9894c78bf402e78cae4f01aef14ae4bb

Sharing

Copy URL Twitter E-mail

General

Target

9894c78bf402e78cae4f01aef14ae4bb
Size

80KB
MD5

9894c78bf402e78cae4f01aef14ae4bb
SHA1

b27ecc9188ea56a090e521f0a051c7381b290d10
SHA256

b82aa04deccd81340068024260d4f9920de680d782c54a889df9554a0417897e
SHA512

032299bab6b3aa9f6f57eeae61b2f02847c2936567276d33ca06b7e8c744eda4d1cd36c3105b1d6c30217dc0466ad558a3a486cedc5c248d34134be573bab03d
SSDEEP

1536:B8Bh2FDSL5vEaAhtFZDbx2goJFnz6OGdd9aRB8IVyfuqpGQI6mRKIBTWTH+x4umK:B8Bh2luvdz6zIBfyFYH6msQEex4um7O

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
9894c78bf402e78cae4f01aef14ae4bb

Files

9894c78bf402e78cae4f01aef14ae4bb
.exe windows:4 windows x86 arch:x86

f7dc60f2c38ac7a2ed2a90e4971af3ff

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

shlwapi

UrlGetPartA
StrStrA
SHRegGetUSValueW
ChrCmpIW
PathSetDlgItemPathW
PathRenameExtensionA
PathQuoteSpacesA
StrRetToStrA
StrCmpW
SHIsLowMemoryMachine
StrCpyNW
PathMakePrettyW
SHDeleteKeyW
StrRetToBufA
UrlApplySchemeA
SHOpenRegStream2A
SHRegSetUSValueA
StrStrW
SHGetThreadRef
SHSetThreadRef
SHOpenRegStreamW
SHDeleteValueW
StrCatW
PathAddBackslashW
UrlCanonicalizeA
SHRegOpenUSKeyW
PathIsSystemFolderA
StrNCatA
SHRegQueryUSValueA
StrCatBuffW
StrSpnW
StrCSpnW
PathIsDirectoryEmptyW
PathAddExtensionW
StrStrIA
wvnsprintfA
SHRegDeleteUSValueA
PathCompactPathExA
PathRelativePathToA
StrSpnA
PathCommonPrefixA
PathUndecorateA
StrChrW
SHRegEnumUSKeyW
PathSearchAndQualifyW
StrRetToStrW
SHRegGetBoolUSValueA
SHRegCloseUSKey
PathGetCharTypeA
PathAppendW
PathIsUNCServerW
PathUnmakeSystemFolderW
StrRChrW
wnsprintfA
StrCmpNIA
PathSearchAndQualifyA
PathIsUNCServerShareW
PathRemoveExtensionA
ColorHLSToRGB
PathIsContentTypeW
PathBuildRootW
PathFileExistsW
PathGetDriveNumberA
SHQueryInfoKeyA
PathFindNextComponentW
AssocQueryStringA
IntlStrEqWorkerW
PathIsRelativeW
StrCmpNW
SHGetValueW
PathCombineW
SHDeleteKeyA
AssocQueryKeyA
StrCSpnA
SHEnumValueW
PathIsDirectoryA
PathCreateFromUrlW
PathIsUNCA
StrTrimA
PathRemoveExtensionW
StrCpyW
PathIsSameRootA
SHOpenRegStream2W
SHRegDeleteUSValueW
SHRegCreateUSKeyA
PathGetArgsA
PathRemoveArgsA
AssocQueryStringByKeyW
PathIsPrefixA
SHRegGetUSValueA
SHGetInverseCMAP
StrFromTimeIntervalW
PathCanonicalizeW
StrFormatKBSizeW
PathMakeSystemFolderW
PathUnmakeSystemFolderA
PathAddBackslashA
StrRChrIA
SHRegDeleteEmptyUSKeyA
PathCommonPrefixW
PathCombineA
SHDeleteValueA
StrCmpNA
SHCreateStreamOnFileA
SHCreateStreamOnFileW
UrlHashA
PathStripToRootA
PathIsUNCServerShareA
SHRegWriteUSValueA
StrChrA

