801d3cf52a6c6456c323e61fabfac886

Sharing

Copy URL

Twitter E-mail

General

Target

801d3cf52a6c6456c323e61fabfac886
Size

82KB
MD5

801d3cf52a6c6456c323e61fabfac886
SHA1

911156dab48c0aa6642b6e44cb2f0c0562605826
SHA256

90fe6eb11c68044388af2471b3da0c2c8e1e5ce86c6604d3daded71f17387d8a
SHA512

fb23d0ab85c506eddbe9594527103ac2a5fc29ec7e65405d277a4c907d59b760d4bb431b0afde23abfeaa9db71ef4458c7ed3c6c74a9176959be4c285a4c3c47
SSDEEP

1536:ROkkMAkZAIltMQekdYrhcsYujp0x4vscdJ+eotF+5qQ/99HxW1oV5ynyClV:skF57YkdsN0x+YtFE/9zynyCT

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
801d3cf52a6c6456c323e61fabfac886

Files

801d3cf52a6c6456c323e61fabfac886
.exe windows:4 windows x86 arch:x86

f581d08d9b7e51d1d08c3135b2e23850

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

ole32

ReadOleStg
StgCreateDocfile
OleCreate
CoRevokeClassObject
OleIsRunning
FreePropVariantArray
StgIsStorageFile
CoMarshalHresult
OleCreateLinkToFile
OleConvertOLESTREAMToIStorageEx
WriteFmtUserTypeStg
CoGetInstanceFromIStorage
CoRegisterClassObject
CoGetCurrentLogicalThreadId
OleCreateEx
OpenOrCreateStream
UtConvertDvtd32toDvtd16
GetHGlobalFromILockBytes
CoGetInterfaceAndReleaseStream
ReadStringStream
OleSetClipboard
CoSetProxyBlanket
StgCreateDocfileOnILockBytes
OleQueryCreateFromData
CoImpersonateClient
OleDestroyMenuDescriptor
MonikerRelativePathTo
StgOpenStorage
StringFromIID
OleNoteObjectVisible
CoRegisterChannelHook
OleMetafilePictFromIconAndLabel
PropVariantClear
CoSwitchCallContext
OleGetAutoConvert
CreateAntiMoniker
CoInitialize
CoGetInstanceFromFile
OleRun
OleGetClipboard
OleSetContainedObject
CreateFileMoniker
ProgIDFromCLSID
OleGetIconOfFile
GetDocumentBitStg
CoIsOle1Class
CoAddRefServerProcess
OleDoAutoConvert
CreateILockBytesOnHGlobal
OleSetAutoConvert
CreateDataCache
OleRegEnumVerbs
OleCreateStaticFromData
MkParseDisplayName
OleLockRunning
CoRegisterMallocSpy
CoRegisterSurrogate
OleCreateLinkToFileEx
CoUnmarshalHresult
CoInitializeSecurity
CreateObjrefMoniker
SetConvertStg
OleTranslateAccelerator
CoCreateGuid
CoGetStandardMarshal
CreateGenericComposite
CreateClassMoniker
GetHGlobalFromStream
WriteStringStream
CoTaskMemAlloc
OleUninitialize
CoRevertToSelf
OleDuplicateData

