1ad92ebe34451de8e48cecae37a15616bfce48621d2dc6a674edda6d93fe8090

Sharing

Copy URL Twitter E-mail

General

Target

1ad92ebe34451de8e48cecae37a15616bfce48621d2dc6a674edda6d93fe8090
Size

2.0MB
MD5

c629a4b33037f2accbd24a429fee3bb5
SHA1

63757d60857c3d25a65fb5d9bdad16e11e5fad4d
SHA256

1ad92ebe34451de8e48cecae37a15616bfce48621d2dc6a674edda6d93fe8090
SHA512

fce2fe6c2c95297cd9f113f5b3936ecff42a1881f425ec3c332db4819c5e083a1f85b2ced27c474d9116456a6cdf35f74b3410b6608c4d3954a79eeb5aa8bb78
SSDEEP

49152:tfB7KV5Yj9nixTSxLBsCxEYEbTNsQuKSfW7FO+rYc:1ZKV5Yj9nixusDkeOx

Score

9^/10

oss_ak

Malware Config

Signatures

detect oss ak 1 IoCs

oss ak information detected.

oss_ak

resource	yara_rule
sample	detect_ak_stuff

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
1ad92ebe34451de8e48cecae37a15616bfce48621d2dc6a674edda6d93fe8090

Files

1ad92ebe34451de8e48cecae37a15616bfce48621d2dc6a674edda6d93fe8090
.exe windows:5 windows x86 arch:x86

03823a083bb66cc826f9f248a4eacd88

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

libapr-1

_apr_time_exp_lt@12
_apr_time_now@0
_apr_os_thread_current@0
_apr_pstrdup@8
_apr_table_elts@4
_apr_table_addn@12
_apr_is_empty_table@4
_apr_time_exp_gmt@12
_apr_pool_destroy@4
_apr_strnatcasecmp@8
_apr_strnatcmp@8
_apr_pstrndup@12
_apr_array_make@12
_apr_array_push@4
_apr_array_pop@4
_apr_table_make@8
_apr_table_get@8
_apr_palloc@8
_apr_pool_create_ex@16
_apr_thread_mutex_unlock@4
_apr_thread_mutex_lock@4
_apr_thread_mutex_destroy@4
_apr_file_write@12
_apr_initialize@0
_apr_thread_mutex_create@12
_apr_strerror@12
_apr_file_close@4
apr_terminate
apr_snprintf
apr_psprintf
_apr_table_set@12
_apr_table_add@12

ws2_32

inet_addr

setupapi

SetupDiClassGuidsFromNameW
SetupDiDestroyDeviceInfoList
SetupDiEnumDeviceInfo
SetupDiOpenDevRegKey
SetupDiGetClassDevsW
SetupDiEnumDeviceInterfaces
SetupDiGetDeviceInterfaceDetailW
SetupDiGetDeviceRegistryPropertyW

hid

HidD_GetProductString
HidD_GetAttributes
HidD_GetHidGuid

kernel32

GetFileAttributesW
GetFileSizeEx
GetFileTime
InitializeCriticalSection
DeleteCriticalSection
EnterCriticalSection
LeaveCriticalSection
LocalAlloc
TlsGetValue
GlobalReAlloc
GlobalHandle
TlsAlloc
TlsSetValue
LocalReAlloc
TlsFree
InterlockedIncrement
GlobalFlags
SetFilePointer
FlushFileBuffers
LockFile
UnlockFile
SetEndOfFile
GetFileSize
DuplicateHandle
GetCurrentProcess
GetVolumeInformationW
CompareStringW
lstrlenA
SetErrorMode
GetStartupInfoW
ExitThread
CreateThread
GetSystemTimeAsFileTime
HeapFree
HeapAlloc
WriteConsoleW
GetFileType
GetStdHandle
RaiseException
RtlUnwind
ExitProcess
HeapReAlloc
HeapSize
SetStdHandle
SetUnhandledExceptionFilter
GetModuleFileNameA
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineW
SetHandleCount
GetStartupInfoA
HeapCreate
VirtualFree
QueryPerformanceCounter
GetTickCount
TerminateProcess
UnhandledExceptionFilter
IsDebuggerPresent
GetTimeZoneInformation
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
GetConsoleCP
GetConsoleMode
VirtualAlloc
GetTimeFormatA
GetDateFormatA
InitializeCriticalSectionAndSpinCount
LCMapStringA
GetStringTypeA
GetStringTypeW
GetLocaleInfoA
WriteConsoleA
GetConsoleOutputCP
GetProcessHeap
CreateFileA
SetEnvironmentVariableA
LoadLibraryA
GetVersionExA
InterlockedDecrement
GetModuleHandleA
FreeResource
WritePrivateProfileStringW
GlobalAddAtomW
GetCurrentProcessId
GlobalDeleteAtom
GetCurrentThread
GetCurrentThreadId
ConvertDefaultLocale
EnumResourceLanguagesW
GetModuleFileNameW
lstrcmpA
GetLocaleInfoW
LoadLibraryW
CompareStringA
InterlockedExchange
lstrcmpW
FreeLibrary
GetModuleHandleW
GetProcAddress
GlobalFree
GlobalAlloc
FormatMessageW
LocalFree
lstrlenW
MulDiv
SetLastError
CancelIo
SetEvent
WaitForSingleObject
CreateEventW
ResetEvent
GetOverlappedResult
CreateFileW
ReadFile
WriteFile
WideCharToMultiByte
CloseHandle
LockResource
GetExitCodeThread
GlobalUnlock
MultiByteToWideChar
SizeofResource
Sleep
GlobalLock
LoadResource
FindResourceW
WTSGetActiveConsoleSessionId
GetLastError
CreateMutexW
FindFirstFileW
FindClose
FileTimeToLocalFileTime
FileTimeToSystemTime
GlobalFindAtomW
LCMapStringW
GetVersionExW
GetFullPathNameW

