992a74fc1f05f24cb0eb3e182a519912

Sharing

Copy URL Twitter E-mail

General

Target

992a74fc1f05f24cb0eb3e182a519912
Size

620KB
MD5

992a74fc1f05f24cb0eb3e182a519912
SHA1

d569c9916664c4b3fd6ccf19203715ba9cdb5fc9
SHA256

a304708771219ea5fa2fb3222bb8f6ec44183f19d3853a4694464cfdafee2c16
SHA512

bf24ab35c7253ba6e6ee75a3a002e9edabca634ac34db9267f10a8e2843530498d6899316d38b384ff705a338f90c6d1069ed3e23fe51cb21a92857f87f73d15
SSDEEP

12288:mVKDsKk3pS8BEa1pgBgNxMCzJDfxETwIWL206vkAB:mLKQStEgBgPzJDCMII6v

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
992a74fc1f05f24cb0eb3e182a519912

Files

992a74fc1f05f24cb0eb3e182a519912
.exe windows:4 windows x86 arch:x86

8451e64c3c965c30e990aa4e0f9d7bb3

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

PDB Paths

e:\qdcrfp\pruxekvz\ralv.pdb

Imports

shell32

ExtractIconExW
SheChangeDirA
CommandLineToArgvW
CheckEscapesW

advapi32

RegEnumKeyW
RegReplaceKeyW
LookupPrivilegeNameW
RegSetValueExA
LookupPrivilegeDisplayNameA
RegConnectRegistryA
CryptSetProviderExA
ReportEventA
RegCreateKeyW
RegEnumKeyA
RegEnumKeyExW
RegDeleteValueW
CryptSignHashW

kernel32

FlushFileBuffers
SetLastError
GetTickCount
VirtualQuery
GetOEMCP
GetCPInfo
SetHandleCount
FindFirstFileW
GetLocaleInfoA
ExitProcess
QueryPerformanceCounter
HeapDestroy
TlsFree
WideCharToMultiByte
GetLastError
lstrcmp
EnterCriticalSection
GetModuleFileNameA
GetProcAddress
RtlUnwind
GetTimeFormatA
UnhandledExceptionFilter
GetPrivateProfileStringW
LeaveCriticalSection
VirtualFree
GlobalGetAtomNameA
HeapSize
GetNamedPipeHandleStateW
EnumSystemLocalesA
GetModuleHandleA
FreeEnvironmentStringsW
CloseHandle
OpenMutexA
CompareStringW
LoadLibraryA
GetCurrentThread
GetACP
lstrcmpiW
GetLongPathNameA
GetCommandLineW
FreeEnvironmentStringsA
ConnectNamedPipe
WriteFile
MapViewOfFile
GetTimeZoneInformation
InterlockedExchange
ReadFile
GetEnvironmentStringsW
EnumCalendarInfoExA
HeapCreate
CreateEventA
IsBadWritePtr
GetStringTypeA
VirtualAlloc
LocalCompact
SetFilePointer
GetSystemDefaultLangID
MultiByteToWideChar
GetWindowsDirectoryA
GetCurrentThreadId
InitializeCriticalSection
TlsSetValue
TlsAlloc
GetCommandLineA
lstrlenA
GetSystemInfo
GetWindowsDirectoryW
GetFileSize
ReadConsoleOutputCharacterA
SetEnvironmentVariableA
lstrcatA
GetPrivateProfileStructA
CreatePipe
HeapAlloc
TerminateProcess
IsValidLocale
GetThreadSelectorEntry
lstrcpy
GetVersionExA
LCMapStringA
SetConsoleActiveScreenBuffer
TlsGetValue
CreateRemoteThread
GetEnvironmentStrings
VirtualLock
GetStartupInfoW
GetStartupInfoA
HeapValidate
GetCurrentProcess
GetUserDefaultLCID
GetDateFormatA
VirtualProtect
HeapFree
IsValidCodePage
OutputDebugStringW
DeleteCriticalSection
GetStdHandle
GetSystemTimeAsFileTime
GetModuleFileNameW
GetCurrentProcessId
CompareStringA
CreateMutexA
GetFileType
GetLocaleInfoW
HeapReAlloc
GetStringTypeW
FileTimeToLocalFileTime
SetStdHandle
GetVolumeInformationA
EnumResourceTypesW
LCMapStringW