user32

IsClipboardFormatAvailable
GetWindowWord
GetClipboardOwner
CreateIconFromResource
PostMessageW
GetDlgItemTextW
IsCharAlphaNumericW
GetMenu
GetPriorityClipboardFormat
GetMonitorInfoW
WaitForInputIdle
GrayStringA
DdeUnaccessData
ExcludeUpdateRgn
LoadCursorA
PostThreadMessageA
IsCharAlphaA
GetGuiResources
GetMenuItemInfoW
GetScrollBarInfo
LoadIconA
OpenIcon
DragObject
GetScrollRange
TranslateAcceleratorW
MenuItemFromPoint
DdeCreateDataHandle
CascadeChildWindows
GetWindowModuleFileNameA
DdeInitializeW
GetWindowInfo
TabbedTextOutW
ToAscii
IsWindow
CharUpperA
LoadImageA
GetGUIThreadInfo
GetClipboardSequenceNumber
IsDialogMessage
GetUserObjectInformationW
RedrawWindow
ShowWindow
GetInputState
IsMenu
SetDoubleClickTime
SetClassWord
GetMenuItemCount
EnumPropsExW
AppendMenuW
ScreenToClient
ScrollWindow
GetMenuStringW
GetClassLongW
SetMenuItemInfoW
KillTimer
GetSysColor
GetWindowRect
CharPrevA
EndDeferWindowPos
GetThreadDesktop
SetWindowPos
OpenInputDesktop
GetClipCursor
GetUpdateRgn
DragDetect
EnableWindow
MonitorFromWindow
AdjustWindowRect
TranslateAcceleratorA
WinHelpA
IsCharUpperA
DrawStateA
EnumWindows
GetWindowLongW
SetActiveWindow
IsWindowEnabled
GetUserObjectSecurity
PostThreadMessageW
CloseWindow
DrawTextExW
MsgWaitForMultipleObjectsEx
GetKeyboardLayoutNameW
EnumDesktopsA
EnumDesktopsW
GetClassWord
EnumDesktopWindows
DestroyCaret
CreateIcon
GetMenuItemInfoA
GetWindowModuleFileNameW
CreateAcceleratorTableA
GetShellWindow
SetSysColors
CallWindowProcW
GetWindowTextLengthW
CreateCursor
DdeCmpStringHandles
LoadMenuA
GetMonitorInfoA
RegisterClipboardFormatW
BringWindowToTop
ChangeDisplaySettingsW
InvalidateRgn
SetWindowsHookW
GetScrollInfo
DestroyIcon
CloseDesktop
DrawEdge
PeekMessageA
ToUnicode
RegisterClipboardFormatA
SetWindowLongW
CallNextHookEx
IsDialogMessageW
LoadStringW
WindowFromPoint
GetSubMenu
DefFrameProcA
DlgDirSelectComboBoxExW
IsCharAlphaNumericA
GetKeyboardLayout
GetOpenClipboardWindow
LoadKeyboardLayoutA
LoadCursorFromFileW
ScrollWindowEx

