653eaf45b5876b7555574a07b561c4c6

Sharing

Copy URL

Twitter E-mail

General

Target

653eaf45b5876b7555574a07b561c4c6
Size

458KB
MD5

653eaf45b5876b7555574a07b561c4c6
SHA1

00989e1f85a78530946293bc4b99a98a9d91e770
SHA256

173977df94cbc26a954e86e37174c2852ed11ba0145652ae618d513017c91463
SHA512

a0b8b637cd61a080354714c458f59edaf0e908c52e7ac602d373133dbb879ec27c52974e964f034cc7d240ab91f6c47d13ddc736d49d82938d5f52e2cf939ed2
SSDEEP

12288:7Cy4JDv6JWJvn21sIt3NCplwhQLSAWpZzMb0Hlf0I/tJM:+S0JP21sG3NCpcHpaWf0ITM

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
653eaf45b5876b7555574a07b561c4c6

Files

653eaf45b5876b7555574a07b561c4c6
.exe windows:4 windows x86 arch:x86

b9006003fa388640665230c70940792d

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

ntdsapi

DsCrackNamesW
DsFreeNameResultW

advapi32

IsValidSid
RegQueryValueExA
RegCloseKey
CheckTokenMembership
CopySid
AllocateAndInitializeSid
RegOpenKeyExW
RegQueryValueExW
EqualSid
LookupAccountNameW
RegCreateKeyExW
LsaStorePrivateData
RegDeleteValueW
QueryServiceStatus
LsaClose
CreateProcessWithLogonW
CloseServiceHandle
OpenServiceW
RegOpenKeyExA
GetTokenInformation
LookupAccountSidW
OpenProcessToken
RegEnumKeyW
RegSetValueExW
GetLengthSid
LsaOpenPolicy
OpenThreadToken
FreeSid
OpenSCManagerW

msvcrt

_except_handler3
wcschr

urlmon

URLDownloadToCacheFileW

shlwapi

PathGetDriveNumberW
PathFindExtensionW
StrDupW
SHStrDupW
SHRegGetBoolUSValueW
StrCatBuffW
PathParseIconLocationW
PathFindFileNameW
SHSetValueW
StrCmpIW
UrlGetPartW
PathRemoveFileSpecW
StrToIntW
AssocQueryStringW
PathMatchSpecW
PathIsUNCServerW
SHGetValueW
PathRemoveBackslashW
StrCmpW
StrRetToBufW
StrToIntExW
StrCpyNW
PathRenameExtensionW
PathIsUNCW
PathAppendW
UrlCombineW
StrChrW
wnsprintfW
StrCmpNIW
PathCombineW

shell32

SHGetFileInfoW
SHGetPathFromIDListW
SHBrowseForFolderW
SHGetDesktopFolder
SHGetSpecialFolderLocation
SHBindToParent
SHParseDisplayName
SHCreateShellItem
ShellExecuteExW
SHGetSpecialFolderPathW

ole32

CoTaskMemFree
CoInitialize
CoUninitialize
CoInitializeEx
ReleaseStgMedium
CoGetInterfaceAndReleaseStream
CreateBindCtx
CoCreateInstance
CoCreateFreeThreadedMarshaler
CoMarshalInterThreadInterfaceInStream

secur32

TranslateNameW

user32

IsDlgButtonChecked
RegisterClipboardFormatW
SetForegroundWindow
GetSysColor
ReleaseDC
SetCursor
FindWindowW
LoadCursorW
PostMessageW
WinHelpW
SetDlgItemTextW
LoadStringW
GetClientRect
OffsetRect
SetFocus
EnableWindow
GetWindowLongW
IsWindowEnabled
CharLowerBuffW
GetDesktopWindow
DrawFocusRect
DestroyIcon
MapWindowPoints
SendDlgItemMessageW
GetDlgCtrlID
CharNextW
GetWindowTextLengthW
CheckDlgButton
KillTimer
GetDlgItemTextW
MoveWindow
EndDialog
GetWindowRect
SetWindowTextW
SetWindowLongW
DialogBoxParamW
LoadImageW
GetDlgItem
RedrawWindow
RegisterWindowMessageW
IsWindow
GetParent
SetTimer
IsWindowVisible
SendMessageW
DrawTextExW
SetWindowPos
GetSystemMetrics
GetWindowLongA
GetWindowTextW
MessageBoxW
GetDC
GetDialogBaseUnits
LoadIconW
ShowWindow
SystemParametersInfoW
CheckRadioButton

