9c5dae5faccf84661f968b1c9fee90fe

Sharing

Copy URL Twitter E-mail

General

Target

9c5dae5faccf84661f968b1c9fee90fe
Size

179KB
MD5

9c5dae5faccf84661f968b1c9fee90fe
SHA1

7451251d198021e91b61857aa8a32109ff4657ee
SHA256

e76cca2152c5b8fe67a0fdf40da17b8155115a12fe948a169f84d5466aa6da5d
SHA512

8dc0e718257956aa999ddeff4110068f4c3b7acb77fc135186179d87d26314b333cafd9a4631a34d767725756654354d84c4a0db30455823c3912e9a213b2a2d
SSDEEP

3072:0uj9oWAw1I2DjiOGsiOgXlijw9wVZl5P8LIWgU0vC8/ykMsuDMSlyZkJf/xP1Fb6:t5QmIgeOG5OtjwUl7U06dkMfzyOz1dF8

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
9c5dae5faccf84661f968b1c9fee90fe

Files

9c5dae5faccf84661f968b1c9fee90fe
.exe windows:4 windows x86 arch:x86

7221a52450cc243420b00739c0696b70

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

iphlpapi

GetIpAddrTable

newdev

UpdateDriverForPlugAndPlayDevicesW

ole32

CoGetMalloc
CoInitializeSecurity
CoCreateInstance
CoTaskMemFree
CoInitializeEx
CoQueryProxyBlanket
CoUninitialize
CoSetProxyBlanket
StringFromGUID2

rpcrt4

UuidCreate

advapi32

QueryServiceLockStatusW
GetTokenInformation
ChangeServiceConfigW
CreateServiceW
LookupPrivilegeNameA
ControlService
UnlockServiceDatabase
RegRestoreKeyW
QueryServiceConfigW
RegDeleteValueW
RegSaveKeyW
LookupPrivilegeDisplayNameA
EnumDependentServicesW
RegGetKeySecurity
SetEntriesInAclW
AdjustTokenPrivileges
RegOpenKeyExW
RegEnumKeyExW
LookupAccountSidW
GetInheritanceSourceW
CloseServiceHandle
InitializeAcl
EqualSid
IsValidAcl
AddAce
RegQueryValueExW
FreeSid
OpenProcessToken
GetNamedSecurityInfoW
GetAce
IsValidSecurityDescriptor
GetAclInformation
SetSecurityDescriptorDacl
RegCreateKeyExW
GetSecurityInfo
OpenSCManagerW
LockServiceDatabase
SetNamedSecurityInfoW
SetEntriesInAclA
RegDeleteKeyW
LookupPrivilegeValueA
QueryServiceStatus
RegSetValueExW
RegCloseKey
FreeInheritedFromArray
DeleteService
InitializeSecurityDescriptor
StartServiceA
OpenServiceW
GetSecurityDescriptorControl
SetSecurityInfo
AllocateAndInitializeSid
ChangeServiceConfig2W
RegEnumValueW

setupapi

SetupDiGetDeviceRegistryPropertyA
SetupDiClassGuidsFromNameW
SetupDiGetClassDevsA
SetupGetLineTextA
SetupCopyOEMInfW
SetupDiClassNameFromGuidW
SetupOpenInfFileA
SetupDiDeleteDeviceInfo
SetupDiCreateDeviceInfoList
SetupCloseInfFile
SetupDiDestroyDeviceInfoList
SetupDiSetDeviceRegistryPropertyW
SetupDiEnumDeviceInfo
CMP_WaitNoPendingInstallEvents
SetupDiSetClassInstallParamsW
SetupGetInfFileListA
SetupDiGetClassDescriptionW
SetupDiGetDeviceInstanceIdW
SetupDiCallClassInstaller
SetupDiCreateDeviceInfoA
SetupDiGetDeviceRegistryPropertyW
SetupDiGetDeviceInstallParamsA
SetupDiBuildClassInfoList
SetupDiGetClassDevsW
CM_Get_DevNode_Status