kernel32

GetAtomNameW
GetCompressedFileSizeA
lstrcpy
GetConsoleScreenBufferInfo
ResumeThread
GlobalUnWire
DeleteFileA
Process32First
SetSystemTimeAdjustment
GetNumberOfConsoleMouseButtons
WaitForDebugEvent
FillConsoleOutputCharacterW
SetTapePosition
RemoveDirectoryA
FillConsoleOutputAttribute
IsBadHugeWritePtr
GetLogicalDriveStringsA
MulDiv
SetProcessShutdownParameters
GlobalWire
GetStringTypeA
BackupSeek
SetEndOfFile
FormatMessageA
GetProfileStringA
SetConsoleOutputCP
SetCommState
RaiseException
GetFileTime
IsBadStringPtrW
SignalObjectAndWait
GetPrivateProfileIntA
CreateFileA
GetStringTypeW
LocalHandle
IsBadWritePtr
Thread32Next
IsProcessorFeaturePresent
GetTapePosition
DeleteFiber
SetProcessWorkingSetSize
SetCommBreak
ReadConsoleOutputCharacterW
CreateDirectoryW
GetCommTimeouts
WriteProfileStringA
lstrlen
IsSystemResumeAutomatic
GetLongPathNameW
LockFile
GetPriorityClass
PeekConsoleInputW
SetProcessAffinityMask
GetStdHandle
EraseTape
GetStringTypeExW
GetPrivateProfileSectionNamesA
FoldStringW
CreateMailslotW
FillConsoleOutputCharacterA
SetupComm
FreeConsole
GetStartupInfoW
DebugBreak
GetVersionExW
GetSystemPowerStatus
GetPrivateProfileStringA
VerLanguageNameA
GetTimeFormatA
GetCalendarInfoA
CreateDirectoryA
WaitForMultipleObjectsEx
EscapeCommFunction
FindNextFileW
ExpandEnvironmentStringsW
GetNamedPipeHandleStateW
CreateToolhelp32Snapshot
SleepEx
GetTimeZoneInformation
ReleaseSemaphore
InitAtomTable
ExitProcess
GetLargestConsoleWindowSize
CreateFileMappingA
ReadConsoleA
FreeResource
IsDBCSLeadByteEx
FatalAppExitA
GlobalUnfix
MoveFileW
GetQueuedCompletionStatus
SetConsoleMode
ReadConsoleOutputCharacterA
GetFileAttributesExW
Module32Next
GetProcessPriorityBoost
GetShortPathNameW
GetCurrentThreadId
EnumCalendarInfoA
GlobalFindAtomW
LoadModule
DeleteFileW
GetCommandLineA
HeapLock
GetDefaultCommConfigW
WaitForSingleObjectEx
SetFilePointer
SetComputerNameA
SetEnvironmentVariableW
GetTickCount
TlsSetValue
GetCurrentThread
GetDriveTypeA
SetConsoleCP
HeapWalk
TlsFree
GetConsoleOutputCP
GetCalendarInfoW
GetNamedPipeInfo
ClearCommBreak
SetFileAttributesA
GetSystemTime
SetCurrentDirectoryA
VirtualAlloc
SetSystemPowerState
GetSystemDirectoryW
GetProfileSectionA
GetDefaultCommConfigA
EnumCalendarInfoExW
DosDateTimeToFileTime
BeginUpdateResourceW
GetPrivateProfileStructW
SetEvent
SetWaitableTimer
GetFileType
GetPrivateProfileSectionA
ReadConsoleOutputAttribute
CreateProcessA
VirtualUnlock
SearchPathA
CopyFileW
ReadConsoleInputA
VirtualFree
WriteProfileSectionA
IsValidLocale
FlushInstructionCache
EnumDateFormatsW
Heap32ListFirst
GetSystemDefaultLCID
TlsGetValue
GetVolumeInformationW
SetConsoleCursorPosition
LocalAlloc
FreeEnvironmentStringsW
GetCommConfig
VirtualProtect

ole32

CoReleaseMarshalData
OleCreate
OleLockRunning
CoRegisterClassObject
CreateGenericComposite
OleCreateEx
OleGetIconOfClass
IsAccelerator
StgOpenStorage
CoSwitchCallContext
OleIsCurrentClipboard
OleLoad
IIDFromString
UtConvertDvtd16toDvtd32
CoRevokeMallocSpy
CoLoadLibrary
CoReleaseServerProcess
CoSetProxyBlanket
StgOpenStorageEx
CoCreateGuid
OleCreateLinkToFile
CreateStreamOnHGlobal
MonikerRelativePathTo
CoMarshalInterface
OleSetContainedObject
OleDoAutoConvert
StringFromCLSID
OleConvertIStorageToOLESTREAMEx
SetDocumentBitStg
CoGetCallContext
OleRegGetUserType
StringFromIID
OleQueryLinkFromData
CoUninitialize
CoTaskMemFree
CoBuildVersion
CoInitializeSecurity
CoTreatAsClass
CoFileTimeToDosDateTime
CoFreeAllLibraries
OleCreateLink
RegisterDragDrop
OleCreateLinkToFileEx
OleBuildVersion
UtGetDvtd32Info
UtConvertDvtd32toDvtd16
GetHGlobalFromILockBytes
CreateObjrefMoniker
OleCreateFromData
EnableHookObject
OleConvertOLESTREAMToIStorageEx
StgCreateStorageEx
CoIsHandlerConnected
CoImpersonateClient
ReadStringStream
CoCopyProxy
CoFreeUnusedLibraries
OleUninitialize
CoFileTimeNow
CoRegisterSurrogate
CreateFileMoniker
OleRegEnumFormatEtc
CoGetCallerTID
CreateBindCtx
OleSetMenuDescriptor
CoUnmarshalInterface
CoFreeLibrary
StgGetIFillLockBytesOnFile
CoQueryReleaseObject
WriteOleStg
WriteClassStm
CreateClassMoniker
CoQueryAuthenticationServices
CoInitializeEx
RevokeDragDrop
StgCreateDocfileOnILockBytes
PropVariantCopy
CoGetMarshalSizeMax
CoGetCurrentProcess
CoRevertToSelf
CoRegisterPSClsid
OleCreateEmbeddingHelper
OleSetAutoConvert
OleCreateMenuDescriptor
GetDocumentBitStg
OleGetClipboard
OleCreateDefaultHandler
WriteFmtUserTypeStg
CoGetPSClsid
CreateOleAdviseHolder
ReadOleStg
OleCreateLinkEx
CoSuspendClassObjects
StgOpenStorageOnILockBytes
FreePropVariantArray
CoUnmarshalHresult
OleSetClipboard
StgIsStorageILockBytes
CoCreateInstance
CoCreateInstanceEx
ReleaseStgMedium
OleTranslateAccelerator
OleGetAutoConvert
CLSIDFromString
StgGetIFillLockBytesOnILockBytes
BindMoniker
ProgIDFromCLSID

