7d6d324b0a33fc72af7e408f8fab5524

Sharing

Copy URL Twitter E-mail

General

Target

7d6d324b0a33fc72af7e408f8fab5524
Size

173KB
MD5

7d6d324b0a33fc72af7e408f8fab5524
SHA1

da4f992dc05e3c147f82f25afdc93f0f3b7477d4
SHA256

b1afd9c2c0af47d73cd5c310c1901c02080c6e9afea56ce630e1b1ccc59bc74e
SHA512

3accbc96d407653367a4a03cbb87f5d86d9ea61f9fb9d9f6f06e5b09fd9aed6ac7375981ab5a1c7ab7adc3fe186aedb0ecba52a78d7d7ecc5bd78fdaead6f4e7
SSDEEP

3072:s6GFrtYlPs1KulYqUhUjzhmfBokCETfbQyNPD/y1oDJKOf2CI+creHE:HGFrtYlPfubKUjz8fy4TEyNPnjf2CI+f

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
7d6d324b0a33fc72af7e408f8fab5524

Files

7d6d324b0a33fc72af7e408f8fab5524
.exe windows:5 windows x86 arch:x86

c4728ee82719ccbbd2ed99563d141832

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

avifil32

AVIClearClipboard

advapi32

DuplicateTokenEx
AdjustTokenPrivileges
RegQueryValueExA
ConvertStringSidToSidW
RegSetValueExW
CreateProcessAsUserW
AllocateAndInitializeSid
RegEnumKeyW
ImpersonateLoggedOnUser
RegEnumValueW
InitializeSecurityDescriptor
OpenSCManagerW
SetSecurityDescriptorOwner
RegSaveKeyW
GetLengthSid
RevertToSelf
CloseServiceHandle
RegQueryInfoKeyW
LookupPrivilegeNameW
EnumServicesStatusExW
RegDeleteValueW
RegEnumKeyExW
GetTokenInformation
OpenProcessToken
RegOpenKeyExA
SetFileSecurityW
RegOpenKeyExW
FreeSid
RegCreateKeyExW
RegQueryValueExW
RegCloseKey
CopySid
LookupPrivilegeValueW

setupapi

SetupGetIntField
SetupGetStringFieldW
SetupGetBinaryField
SetupOpenInfFileW
SetupGetLineTextW
SetupCloseInfFile
SetupFindNextLine
SetupFindFirstLineW

user32

SendMessageTimeoutW
GetSystemMetrics
CharLowerW
KillTimer
LoadCursorW
DialogBoxParamW
GetDesktopWindow
TranslateMessage
SetCursor
GetClassNameA
SendDlgItemMessageW
PeekMessageW
DispatchMessageW
DestroyIcon
CharNextW
LoadStringW
SetTimer
PostMessageW
GetTopWindow
GetMessageW
MsgWaitForMultipleObjects
GetWindow
EndDialog
LoadImageW

ole32

CoTaskMemFree
CoCreateInstance
CoInitializeEx
CoTaskMemRealloc
CoTaskMemAlloc
CoGetComCatalog
StringFromGUID2
CoUninitialize
CreateBindCtx

kernel32

GetLocalTime
FindResourceW
GetTickCount
GetSystemDefaultUILanguage
EnumUILanguagesW
FindClose
LockResource
LocalFree
GetLastError
OutputDebugStringW
CloseHandle
GetCurrentProcessId
InterlockedCompareExchange
IsDBCSLeadByte
GetPrivateProfileIntW
UnmapViewOfFile
GetPrivateProfileSectionW
CompareStringW
DisableThreadLibraryCalls
GetSystemDirectoryW
SetFileAttributesW
EnterCriticalSection
GetPrivateProfileStringA
GetSystemTimeAsFileTime
RtlUnwind
CreateDirectoryW
WaitForSingleObject
GetVersion
CreateFileMappingW
ReadFile
DeleteFileW
DelayLoadFailureHook
GetVersionExW
VirtualAlloc
LocalReAlloc
SetFilePointer
LoadLibraryA
UnhandledExceptionFilter
FlushFileBuffers
GetComputerNameW
QueryPerformanceCounter
FindResourceExW
WritePrivateProfileStringW
GetFileAttributesExW
FindNextFileW
GetWindowsDirectoryW
OutputDebugStringA
SearchPathW
GetCurrentThreadId
MultiByteToWideChar
GlobalFree
FindFirstFileW
GetFileSize
LocalAlloc
FileTimeToSystemTime
lstrcmpW
DeleteCriticalSection
lstrcmpiA
CopyFileW
RemoveDirectoryW
SetLastError
InterlockedExchange
MapViewOfFile
LoadResource
GetCurrentProcess
InterlockedDecrement
GetFileAttributesW
GetUserDefaultUILanguage
CompareStringA
FreeLibrary
HeapAlloc
GetVersionExA
Sleep
ResumeThread
OpenEventW
GetModuleHandleW
WriteFile
HeapFree
lstrlenW
GetSystemInfo
GetProcAddress
WideCharToMultiByte
LoadLibraryExW
SizeofResource
GetModuleFileNameW
lstrlenA
DecodePointer
LoadLibraryW
GetExitCodeThread
GetLocaleInfoW
CreateThread
MoveFileW
GetPrivateProfileStringW
SetUnhandledExceptionFilter
ExpandEnvironmentStringsW
TerminateProcess
MoveFileExW
InitializeCriticalSectionAndSpinCount
LeaveCriticalSection
CreateFileW

Sections

.text
Size: 512B - Virtual size: 388B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 52KB - Virtual size: 848KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 24B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.rsrc
Size: 91KB - Virtual size: 91KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rdata
Size: 22KB - Virtual size: 21KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.idata
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

c4728ee82719ccbbd2ed99563d141832

Headers

DLL Characteristics

File Characteristics

Imports

avifil32

advapi32

setupapi

user32

ole32

kernel32

Sections

.text Size: 512B - Virtual size: 388B

.data Size: 52KB - Virtual size: 848KB

.reloc Size: 512B - Virtual size: 24B

.rsrc Size: 91KB - Virtual size: 91KB

.rdata Size: 22KB - Virtual size: 21KB

.idata Size: 5KB - Virtual size: 4KB

.text
Size: 512B - Virtual size: 388B

.data
Size: 52KB - Virtual size: 848KB

.reloc
Size: 512B - Virtual size: 24B

.rsrc
Size: 91KB - Virtual size: 91KB

.rdata
Size: 22KB - Virtual size: 21KB

.idata
Size: 5KB - Virtual size: 4KB