7a16962b65dae7d30a23d31019e800ee

Sharing

Copy URL

Twitter E-mail

General

Target

7a16962b65dae7d30a23d31019e800ee
Size

87KB
MD5

7a16962b65dae7d30a23d31019e800ee
SHA1

25a1a2ffd4fee13039d6eaafda501084b511db4d
SHA256

101e675729bc348a3039cd7f77be477b406ea955572ff118dcab6114c8ee1c9e
SHA512

e6987d68fcb4c39a179ca521d9162094ac77841f1ea6488f31c9848c3cbd28cf51733673ea7f43f89a7afb564639f599555ad5159d93a8ff4f4327a0d1674fba
SSDEEP

1536:NoyORwDq5JtVY6cSeCCtX1gufez52QKQOVPKoy4sUN3u+F2DcuyCZTBRjeXvvpBi:NOwaJ5cSGzvQfcioy4sqQQDaTaXvf

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
7a16962b65dae7d30a23d31019e800ee

Files

7a16962b65dae7d30a23d31019e800ee
.exe windows:4 windows x86 arch:x86

4359e441dd47bca3b73344d6b47aafd4

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

user32

GetKeyboardLayoutNameW
DefWindowProcW
ChangeDisplaySettingsExA
EndPaint
GetMenuItemID
GetWindowThreadProcessId
DlgDirListComboBoxW
EditWndProc
DrawStateA
IsRectEmpty
ReleaseDC
EnableWindow
ShowCaret
RealGetWindowClass
PaintDesktop
GetMessageExtraInfo
SetLastErrorEx
RegisterClipboardFormatW
ReuseDDElParam
ShowScrollBar
LoadCursorFromFileW
ToUnicodeEx
SetWindowWord
SetClipboardViewer
GetPropA
CreateWindowExW
UnionRect
ShowOwnedPopups
GetKBCodePage
SetFocus
DefDlgProcA
MapVirtualKeyExW
SetWindowLongW
DdeFreeDataHandle
WaitMessage
IsClipboardFormatAvailable
GetMonitorInfoW
DdeImpersonateClient
IsCharLowerW
GetWindowLongW
EnumWindowStationsA
GetKeyboardState
RegisterDeviceNotificationW
GetUserObjectInformationW
GetWindowPlacement
PtInRect
GetDlgItemTextA
SetUserObjectInformationW
MonitorFromWindow
GetWindowDC
SetMessageExtraInfo
DrawStateW
BeginPaint
SetDlgItemTextW
IsWindowEnabled
SetCursor
CascadeChildWindows
EnumPropsExW
IsChild
InflateRect
CharToOemBuffW
DrawCaption
GetDialogBaseUnits
CharUpperBuffA
BeginDeferWindowPos
CharPrevA
DlgDirSelectComboBoxExW
DlgDirSelectComboBoxExA
EnableScrollBar
GetTitleBarInfo
EnumDesktopWindows
CharLowerBuffW
EnumWindowStationsW
LoadImageW
GetCaretBlinkTime
DdeNameService
IsIconic
DdeConnect
LoadCursorW
DrawTextExW
IsDialogMessageW
UnregisterHotKey
VkKeyScanExA
EnumDisplaySettingsW
SetThreadDesktop
NotifyWinEvent
MapVirtualKeyA
IsCharAlphaW
GetDlgItemInt
GetWindowRgn
DdeQueryNextServer
PostThreadMessageW
SetWindowTextA
DestroyCaret
CopyImage
DdeCreateStringHandleW
DdeQueryStringA
SetWinEventHook
GetWindowTextW
MonitorFromRect
SwitchDesktop
DefFrameProcA
CharUpperBuffW
WINNLSGetEnableStatus
WindowFromPoint
PostQuitMessage
MenuItemFromPoint
ScreenToClient
GetMenuBarInfo
EndMenu
GetScrollPos
EnumDisplayMonitors
TranslateAcceleratorW
GetMenuState
CreateIcon
SetWindowContextHelpId
OemToCharW
DrawFrameControl
LoadAcceleratorsA
ReplyMessage
DdeDisconnect
CreateWindowStationA
GetClipboardFormatNameW
LoadKeyboardLayoutA
CharToOemW
LoadAcceleratorsW
SendDlgItemMessageA
GetMenuItemRect
UpdateWindow
RegisterClassExW
DrawAnimatedRects
PostMessageA
SetWindowTextW
GetPriorityClipboardFormat
GetCursorInfo
MessageBoxIndirectW
RealChildWindowFromPoint
SetActiveWindow
GetMenuDefaultItem
SendMessageTimeoutW
DdeUninitialize
GetProcessDefaultLayout

