86ea3641fb8b7b93cb5c245a98861d00

Sharing

Copy URL Twitter E-mail

General

Target

86ea3641fb8b7b93cb5c245a98861d00
Size

467KB
MD5

86ea3641fb8b7b93cb5c245a98861d00
SHA1

66c745c6fb9809586cf6b8081cfcf556c30f1cc8
SHA256

29da093b72ca4ab6d768d011c2e0f1d8356906bd3d04632b502799b43fe6b58e
SHA512

5b54170e780758413db01bf23a57922160300b0045b1aaf9c28e8be30712b3366a798a613b1088299e0822a68c34b6bfd35386d5b7966a221552eb7be7d9ed65
SSDEEP

6144:vJDc0ef3MlizZoibmtcp8M/lhFa1R0s7sYMlsVVbVDTZP4rDiwn6y7N8P5amr2cM:RDn/zg8dUqrx3Zk6Iy3Pct

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
86ea3641fb8b7b93cb5c245a98861d00

Files

86ea3641fb8b7b93cb5c245a98861d00
.exe windows:4 windows x86 arch:x86

63998143a7cbc16fbf690d8072f06c20

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

secur32

TranslateNameW

ole32

CoUninitialize
CoCreateFreeThreadedMarshaler
CoInitializeEx
CoInitialize
CoGetInterfaceAndReleaseStream
CoTaskMemFree
CoCreateInstance
CoMarshalInterThreadInterfaceInStream
CreateBindCtx
ReleaseStgMedium

shell32

SHGetDesktopFolder
SHGetPathFromIDListW
SHBrowseForFolderW
SHGetSpecialFolderPathW
SHParseDisplayName
ShellExecuteExW
SHGetFileInfoW
SHGetSpecialFolderLocation
SHBindToParent
SHCreateShellItem

advapi32

LsaStorePrivateData
RegCloseKey
RegEnumKeyW
RegQueryValueExW
GetLengthSid
IsValidSid
EqualSid
LookupAccountNameW
LookupAccountSidW
OpenServiceW
OpenProcessToken
RegSetValueExW
AllocateAndInitializeSid
CheckTokenMembership
FreeSid
QueryServiceStatus
RegQueryValueExA
RegDeleteValueW
OpenThreadToken
OpenSCManagerW
RegOpenKeyExA
RegOpenKeyExW
CopySid
CreateProcessWithLogonW
LsaClose
LsaOpenPolicy
CloseServiceHandle
RegCreateKeyExW
GetTokenInformation

shlwapi

StrCmpW
StrToIntExW
StrDupW
PathRemoveBackslashW
wnsprintfW
UrlCombineW
StrCpyNW
SHSetValueW
PathRemoveFileSpecW
UrlGetPartW
PathIsUNCW
PathIsUNCServerW
SHStrDupW
PathParseIconLocationW
SHGetValueW
StrChrW
StrCmpNIW
PathFindFileNameW
PathMatchSpecW
PathCombineW
SHRegGetBoolUSValueW
PathGetDriveNumberW
StrCatBuffW
PathRenameExtensionW
PathFindExtensionW
StrCmpIW
StrToIntW
PathAppendW
AssocQueryStringW
StrRetToBufW

ntdsapi

DsFreeNameResultW
DsCrackNamesW

user32

OffsetRect
GetDialogBaseUnits
LoadIconW
ShowWindow
MapWindowPoints
SetWindowLongW
MessageBoxW
PostMessageW
IsWindowEnabled
SetWindowPos
EnableWindow
SendDlgItemMessageW
SetForegroundWindow
KillTimer
DrawFocusRect
IsDlgButtonChecked
FindWindowW
DrawTextExW
RegisterClipboardFormatW
GetWindowTextW
LoadStringW
LoadCursorW
IsWindowVisible
MoveWindow
SetFocus
GetWindowLongA
EndDialog
DestroyIcon
GetDlgItemTextW
ReleaseDC
CheckRadioButton
GetDesktopWindow
WinHelpW
GetWindowTextLengthW
GetClientRect
RedrawWindow
GetDlgCtrlID
LoadImageW
CharLowerBuffW
SetDlgItemTextW
SetWindowTextW
GetWindowRect
GetDlgItem
RegisterWindowMessageW
GetWindowLongW
DialogBoxParamW
GetSystemMetrics
CharNextW
GetSysColor
SendMessageW
IsWindow
SystemParametersInfoW
GetDC
CheckDlgButton
SetTimer
GetParent
SetCursor

