a1edd3a42557ba4a0ccdad98e3692d9f

Sharing

Copy URL Twitter E-mail

General

Target

a1edd3a42557ba4a0ccdad98e3692d9f
Size

618KB
MD5

a1edd3a42557ba4a0ccdad98e3692d9f
SHA1

1f5a86c8537abcfc92945104ba47a329c170a385
SHA256

7bfe38e5fed8dfb2a385ff82385c75a4add1267d1770f86338426c46df788aa8
SHA512

1347e48f47693e27a30036e178d3327e14ac59cc33bf120ed2b001a9b09a893a33abee0601c06a13768f5d7f5248aeb5b905187c8da1dfe6d1d459e9c8dea156
SSDEEP

12288:uaZxd6lySCY41erUPvfthpsnsR7RfIXLEFeDn7mxVmoma3WIgI:u+6lfSSU3fHpsnOhYAQo3v

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
a1edd3a42557ba4a0ccdad98e3692d9f

Files

a1edd3a42557ba4a0ccdad98e3692d9f
.exe windows:4 windows x86 arch:x86

79dca16bb97e320bab275a8ad80068b9

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

ole32

StgOpenStorage
OleSetAutoConvert
CoGetPSClsid
OleRegEnumFormatEtc
OleDestroyMenuDescriptor
OleLoad
CoQueryProxyBlanket
OleCreateLink
WriteOleStg
OleConvertOLESTREAMToIStorage
CoDosDateTimeToFileTime
OleGetClipboard
DoDragDrop
OleTranslateAccelerator
CoRevertToSelf
CoGetStandardMarshal
CoLockObjectExternal
CoFreeLibrary
SetDocumentBitStg
SetConvertStg
OleRegGetMiscStatus
StgOpenAsyncDocfileOnIFillLockBytes
CoTreatAsClass
CoRevokeClassObject
CreateObjrefMoniker
OleCreateLinkToFile
CoFreeAllLibraries
CoFileTimeNow
CreateOleAdviseHolder
CoCreateInstance
CreateItemMoniker
CoRegisterPSClsid
DllDebugObjectRPCHook
CoQueryReleaseObject
CoGetClassObject
OleDuplicateData
OleCreateStaticFromData
CoInitializeSecurity
OleCreateMenuDescriptor
OleConvertIStorageToOLESTREAM
ReadClassStm
CoRegisterSurrogate
CoReleaseServerProcess
StgCreateDocfileOnILockBytes
OleCreate
ReadFmtUserTypeStg
StgCreateStorageEx
OleSetMenuDescriptor
OleCreateLinkFromData
GetConvertStg
GetHGlobalFromStream
IsAccelerator
OleQueryCreateFromData
GetRunningObjectTable
EnableHookObject
CoLoadLibrary
OleCreateDefaultHandler
CoFileTimeToDosDateTime
OleGetIconOfFile
StgOpenStorageEx
OleGetAutoConvert
CreateDataCache
CoTaskMemFree
OleConvertIStorageToOLESTREAMEx
GetHGlobalFromILockBytes
CoTaskMemAlloc
OleSetClipboard
OleCreateLinkToFileEx
StgOpenStorageOnILockBytes
OpenOrCreateStream
OleGetIconOfClass
UpdateDCOMSettings
CoGetCurrentLogicalThreadId
GetClassFile
OleUninitialize
ReadOleStg
CoCreateFreeThreadedMarshaler
WriteClassStm
CoQueryClientBlanket
OleCreateFromData
CoRevokeMallocSpy
CoRegisterChannelHook
UtConvertDvtd16toDvtd32
OleSaveToStream
StringFromIID
MkParseDisplayName
OleSave
CreateStreamOnHGlobal
CreateAntiMoniker
CoGetInterfaceAndReleaseStream
CoSuspendClassObjects
BindMoniker
PropVariantCopy
OleRegEnumVerbs
CoImpersonateClient
CoSwitchCallContext
CoRegisterMessageFilter
WriteFmtUserTypeStg
CoSetProxyBlanket
CLSIDFromProgID
OleConvertOLESTREAMToIStorageEx
MonikerCommonPrefixWith
CoRegisterClassObject
StgCreateDocfile
CoTaskMemRealloc
OleBuildVersion
CoMarshalInterThreadInterfaceInStream
OleInitialize
PropVariantClear
CoIsHandlerConnected