wininet

FindNextUrlCacheEntryA
DetectAutoProxyUrl
RetrieveUrlCacheEntryStreamW
IsUrlCacheEntryExpiredW
InternetGetCertByURLA
FindNextUrlCacheEntryExA
FtpFindFirstFileA
InternetErrorDlg

comctl32

InitCommonControlsEx
CreatePropertySheetPageA
CreatePropertySheetPage
ImageList_GetFlags
ImageList_Replace
ImageList_LoadImage
ImageList_DragEnter
ImageList_SetBkColor
ImageList_DrawEx
ImageList_Add
DestroyPropertySheetPage
ImageList_SetFlags
ImageList_AddMasked
_TrackMouseEvent
CreateToolbarEx

user32

CharUpperA
ModifyMenuW
RegisterClipboardFormatA
GetDlgItemTextA
GetKeyState
DdeSetUserHandle
GetNextDlgTabItem
AnyPopup
SetRectEmpty
OpenClipboard
DdeAbandonTransaction
GetUserObjectInformationA
TranslateMDISysAccel
TranslateAcceleratorW
EnumWindowStationsA
CreateIcon
MsgWaitForMultipleObjectsEx
DefWindowProcW
DestroyWindow
EmptyClipboard
GetWindowInfo
GetUpdateRect
CopyRect
CreateCursor
ScrollDC
DdePostAdvise
InvalidateRect
DialogBoxIndirectParamA
FreeDDElParam
RemovePropA
ToAsciiEx
UnloadKeyboardLayout
GetMessageTime
ReleaseDC
AppendMenuA
VkKeyScanW
MapVirtualKeyW
GetClassInfoA
UnregisterClassA
ChildWindowFromPoint
wsprintfA
RemovePropW
DrawTextExA
GetUserObjectSecurity
DdeNameService
PeekMessageW
GetDoubleClickTime
RegisterClassA
DdeReconnect
IsCharAlphaNumericA
BroadcastSystemMessage
CreateDesktopA
MonitorFromWindow
GetPriorityClipboardFormat
BeginPaint
DestroyMenu
GetDlgItemTextW
DialogBoxParamW
DdeFreeDataHandle
RegisterClassExA
ReleaseCapture
GetMenuItemRect
GetClassWord
IsCharUpperW
CascadeWindows
UnpackDDElParam
CharUpperW
DlgDirSelectComboBoxExA
DefWindowProcA
SetRect
GetKeyboardLayout
GetDesktopWindow
UnregisterHotKey
ExitWindowsEx
CountClipboardFormats
CharUpperBuffW
GetWindowThreadProcessId
EnumWindowStationsW
GrayStringA
MessageBoxA
CreateMDIWindowW
CreateWindowExW
GetMenuContextHelpId
ShowWindow
IsCharLowerW
FlashWindowEx
OemToCharA
SetTimer
GetClipboardFormatNameW
EqualRect
SendMessageTimeoutW
CharUpperBuffA
EnumDesktopsA
WinHelpW
DrawAnimatedRects
DefMDIChildProcW
LoadStringW
ToUnicodeEx
SetWindowLongA

comdlg32

GetSaveFileNameA
GetOpenFileNameA
GetFileTitleW
PrintDlgW

Sections

.text
Size: 184KB - Virtual size: 183KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 264KB - Virtual size: 263KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 108KB - Virtual size: 131KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 60KB - Virtual size: 59KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

8451e64c3c965c30e990aa4e0f9d7bb3

Headers

File Characteristics

PDB Paths

Imports

shell32

advapi32

kernel32

wininet

comctl32

user32

comdlg32

Sections

.text Size: 184KB - Virtual size: 183KB

.rdata Size: 264KB - Virtual size: 263KB

.data Size: 108KB - Virtual size: 131KB

.rsrc Size: 60KB - Virtual size: 59KB

.text
Size: 184KB - Virtual size: 183KB

.rdata
Size: 264KB - Virtual size: 263KB

.data
Size: 108KB - Virtual size: 131KB

.rsrc
Size: 60KB - Virtual size: 59KB