gdi32

CreateFontIndirectW
GetTextMetricsW
GetDeviceCaps
SetBkColor
ExtTextOutW
SelectObject
GetObjectW
DeleteObject
SetTextColor

netapi32

NetLocalGroupAddMembers
NetUnjoinDomain
NetLocalGroupGetMembers
NetApiBufferFree
NetLocalGroupEnum
NetRenameMachineInDomain
DsRoleFreeMemory
NetUserDel
NetLocalGroupDelMembers
NetUserSetInfo
DsRoleGetPrimaryDomainInformation
NetValidateName
NetUserAdd
DsGetDcNameW
NetJoinDomain
NetUserGetInfo
NetUserGetLocalGroups

ntdll

RtlInitUnicodeString
RtlRunDecodeUnicodeString
NtAllocateVirtualMemory
RtlLargeIntegerShiftRight

kernel32

LocalAlloc
InterlockedDecrement
UnhandledExceptionFilter
GetACP
GetComputerNameW
SetComputerNameExW
lstrcpyW
GetCurrentProcess
GetProcAddress
DnsHostnameToComputerNameW
GetCurrentThreadId
QueryPerformanceCounter
GetLastError
GetModuleHandleW
GetLocaleInfoW
FormatMessageW
lstrcpynW
SetEvent
DosDateTimeToFileTime
ExitProcess
GetGeoInfoW
WideCharToMultiByte
CloseHandle
SetUnhandledExceptionFilter
GetSystemTimeAsFileTime
lstrcmpiW
GlobalUnlock
GetCurrentThread
MulDiv
GetUserGeoID
FreeLibrary
lstrcmpiA
GetTickCount
GetWindowsDirectoryW
OpenEventW
MultiByteToWideChar
LoadLibraryA
WaitForSingleObject
DelayLoadFailureHook
LocalFree
TerminateProcess
CreateProcessW
GlobalLock
GetVersionExA
CreateEventW
InterlockedIncrement
ResetEvent
LoadLibraryW
GetUserDefaultLangID
lstrlenW
ExpandEnvironmentStringsW
InterlockedCompareExchange
CreateThread
GetSystemDefaultLCID
GetCurrentProcessId
GetModuleFileNameW
GetDriveTypeW

mpr

WNetAddConnection3W
WNetOpenEnumW
WNetGetConnectionW
WNetEnumResourceW
WNetCancelConnection2W
WNetCloseEnum

msvcrt

_except_handler3
wcschr

urlmon

URLDownloadToCacheFileW

Sections

.text
Size: 12KB - Virtual size: 11KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 20B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.data
Size: 299KB - Virtual size: 492KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 150KB - Virtual size: 149KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

63998143a7cbc16fbf690d8072f06c20

Headers

File Characteristics

Imports

secur32

ole32

shell32

advapi32

shlwapi

ntdsapi

user32

gdi32

netapi32

ntdll

kernel32

mpr

msvcrt

urlmon

Sections

.text Size: 12KB - Virtual size: 11KB

.reloc Size: 512B - Virtual size: 20B

.data Size: 299KB - Virtual size: 492KB

.rdata Size: 5KB - Virtual size: 4KB

.rsrc Size: 150KB - Virtual size: 149KB

.text
Size: 12KB - Virtual size: 11KB

.reloc
Size: 512B - Virtual size: 20B

.data
Size: 299KB - Virtual size: 492KB

.rdata
Size: 5KB - Virtual size: 4KB

.rsrc
Size: 150KB - Virtual size: 149KB