shlwapi

ColorHLSToRGB
SHDeleteValueA
PathIsContentTypeW
PathCompactPathW
StrCmpNIW
StrCpyNW
PathIsSameRootW
PathIsSystemFolderW
PathFindOnPathW
ChrCmpIA
PathIsSameRootA
PathParseIconLocationA
PathUnquoteSpacesW
SHGetValueW
PathIsLFNFileSpecW
PathBuildRootW
StrRChrIA
UrlHashA
PathRelativePathToA
UrlGetPartW
UrlCanonicalizeW
StrFromTimeIntervalA
SHRegGetBoolUSValueA
SHDeleteKeyW
SHRegEnumUSKeyW
PathIsContentTypeA
PathFindOnPathA
SHRegDeleteUSValueW
PathGetDriveNumberA
UrlIsNoHistoryA
PathUndecorateA
UrlIsOpaqueA
PathIsUNCServerW
SHCreateShellPalette
SHStrDupW
PathIsURLW
UrlCompareW
SHCreateStreamOnFileA
SHCreateStreamOnFileW
SHGetInverseCMAP
ChrCmpIW
SHDeleteKeyA
SHRegOpenUSKeyA
PathSkipRootA
StrRChrIW
PathMatchSpecA
PathUnquoteSpacesA
SHRegGetUSValueA
UrlUnescapeA
UrlCanonicalizeA
PathUnmakeSystemFolderW
SHStrDupA
PathIsSystemFolderA
PathFindSuffixArrayW
StrNCatW
StrTrimA
PathRemoveExtensionA
PathFileExistsW
SHDeleteValueW
PathStripPathA
PathAppendW
PathAddBackslashA
PathFindExtensionW
SHRegWriteUSValueW
PathQuoteSpacesA
PathParseIconLocationW
SHOpenRegStreamW
StrChrIW
UrlEscapeW
PathGetCharTypeW
StrChrA
PathCompactPathExA
PathCommonPrefixA
StrCmpIW
PathIsDirectoryEmptyW
PathRemoveArgsW
AssocQueryStringByKeyW
SHCopyKeyW
SHRegDeleteEmptyUSKeyW
UrlIsW
StrCatBuffW
StrChrW
SHQueryValueExW
StrNCatA
PathCreateFromUrlW
PathIsNetworkPathA
PathRenameExtensionW
SHSetValueA
PathRemoveBlanksA
SHRegSetUSValueA
PathAddExtensionA
UrlGetPartA
PathStripPathW
SHRegCreateUSKeyW
SHRegGetBoolUSValueW
PathGetCharTypeA
PathIsUNCW
PathIsUNCServerShareA
UrlCombineA
HashData
StrToIntExW
PathRemoveExtensionW
PathIsPrefixA
StrCmpNIA
PathSearchAndQualifyW
PathSearchAndQualifyA
StrSpnW
StrToIntExA
PathFindExtensionA
PathMakePrettyA
StrStrIA

advapi32

RegNotifyChangeKeyValue
CryptSetHashParam
SetServiceStatus
ObjectPrivilegeAuditAlarmW
GetMultipleTrusteeW
TrusteeAccessToObjectW
QueryServiceStatus
RegSetValueA
CryptEncrypt
AddAce
RegLoadKeyW
RegEnumKeyExW
RegFlushKey
ObjectOpenAuditAlarmW
ClearEventLogW
DeleteAce
SetAclInformation
RegDeleteValueW
RegSetValueExW
ConvertSecurityDescriptorToAccessW
OpenProcessToken
QueryServiceObjectSecurity
RegCreateKeyExW
CreateServiceA
GetExplicitEntriesFromAclW
IsValidSecurityDescriptor
OpenEventLogW
SetKernelObjectSecurity
RegisterEventSourceA
ReportEventA
SetSecurityDescriptorOwner
RegDeleteKeyA
ChangeServiceConfigW
RegQueryMultipleValuesA
SetEntriesInAclA
CryptSetProviderExW
GetTrusteeNameA
ObjectOpenAuditAlarmA
RegQueryMultipleValuesW
CryptDuplicateKey
CryptGetHashParam
ObjectDeleteAuditAlarmA
CryptSignHashA
GetNamedSecurityInfoExW
GetServiceKeyNameW
GetOldestEventLogRecord
RegEnumValueW
OpenBackupEventLogW
RegQueryInfoKeyA
LookupAccountNameA
GetAuditedPermissionsFromAclW
GetAccessPermissionsForObjectW
CloseEventLog
ImpersonateLoggedOnUser
EnumServicesStatusW
GetSecurityDescriptorSacl
SetEntriesInAccessListA
ConvertSecurityDescriptorToAccessNamedA
GetCurrentHwProfileW
RegEnumKeyA
SetNamedSecurityInfoExW
LookupPrivilegeDisplayNameA
RegisterServiceCtrlHandlerA
EnumDependentServicesA
MapGenericMask
OpenServiceA
RegReplaceKeyA
RegConnectRegistryA
ObjectCloseAuditAlarmA
RegRestoreKeyW
AddAccessDeniedAce
FindFirstFreeAce
CryptSetProviderW
SetPrivateObjectSecurity
RegOpenKeyA
CryptAcquireContextW
CryptReleaseContext
GetEffectiveRightsFromAclW
CryptDestroyKey
GetLengthSid
RegCloseKey
GetUserNameW
SetServiceObjectSecurity
SetFileSecurityW
AreAllAccessesGranted
BuildTrusteeWithNameA
QueryServiceLockStatusW
CryptGenKey
CloseServiceHandle
LookupAccountSidW
AccessCheckAndAuditAlarmW
ControlService
GetFileSecurityW
GetAccessPermissionsForObjectA
GetCurrentHwProfileA
GetNamedSecurityInfoExA
BuildImpersonateExplicitAccessWithNameW
GetFileSecurityA
LookupPrivilegeValueW
RegEnumKeyExA
DestroyPrivateObjectSecurity
SetThreadToken
RegQueryValueW
QueryServiceConfigA
ConvertAccessToSecurityDescriptorA
SetSecurityInfoExW
GetServiceDisplayNameW
RegQueryInfoKeyW
ConvertSecurityDescriptorToAccessNamedW
NotifyBootConfigStatus
MakeAbsoluteSD
BuildExplicitAccessWithNameW
PrivilegeCheck
AreAnyAccessesGranted
GetTrusteeTypeA

