702c8e1f79bfd91d9c3255a1f3a7c286

Sharing

Copy URL Twitter E-mail

General

Target

702c8e1f79bfd91d9c3255a1f3a7c286
Size

151KB
MD5

702c8e1f79bfd91d9c3255a1f3a7c286
SHA1

80894a93086c7b2f5c6416d692cc9a8ec3ec8f75
SHA256

53b864e17d67bb59064e57274ec6ad4291e5622117290752b83473071ddf3b72
SHA512

0402d55ac7e7c40942c53d04f7bc66b17f44ec0ebec03656c615f7e847c9c0869c57883ee840bcd9fcaf373a615b4f65be5bae2508142f220901cfba740344e4
SSDEEP

3072:kvNvngwETixXMeE6yor6aLNhEcWMPXKR2YLO6+kkpbBf6UhFZKbLd5Q9+FkHD:siiKeE6EVGO3OxHpblT9+Fk

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
702c8e1f79bfd91d9c3255a1f3a7c286

Files

702c8e1f79bfd91d9c3255a1f3a7c286
.exe windows:5 windows x86 arch:x86

7189e1712fecb2be62660360eab4eeb2

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetModuleHandleW
GetNamedPipeHandleStateA
GetNamedPipeInfo
GetOverlappedResult
GetProcAddress
GetShortPathNameW
GetSystemInfo
GetSystemTimeAsFileTime
GetTempPathW
GetTickCount
GetVersionExA
GetVolumeInformationW
GlobalMemoryStatusEx
GlobalUnlock
HeapAlloc
InitializeCriticalSection
InitializeCriticalSectionAndSpinCount
InterlockedDecrement
InterlockedExchange
IsBadReadPtr
IsDebuggerPresent
LeaveCriticalSection
LoadLibraryA
LoadLibraryW
LocalAlloc
LocalFileTimeToFileTime
MapUserPhysicalPagesScatter
MapViewOfFile
MultiByteToWideChar
OpenProcess
OpenThread
OutputDebugStringA
OutputDebugStringW
GetModuleHandleA
QueryPerformanceCounter
QueryPerformanceFrequency
RaiseException
ReadFile
ReleaseMutex
RemoveDirectoryW
RequestWakeupLatency
ResetEvent
ResumeThread
RtlUnwind
SetEndOfFile
SetErrorMode
SetLastError
SetThreadLocale
Sleep
SystemTimeToFileTime
TerminateProcess
TlsAlloc
TlsFree
TlsGetValue
TransactNamedPipe
TryEnterCriticalSection
UnhandledExceptionFilter
UnmapViewOfFile
VirtualAlloc
VirtualFree
VirtualProtect
VirtualQuery
WaitForSingleObject
WriteFile
lstrcmpiA
lstrcpyW
lstrlenW
GetLastError
GetHandleInformation
GetFullPathNameW
GetFileInformationByHandle
GetFileAttributesW
GetFileAttributesExW
GetFileAttributesA
GetExitCodeThread
GetCurrentThread
GetCurrentProcessId
GetCurrentProcess
GetCurrentDirectoryW
GetConsoleFontSize
GetComputerNameExW
GetACP
FreeLibrary
FormatMessageW
FindNextChangeNotification
FindFirstFileW
FindFirstChangeNotificationW
FindCloseChangeNotification
FindClose
FileTimeToSystemTime
ExpandEnvironmentStringsW
ExitThread
ExitProcess
EnterCriticalSection
DisconnectNamedPipe
DeviceIoControl
DeleteTimerQueueTimer
DeleteFileW
DeleteCriticalSection
CreateThread
CreateTapePartition
CreatePipe
CreateNamedPipeW
CreateFileW
CreateFileA
CreateDirectoryW
ConnectNamedPipe
CloseHandle
Process32First
CancelIo

