExitCodeThread
GetCPInfoExA
EnumDateFormatsExA
HeapFree
CreatePipe
CreateProcessW
GetProfileStringA
SetCalendarInfoA
WinExec
SetVolumeLabelW
GlobalFix
LoadLibraryW
SetStdHandle
EnumSystemLocalesA
ClearCommError
WriteConsoleOutputAttribute
CreateTapePartition
GetPriorityClass
FindFirstChangeNotificationA
WritePrivateProfileStringA
lstrcmpi
FindResourceA
GlobalAddAtomW
ReadProcessMemory
SetTapePosition
OpenSemaphoreA
SetDefaultCommConfigW
GetProcessVersion
CommConfigDialogA
CommConfigDialogW
GetLogicalDriveStringsW
FindFirstChangeNotificationW
SetProcessPriorityBoost
RequestWakeupLatency
SetEnvironmentVariableW
ReadConsoleOutputCharacterW
VirtualProtect
UpdateResourceW
TlsGetValue
PeekConsoleInputA
GetWindowsDirectoryA
GetProcessWorkingSetSize
WaitForMultipleObjects
SetConsoleScreenBufferSize
SetLocaleInfoA
FreeLibrary
FileTimeToSystemTime
GetLogicalDriveStringsA
GetCommTimeouts
SetLocaleInfoW
GetThreadContext
BackupRead
WriteFile
CreateFiber
GetPrivateProfileStructW
VirtualUnlock
ContinueDebugEvent
DebugBreak
IsBadReadPtr
CreateProcessA
GetCurrencyFormatW
FindResourceExW
TerminateThread
lstrcmpW
FindCloseChangeNotification
AreFileApisANSI

Sections

.text
Size: 75KB - Virtual size: 74KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 17KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

eac0f0e85c4d9e4a190c3cd02ff9c70a

Headers

DLL Characteristics

File Characteristics

Imports

user32

advapi32

ole32

shlwapi

kernel32

Sections

.text Size: 75KB - Virtual size: 74KB

.rdata Size: 17KB - Virtual size: 16KB

.data Size: 512B - Virtual size: 8KB

.text
Size: 75KB - Virtual size: 74KB

.rdata
Size: 17KB - Virtual size: 16KB

.data
Size: 512B - Virtual size: 8KB