advapi32

StartServiceCtrlDispatcherW
SetNamedSecurityInfoW
RegEnumValueW
CancelOverlappedAccess
RegNotifyChangeKeyValue
SetServiceBits
RegQueryInfoKeyA
RegUnLoadKeyW
SetSecurityDescriptorSacl
RegQueryInfoKeyW
CryptHashSessionKey
GetMultipleTrusteeOperationA
QueryServiceObjectSecurity
PrivilegedServiceAuditAlarmW
CryptImportKey
CloseEventLog
CryptVerifySignatureW
GetSecurityInfoExW
LookupPrivilegeNameA
SetKernelObjectSecurity
GetAclInformation
OpenSCManagerW
ObjectDeleteAuditAlarmW
CryptEncrypt
SetSecurityDescriptorOwner
IsTextUnicode
BuildTrusteeWithNameA
BuildImpersonateExplicitAccessWithNameW
LookupAccountSidW
ConvertSecurityDescriptorToAccessNamedW
ConvertSecurityDescriptorToAccessW
InitializeSid
AdjustTokenPrivileges
GetAccessPermissionsForObjectW
RegQueryMultipleValuesA
BuildExplicitAccessWithNameW
OpenSCManagerA
CryptSetProviderA
CryptSetKeyParam
RegDeleteValueW
GetExplicitEntriesFromAclW
RegOpenKeyA
RegFlushKey
InitializeAcl
DeregisterEventSource
DeleteService
NotifyChangeEventLog
CryptDecrypt
DestroyPrivateObjectSecurity
GetServiceDisplayNameW
RegDeleteKeyW
SetEntriesInAccessListA
InitializeSecurityDescriptor
BuildTrusteeWithSidW
ObjectOpenAuditAlarmW
RegConnectRegistryW
RegCloseKey
IsValidSecurityDescriptor
CreateProcessAsUserW
IsValidAcl
AdjustTokenGroups
TrusteeAccessToObjectA
GetMultipleTrusteeA
BackupEventLogA
InitiateSystemShutdownW
SetFileSecurityW
ClearEventLogW
CryptReleaseContext
GetCurrentHwProfileA
AbortSystemShutdownA
SetPrivateObjectSecurity
RegSetKeySecurity
LogonUserA
GetFileSecurityW
CryptEnumProviderTypesW
RegCreateKeyExA
OpenEventLogA
QueryServiceConfigA
CryptContextAddRef
SetThreadToken
ConvertAccessToSecurityDescriptorW
GetSidSubAuthority
CryptDestroyKey
ClearEventLogA
SetAclInformation
GetSecurityDescriptorSacl
AddAccessDeniedAce
CryptGenKey
GetSecurityInfoExA
CreatePrivateObjectSecurity
CryptDestroyHash
GetFileSecurityA
AreAnyAccessesGranted
CryptEnumProvidersA
AddAccessAllowedAce
CryptGetKeyParam
SetServiceObjectSecurity
RegEnumKeyW
LogonUserW
GetUserNameW
RegQueryValueW
LookupAccountNameA
SetSecurityInfo
RegSetValueW
GetSecurityDescriptorControl
RegisterEventSourceW
RegSetValueExW
GetTokenInformation
CryptSetProviderW
ObjectCloseAuditAlarmA
LookupPrivilegeDisplayNameW
PrivilegeCheck
AreAllAccessesGranted
TrusteeAccessToObjectW
RegQueryValueA
AddAuditAccessAce
GetLengthSid
RegisterServiceCtrlHandlerA
MakeSelfRelativeSD
QueryServiceStatus
GetSecurityDescriptorOwner
GetTrusteeTypeW
GetMultipleTrusteeW
RegCreateKeyExW
GetTrusteeTypeA
GetAce
EnumDependentServicesW
GetServiceDisplayNameA
CryptAcquireContextW
ImpersonateSelf

