73b9580896eeb0939c0f22268b0dc37268b2abd1516a7d0c4a9abbd8a5061232

Sharing

Copy URL

Twitter E-mail

General

Target

73b9580896eeb0939c0f22268b0dc37268b2abd1516a7d0c4a9abbd8a5061232
Size

3.0MB
MD5

a4d8ae019f013517c7557012dba59dc6
SHA1

43b595ed13b1fe31dcd57f65689d7d89db524953
SHA256

73b9580896eeb0939c0f22268b0dc37268b2abd1516a7d0c4a9abbd8a5061232
SHA512

ec470ed69989f656d967bd5b025dc7fb59cc0381b238568a63f844a1c114e9448727431317dfb6a4170bea2ff54faea95d9d15e296ff02f8486f50767c00d945
SSDEEP

49152:RBwpxPJg7JW4jhzQpxSlDvZajSiOWJ40PCLdt5bqUl33kwpPN:RBwpxhg7JW4NkpqiOWJ4PLdTqUxV

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
73b9580896eeb0939c0f22268b0dc37268b2abd1516a7d0c4a9abbd8a5061232

Files

73b9580896eeb0939c0f22268b0dc37268b2abd1516a7d0c4a9abbd8a5061232
.exe windows:5 windows x86 arch:x86

18d7268bb2f211825e89c8b79b74f19b

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

advapi32

OpenProcessToken
CreateProcessAsUserW
RegCloseKey
RegCreateKeyW
RegDeleteValueW
RegOpenKeyExW
RegSetValueExW
ChangeServiceConfig2W
CloseServiceHandle
ControlService
CreateServiceW
DeleteService
OpenSCManagerW
OpenServiceW
QueryServiceStatus
StartServiceW
RevertToSelf
EqualSid
GetLengthSid
InitializeAcl
GetAclInformation
AddAce
GetAce
AddAccessAllowedAce
InitializeSecurityDescriptor
GetSecurityDescriptorControl
SetSecurityDescriptorDacl
GetSecurityDescriptorDacl
SetFileSecurityW
GetFileSecurityW
LookupAccountNameW
RegCreateKeyExW
RegDeleteKeyW
RegQueryValueExW
RegEnumKeyW
RegOpenKeyW
ReportEventW
RegisterEventSourceW
DeregisterEventSource
CryptGenRandom
CryptReleaseContext
CryptAcquireContextW
RegQueryValueExA
RegFlushKey
DuplicateTokenEx
GetSidSubAuthorityCount
GetSidSubAuthority
SetTokenInformation
ImpersonateLoggedOnUser
LookupAccountSidW
GetTokenInformation

ole32

CoInitialize
CoInitializeEx
CoTaskMemFree
CoUninitialize
CoCreateInstance

shell32

SHGetSpecialFolderPathW
SHGetFolderPathW
SHGetSpecialFolderLocation
SHGetPathFromIDListW
ShellExecuteExW
SHChangeNotify

shlwapi

PathFileExistsW
SHSetValueW
SHGetValueW
SHDeleteKeyW
SHDeleteValueW

userenv

CreateEnvironmentBlock
DestroyEnvironmentBlock

user32

wsprintfA
FindWindowW
PostMessageW
MessageBoxW
wsprintfW
LoadStringW
GetProcessWindowStation
GetUserObjectInformationW