shell32

SHGetFolderPathW

advapi32

SetSecurityDescriptorDacl
SetSecurityDescriptorControl
SetEntriesInAclW
RevertToSelf
ReportEventW
RegisterServiceCtrlHandlerExA
RegisterEventSourceW
RegSetValueExW
RegQueryValueExW
RegQueryValueExA
RegOpenKeyExW
RegOpenKeyExA
RegCreateKeyExW
OpenServiceW
OpenSCManagerW
OpenProcessToken
MapGenericMask
InitializeSecurityDescriptor
InitializeAcl
ImpersonateSelf
ImpersonateNamedPipeClient
GetUserNameW
GetTokenInformation
GetSecurityDescriptorSacl
GetNamedSecurityInfoW
GetLengthSid
GetFileSecurityW
GetExplicitEntriesFromAclW
FreeSid
DeregisterEventSource
DeleteService
CryptReleaseContext
CryptGenRandom
CryptAcquireContextW
CryptAcquireContextA
CreateServiceW
CloseServiceHandle
AddAccessAllowedAce
AccessCheck
SetServiceStatus
StartServiceCtrlDispatcherA
SetSecurityDescriptorOwner

ws2_32

bind
accept
__WSAFDIsSet
WSCEnableNSProvider
closesocket
connect
send
select
listen
ioctlsocket
inet_addr
getsockopt
getsockname
gethostname

user32

LookupIconIdFromDirectory
MessageBoxW
MsgWaitForMultipleObjectsEx
NotifyWinEvent
PeekMessageA
RegisterDeviceNotificationA
wsprintfW
CharUpperA

ole32

CoInitialize
CoQueryProxyBlanket
CoSetProxyBlanket
CoTaskMemFree
CoUninitialize
WriteClassStm
CoCreateInstance

setupapi

SetupOpenMasterInf
SetupDiSetSelectedDriverW
SetupDiSetDeviceRegistryPropertyW
SetupDiSetDeviceInstallParamsW
SetupDiOpenDeviceInfoA
SetupDiGetDriverInfoDetailW
SetupDiGetDeviceRegistryPropertyW
SetupDiGetDeviceRegistryPropertyA
SetupDiGetDeviceInterfaceDetailW
SetupDiGetDeviceInterfaceDetailA
SetupDiGetDeviceInstanceIdW
SetupDiGetDeviceInstanceIdA
SetupDiGetDeviceInstallParamsW
SetupDiGetClassDevsA
SetupDiEnumDriverInfoW
SetupDiEnumDeviceInterfaces
SetupDiEnumDeviceInfo
SetupDiDestroyDriverInfoList
SetupDiDestroyDeviceInfoList
SetupDiCreateDeviceInfoList
SetupDiCallClassInstaller
SetupDiBuildDriverInfoList
CM_Request_Device_EjectW
CM_Locate_DevNodeA
CM_Get_Sibling
CM_Get_Parent
CM_Get_Next_Log_Conf
CM_Get_Device_ID_Size
CM_Get_Device_IDA
CM_Get_DevNode_Registry_PropertyW
CM_Get_DevNode_Registry_PropertyA
CM_Get_Depth
CM_Get_Child
CMP_UnregisterNotification
CM_Add_Empty_Log_Conf
CM_Free_Log_Conf_Handle

Exports

Exports

AHeartbeat
DoHotMailWizard
HrSafeGetStreamSize
HrStreamSeekBegin
MawDeviceCallback

Sections

.text
Size: 53KB - Virtual size: 52KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 88KB - Virtual size: 88KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 842B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

7189e1712fecb2be62660360eab4eeb2

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

shell32

advapi32

ws2_32

user32

ole32

setupapi

Exports

Exports

Sections

.text Size: 53KB - Virtual size: 52KB

.rdata Size: 88KB - Virtual size: 88KB

.data Size: 8KB - Virtual size: 8KB

.rsrc Size: 1024B - Virtual size: 842B

.text
Size: 53KB - Virtual size: 52KB

.rdata
Size: 88KB - Virtual size: 88KB

.data
Size: 8KB - Virtual size: 8KB

.rsrc
Size: 1024B - Virtual size: 842B