kernel32

Beep
MultiByteToWideChar
GetCPInfo
VirtualAlloc
SetHandleCount
WriteFileEx
GetLogicalDriveStringsW
DisconnectNamedPipe
CompareStringW
LCMapStringA
SetupComm
GlobalFindAtomW
SetMessageWaitingIndicator
SetEnvironmentVariableW
CopyFileA
FindNextFileW
SleepEx
GetDiskFreeSpaceExW
GetTapePosition
CreateMutexA
MoveFileW
GetSystemDefaultLangID
FindFirstFileExA
lstrcmpiW
DeleteAtom
SetFileAttributesA
WritePrivateProfileStructW
UnhandledExceptionFilter
CreateSemaphoreW
DisableThreadLibraryCalls
VirtualProtect
IsDBCSLeadByte
SetConsoleMode
RtlFillMemory
VerLanguageNameW
LocalLock
GetProcessHeap
LocalFree
HeapCreate
FindNextFileA
FindClose
GlobalMemoryStatus
MulDiv
AddAtomA
VirtualQueryEx
GetFileAttributesExW
LocalFlags
SetFileTime
PeekNamedPipe
GetConsoleTitleW
EnumDateFormatsExW
SetFileApisToOEM
lstrlenW
InitializeCriticalSectionAndSpinCount
QueryDosDeviceA
GetFileAttributesExA
FindCloseChangeNotification
GetOverlappedResult
ResetWriteWatch
lstrcmp
GetQueuedCompletionStatus
GetComputerNameA
GetFileInformationByHandle
InitAtomTable
EnumDateFormatsExA
LoadModule
GetDriveTypeA
CreateDirectoryExW
MoveFileExW
SignalObjectAndWait
FlushInstructionCache
CallNamedPipeW
GetPrivateProfileSectionNamesA
GetNamedPipeHandleStateW
SetFileAttributesW
ReadFileEx
CommConfigDialogA
GetCalendarInfoA
GetPrivateProfileStructW
FreeResource
OpenMutexW
CreateWaitableTimerA
GetConsoleOutputCP
lstrcpyn
FreeLibrary
SetCurrentDirectoryA
DeleteFileA
OpenSemaphoreA
SetProcessAffinityMask
FileTimeToDosDateTime
SetCommState
GetSystemPowerStatus
GetSystemInfo
GetProfileIntW
FreeEnvironmentStringsA
GetLargestConsoleWindowSize
GetConsoleTitleA
GetHandleInformation
BuildCommDCBW
GetNumberFormatW
SetProcessShutdownParameters
UnlockFileEx
ReadFile
GlobalFindAtomA
SetComputerNameW
QueryDosDeviceW
WriteProfileSectionA
GetFileType
Heap32Next
ExitProcess
VirtualLock
GetWindowsDirectoryW
GetFileTime
CommConfigDialogW
SetDefaultCommConfigW
GetPrivateProfileIntW

shlwapi

SHEnumValueW
SHRegDeleteUSValueW
PathSearchAndQualifyA
SHDeleteValueA
UrlApplySchemeW
PathStripToRootA
PathCreateFromUrlW
SHRegCreateUSKeyW
UrlCreateFromPathA
StrCpyW
PathParseIconLocationA
SHOpenRegStreamA
PathCompactPathA
StrStrA
StrChrIW
PathIsDirectoryW
PathFileExistsW
StrRChrIW
PathRemoveBackslashW
UrlCanonicalizeA
PathCommonPrefixW
PathIsContentTypeA
SHEnumKeyExA
StrCatW
PathIsUNCServerW
ColorAdjustLuma
PathGetDriveNumberA
SHRegQueryInfoUSKeyW
StrTrimW
PathAppendW
PathRenameExtensionW
UrlGetLocationW
PathParseIconLocationW
UrlEscapeA
PathStripPathW
PathGetArgsW
PathFindSuffixArrayW
AssocQueryStringA
StrRetToBufA
StrStrIW
PathMakePrettyA
UrlCombineA
SHRegWriteUSValueW
StrRetToStrW
wnsprintfA
PathUndecorateA
SHSkipJunction
PathIsDirectoryEmptyW
AssocQueryStringByKeyW
UrlGetLocationA
SHRegDeleteEmptyUSKeyW
PathRemoveFileSpecA
StrRChrA
SHQueryInfoKeyW
PathFileExistsA
PathFindSuffixArrayA
SHRegDuplicateHKey
SHRegGetBoolUSValueW
wnsprintfW
UrlHashA
SHStrDupW
UrlEscapeW
PathGetArgsA
PathCompactPathExW
SHDeleteKeyA
PathCompactPathW
UrlIsW
SHOpenRegStream2A
PathIsRelativeA
StrRetToBufW
SHGetInverseCMAP
PathAddExtensionA
PathIsContentTypeW
PathGetCharTypeA
PathIsSystemFolderA
PathRemoveArgsA
SHRegQueryUSValueW
PathQuoteSpacesA
PathFindExtensionA
StrStrIA
UrlUnescapeA
StrCatBuffA
PathUnquoteSpacesA
PathIsUNCServerA
AssocQueryStringByKeyA
SHRegSetUSValueW
StrTrimA
PathAddBackslashW
UrlCombineW
PathIsDirectoryEmptyA
StrNCatA
SHRegEnumUSValueA
PathUndecorateW
PathRenameExtensionA
UrlGetPartA
StrDupW
StrRChrIA
PathQuoteSpacesW
StrToIntW
UrlHashW
IntlStrEqWorkerA
PathMakePrettyW
PathIsPrefixW
PathIsFileSpecA
SHGetThreadRef
SHRegEnumUSValueW
PathRemoveBlanksA
PathIsURLA
StrChrA
PathRemoveBackslashA
PathRemoveExtensionA
PathFindExtensionW

