7ff0862130225dd3d028a0114301c104

Sharing

Copy URL Twitter E-mail

General

Target

7ff0862130225dd3d028a0114301c104
Size

335KB
MD5

7ff0862130225dd3d028a0114301c104
SHA1

78d730dbc83bad61d716d8288ac23f96c6af5397
SHA256

c2694fff1dcc247c9c14adc04f3579c873166691e8bc4ecd11caeddc54ac9f96
SHA512

dbcafadf6a454dc62b7dbd5713387db57a0413da88c84d8588297c35ea9e143cdc3a4c6da7b01b7275fe79abef148f3b0f83751f93ec7081d4bcf93b4f4b8d47
SSDEEP

6144:NdFnKgNYWHdUd8PDU9C02D0g+JyLg93WiiyDQiAoPOBm26Oa7Y45hbHBlpo:NgW2649CjJKig5WvyUu2s26Oa7DTblo

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
7ff0862130225dd3d028a0114301c104

Files

7ff0862130225dd3d028a0114301c104
.exe windows:4 windows x86 arch:x86

4d74feaa6402a339f6103c1d376579c0

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

shlwapi

PathSkipRootW
PathIsPrefixW
PathIsUNCServerW
PathCanonicalizeA
SHCopyKeyW
StrChrW
StrTrimA
UrlUnescapeA
SHStrDupW
PathRemoveArgsW
SHRegDeleteUSValueW
UrlHashA
PathRemoveBlanksW
StrRetToStrW
PathIsPrefixA
UrlIsNoHistoryA
PathIsURLW
StrRChrIW
StrCmpIW
SHRegCreateUSKeyW
PathRenameExtensionW
PathAddExtensionW
StrFromTimeIntervalW
StrStrA
SHQueryInfoKeyW
StrChrIA
SHRegGetUSValueA
StrChrIW
IntlStrEqWorkerW
PathSkipRootA
SHSetValueW
StrToIntW
PathIsFileSpecW
SHRegQueryUSValueW
PathCompactPathA
PathFindNextComponentA
PathQuoteSpacesA
PathGetCharTypeW
StrCatBuffW
StrToIntExA
StrRStrIA
UrlApplySchemeW
SHEnumKeyExA
PathFindExtensionW
SHRegEnumUSKeyW
PathMakeSystemFolderA
SHQueryValueExA
PathMakePrettyA
PathIsDirectoryEmptyA
StrCSpnA
SHGetInverseCMAP
PathCommonPrefixW
SHOpenRegStream2W
UrlGetLocationA
UrlEscapeA
PathMakeSystemFolderW
AssocQueryStringA
SHCreateStreamOnFileA
PathIsFileSpecA
PathAppendA
PathStripPathW
PathIsSameRootA
StrCmpNW
PathIsSystemFolderA
IntlStrEqWorkerA
SHRegDeleteEmptyUSKeyA
PathUnquoteSpacesA
SHRegDeleteEmptyUSKeyW
SHRegSetUSValueA
SHSetThreadRef
UrlGetLocationW
PathParseIconLocationW
PathCanonicalizeW
SHDeleteEmptyKeyW
PathRemoveBlanksA
PathGetCharTypeA
PathCreateFromUrlA
SHRegWriteUSValueW
SHRegQueryUSValueA
PathMakePrettyW
SHRegGetBoolUSValueA
UrlUnescapeW
SHDeleteValueA
SHRegOpenUSKeyW
UrlIsOpaqueA
PathMatchSpecA
PathBuildRootW
PathIsDirectoryEmptyW
StrDupW
SHRegQueryInfoUSKeyW
PathRelativePathToA
PathCompactPathExW
SHDeleteEmptyKeyA
UrlEscapeW
SHRegEnumUSKeyA
PathQuoteSpacesW
PathIsSameRootW
StrIsIntlEqualA
SHRegDuplicateHKey
PathFileExistsA
StrCSpnIW
PathBuildRootA
StrCatBuffA
PathRemoveArgsA
PathIsUNCServerA
StrStrW
UrlCompareW
StrFormatByteSize64A
StrToIntA
PathFindFileNameA
PathRemoveFileSpecW
UrlIsA
PathCompactPathW
UrlIsW
AssocQueryKeyA
UrlIsOpaqueW
PathParseIconLocationA
PathStripPathA
SHOpenRegStreamW
PathStripToRootW
StrCatW