kernel32

InterlockedDecrement
SetUnhandledExceptionFilter
ExitProcess
DosDateTimeToFileTime
TerminateProcess
GetModuleHandleW
GetTickCount
GetCurrentThread
GetGeoInfoW
GetUserDefaultLCID
UnhandledExceptionFilter
FreeLibrary
GetWindowsDirectoryW
SetComputerNameExW
OpenEventW
GetUserDefaultLangID
ExpandEnvironmentStringsW
CreateThread
SetEvent
CreateProcessW
FormatMessageW
GetDriveTypeW
GetUserGeoID
GetSystemDefaultLCID
WaitForSingleObject
GetVersionExA
CloseHandle
lstrlenW
InterlockedCompareExchange
lstrcpynW
LocalFree
GetACP
GlobalLock
GetLastError
InterlockedIncrement
lstrcmpiW
GetCurrentProcessId
DelayLoadFailureHook
GetCurrentThreadId
GetProcAddress
MultiByteToWideChar
GetModuleFileNameW
GetCurrentProcess
LoadLibraryA
GetComputerNameW
lstrcmpiA
WideCharToMultiByte
LocalAlloc
GlobalUnlock
lstrcpyW
CreateEventW
DnsHostnameToComputerNameW
LoadLibraryW
MulDiv
QueryPerformanceCounter
ResetEvent
GetSystemTimeAsFileTime

mpr

WNetCancelConnection2W
WNetOpenEnumW
WNetCloseEnum
WNetEnumResourceW
WNetAddConnection3W
WNetGetConnectionW

gdi32

GetDeviceCaps
CreateFontIndirectW
DeleteObject
SetTextColor
ExtTextOutW
SetBkColor
SelectObject
GetObjectW
GetTextMetricsW

netapi32

NetApiBufferFree
NetUnjoinDomain
NetLocalGroupDelMembers
NetLocalGroupEnum
DsGetDcNameW
NetUserGetLocalGroups
NetRenameMachineInDomain
NetUserGetInfo
NetJoinDomain
NetLocalGroupAddMembers
NetUserSetInfo
DsRoleGetPrimaryDomainInformation
NetUserAdd
NetValidateName
DsRoleFreeMemory
NetLocalGroupGetMembers
NetUserDel

ntdll

RtlLargeIntegerShiftRight
RtlRunEncodeUnicodeString
RtlGetNtProductType
NtAllocateVirtualMemory

Sections

.text
Size: 12KB - Virtual size: 11KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 20B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.data
Size: 293KB - Virtual size: 480KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 147KB - Virtual size: 146KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

b9006003fa388640665230c70940792d

Headers

File Characteristics

Imports

ntdsapi

advapi32

msvcrt

urlmon

shlwapi

shell32

ole32

secur32

user32

kernel32

mpr

gdi32

netapi32

ntdll

Sections

.text Size: 12KB - Virtual size: 11KB

.reloc Size: 512B - Virtual size: 20B

.data Size: 293KB - Virtual size: 480KB

.rdata Size: 4KB - Virtual size: 4KB

.rsrc Size: 147KB - Virtual size: 146KB

.text
Size: 12KB - Virtual size: 11KB

.reloc
Size: 512B - Virtual size: 20B

.data
Size: 293KB - Virtual size: 480KB

.rdata
Size: 4KB - Virtual size: 4KB

.rsrc
Size: 147KB - Virtual size: 146KB