96d1554bada1c141ba343f673472afa1

Sharing

Copy URL Twitter E-mail

General

Target

96d1554bada1c141ba343f673472afa1
Size

416KB
MD5

96d1554bada1c141ba343f673472afa1
SHA1

a82795ba37f367ceec39ebab295c2dc93b96cc16
SHA256

b4ecfa07a64e009519deed2e8266b3e6e1f16afcce68b6b2d2cae55caeeb246e
SHA512

ecf7753d2ccc1593e187f2045a1c13460d708061da57e9360b282916d6b1f8936a83aa1a50b56e1e2eeab67a731e6bafcf44fdb89de879a2b42136fbaaabe6e4
SSDEEP

6144:AdOApXUez8ZL33VveOhwtQXGQOJVIvzBWurIvzscI0:AAApXIz3VGYdTOJVIvzAu7M

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
96d1554bada1c141ba343f673472afa1

Files

96d1554bada1c141ba343f673472afa1
.exe windows:4 windows x86 arch:x86

123d294ab47d133dd6b8bf984f44fd57

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

shlwapi

PathFileExistsA
SHDeleteValueA
SHDeleteKeyA
SHGetValueA
wnsprintfA
SHSetValueA
PathAppendA

kernel32

GetTickCount
InterlockedDecrement
lstrlenA
MoveFileA
InterlockedIncrement
DebugBreak
OutputDebugStringA
GetTempPathA
RemoveDirectoryA
CreateDirectoryA
CopyFileA
GetPrivateProfileIntA
GetPrivateProfileStringA
GetTempFileNameA
LeaveCriticalSection
EnterCriticalSection
GetCurrentThreadId
ExitProcess
InitializeCriticalSection
HeapDestroy
DeleteCriticalSection
VirtualFree
CloseHandle
VirtualAlloc
SetFilePointer
ReadFile
GetFileSize
CreateFileA
WriteFile
IsBadReadPtr
UnmapViewOfFile
MapViewOfFile
CreateFileMappingA
GetVersionExA
Process32Next
Process32First
CreateToolhelp32Snapshot
GetCurrentProcess
SizeofResource
LockResource
AllocConsole
FindResourceA
DeviceIoControl
FreeLibrary
GetFileAttributesExA
TerminateProcess
GetDriveTypeA
GetLogicalDrives
WaitForSingleObject
CreateProcessA
OpenMutexA
GetCommandLineA
FreeResource
WritePrivateProfileStringA
CreateThread
LoadLibraryW
MultiByteToWideChar
IsBadCodePtr
SetUnhandledExceptionFilter
GetEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsW
FreeEnvironmentStringsA
SetConsoleTitleA
GetStdHandle
GetConsoleScreenBufferInfo
SetConsoleScreenBufferSize
GetConsoleWindow
Sleep
FreeConsole
GetModuleFileNameA
LoadLibraryA
GetProcAddress
ExpandEnvironmentStringsA
GetWindowsDirectoryA
GetSystemDirectoryA
FindFirstFileA
FindNextFileA
FindClose
DeleteFileA
SetFileAttributesA
MoveFileExA
GetFileAttributesA
GetLastError
LocalFree
GetExitCodeProcess
CompareStringA
CompareStringW
SetEnvironmentVariableA
SetEndOfFile
UnhandledExceptionFilter
HeapSize
IsBadWritePtr
HeapReAlloc
HeapCreate
GetEnvironmentVariableA
LCMapStringW
LoadResource
LCMapStringA
WideCharToMultiByte
GetStringTypeW
GetStringTypeA
SetHandleCount
FlushFileBuffers
GetOEMCP
GetACP
GetCPInfo
SetLastError
TlsAlloc
RaiseException
GetVersion
GetStartupInfoA
GetModuleHandleA
TlsGetValue
TlsSetValue
InterlockedExchange
RtlUnwind
SetStdHandle
GetFileType
HeapFree
HeapAlloc

user32

SetActiveWindow
LoadStringA
MessageBoxA
wvsprintfA
GetActiveWindow
SetForegroundWindow
CharNextA
DestroyWindow
DefWindowProcA
ExitWindowsEx

advapi32

SetNamedSecurityInfoA
QueryServiceStatus
StartServiceA
CreateServiceA
OpenSCManagerA
OpenServiceA
CloseServiceHandle
RegFlushKey
RegCreateKeyExA
RegQueryInfoKeyA
RegSetValueExA
RegLoadKeyA
RegUnLoadKeyA
OpenProcessToken
LookupPrivilegeValueA
AdjustTokenPrivileges
RegEnumKeyA
RegQueryValueExA
RegEnumValueA
RegOpenKeyExA
RegCloseKey
GetUserNameA
GetNamedSecurityInfoA
BuildExplicitAccessWithNameA
SetEntriesInAclA
GetExplicitEntriesFromAclA
DeleteAce

shell32

SHGetSpecialFolderPathA
ShellExecuteA

ole32

CoInitialize
CoUninitialize

comctl32

InitCommonControlsEx

version

GetFileVersionInfoSizeA
GetFileVersionInfoA
VerQueryValueA

urlmon

URLDownloadToFileA

netapi32

Netbios

wininet

HttpOpenRequestA
HttpSendRequestA
InternetCloseHandle
InternetConnectA
InternetOpenA

Sections

.text
Size: 96KB - Virtual size: 93KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 12KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 24KB - Virtual size: 35KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 280KB - Virtual size: 276KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

123d294ab47d133dd6b8bf984f44fd57

Headers

File Characteristics

Imports

shlwapi

kernel32

user32

advapi32

shell32

ole32

comctl32

version

urlmon

netapi32

wininet

Sections

.text Size: 96KB - Virtual size: 93KB

.rdata Size: 12KB - Virtual size: 11KB

.data Size: 24KB - Virtual size: 35KB

.rsrc Size: 280KB - Virtual size: 276KB

.text
Size: 96KB - Virtual size: 93KB

.rdata
Size: 12KB - Virtual size: 11KB

.data
Size: 24KB - Virtual size: 35KB

.rsrc
Size: 280KB - Virtual size: 276KB