shell32

SHGetFolderPathW

kernel32

ExpandEnvironmentStringsW
MapViewOfFile
InitializeCriticalSection
GetTimeZoneInformation
GetCalendarInfoW
CompareStringA
HeapDestroy
FreeLibrary
SetFilePointer
LCMapStringW
SetEndOfFile
RaiseException
FileTimeToLocalFileTime
IsDebuggerPresent
SetEnvironmentVariableA
LCMapStringA
InterlockedDecrement
ResetEvent
GetFileAttributesW
SystemTimeToFileTime
SetFileAttributesW
QueryPerformanceCounter
TlsGetValue
GetStringTypeW
MoveFileExW
FileTimeToSystemTime
GetProcAddress
GetConsoleOutputCP
GetModuleFileNameA
GetTimeFormatA
ReadFile
GetSystemTimeAsFileTime
GetOEMCP
TerminateProcess
GetACP
GetEnvironmentVariableW
GetLocaleInfoA
GetEnvironmentStrings
GetCurrentProcessId
HeapSize
WideCharToMultiByte
VirtualAlloc
GetSystemTime
GetCPInfo
GetConsoleCP
GetCommandLineA
CreateEventA
GetDateFormatA
CreateDirectoryW
GetStdHandle
EnterCriticalSection
LoadLibraryA
LoadLibraryExW
IsValidCodePage
LeaveCriticalSection
WaitForSingleObject
GetStartupInfoA
EnumResourceNamesA
SetWaitableTimer
MultiByteToWideChar
SetLastError
RtlUnwind
HeapCreate
TlsFree
ExitProcess
GetLastError
DeviceIoControl
CreateFileMappingA
WriteConsoleW
CancelWaitableTimer
GetTempPathW
CreateFileW
DeleteFileW
InitializeCriticalSection
GetModuleHandleW
SetHandleCount
SetEvent
CreateProcessW
CreateThread
CreateFileA
CompareStringW
GetConsoleMode
GetCurrentProcess
GetVersionExA
SetUnhandledExceptionFilter
LocalAlloc
SetStdHandle
HeapAlloc
TlsAlloc
CloseHandle
LocalFree
FreeEnvironmentStringsA
GetTickCount
UnmapViewOfFile
GetFileType
UnhandledExceptionFilter
WriteFile
GetProcessHeap
GetModuleHandleA
CreateWaitableTimerA
GetEnvironmentStringsW
GetExitCodeProcess
HeapReAlloc
InterlockedIncrement
FlushFileBuffers
TlsSetValue
VirtualFree
Sleep
WriteConsoleA
HeapFree
GetCurrentThreadId
GetVersionExW
CopyFileW
GetSystemDirectoryW
DeleteCriticalSection
FreeEnvironmentStringsW
GetStringTypeA

user32

SendMessageA
DestroyWindow
GetDlgItem
EnumChildWindows
CreateWindowExW
IsWindow
GetWindowThreadProcessId

mprapi

MprConfigServerDisconnect
MprConfigServerConnect
MprConfigGetFriendlyName

Sections

.text
Size: 97KB - Virtual size: 96KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.bss
Size: 73KB - Virtual size: 73KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 376KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

7221a52450cc243420b00739c0696b70

Headers

File Characteristics

Imports

iphlpapi

newdev

ole32

rpcrt4

advapi32

setupapi

shell32

kernel32

user32

mprapi

Sections

.text Size: 97KB - Virtual size: 96KB

.rdata Size: 6KB - Virtual size: 6KB

.bss Size: 73KB - Virtual size: 73KB

.rsrc Size: 1024B - Virtual size: 376KB

.text
Size: 97KB - Virtual size: 96KB

.rdata
Size: 6KB - Virtual size: 6KB

.bss
Size: 73KB - Virtual size: 73KB

.rsrc
Size: 1024B - Virtual size: 376KB