user32

RemovePropA
GetWindowTextW
GetWindowLongW
DefWindowProcA
RegisterClipboardFormatA
CreateIcon
SetDlgItemTextA
GetMonitorInfoA
GetClassInfoW
GetClassNameA
LoadAcceleratorsW
LoadCursorFromFileW
ChangeDisplaySettingsExA
DdePostAdvise
SetMenu
SetMessageQueue
GetKeyboardType
CharLowerBuffW
UnpackDDElParam
KillTimer
GetThreadDesktop
CreateIconFromResourceEx
DrawStateW
EnumDisplaySettingsA
GetCaretBlinkTime
GetPriorityClipboardFormat
GetKeyboardLayoutList
SetUserObjectInformationW
CopyAcceleratorTableW
DlgDirListW
LoadAcceleratorsA
DdeAccessData
MonitorFromRect
DrawFrameControl
SystemParametersInfoA
IsWindow
IsWindowVisible
SendNotifyMessageA
ChangeMenuA
MapVirtualKeyExA
CheckMenuItem
FindWindowExW
MessageBoxExA
GetKBCodePage
SetDlgItemTextW
GetClassWord
EnumDisplaySettingsW
LoadIconA
DlgDirSelectComboBoxExW
GetDialogBaseUnits
GetDoubleClickTime
RemovePropW
GetClassNameW
TileChildWindows
SwitchToThisWindow
InsertMenuItemW
DefMDIChildProcA
GetDesktopWindow
LoadMenuA
DlgDirSelectExA
GetUserObjectInformationW
CreateWindowExA
EnumChildWindows
RegisterClassExW
EnumDisplaySettingsExW
SetSysColors
InflateRect
IsRectEmpty
TranslateAccelerator
GetMenuItemID
ChildWindowFromPoint
IsCharUpperW

kernel32

GetStringTypeW
InitAtomTable
EnumSystemCodePagesA
lstrcatW
SetConsoleMode
Toolhelp32ReadProcessMemory
VirtualProtect
SetConsoleTitleW
GetCPInfoExW
GetCurrentThreadId
GlobalFlags
GetConsoleOutputCP
SetTimeZoneInformation
CreateMutexA
MapViewOfFileEx
GetPrivateProfileStructW
MulDiv
GetFileAttributesA
GetFileAttributesExW
SetComputerNameA
GetModuleFileNameW
UnmapViewOfFile
GlobalMemoryStatus
GetCommandLineW
LockFileEx
GetCurrentProcessId
ScrollConsoleScreenBufferA
PostQueuedCompletionStatus
CompareStringW
lstrcmpiA
lstrcpy
WriteConsoleOutputW
ReadConsoleW
EnumResourceLanguagesW
MoveFileA
SetCommState
ConnectNamedPipe
WritePrivateProfileStringA
WritePrivateProfileStructW
GetProcessAffinityMask
SetFileTime
DisconnectNamedPipe
FormatMessageW
GetNumberFormatA
Sleep
VirtualAlloc
CancelIo
VirtualFree
ScrollConsoleScreenBufferW
FatalAppExitW
GetEnvironmentVariableA
IsValidLocale
SetConsoleCtrlHandler
GetLongPathNameA
GetCommTimeouts
BuildCommDCBAndTimeoutsA
CommConfigDialogA
GetCommModemStatus
SearchPathW
GetFullPathNameW
GetCurrencyFormatA
SetDefaultCommConfigW
GetVolumeInformationA
SetLocaleInfoA
GlobalFindAtomW
CreateDirectoryA
CreateSemaphoreW
SetEnvironmentVariableA
VirtualLock
SetCalendarInfoA
CallNamedPipeA
WritePrivateProfileStructA
ConvertThreadToFiber
MoveFileExA
GetBinaryTypeW
DeleteFileW
ReadProcessMemory
TlsSetValue
FindCloseChangeNotification
HeapLock
IsBadCodePtr
WinExec
SetConsoleWindowInfo
VirtualFreeEx
MapViewOfFile
GetProfileIntW
GetProcAddress
GetTimeFormatW
SetThreadAffinityMask
GetProcessTimes
SetEnvironmentVariableW
SetTapeParameters