ole32

GetClassFile
CoRegisterPSClsid
CoGetTreatAsClass
CreatePointerMoniker
CoQueryAuthenticationServices
CoFreeUnusedLibraries
MonikerRelativePathTo
StgCreateDocfile
OleRegGetMiscStatus
CoRegisterMallocSpy
ReadFmtUserTypeStg
CoLockObjectExternal
OleCreateEmbeddingHelper
OleGetIconOfFile
DllDebugObjectRPCHook
CoGetMalloc
UtConvertDvtd16toDvtd32
CoQueryProxyBlanket
StgOpenStorageOnILockBytes
UtConvertDvtd32toDvtd16
GetHGlobalFromStream
CoTaskMemRealloc
OleCreateStaticFromData
OleRegGetUserType
CreateClassMoniker
CoUnmarshalHresult
OleDuplicateData
StgGetIFillLockBytesOnILockBytes
CoImpersonateClient
SetDocumentBitStg
CoFreeLibrary
OleDestroyMenuDescriptor
WriteOleStg
GetRunningObjectTable
OleFlushClipboard
CoUninitialize
CoRevertToSelf
OleCreateDefaultHandler
CoBuildVersion
CreateBindCtx
CoGetCallContext
CoQueryClientBlanket
CoGetInstanceFromIStorage
OleSetClipboard
EnableHookObject
RegisterDragDrop
CoUnmarshalInterface
CoCreateInstance
CoGetInstanceFromFile
CreateStreamOnHGlobal
CreateDataCache
CoSuspendClassObjects
OleCreateEx
CoDisconnectObject
CreateObjrefMoniker
OleCreateFromDataEx
CreateOleAdviseHolder
ReadOleStg
CoTaskMemFree
CoCreateGuid
CoGetCallerTID
OleMetafilePictFromIconAndLabel
GetHGlobalFromILockBytes
UtGetDvtd32Info
OleCreateLink
OleCreateLinkToFile
OleBuildVersion
OleRun
MonikerCommonPrefixWith
OleRegEnumVerbs
OleRegEnumFormatEtc
CoGetClassObject
StgOpenStorageEx
OleCreateFromFile
StringFromCLSID
OleSetMenuDescriptor
OleCreateFromData
OleCreateFromFileEx
OleIsCurrentClipboard
CoLoadLibrary
OleUninitialize
MkParseDisplayName
UtGetDvtd16Info
PropVariantCopy
OpenOrCreateStream
CoTaskMemAlloc
CoGetObject
CoReleaseServerProcess
RevokeDragDrop
PropVariantClear
CoFreeAllLibraries
StgCreateDocfileOnILockBytes
OleDraw
CoCopyProxy
OleCreate
CoAddRefServerProcess
CoMarshalHresult

Sections

.text
Size: 68KB - Virtual size: 68KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 17KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 216B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

4359e441dd47bca3b73344d6b47aafd4

Headers

DLL Characteristics

File Characteristics

Imports

user32

advapi32

kernel32

shlwapi

ole32

Sections

.text Size: 68KB - Virtual size: 68KB

.rdata Size: 17KB - Virtual size: 16KB

.data Size: 512B - Virtual size: 216B

.text
Size: 68KB - Virtual size: 68KB

.rdata
Size: 17KB - Virtual size: 16KB

.data
Size: 512B - Virtual size: 216B