MelsFunnyProgram_Unattended_K_0819530d022fdb7f9f91e94732344f939d24ee7a2844670337666d72eb10d4ab_[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

MelsFunnyProgram_Unattended_K_0819530d022fdb7f9f91e94732344f939d24ee7a2844670337666d72eb10d4ab_.exe
Size

25.5MB
MD5

c5349ae5437d504f8fae05f86f7bc713
SHA1

7033f1b7aaaec44f7b37fe82ed5e12e71e67cd3e
SHA256

b1f9ce9e636ad81b3d8aa6d87a921ff0a613f5f506e7696fcfbbb90d0ad19ff8
SHA512

2201013d867182bcf5a5cb5eaa23486871bb424cd010f440d11580d29050781f521f5f09dd6be180062734c17bbd4c2221a84006936948e44b739e64de6829a0
SSDEEP

786432:a2appJFSnr4Y5UUXhBr+msEJS7vGTYu6z:alppwUURBr+pvCYuQ

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
MelsFunnyProgram_Unattended_K_0819530d022fdb7f9f91e94732344f939d24ee7a2844670337666d72eb10d4ab_.exe

Files

MelsFunnyProgram_Unattended_K_0819530d022fdb7f9f91e94732344f939d24ee7a2844670337666d72eb10d4ab_.exe
.exe windows:6 windows x86 arch:x86

1f2376bbc5508c845f7229de599176c5

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

C:\build.tc\agent\work\464efc35df4c0270\build\RelWithDebInfo\GoToResolveUnattendedUpdater.pdb

Imports

shlwapi

PathIsDirectoryW
PathIsDirectoryEmptyW

wtsapi32

WTSFreeMemory
WTSEnumerateProcessesW

kernel32

GetVersionExW
FindFirstFileW
FindNextFileW
GetCurrentProcess
RemoveDirectoryW
FindClose
DeleteFileW
LoadLibraryW
GetProcAddress
MoveFileExW
FreeLibrary
LocalAlloc
HeapFree
WaitForSingleObject
GetSystemDirectoryW
OpenProcess
HeapAlloc
GetCurrentDirectoryW
GetProcessHeap
IsWow64Process
GetExitCodeProcess
TerminateProcess
K32GetModuleFileNameExW
ProcessIdToSessionId
OutputDebugStringW
GetLocalTime
GetFileAttributesW
LockFileEx
SetEndOfFile
UnlockFileEx
GetFileType
RaiseException
SetUnhandledExceptionFilter
SetEvent
SleepEx
CreateEventW
CreateThread
GetExitCodeThread
FlushInstructionCache
GetVersion
VirtualAllocEx
VirtualProtectEx
WriteProcessMemory
WerRegisterRuntimeExceptionModule
GetFileSizeEx
ReadFile
SetFilePointerEx
GetNamedPipeInfo
FindFirstFileExW
GetFileTime
InitializeCriticalSection
DuplicateHandle
GetSystemInfo
VirtualQueryEx
ReadProcessMemory
SetNamedPipeHandleState
TransactNamedPipe
CreateNamedPipeW
WaitNamedPipeW
GetSystemTimeAsFileTime
CompareStringEx
WaitForSingleObjectEx
GetSystemTime
IsProcessorFeaturePresent
GetConsoleWindow
WaitForMultipleObjects
GetCurrentThread
SetThreadPriority
GetThreadPriority
TerminateThread
ResumeThread
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
GetCurrentThreadId
GetModuleHandleExW
QueryPerformanceCounter
QueryPerformanceFrequency
GetTickCount64
MultiByteToWideChar
GetDateFormatW
GetTimeFormatW
GetLocaleInfoW
GetCurrencyFormatW
GetUserDefaultLCID
GetUserPreferredUILanguages
GetStartupInfoW
ResetEvent
GetTimeZoneInformation
GetGeoInfoW
GetUserGeoID
GetFileAttributesExW
GetFileInformationByHandle
GetFullPathNameW
GetLogicalDrives
GetLongPathNameW
SetFileTime
GetTempPathW
GetVolumePathNamesForVolumeNameW
DeviceIoControl
CopyFileW
MoveFileW
TzSpecificLocalTimeToSystemTime
FileTimeToSystemTime
SystemTimeToFileTime
GetFileInformationByHandleEx
FlushFileBuffers
GetDriveTypeW
UnregisterWaitEx
RegisterWaitForSingleObject
ReleaseMutex
LCIDToLocaleName
VirtualAlloc
VirtualFree
SetFileAttributesW
IsValidCodePage
SetEnvironmentVariableW
HeapSize
EnumSystemLocalesW
IsValidLocale
LCMapStringW
CompareStringW
HeapReAlloc
ExitProcess
GetConsoleCP
ReadConsoleW
SystemTimeToTzSpecificLocalTime
PeekNamedPipe
SetConsoleCtrlHandler
FreeLibraryAndExitThread
ExitThread
SetStdHandle
GetCommandLineA
LoadLibraryExW
RtlUnwind
IsDebuggerPresent
InitializeSListHead
UnhandledExceptionFilter
InitializeCriticalSectionEx
GetDynamicTimeZoneInformation
WriteConsoleA
GetThreadLocale
InitializeCriticalSectionAndSpinCount
GetCPInfo
DecodePointer
EncodePointer
DeleteCriticalSection
LeaveCriticalSection
GetStdHandle
SetConsoleTextAttribute
GetConsoleScreenBufferInfo
GetModuleHandleW
MapViewOfFile
CreateFileMappingW
FormatMessageA
VerifyVersionInfoW
lstrcpyW
WideCharToMultiByte
CreateProcessW
VerSetConditionMask
GetFileSize
LocalFree
SetCurrentDirectoryW
FindResourceW
LoadResource
CloseHandle
LockResource
lstrcatW
GetLastError
FormatMessageW
FreeResource
UnmapViewOfFile
CreateFileW
SetFilePointer
GetModuleFileNameW
WriteFile
GetCommandLineW
SizeofResource
CreateDirectoryW
GetACP
GetOEMCP
GetEnvironmentStringsW
FreeEnvironmentStringsW
WriteConsoleW
SetFileInformationByHandle
AreFileApisANSI
CreateDirectoryExW
CreateSymbolicLinkW
TryEnterCriticalSection
GetLocaleInfoEx
GetStringTypeW
InitializeSRWLock
ReleaseSRWLockExclusive
AcquireSRWLockExclusive
TryAcquireSRWLockExclusive
InitializeConditionVariable
WakeConditionVariable
WakeAllConditionVariable
SleepConditionVariableSRW
InitOnceBeginInitialize
MoveFileExA
lstrlenW
SetLastError
GetCurrentProcessId
GetFileAttributesA
GetConsoleMode
InitOnceComplete
LCMapStringEx
EnterCriticalSection
CreateMutexW
Sleep
CreateEventA
OpenEventA
SetErrorMode

