72c8d6fc05c7be5d670519a216ffb3cb

Sharing

Copy URL Twitter E-mail

General

Target

72c8d6fc05c7be5d670519a216ffb3cb
Size

37KB
MD5

72c8d6fc05c7be5d670519a216ffb3cb
SHA1

746bb04ff44f5d821ae7f96ee7dc465447daf2d2
SHA256

a71fdccf9e9144931068c0f23decba5e16204d174386a7789553f41f3b9dc6a7
SHA512

b317cb470756f57674072fd8a4fdb306a7a916398e5118989d9fd9862b23e6cc2b16b31524234588ce5eb16f528fe220830663bdf9a1e4a4cc59c049417cd37e
SSDEEP

768:RrFi/505PVVt22HGXxki9w74zt6Y0yoSM5V7NNn6gdB3GNDS2HMB4:Rxi/5aNveki9w7Atj1s5V7ldyi

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
72c8d6fc05c7be5d670519a216ffb3cb

Files

72c8d6fc05c7be5d670519a216ffb3cb
.exe windows:4 windows x86 arch:x86

95ddbbdd977a5ce80a16ea60b7916a80

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

shlwapi

PathFileExistsW
StrStrIW
PathRemoveFileSpecW
StrRChrW
StrChrW
PathAddBackslashW
PathAppendW
PathBuildRootW
PathCombineW

crypt32

CryptFormatObject

advapi32

RegDeleteValueW
RegQueryValueExA
RegLoadKeyW
RegOpenKeyExW
RegOpenKeyExA
RegCreateKeyExW
RegDeleteKeyW
AllocateAndInitializeSid
RegEnumValueW
OpenProcessToken
RegEnumKeyW
EqualSid
RegQueryValueExW
AdjustTokenPrivileges
RegCloseKey
RegQueryInfoKeyW
RegUnLoadKeyW
LookupPrivilegeValueW
FreeSid
GetTokenInformation
RegSetValueExW
RegFlushKey
RegSetValueW
RegSaveKeyW

ole32

CoTaskMemFree
OleUninitialize
OleInitialize

user32

CharNextA
CharUpperW
LoadStringW
CharNextW
ShowWindow
SendDlgItemMessageW
GetDC
SendMessageW
SetWindowTextW
DestroyWindow
MessageBeep
OemToCharA
PeekMessageW
EnableWindow
CharPrevW
MsgWaitForMultipleObjects
DispatchMessageW
GetDlgItemTextW
GetDesktopWindow
ReleaseDC
ExitWindowsEx
GetSystemMetrics
MessageBoxW
SetDlgItemTextW
GetWindowRect
CreateDialogParamW
SetWindowPos
DialogBoxParamW
GetDlgItem
UpdateWindow
IsWindow
EndDialog

msvcrt

wcsncmp
_wcsicmp
_XcptFilter
free
_adjust_fdiv
memcpy
_vsnwprintf
_setjmp3
_ultow
bsearch
_amsg_exit
_wtol
_wtoi
_initterm
_vsnprintf
malloc
_wcsnicmp
memset
longjmp
memmove

setupapi

SetupFindFirstLineW
SetupOpenInfFileW
SetupCloseFileQueue
SetupInitDefaultQueueCallbackEx
SetupGetStringFieldW
SetupQueueCopyW
SetupFindNextLine
SetupCommitFileQueueW
SetupInstallFromInfSectionW
SetupGetLineTextW
SetupDefaultQueueCallbackW
SetupOpenAppendInfFileW
SetupSetDirectoryIdW
SetupCloseInfFile
SetupOpenFileQueue
SetupTermDefaultQueueCallback

usp10

ScriptGetProperties

kernel32

QueryPerformanceCounter
GetFullPathNameW
GetEnvironmentVariableW
GetProcAddress
LoadLibraryExW
GetSystemInfo
InterlockedCompareExchange
MoveFileW
CloseHandle
lstrcmpW
FindClose
GetProfileStringW
GetModuleFileNameW
SizeofResource
ReadFile
DisableThreadLibraryCalls
CreateDirectoryW
GetDiskFreeSpaceW
WideCharToMultiByte
SetFileTime
TerminateProcess
ExpandEnvironmentStringsW
GetCurrentThreadId
FindNextFileW
CreateFileW
GetCurrentProcessId
FindResourceW
AttachConsole
GetPrivateProfileSectionW
SetLastError
GetShortPathNameW
WriteFile
GetPrivateProfileStringW
LoadLibraryW
GetSystemDirectoryW
HeapAlloc
FindFirstFileW
GetTempPathW
GetFileTime
GetPrivateProfileIntW
lstrcmpiA
LocalFree
FreeLibrary
CopyFileW
GetSystemDefaultUILanguage
GetCurrentProcess
LocalAlloc
LockResource
CreateFileMappingW
DeleteFileW
HeapFree
GetUserDefaultUILanguage
SetFilePointer
lstrcmpiW
GetFileAttributesW
MapViewOfFileEx
GetLocaleInfoW
CreateProcessW
lstrlenA
WritePrivateProfileSectionW
GetTempFileNameW
GetVolumeInformationW
RtlUnwind
MapViewOfFile
WritePrivateProfileStringW
SetFileAttributesW
lstrlenW
InterlockedExchange
MulDiv
GetWindowsDirectoryW
FormatMessageW
SearchPathW
GetLastError
EnumResourceLanguagesW
GetLocalTime
FindResourceExW
MultiByteToWideChar
GetDriveTypeW
UnmapViewOfFile
SetUnhandledExceptionFilter
GetProcessHeap
VirtualAlloc
CompareStringW
MoveFileExW
GetTickCount
UnhandledExceptionFilter
GetFileSize
RemoveDirectoryW
Sleep
LocalReAlloc
GetSystemTimeAsFileTime

version

VerQueryValueW
GetFileVersionInfoSizeW
GetFileVersionInfoW

gdi32

DeleteObject
CreateFontIndirectW
GetStockObject
GetDeviceCaps
GetObjectW

Sections

.text
Size: 512B - Virtual size: 432B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 21KB - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.idata
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: - Virtual size: 160KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

95ddbbdd977a5ce80a16ea60b7916a80

Headers

File Characteristics

Imports

shlwapi

crypt32

advapi32

ole32

user32

msvcrt

setupapi

usp10

kernel32

version

gdi32

Sections

.text Size: 512B - Virtual size: 432B

.rsrc Size: 21KB - Virtual size: 20KB

.idata Size: 6KB - Virtual size: 6KB

.data Size: - Virtual size: 160KB

.rdata Size: 8KB - Virtual size: 7KB

.text
Size: 512B - Virtual size: 432B

.rsrc
Size: 21KB - Virtual size: 20KB

.idata
Size: 6KB - Virtual size: 6KB

.data
Size: - Virtual size: 160KB

.rdata
Size: 8KB - Virtual size: 7KB