2807fb19fa061db2e9273353d2b80fcb740fd5cdfc44fdb096fd0dd7b530da04

Sharing

Copy URL Twitter E-mail

General

Target

2807fb19fa061db2e9273353d2b80fcb740fd5cdfc44fdb096fd0dd7b530da04
Size

8.7MB
MD5

798ad7baebe1405c272a7470b4e2e1f5
SHA1

227d8422fd815050091519e76af3bda9801b1da9
SHA256

2807fb19fa061db2e9273353d2b80fcb740fd5cdfc44fdb096fd0dd7b530da04
SHA512

95b03be655d29630697a202912d3a4e53a604f1c8b9416e8d13c970736be0499f5a6afa42cf6fcce010a6eb2a287bee9000d614cd12acd9f470753619bfb4819
SSDEEP

196608:/w43372SDOSe5c9RayNTs8op2tKo+04JzQUqB4gu0/YsthcNLpYMkM:rK50VDI2Id5q//YsspYMR

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2807fb19fa061db2e9273353d2b80fcb740fd5cdfc44fdb096fd0dd7b530da04

Files

2807fb19fa061db2e9273353d2b80fcb740fd5cdfc44fdb096fd0dd7b530da04
.exe windows:6 windows x86 arch:x86

3d6700ee7e2f18a3410b0527b0678f5f

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_REMOVABLE_RUN_FROM_SWAP
IMAGE_FILE_NET_RUN_FROM_SWAP

Imports

secur32

LsaGetLogonSessionData
LsaFreeReturnBuffer
LsaEnumerateLogonSessions

kernel32

QueryDosDeviceW
ReadFile
GetFileSize
SetFilePointer
SetLastError
SetDllDirectoryW
DecodePointer
GetCurrentThreadId
SetErrorMode
InitializeCriticalSectionEx
RaiseException
IsProcessorFeaturePresent
CreateDirectoryW
GetCurrentProcessId
GetSystemDefaultLangID
GetUserDefaultLangID
GetCommandLineW
MoveFileW
SetCurrentDirectoryW
GetModuleFileNameW
lstrcmpW
lstrcpyW
GetLocaleInfoW
GetSystemDirectoryW
Process32NextW
Process32FirstW
CreateToolhelp32Snapshot
CopyFileW
FindNextFileW
FindFirstFileW
MoveFileExW
RemoveDirectoryW
SetFileAttributesW
CreateProcessW
FileTimeToSystemTime
FindClose
GetLocalTime
Sleep
GetTickCount
DeleteFileW
GetCurrentProcess
DuplicateHandle
SetPriorityClass
GetPriorityClass
GetModuleHandleW
LocalFree
GetShortPathNameW
GetTempPathW
lstrcmpiW
lstrlenW
WideCharToMultiByte
LeaveCriticalSection
EnterCriticalSection
DeleteCriticalSection
InitializeCriticalSection
ProcessIdToSessionId
FormatMessageW
LocalAlloc
ExpandEnvironmentStringsW
OpenProcess
GetExitCodeProcess
WaitForSingleObject
WTSGetActiveConsoleSessionId
CloseHandle
FindResourceExW
FindResourceW
LoadResource
LockResource
SizeofResource
MultiByteToWideChar
GetProcessHeap
HeapAlloc
WriteConsoleW
HeapFree
HeapReAlloc
HeapSize
HeapDestroy
GetLastError
CreateFileW
GetFileAttributesW
GetProcAddress
FreeLibrary
LoadLibraryExW
CancelWaitableTimer
GlobalFree
SetFilePointerEx
GetConsoleMode
GetConsoleCP
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineA
GetOEMCP
GetACP
GetSystemInfo
VirtualProtect
VirtualQuery
LoadLibraryExA
GetFileAttributesExW
SetFileTime
VirtualFree
VirtualAlloc
GetProcessAffinityMask
GlobalMemoryStatus
ReleaseSemaphore
CreateEventW
SetEvent
ResetEvent
CreateSemaphoreW
WaitForMultipleObjects
QueryPerformanceCounter
FindFirstFileExW
GetStringTypeW
InitializeCriticalSectionAndSpinCount
SwitchToThread
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
GetSystemTimeAsFileTime
EncodePointer
LCMapStringW
GetCPInfo
IsDebuggerPresent
OutputDebugStringW
VerSetConditionMask
VerifyVersionInfoW
GetCurrentThread
GetProcessTimes
GetLongPathNameW
WriteFile
FlushFileBuffers
SetEndOfFile
LoadLibraryW
CreateThread
ResumeThread
TerminateThread
ExitThread
WaitForMultipleObjectsEx
ReadProcessMemory
lstrlenA
GetSystemDefaultUILanguage
GetUserDefaultUILanguage
TerminateProcess
GetThreadContext
SetUnhandledExceptionFilter
GetSystemTime
lstrcmpA
UnhandledExceptionFilter
GetStartupInfoW
InitializeSListHead
RtlUnwind
GetFileType
FreeLibraryAndExitThread
GetModuleHandleExW
ExitProcess
GetStdHandle
IsValidLocale
GetUserDefaultLCID
EnumSystemLocalesW
SetStdHandle
IsValidCodePage