kernel32

GetDevicePowerState
IsBadCodePtr
VirtualLock
IsDBCSLeadByte
GetLogicalDrives
WritePrivateProfileStringA
GetHandleInformation
lstrcatW
BeginUpdateResourceA
HeapCreate
GlobalSize
VirtualFreeEx
GetConsoleTitleW
LocalFileTimeToFileTime
IsBadWritePtr
lstrcpynA
WriteProcessMemory
SwitchToThread
BeginUpdateResourceW
VerLanguageNameW
VirtualQuery
VirtualProtect
CreateThread
SearchPathW
OpenEventW
lstrcmpA
GetExitCodeProcess
GetCurrentProcessId
Module32First
GetDateFormatW
OpenMutexA
GetConsoleOutputCP
FindFirstFileW
SetVolumeLabelW
FormatMessageW
GetTempFileNameA
OpenFile
GetDateFormatA
GetTempPathA
SetPriorityClass
GetTapeParameters
GetEnvironmentVariableW
WriteProfileStringW
SetTapePosition
TerminateThread
PeekConsoleInputW
GetStartupInfoW
GetStdHandle
CreateDirectoryExA
GetAtomNameW
MultiByteToWideChar
SwitchToFiber
BuildCommDCBAndTimeoutsA
GetBinaryTypeA
SetProcessPriorityBoost
SetSystemTime
CreateNamedPipeA
GetThreadSelectorEntry
ReleaseMutex
ReadConsoleOutputCharacterA
ResetWriteWatch
GetCommTimeouts
lstrlenA
GetLogicalDriveStringsW
GlobalReAlloc
OpenFileMappingA
GetModuleHandleW
SearchPathA
RequestWakeupLatency
PostQueuedCompletionStatus
GetWriteWatch
SuspendThread
RaiseException
GetCommState
SetCommBreak
WritePrivateProfileStringW
QueryDosDeviceW
ReadConsoleOutputCharacterW
GetProfileSectionA
SetTapeParameters
lstrcmpiW
CancelDeviceWakeupRequest
FillConsoleOutputAttribute
LocalAlloc
FileTimeToDosDateTime
LoadModule
GetLongPathNameA
GetSystemInfo
SetTimeZoneInformation
FileTimeToSystemTime
VirtualFree
GetProcessShutdownParameters
SignalObjectAndWait
BackupSeek
GetNamedPipeHandleStateW
MulDiv
WaitNamedPipeA
IsBadReadPtr
FatalExit
WriteFileGather
VirtualUnlock
SetupComm
CancelIo
GetPrivateProfileIntW
GetFileAttributesExA
EnumDateFormatsW
SetHandleCount
GetSystemTimeAsFileTime
GetEnvironmentVariableA
GetPriorityClass
GetQueuedCompletionStatus
SetConsoleOutputCP
InitAtomTable
GlobalFindAtomW
GetThreadLocale
EnumResourceLanguagesA
ReadConsoleInputW
VirtualAlloc
GetTimeFormatW
EnumResourceLanguagesW
FindAtomW
PeekNamedPipe
CreateSemaphoreA
FatalAppExitW
Thread32Next
ReadProcessMemory
BuildCommDCBW
GetPrivateProfileSectionNamesW
GetPrivateProfileStructA
lstrcpyn

