9ae884bcafcaca35df8da1d3c8fead23

Sharing

Copy URL Twitter E-mail

General

Target

9ae884bcafcaca35df8da1d3c8fead23
Size

42KB
MD5

9ae884bcafcaca35df8da1d3c8fead23
SHA1

5bdf0f04147c7e2a25e2868efac4ffdf380a8e3d
SHA256

4d4298ceb8c6948e6ab9ff8f8283cf612b0f3712adf9199ccc956abfe58a782d
SHA512

d6c994a4379b93d3cdba6c8d6d95b9db592ea56148b56155c7a3c380449a1fd8519108c8e8d5b7f6aff268e0d5b381e1cc9b92e73de913f76b9388b554d0c4c1
SSDEEP

768:pMHXCvYDq4dPP2iGMnCBHxpfswYMYcWjcnqQyzq9docK4/EKGEdbbqpv:pMHrD732ivck8YRjWqQyIdoVpOv0

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
9ae884bcafcaca35df8da1d3c8fead23

Files

9ae884bcafcaca35df8da1d3c8fead23
.exe windows:5 windows x86 arch:x86

5a0efc5a32bf05f0c6263030cb44f358

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

olecli32

OleQueryProtocol
PbEnumFormats
OleEnumFormats
LeQueryOutOfDate
LeSetBounds
LeSetTargetDevice
OleRevertClientDoc
OleRequestData
OleRegisterClientDoc
BmRelease
WEP
DibCopy
ObjRename
ErrSetTargetDevice
OleSaveToStream
OleSetBounds
MfEnumFormat
BmQueryBounds
OleQueryType
BmChangeData
DibSaveToStream
OleCopyFromLink
GetTaskVisibleWindow
ErrSetUpdateOptions
LeCopy
OleActivate
SetNextNetDrive
LeDraw

kernel32

OpenFile
GetComputerNameExW
GetComputerNameA
LZOpenFileA
GetThreadPriorityBoost
WritePrivateProfileStringW
GetConsoleCommandHistoryA
lstrcmpiA
GetDevicePowerState
GlobalFlags
IsValidLocale
SetFilePointer
SetConsoleOS2OemFormat
GetConsoleAliasExesA
GetModuleHandleExA
GetAtomNameW
GetCalendarInfoA
ReadConsoleInputA
LoadLibraryA
GetProcessAffinityMask
lstrcatW
EnumDateFormatsW
GetModuleHandleA
_llseek
CreateMutexW
SetConsoleNumberOfCommandsW
DeleteTimerQueueEx
VirtualAlloc

ntdll

ZwSetSystemPowerState
ZwSetSystemTime
RtlImpersonateSelf
RtlAllocateAndInitializeSid
RtlIntegerToUnicodeString
ZwReadFile
wcstoul
isalpha
log
ZwQuerySystemEnvironmentValue
RtlTraceDatabaseFind
NtPrivilegeObjectAuditAlarm
NtSetSystemEnvironmentValue
NtOpenObjectAuditAlarm
NtAddBootEntry
RtlAddRefActivationContext
NtSignalAndWaitForSingleObject
RtlQueueWorkItem
wcsncpy
NtCreateProfile
wcslen
NtVdmControl

shlwapi

SHRegQueryUSValueW
PathUnquoteSpacesA
UrlIsA
SHAutoComplete
StrCmpNW
StrNCatW
PathGetDriveNumberW
PathCanonicalizeA
PathGetArgsW
SHEnumValueW
PathIsSystemFolderA
GetMenuPosFromID
StrCSpnIW
PathCreateFromUrlW
SHRegSetPathA
UrlIsNoHistoryA
PathUnmakeSystemFolderW
StrRStrIW
PathMakeSystemFolderW
StrToInt64ExW
PathFindNextComponentW
UrlApplySchemeA
StrCmpNIA
SHIsLowMemoryMachine
PathIsPrefixW
StrChrNW
PathIsNetworkPathW
StrStrNIW
PathCompactPathExA
StrRetToBSTR

oleaut32

VarUI1FromDisp
OleCreatePropertyFrame
VarWeekdayName
VarUdateFromDate
VarR8FromCy
VarUI8FromCy
LPSAFEARRAY_Marshal
VarR8FromI8
GetActiveObject
SetErrorInfo
VarUI1FromBool
LPSAFEARRAY_UserMarshal
VarI1FromI2
VarR8FromDisp
VarBoolFromR4
VARIANT_UserUnmarshal
VarUI1FromDate
VarDecFromR8
VarBoolFromDec
OaBuildVersion
VarCyFromDec
VarR8FromI4
VarCyFromUI8
VarUI4FromDate
VarDecFromI1

comsvcs

ComSvcsExceptionFilter
SafeRef
CoEnterServiceDomain
CoCreateActivity
CoLeaveServiceDomain
MiniDumpW
DllUnregisterServer
DllRegisterServer
GetMTAThreadPoolMetrics
GetTrkSvrObject
MTSCreateActivity
DispManGetContext
RecycleSurrogate
ComSvcsLogError
DllGetClassObject
CosGetCallContext
CoLoadServices
GetObjectContext
DllCanUnloadNow

advapi32

WmiSetSingleInstanceW
AddAccessDeniedAceEx
RegEnumValueW
LsaQueryDomainInformationPolicy
CreateTraceInstanceId
ObjectCloseAuditAlarmA
AddAuditAccessAce
ElfClearEventLogFileW
ImpersonateAnonymousToken
ControlService
WmiQueryAllDataA
EncryptFileW
LsaCreateTrustedDomainEx
LsaEnumerateTrustedDomains
WmiQuerySingleInstanceW
EnumServicesStatusW
MD4Init
CryptEnumProvidersW
RegCreateKeyA
MD4Update
AreAnyAccessesGranted
ClearEventLogW
AccessCheckByTypeAndAuditAlarmW
SystemFunction016
QueryServiceStatus
SetSecurityDescriptorRMControl
DuplicateToken
LsaDeleteTrustedDomain
WmiDevInstToInstanceNameW
A_SHAFinal

cnvfat

ConvertFAT
IsConversionAvailable

Sections

.text
Size: 1024B - Virtual size: 786B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 14KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 16KB - Virtual size: 64KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 9KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 68B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

5a0efc5a32bf05f0c6263030cb44f358

Headers

DLL Characteristics

File Characteristics

Imports

olecli32

kernel32

ntdll

shlwapi

oleaut32

comsvcs

advapi32

cnvfat

Sections

.text Size: 1024B - Virtual size: 786B

.rdata Size: 14KB - Virtual size: 14KB

.data Size: 16KB - Virtual size: 64KB

.rsrc Size: 9KB - Virtual size: 9KB

.reloc Size: 512B - Virtual size: 68B

.text
Size: 1024B - Virtual size: 786B

.rdata
Size: 14KB - Virtual size: 14KB

.data
Size: 16KB - Virtual size: 64KB

.rsrc
Size: 9KB - Virtual size: 9KB

.reloc
Size: 512B - Virtual size: 68B