advapi32

OpenProcessToken
CreateProcessAsUserW
DuplicateTokenEx
SetTokenInformation
GetTokenInformation
EqualSid
TraceMessage
AllocateAndInitializeSid
FreeSid
GetNamedSecurityInfoW
ConvertStringSidToSidW
SetEntriesInAclW
SetNamedSecurityInfoW
GetSidLengthRequired
InitializeSid
GetSidSubAuthority
OpenThreadToken
RegQueryValueExW
RegEnumValueW
SetSecurityDescriptorDacl
MakeAbsoluteSD
InitializeSecurityDescriptor
QueryServiceStatusEx
LookupPrivilegeNameW
ConvertSidToStringSidW
CopySid
GetLengthSid
IsValidSid
InitializeAcl
AddAce
GetAclInformation
GetAce
ConvertStringSecurityDescriptorToSecurityDescriptorW
GetSecurityDescriptorOwner
CryptReleaseContext
CryptDecrypt
CryptAcquireContextW
CryptDestroyKey
CryptSetKeyParam
CryptImportKey
MapGenericMask
SetSecurityInfo
GetSecurityInfo
DuplicateToken
CheckTokenMembership
AdjustTokenPrivileges
LookupPrivilegeValueW
RegDeleteValueW
RegCreateKeyExW
RegSetValueExW
RegOpenKeyExW
RegEnumKeyExW
RegQueryInfoKeyW
RegCloseKey
RegDeleteKeyW
StartServiceW
RegGetValueW
ConvertSecurityDescriptorToStringSecurityDescriptorW
QueryServiceStatus
OpenServiceW
OpenSCManagerW
CloseServiceHandle
GetSecurityDescriptorControl
GetSecurityDescriptorLength
MakeSelfRelativeSD
GetSecurityDescriptorSacl
GetSecurityDescriptorDacl
GetSecurityDescriptorGroup
LsaNtStatusToWinError

ole32

CoCreateInstance
PropVariantClear
CoInitializeEx
CoUninitialize
CoInitializeSecurity
StringFromIID
CoTaskMemAlloc
CoTaskMemRealloc
CoTaskMemFree
StringFromGUID2
CoCreateGuid
CLSIDFromString

oleaut32

SafeArrayCreate
SafeArrayUnlock
SysStringByteLen
SysAllocStringByteLen
VariantCopyInd
VariantInit
VariantClear
SysAllocStringLen
SafeArrayPtrOfIndex
SafeArrayLock
SafeArrayCreateVector
SafeArrayUnaccessData
SafeArrayAccessData
VarUI4FromStr

shlwapi

PathRemoveFileSpecW
UrlCanonicalizeW
PathIsDirectoryW
PathFindFileNameW
PathIsUNCServerW
PathAppendW
PathAddBackslashW
PathQuoteSpacesW
SHDeleteKeyW
PathIsUNCW
PathSkipRootW
PathFileExistsW

comctl32

InitCommonControlsEx

psapi

GetModuleFileNameExW

crypt32

CryptHashCertificate
CertCompareIntegerBlob
CertFreeCertificateChain
CertGetCertificateChain
CryptMsgGetParam
CertFindCertificateInStore
CertCloseStore
CryptMsgClose
CertGetEnhancedKeyUsage
CertNameToStrW
CryptQueryObject
CertGetNameStringW
CertFreeCertificateContext

wintrust

CryptCATAdminReleaseContext
CryptCATAdminCalcHashFromFileHandle
CryptCATAdminEnumCatalogFromHash
CryptCATAdminAcquireContext
CryptCATAdminReleaseCatalogContext
CryptCATCatalogInfoFromContext
WintrustGetRegPolicyFlags
WinVerifyTrust

Sections

.text
Size: 920KB - Virtual size: 920KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 326KB - Virtual size: 326KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 7KB - Virtual size: 27KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 255KB - Virtual size: 255KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 62KB - Virtual size: 61KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

3d6700ee7e2f18a3410b0527b0678f5f

Headers

DLL Characteristics

File Characteristics

Imports

secur32

kernel32

advapi32

ole32

oleaut32

shlwapi

comctl32

psapi

crypt32

wintrust

Sections

.text Size: 920KB - Virtual size: 920KB

.rdata Size: 326KB - Virtual size: 326KB

.data Size: 7KB - Virtual size: 27KB

.rsrc Size: 255KB - Virtual size: 255KB

.reloc Size: 62KB - Virtual size: 61KB

.text
Size: 920KB - Virtual size: 920KB

.rdata
Size: 326KB - Virtual size: 326KB

.data
Size: 7KB - Virtual size: 27KB

.rsrc
Size: 255KB - Virtual size: 255KB

.reloc
Size: 62KB - Virtual size: 61KB