advapi32

LookupPrivilegeDisplayNameA
RegSetValueA
GetServiceKeyNameA
CryptSetHashParam
MapGenericMask
GetAce
CryptDuplicateKey
RegSetValueW
CryptSignHashA
ClearEventLogW
CreateProcessAsUserA
RegOpenKeyExW
RegQueryValueExA
RegDeleteKeyA
CryptGetKeyParam
BuildSecurityDescriptorA
FreeSid
NotifyChangeEventLog
GetSecurityInfo
SetEntriesInAclW
RegNotifyChangeKeyValue
LookupAccountNameW
QueryServiceConfigA
CryptCreateHash
RegDeleteKeyW
GetFileSecurityW
LookupAccountSidW
PrivilegeCheck
StartServiceW
SetEntriesInAuditListW
OpenThreadToken
ReportEventW
GetServiceDisplayNameA
RegFlushKey
StartServiceA
CryptGetHashParam
RegQueryValueExW
RegRestoreKeyA
SetNamedSecurityInfoA
ImpersonateSelf
SetSecurityDescriptorSacl
AreAnyAccessesGranted
EnumServicesStatusA
RegQueryInfoKeyA
SetSecurityDescriptorDacl
BuildImpersonateTrusteeW
RegQueryMultipleValuesA
GetServiceDisplayNameW
StartServiceCtrlDispatcherA
RegGetKeySecurity
RegEnumValueW
CryptSetProvParam
RegQueryValueA
AllocateLocallyUniqueId
GetEffectiveRightsFromAclA
RegRestoreKeyW
QueryServiceLockStatusA
SetKernelObjectSecurity
CryptGetUserKey
DuplicateToken
MakeSelfRelativeSD
IsValidAcl
GetTrusteeTypeA
RegReplaceKeyW
GetExplicitEntriesFromAclW
RegSetValueExW
SetNamedSecurityInfoExW
GetCurrentHwProfileA
RegUnLoadKeyA
GetOldestEventLogRecord
CloseEventLog
InitializeSid
GetPrivateObjectSecurity
EqualPrefixSid
GetSecurityDescriptorControl
CryptDestroyKey
ConvertSecurityDescriptorToAccessNamedW
GetSecurityDescriptorDacl
OpenSCManagerW
EqualSid
QueryServiceObjectSecurity
RegisterEventSourceW
GetCurrentHwProfileW
SetTokenInformation
SetPrivateObjectSecurity
GetTrusteeNameW
LookupSecurityDescriptorPartsA
ConvertSecurityDescriptorToAccessA
GetAclInformation
CryptGenKey
StartServiceCtrlDispatcherW
BuildImpersonateTrusteeA
BackupEventLogW
CreateServiceW
RegSetKeySecurity
ObjectOpenAuditAlarmW
CryptEnumProvidersA
GetUserNameW
ChangeServiceConfigW
AddAccessAllowedAce
GetMultipleTrusteeOperationW

ole32

OleConvertIStorageToOLESTREAMEx
ReadOleStg
OleLockRunning
CoReleaseMarshalData
OleLoad
CoGetCallContext
CoCreateInstance
OleCreateFromDataEx
PropVariantCopy
CreateClassMoniker
CoIsOle1Class
OleIsCurrentClipboard
CoInitialize
CoTaskMemAlloc
CoUnmarshalHresult
OleQueryLinkFromData
OleCreateFromData
OleInitialize
StgCreateDocfile
OleCreateFromFileEx
OleCreateEmbeddingHelper
OleDuplicateData
OleBuildVersion
StringFromCLSID
OleCreateLinkFromDataEx
UtConvertDvtd32toDvtd16
CLSIDFromProgID
CreateDataAdviseHolder
OleCreateLinkToFileEx
IIDFromString
CoFreeUnusedLibraries
CoFreeAllLibraries
StgIsStorageFile
GetDocumentBitStg
CoGetInstanceFromIStorage
OleCreateMenuDescriptor
CoGetCallerTID
CreateFileMoniker
CoGetTreatAsClass
WriteStringStream
GetRunningObjectTable
CoRegisterMessageFilter
OleCreateLinkFromData
CoRegisterPSClsid
WriteFmtUserTypeStg
CoQueryClientBlanket
EnableHookObject
CreateStreamOnHGlobal
BindMoniker
UpdateDCOMSettings
GetConvertStg
CoDisconnectObject
CoGetMalloc
ReleaseStgMedium
CoCreateFreeThreadedMarshaler
UtGetDvtd16Info
SetDocumentBitStg
CreateDataCache
CoRevertToSelf
OleConvertOLESTREAMToIStorageEx
CoGetCurrentProcess
CoGetObject
PropVariantClear
OleRegGetUserType
CoRegisterClassObject
ReadClassStg
ReadStringStream
OleCreateLinkToFile
OleCreateLink
IsEqualGUID
CoMarshalHresult
CoResumeClassObjects
OleCreateFromFile
CreatePointerMoniker
OleNoteObjectVisible
CoLoadLibrary
CoRegisterSurrogate
UtConvertDvtd16toDvtd32
OleDraw
CoMarshalInterThreadInterfaceInStream
OleCreate
CoTreatAsClass
CreateItemMoniker
OleIsRunning
CoGetClassObject
ReadClassStm
UtGetDvtd32Info
OleGetIconOfFile
StringFromGUID2
CoCreateInstanceEx
GetHookInterface
OleUninitialize
CoSuspendClassObjects
CoFileTimeNow
CoIsHandlerConnected
OleRegEnumVerbs
RegisterDragDrop
OleRegEnumFormatEtc
CoDosDateTimeToFileTime
MkParseDisplayName
StgCreateStorageEx
CoSetProxyBlanket
OleSaveToStream
OleGetAutoConvert
OleGetIconOfClass
CoSwitchCallContext