user32

CharUpperW
UnregisterClassW
GetClassLongW
GetClassNameW
SetPropW
GetPropW
RemovePropW
GetForegroundWindow
GetTopWindow
GetMessageTime
GetMessagePos
MapWindowPoints
SetMenu
SetForegroundWindow
UpdateWindow
CreateWindowExW
GetClassInfoExW
GetClassInfoW
RegisterClassW
AdjustWindowRectEx
PtInRect
GetDlgCtrlID
DefWindowProcW
CallWindowProcW
GetMenu
SetWindowLongW
SetWindowPos
SystemParametersInfoA
GetWindowPlacement
DestroyMenu
CopyRect
GetSysColor
EndPaint
BeginPaint
ReleaseDC
GetDC
ClientToScreen
GrayStringW
DrawTextExW
DrawTextW
TabbedTextOutW
GetWindowTextW
GetWindow
SetFocus
GetDesktopWindow
SetActiveWindow
CreateDialogIndirectParamW
IsWindow
GetDlgItem
GetNextDlgTabItem
EndDialog
SetWindowsHookExW
CallNextHookEx
GetMessageW
GetActiveWindow
IsWindowVisible
GetKeyState
GetCursorPos
ValidateRect
GetWindowThreadProcessId
GetWindowLongW
GetLastActivePopup
IsWindowEnabled
MessageBoxW
SetCursor
PostMessageW
PostQuitMessage
GetWindowRect
SetMenuItemBitmaps
GetMenuCheckMarkDimensions
LoadBitmapW
GetFocus
GetParent
ModifyMenuW
EnableMenuItem
CheckMenuItem
GetMenuState
GetMenuItemID
GetMenuItemCount
GetSubMenu
LoadCursorW
GetSysColorBrush
ShowWindow
SetWindowTextW
IsDialogMessageW
IsDlgButtonChecked
CloseClipboard
GetSystemMenu
IsIconic
DrawIcon
GetClientRect
TranslateMessage
LoadIconW
AppendMenuW
GetClipboardData
PeekMessageW
OpenClipboard
GetSystemMetrics
SendMessageW
EnableWindow
DispatchMessageW
CheckRadioButton
RegisterWindowMessageW
SendDlgItemMessageW
SendDlgItemMessageA
WinHelpW
UnhookWindowsHookEx
GetCapture
DestroyWindow

gdi32

SetMapMode
GetClipBox
SetWindowExtEx
ScaleWindowExtEx
DeleteDC
GetStockObject
SetViewportOrgEx
SetTextColor
SelectObject
Escape
ExtTextOutW
TextOutW
SetBkColor
RestoreDC
ScaleViewportExtEx
SetViewportExtEx
SaveDC
CreateBitmap
GetDeviceCaps
RectVisible
PtVisible
GetObjectW
DeleteObject
OffsetViewportOrgEx

comdlg32

GetFileTitleW

winspool.drv

OpenPrinterW
DocumentPropertiesW
ClosePrinter

advapi32

RegSetValueExW
RegCreateKeyExW
RegQueryValueW
RegOpenKeyW
RegEnumKeyW
RegDeleteKeyW
RegOpenKeyExW
RegCloseKey
RegQueryValueExW

shlwapi

PathFindExtensionW
UrlUnescapeW
PathStripToRootW
PathIsUNCW
PathFindFileNameW

oleaut32

VariantChangeType
VariantClear
VariantInit

wtsapi32

WTSSendMessageW

iphlpapi

GetAdaptersInfo

wininet

InternetOpenUrlW
InternetReadFile
InternetWriteFile
InternetSetFilePointer
InternetSetStatusCallbackW
InternetOpenW
InternetGetLastResponseInfoW
InternetCloseHandle
InternetQueryDataAvailable
InternetQueryOptionW
InternetCanonicalizeUrlW
InternetCrackUrlW

libaprutil-1

_apr_sha1_update@12
_apr_sha1_init@4
_apr_sha1_final@8

libcurl

curl_easy_getinfo
curl_easy_perform
curl_easy_setopt
curl_slist_append
curl_easy_reset
curl_easy_init
curl_global_init
curl_easy_cleanup
curl_easy_strerror
curl_slist_free_all

mxml1

mxmlLoadString
mxmlFindElement
mxmlDelete
mxml_opaque_cb

Exports

Exports

hid

Sections

.text
Size: 212KB - Virtual size: 212KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 58KB - Virtual size: 58KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1.7MB - Virtual size: 1.7MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 35KB - Virtual size: 34KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 38KB - Virtual size: 37KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

03823a083bb66cc826f9f248a4eacd88

Headers

DLL Characteristics

File Characteristics

Imports

libapr-1

ws2_32

setupapi

hid

kernel32

user32

gdi32

comdlg32

winspool.drv

advapi32

shlwapi

oleaut32

wtsapi32

iphlpapi

wininet

libaprutil-1

libcurl

mxml1

Exports

Exports

Sections

.text Size: 212KB - Virtual size: 212KB

.rdata Size: 58KB - Virtual size: 58KB

.data Size: 1.7MB - Virtual size: 1.7MB

.rsrc Size: 35KB - Virtual size: 34KB

.reloc Size: 38KB - Virtual size: 37KB

.text
Size: 212KB - Virtual size: 212KB

.rdata
Size: 58KB - Virtual size: 58KB

.data
Size: 1.7MB - Virtual size: 1.7MB

.rsrc
Size: 35KB - Virtual size: 34KB

.reloc
Size: 38KB - Virtual size: 37KB