kernel32

GetProcessHeap
SetLastError
GetNativeSystemInfo
lstrlenW
LoadLibraryA
IsBadReadPtr
MapViewOfFile
FlushViewOfFile
UnmapViewOfFile
OpenFileMappingW
CreateThread
TerminateThread
GetExitCodeThread
InitializeCriticalSection
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
SetEvent
WaitForSingleObject
CreateEventW
LoadLibraryW
GetSystemDirectoryW
GetSystemWow64DirectoryW
GetCurrentProcessId
LocalAlloc
LocalFree
GetCurrentProcess
GetLastError
GetModuleHandleW
FindClose
FindFirstFileW
FindNextFileW
GetLogicalDriveStringsW
OutputDebugStringW
CopyFileW
MoveFileExW
GetLocalTime
GetModuleFileNameW
GetFileTime
SystemTimeToTzSpecificLocalTime
FileTimeToSystemTime
CreateFileW
GetVersionExW
DeviceIoControl
ResetEvent
WaitForSingleObjectEx
IsProcessorFeaturePresent
IsDebuggerPresent
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetStartupInfoW
TerminateProcess
QueryPerformanceCounter
GetCurrentThreadId
GetSystemTimeAsFileTime
InitializeSListHead
GetLongPathNameW
GetExitCodeProcess
HeapFree
GetTickCount
GetTempPathW
GetFileAttributesW
GetPrivateProfileIntW
GetEnvironmentVariableW
CreateDirectoryW
RemoveDirectoryW
SetFileAttributesW
GlobalAlloc
VirtualProtect
ReadProcessMemory
lstrcpyW
CreateProcessW
QueryDosDeviceW
DecodePointer
HeapReAlloc
HeapSize
RaiseException
InitializeCriticalSectionAndSpinCount
GetFileSize
ReadFile
MultiByteToWideChar
WideCharToMultiByte
GetSystemInfo
ReleaseMutex
CreateMutexW
GetVolumeInformationW
GetWindowsDirectoryW
FreeResource
LockResource
LoadResource
SizeofResource
FindResourceW
OutputDebugStringA
SetPriorityClass
FindFirstFileA
FindNextFileA
ExpandEnvironmentStringsA
CreateFileA
VerSetConditionMask
GetFullPathNameW
GetCurrentDirectoryW
FreeLibraryAndExitThread
ExitThread
WriteFile
HeapAlloc
Process32FirstW
CreateToolhelp32Snapshot
DeleteFileW
CloseHandle
Sleep
OpenProcess
GetDriveTypeW
SystemTimeToFileTime
GetSystemTime
ReadConsoleA
SetConsoleMode
ConvertThreadToFiber
ConvertFiberToThread
CreateFiber
DeleteFiber
SwitchToFiber
VerifyVersionInfoA
GetSystemDirectoryA
GetModuleHandleA
PeekNamedPipe
WaitForMultipleObjects
SleepEx
FormatMessageA
VirtualFree
VirtualAlloc
GetProcAddress
FreeLibrary
WritePrivateProfileStringW
GetPrivateProfileStringW
GlobalFree
Process32NextW
SetEndOfFile
FlushFileBuffers
GetConsoleCP
SetStdHandle
SetConsoleCtrlHandler
SetEnvironmentVariableA
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineW
GetCommandLineA
GetCPInfo
GetOEMCP
IsValidCodePage
FindFirstFileExW
SetFilePointerEx
ReadConsoleW
GetConsoleMode
GetTimeZoneInformation
EnumSystemLocalesW
GetUserDefaultLCID
IsValidLocale
GetLocaleInfoW
LCMapStringW
CompareStringW
GetStringTypeW
WriteConsoleW
GetFileType
GetACP
GetStdHandle
GetModuleHandleExW
ExitProcess
LoadLibraryExW
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
RtlUnwind
EncodePointer

oleaut32

SysStringLen
SysAllocString
SysFreeString

crypt32

CertGetNameStringW
CertFreeCertificateContext
CertFindCertificateInStore
CertCloseStore
CryptMsgGetParam
CryptMsgClose
CryptQueryObject

psapi

GetModuleFileNameExW
EnumProcessModules
GetProcessImageFileNameW

wininet

InternetSetOptionW
InternetCloseHandle
InternetQueryOptionW
HttpQueryInfoW
InternetOpenW
InternetOpenUrlW
InternetReadFile

wldap32

ord35
ord143
ord46
ord211
ord60
ord50
ord41
ord22
ord26
ord27
ord32
ord33
ord301
ord79
ord30
ord200

ws2_32

WSAStartup
WSACleanup
recv
send
WSAGetLastError
__WSAFDIsSet
select
gethostname
WSASetLastError
bind
closesocket
listen
accept
sendto
recvfrom
freeaddrinfo
getaddrinfo
connect
getpeername
getsockname
getsockopt
htons
ntohs
setsockopt
socket
WSAIoctl
ioctlsocket

version

GetFileVersionInfoSizeW
GetFileVersionInfoW
VerQueryValueW

Exports

Exports

AddProtectFile
AddProtectReg
AddTrustProcess
ClearProtectFile
ClearProtectReg
ClearTrustProcess
RepairDriverServices
SHDeleteSelfProtectService
SHGetDumpPath
SHStartSelfProtectService

Sections

.text
Size: 1.8MB - Virtual size: 1.8MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 566KB - Virtual size: 566KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 21KB - Virtual size: 46KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.gfids
Size: 512B - Virtual size: 452B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.tls
Size: 512B - Virtual size: 9B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 595KB - Virtual size: 596KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

18d7268bb2f211825e89c8b79b74f19b

Headers

DLL Characteristics

File Characteristics

Imports

advapi32

ole32

shell32

shlwapi

userenv

user32

kernel32

oleaut32

crypt32

psapi

wininet

wldap32

ws2_32

version

Exports

Exports

Sections

.text Size: 1.8MB - Virtual size: 1.8MB

.rdata Size: 566KB - Virtual size: 566KB

.data Size: 21KB - Virtual size: 46KB

.gfids Size: 512B - Virtual size: 452B

.tls Size: 512B - Virtual size: 9B

.rsrc Size: 595KB - Virtual size: 596KB

.text
Size: 1.8MB - Virtual size: 1.8MB

.rdata
Size: 566KB - Virtual size: 566KB

.data
Size: 21KB - Virtual size: 46KB

.gfids
Size: 512B - Virtual size: 452B

.tls
Size: 512B - Virtual size: 9B

.rsrc
Size: 595KB - Virtual size: 596KB