a07c52dc90ed71800187b9a096270d0e

Sharing

Copy URL Twitter E-mail

General

Target

a07c52dc90ed71800187b9a096270d0e
Size

592KB
MD5

a07c52dc90ed71800187b9a096270d0e
SHA1

a44dd3baea934ffcb43556252b6ea4d036747c97
SHA256

d709a6927f75d8fe0206a37eba5ed45ce6b06c71562288d7de4cba96b1a36eb5
SHA512

919fcb076b2419189926e8471c8e5b96b7d714912c7f9784f0721b77814ff1200b48a3c39f83527f27cde248c4fbfaa42818fcd0a43f42a2c4df735353c62e0a
SSDEEP

12288:FUgKb4sIDgm8GCL16NKRlNKZVhoYt3GiutPVZIeASWqnhvk:FUgMbIDgm4LUy6oEsZtA9qnh8

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
a07c52dc90ed71800187b9a096270d0e

Files

a07c52dc90ed71800187b9a096270d0e
.exe windows:4 windows x86 arch:x86

1b48bcfd5c3685f19cf7fd8c9469fe0a

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

PDB Paths

c:\ywtel\aot\ederp.pdb

Imports

comdlg32

FindTextA
GetFileTitleA
ReplaceTextW
PrintDlgW

advapi32

LookupAccountSidW
RegEnumKeyExW
CryptDecrypt
LookupPrivilegeValueA
CryptVerifySignatureW
CreateServiceA
LogonUserA
CryptAcquireContextW
InitiateSystemShutdownA
InitializeSecurityDescriptor
RegQueryValueExW
CryptGetProvParam
RegCloseKey
RegOpenKeyW
CryptEnumProvidersW

gdi32

EndPage
EnumFontFamiliesExW
RectVisible
SetArcDirection
GetCharWidthFloatW
SetWorldTransform
GetViewportOrgEx
LPtoDP
PolyDraw
SetBoundsRect
CreateFontIndirectA
GetStretchBltMode
SetROP2
RealizePalette
SetICMMode
ExtSelectClipRgn
CreateDiscardableBitmap
RectInRegion
EnableEUDC
GetClipBox
CreateRoundRectRgn
GetRasterizerCaps
CreateEnhMetaFileW

comctl32

InitCommonControlsEx

kernel32

HeapAlloc
AddAtomW
ExitProcess
OutputDebugStringA
GetCommandLineA
IsBadWritePtr
OpenMutexA
IsValidLocale
VirtualQuery
FreeEnvironmentStringsA
TlsGetValue
SetConsoleCtrlHandler
GetOEMCP
FreeEnvironmentStringsW
InterlockedExchange
TlsFree
LCMapStringA
CreateToolhelp32Snapshot
FileTimeToDosDateTime
GetFileType
QueryPerformanceCounter
TlsSetValue
CreateMutexA
DeleteFileW
GetLocaleInfoA
GetStartupInfoW
HeapReAlloc
VirtualFree
GetStringTypeA
GetSystemInfo
GetDiskFreeSpaceExW
GetCurrentThreadId
GetCurrentThread
GetPrivateProfileStructW
ReadFile
ExitThread
GetConsoleTitleW
GetLastError
GetModuleHandleA
VirtualProtect
WideCharToMultiByte
CloseHandle
EnterCriticalSection
InterlockedIncrement
UnhandledExceptionFilter
GetModuleFileNameA
GetEnvironmentStrings
GetCurrentProcess
InitializeCriticalSection
GetSystemTimeAsFileTime
SetFileAttributesA
SetFilePointer
RtlUnwind
GlobalHandle
GetEnvironmentStringsW
HeapFree
CreateRemoteThread
GetCommandLineW
WriteFile
DeleteCriticalSection
GetStringTypeW
GetShortPathNameW
GetTickCount
GetCurrentProcessId
LeaveCriticalSection
HeapValidate
CompareStringW
GetUserDefaultLCID
FlushFileBuffers
CreateFileMappingA
GetACP
MultiByteToWideChar
EnumDateFormatsExW
TerminateProcess
GetCPInfo
LCMapStringW
SetEnvironmentVariableA
DebugBreak
SetStdHandle
InterlockedDecrement
GetLogicalDriveStringsA
GetTimeFormatA
GetVersionExA
IsValidCodePage
EnumSystemLocalesA
SetLastError
GetDateFormatA
IsBadReadPtr
EnumCalendarInfoW
TlsAlloc
HeapCreate
GetStartupInfoA
GetLocaleInfoW
GetModuleFileNameW
GetStdHandle
GetTimeZoneInformation
GetProcAddress
OutputDebugStringW
CompareStringA
VirtualAlloc
LoadLibraryA
HeapDestroy
OpenFileMappingA
SetHandleCount

user32

GetMenuItemInfoA
ClientToScreen
SetWindowPos
RegisterClassExA
CharUpperBuffA
wvsprintfA
SetMessageQueue
RegisterDeviceNotificationW
GetClassNameA
DrawTextExA
SetUserObjectInformationW
RegisterClassA

wininet

GetUrlCacheEntryInfoExW
InternetSetOptionW
HttpAddRequestHeadersA

Sections

.text
Size: 432KB - Virtual size: 431KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 34KB - Virtual size: 40KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 108KB - Virtual size: 108KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 16KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

1b48bcfd5c3685f19cf7fd8c9469fe0a

Headers

File Characteristics

PDB Paths

Imports

comdlg32

advapi32

gdi32

comctl32

kernel32

user32

wininet

Sections

.text Size: 432KB - Virtual size: 431KB

.rdata Size: 34KB - Virtual size: 40KB

.data Size: 108KB - Virtual size: 108KB

.rsrc Size: 16KB - Virtual size: 16KB

.text
Size: 432KB - Virtual size: 431KB

.rdata
Size: 34KB - Virtual size: 40KB

.data
Size: 108KB - Virtual size: 108KB

.rsrc
Size: 16KB - Virtual size: 16KB