shlwapi

StrToIntW
PathUnmakeSystemFolderA
SHRegWriteUSValueA
PathIsURLA
StrFormatByteSize64A
GetMenuPosFromID
StrFromTimeIntervalA
UrlIsOpaqueA
SHCopyKeyW
PathStripToRootA
StrCSpnIA
SHRegGetBoolUSValueA
PathQuoteSpacesA
AssocQueryKeyW
PathSearchAndQualifyW
SHRegOpenUSKeyW
PathSearchAndQualifyA
StrPBrkW
SHRegDeleteUSValueW
PathSetDlgItemPathA
StrCmpNA
SHSetValueW
PathRemoveBackslashW
StrRetToBufW
wvnsprintfW
ColorHLSToRGB
PathCompactPathExA
StrToIntExA
PathMakeSystemFolderW
StrRetToStrW
PathIsUNCServerW
PathSetDlgItemPathW
PathRelativePathToA
StrChrA
SHEnumValueW
PathIsUNCServerShareA
PathRenameExtensionW
PathIsNetworkPathW
UrlCompareA
SHSetValueA
PathAddBackslashW
UrlGetLocationW
UrlCompareW
PathRemoveArgsW
StrRStrIW
UrlIsA
PathIsUNCServerShareW
UrlEscapeA
StrCSpnW
PathCombineA
PathFindFileNameW
PathIsLFNFileSpecA
PathMatchSpecW
SHEnumValueA
AssocQueryKeyA
AssocQueryStringW
PathIsPrefixA
PathIsDirectoryEmptyA
PathFindOnPathW
SHStrDupW
StrIsIntlEqualA
SHRegEnumUSValueW
SHRegSetUSValueW
PathGetArgsA
PathIsRootA
PathAddExtensionA
SHRegCreateUSKeyA
PathFileExistsA
PathRemoveBackslashA
SHRegCreateUSKeyW

advapi32

OpenEventLogA
QueryServiceConfigA
ReadEventLogA
RegRestoreKeyA
RegisterServiceCtrlHandlerA
ConvertAccessToSecurityDescriptorW
SetEntriesInAclW
RegOpenKeyA
CryptEnumProviderTypesW
BuildExplicitAccessWithNameA
StartServiceW
AddAce
RegEnumKeyExW
GetKernelObjectSecurity
DuplicateToken
GetCurrentHwProfileA
ReportEventW
LookupAccountNameW
ReportEventA
ObjectCloseAuditAlarmA
BuildExplicitAccessWithNameW
OpenBackupEventLogW
AccessCheckAndAuditAlarmW
AbortSystemShutdownW
AreAllAccessesGranted
AreAnyAccessesGranted
CryptSignHashA
SetEntriesInAuditListW
RegSaveKeyW
RegGetKeySecurity
ObjectCloseAuditAlarmW
TrusteeAccessToObjectA
RegisterEventSourceW
CryptHashData
GetNamedSecurityInfoW
CryptVerifySignatureA
CryptImportKey
GetSecurityInfo
GetServiceKeyNameA
BuildImpersonateExplicitAccessWithNameW
SetServiceStatus
SetNamedSecurityInfoExW
ObjectDeleteAuditAlarmA
DeregisterEventSource
EnumDependentServicesW
GetSecurityDescriptorOwner
ConvertSecurityDescriptorToAccessA
CreateProcessAsUserA
SetKernelObjectSecurity
InitializeAcl
BuildImpersonateExplicitAccessWithNameA
LookupPrivilegeDisplayNameA
DeleteAce
SetSecurityDescriptorOwner
MakeSelfRelativeSD
GetTokenInformation
CryptExportKey
LookupPrivilegeValueW
SetPrivateObjectSecurity
NotifyChangeEventLog
RegCloseKey
ObjectOpenAuditAlarmA
ObjectPrivilegeAuditAlarmA
GetSecurityDescriptorDacl
RegOpenKeyExA
BuildSecurityDescriptorA
GetExplicitEntriesFromAclW
AddAuditAccessAce
RegLoadKeyA
RegDeleteValueA
AddAccessAllowedAce

Sections

.text
Size: 70KB - Virtual size: 69KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 11KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

f581d08d9b7e51d1d08c3135b2e23850

Headers

DLL Characteristics

File Characteristics

Imports

ole32

user32

kernel32

shlwapi

advapi32

Sections

.text Size: 70KB - Virtual size: 69KB

.rdata Size: 11KB - Virtual size: 10KB

.data Size: 512B - Virtual size: 4KB

.text
Size: 70KB - Virtual size: 69KB

.rdata
Size: 11KB - Virtual size: 10KB

.data
Size: 512B - Virtual size: 4KB