user32

AttachThreadInput
BringWindowToTop
GetWindowThreadProcessId
CharNextExA
TranslateMessage
DispatchMessageW
PeekMessageW
PostMessageW
ShowWindow
DefWindowProcW
FindWindowW
RegisterClassW
SetWindowLongW
GetWindowLongW
KillTimer
SetTimer
MsgWaitForMultipleObjectsEx
GetQueueStatus
DestroyWindow
CreateWindowExW
UnregisterClassW
wsprintfW

shell32

ShellExecuteExW
CommandLineToArgvW
ShellExecuteW

ole32

CoInitialize
CoTaskMemFree
CoCreateInstance
CoUninitialize

oleaut32

VariantClear

advapi32

RegDeleteKeyExA
OpenServiceW
RegOpenKeyExA
RegSetValueExA
RegCreateKeyExA
RegQueryValueExA
RegCloseKey
RegQueryValueExW
RegEnumValueW
RegQueryInfoKeyW
QueryServiceConfigW
GetSidSubAuthorityCount
GetSidSubAuthority
RegFlushKey
BuildTrusteeWithSidW
GetEffectiveRightsFromAclW
LookupAccountSidW
MapGenericMask
DuplicateToken
CopySid
AccessCheck
RegEnumKeyExW
SystemFunction036
ConvertStringSecurityDescriptorToSecurityDescriptorW
BuildExplicitAccessWithNameW
BuildSecurityDescriptorW
RegDeleteTreeA
AllocateAndInitializeSid
SetEntriesInAclW
SetNamedSecurityInfoW
GetNamedSecurityInfoW
ConvertStringSidToSidW
RegSetValueExW
OpenProcessToken
FreeSid
RegOpenKeyExW
RegDeleteValueW
GetLengthSid
GetTokenInformation
QueryServiceStatus
CloseServiceHandle
OpenSCManagerW
RegDeleteKeyW
ChangeServiceConfig2W
RegCreateKeyExW
DeleteService
ControlService
StartServiceW
EnumServicesStatusW

userenv

GetUserProfileDirectoryW

version

GetFileVersionInfoSizeW
GetFileVersionInfoW
VerQueryValueW

netapi32

NetApiBufferFree
NetShareEnum

ws2_32

gethostname
htonl
WSACleanup
WSAStartup
WSAGetLastError
WSAAsyncSelect

winmm

timeKillEvent
timeSetEvent

iphlpapi

ConvertInterfaceLuidToNameW
GetAdaptersAddresses
ConvertInterfaceIndexToLuid
ConvertInterfaceNameToLuidW

crypt32

CertFindCertificateInStore
CertDeleteCertificateFromStore
CertFreeCertificateContext
CertGetNameStringW
CertOpenStore
CryptProtectData
CertCloseStore

comctl32

ord345

Sections

.text
Size: 2.1MB - Virtual size: 2.1MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1.7MB - Virtual size: 1.7MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 107KB - Virtual size: 127KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.qtmetad
Size: 512B - Virtual size: 106B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 21.5MB - Virtual size: 21.5MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 85KB - Virtual size: 84KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

1f2376bbc5508c845f7229de599176c5

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

shlwapi

wtsapi32

kernel32

user32

shell32

ole32

oleaut32

advapi32

userenv

version

netapi32

ws2_32

winmm

iphlpapi

crypt32

comctl32

Sections

.text Size: 2.1MB - Virtual size: 2.1MB

.rdata Size: 1.7MB - Virtual size: 1.7MB

.data Size: 107KB - Virtual size: 127KB

.qtmetad Size: 512B - Virtual size: 106B

.rsrc Size: 21.5MB - Virtual size: 21.5MB

.reloc Size: 85KB - Virtual size: 84KB

.text
Size: 2.1MB - Virtual size: 2.1MB

.rdata
Size: 1.7MB - Virtual size: 1.7MB

.data
Size: 107KB - Virtual size: 127KB

.qtmetad
Size: 512B - Virtual size: 106B

.rsrc
Size: 21.5MB - Virtual size: 21.5MB

.reloc
Size: 85KB - Virtual size: 84KB