user32

IsMenu
LoadBitmapW
EqualRect
GetClassInfoW
LoadStringA
GetDC
DlgDirListW
SetSysColors
ChangeDisplaySettingsW
DestroyCaret
EnumWindowStationsW
ModifyMenuW
OpenClipboard
GetMenuItemID
IsRectEmpty
SwitchDesktop
DdeSetUserHandle
SendInput
GetKeyboardLayoutNameW
GetMessageTime
TranslateMDISysAccel
DeleteMenu
RemovePropW
InflateRect
WINNLSGetEnableStatus
DialogBoxIndirectParamW
CreateDialogIndirectParamA
WindowFromPoint
SetPropW
TileChildWindows
DlgDirListA
SystemParametersInfoA
AppendMenuA
UnregisterClassA
SetDeskWallpaper
PtInRect
GetDCEx
ChangeDisplaySettingsExW
GetUserObjectInformationA
SetMenuItemInfoA
GetClipboardOwner
TranslateMessage
SetMenuContextHelpId
CreateDesktopW
InsertMenuW
MapVirtualKeyW
SetDebugErrorLevel
TranslateAccelerator
DrawStateA
CharToOemBuffA
EnumPropsExW
GetCaretPos
CreateWindowStationW
CharUpperBuffW
FlashWindowEx
GetDesktopWindow
SetMenuItemInfoW
AppendMenuW
GetKeyboardLayoutNameA
SetWindowContextHelpId
CheckMenuItem
DrawFrameControl
GetParent
SystemParametersInfoW
CopyImage
EndMenu
GetShellWindow
GetLastActivePopup
GetClassInfoA
IsDialogMessage
GetActiveWindow
MessageBoxExA
MenuItemFromPoint
SetWindowLongA
SendDlgItemMessageW
ReleaseDC
RegisterDeviceNotificationA
InvalidateRgn
ModifyMenuA
ScreenToClient
GetUpdateRgn
ChangeMenuW
RegisterClassExA
GetClientRect
GetKeyboardState
PostThreadMessageW
PeekMessageA
GetAltTabInfo
ShowCursor
MessageBoxIndirectA
MessageBoxIndirectW
GetMenu
GetScrollInfo
GetClassLongA
LookupIconIdFromDirectoryEx
CheckRadioButton
CallMsgFilterW
SetCaretPos
ChildWindowFromPoint
CharLowerW
SetPropA
DdeQueryStringW
DlgDirListComboBoxW
GetClipboardFormatNameA
DestroyWindow
CharPrevA
GetMenuStringW
IsWindowUnicode
GetWindowModuleFileNameA
IsCharAlphaA
TranslateAcceleratorA
EndPaint
IsDialogMessageW
DefWindowProcW
OpenWindowStationW
GetDlgItemTextA
TabbedTextOutA
SetUserObjectInformationW
BeginPaint
SetShellWindow
CallNextHookEx
InvertRect
IsCharAlphaW
WindowFromDC
GetKeyState
MsgWaitForMultipleObjectsEx
RemoveMenu
EnumPropsExA
GetPriorityClipboardFormat
SetForegroundWindow
MessageBoxA
AttachThreadInput
DdeReconnect
GrayStringA
GetDlgItemInt

Sections

.text
Size: 68KB - Virtual size: 68KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 16KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 201B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

4d74feaa6402a339f6103c1d376579c0

Headers

DLL Characteristics

File Characteristics

Imports

shlwapi

kernel32

advapi32

ole32

user32

Sections

.text Size: 68KB - Virtual size: 68KB

.rdata Size: 16KB - Virtual size: 16KB

.data Size: 512B - Virtual size: 201B

.text
Size: 68KB - Virtual size: 68KB

.rdata
Size: 16KB - Virtual size: 16KB

.data
Size: 512B - Virtual size: 201B