advapi32

RegEnumKeyExA
GetSecurityDescriptorControl
SetSecurityDescriptorDacl
RegCreateKeyExW
RegLoadKeyW
GetServiceKeyNameW
ImpersonateSelf
BuildImpersonateTrusteeW
IsValidAcl
MakeSelfRelativeSD
IsValidSecurityDescriptor
QueryServiceLockStatusW
CreatePrivateObjectSecurity
MakeAbsoluteSD
BuildSecurityDescriptorW
SetPrivateObjectSecurity
RegEnumValueW
BuildTrusteeWithNameW
GetUserNameW
GetUserNameA
BackupEventLogA
CreateProcessAsUserW
StartServiceCtrlDispatcherW
SetNamedSecurityInfoA
InitiateSystemShutdownA
MapGenericMask
OpenEventLogA
CreateProcessAsUserA
AdjustTokenGroups
RegUnLoadKeyW
AreAnyAccessesGranted
CryptEnumProviderTypesA
QueryServiceLockStatusA
PrivilegedServiceAuditAlarmW
BuildTrusteeWithSidA
UnlockServiceDatabase
CryptSetProviderW
RegEnumKeyW
LookupSecurityDescriptorPartsW
CryptVerifySignatureW
RegSetKeySecurity
RegUnLoadKeyA
CryptAcquireContextA
GetPrivateObjectSecurity
CryptDestroyHash
CreateServiceW
CryptEncrypt
RegOpenKeyExW
SetKernelObjectSecurity
GetNumberOfEventLogRecords
LookupPrivilegeValueA
LookupPrivilegeNameW
AllocateAndInitializeSid
GetTokenInformation
AreAllAccessesGranted
GetEffectiveRightsFromAclW
AccessCheckAndAuditAlarmW
LookupPrivilegeNameA
CryptDecrypt
GetServiceDisplayNameA
SetSecurityInfoExA
RegEnumKeyExW
GetExplicitEntriesFromAclW
RegQueryValueW
LockServiceDatabase
CryptEnumProvidersA
CryptExportKey
AbortSystemShutdownW
PrivilegeCheck
SetNamedSecurityInfoW
BuildExplicitAccessWithNameW
GetAuditedPermissionsFromAclA
RegisterEventSourceW
CryptSetProvParam
CryptDuplicateKey
ObjectOpenAuditAlarmW
LogonUserA
SetAclInformation
CryptGetDefaultProviderA
RevertToSelf
CryptEnumProvidersW
CryptImportKey
SetEntriesInAccessListA
CryptCreateHash
OpenServiceA
RegEnumKeyA
AllocateLocallyUniqueId
GetNamedSecurityInfoA
OpenSCManagerA
CryptGetUserKey
AccessCheck
RegOpenKeyExA
RegGetKeySecurity
SetFileSecurityW
ConvertAccessToSecurityDescriptorA
SetServiceBits
EnumDependentServicesA
GetSecurityDescriptorOwner
CreateServiceA
SetEntriesInAuditListA
GetLengthSid
ReportEventW
EqualSid
CryptSetKeyParam
CryptDestroyKey

Sections

.text
Size: 61KB - Virtual size: 61KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 17KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 174B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

f7dc60f2c38ac7a2ed2a90e4971af3ff

Headers

DLL Characteristics

File Characteristics

Imports

shlwapi

user32

kernel32

ole32

advapi32

Sections

.text Size: 61KB - Virtual size: 61KB

.rdata Size: 17KB - Virtual size: 16KB

.data Size: 512B - Virtual size: 174B

.text
Size: 61KB - Virtual size: 61KB

.rdata
Size: 17KB - Virtual size: 16KB

.data
Size: 512B - Virtual size: 174B