user32

IsDlgButtonChecked
MessageBeep
ShowCaret
DdeGetLastError
DdeCreateStringHandleA
BlockInput
EndDeferWindowPos
SetMenuDefaultItem
SendMessageCallbackA
DdeQueryNextServer
GrayStringW
SubtractRect
ToUnicodeEx
SetKeyboardState
DefDlgProcA
BroadcastSystemMessageA
GetFocus
SetActiveWindow
DrawFrame
SetPropA
CreateDesktopW
InflateRect
EnableWindow
GetGuiResources
ChildWindowFromPointEx
CreateIconFromResource
SetThreadDesktop
LoadStringA
RegisterClassExA
DdeConnect
SetScrollRange
GetWindowModuleFileNameA
OemToCharBuffA
UnhookWinEvent
ClipCursor
GetLastActivePopup
TranslateAcceleratorA
GetKeyboardLayout
GetWindowLongA
MonitorFromRect
DdeDisconnect
GetUserObjectSecurity
GetMessageW
CreateDialogIndirectParamA
BroadcastSystemMessage
IsCharLowerA
RegisterWindowMessageA
CloseClipboard
LoadKeyboardLayoutA
UnpackDDElParam
LoadImageW
GetMenuStringW
RegisterClassA
DeleteMenu
VkKeyScanExA
GetWindowTextA
InsertMenuItemW
DialogBoxParamA
MessageBoxExA
SetWindowRgn
HideCaret
GetMonitorInfoW
GetMenuItemInfoA
GetInputState
CallMsgFilterW
GetDialogBaseUnits
SwitchDesktop
TranslateMessage
CharToOemW
ReleaseCapture
GetTitleBarInfo
GetAsyncKeyState
InvertRect
CharLowerW
GetWindowThreadProcessId
GetClassInfoW
WinHelpA
FindWindowA
GetWindowDC
EndTask
FlashWindow
SetWinEventHook
EnableScrollBar
SendIMEMessageExA
LoadCursorFromFileA
CharToOemBuffW
DdeInitializeA
FindWindowExW
ChangeDisplaySettingsExW
RegisterClassExW
SetClipboardViewer
LookupIconIdFromDirectory
SetPropW
MenuItemFromPoint
LoadCursorW
GetClassInfoA
SetMenuContextHelpId
DdePostAdvise
AppendMenuW
LoadCursorA
GetMenuDefaultItem
EnumPropsExW
CreateWindowExW
LoadMenuIndirectA
DdeEnableCallback
CharUpperW
ExitWindowsEx
CheckDlgButton
GetSysColor
GetDlgItem
RegisterClipboardFormatW
WINNLSGetEnableStatus
ValidateRect
SendIMEMessageExW
CheckMenuRadioItem
ShowWindow
UnregisterHotKey
LoadMenuIndirectW
WINNLSGetIMEHotkey
GetClassNameA
GetAltTabInfo
GetWindowTextW
SetMenuItemInfoA
GetMenuItemID

kernel32

SetThreadExecutionState
DeleteFileW
LCMapStringW
SetLocaleInfoA
GetConsoleOutputCP
GetEnvironmentStringsW
SetThreadIdealProcessor
FindResourceExA
GetPrivateProfileIntW
GetStartupInfoA
SetTapePosition
EraseTape
lstrcpy
SetThreadPriority
VirtualAllocEx
SetDefaultCommConfigA
lstrcpyA
GetCurrentDirectoryW
EnumDateFormatsExA
OpenMutexW
SetProcessShutdownParameters
SetComputerNameA
GetProcessShutdownParameters
WriteConsoleInputA
OpenSemaphoreA
CreateRemoteThread
ReleaseSemaphore
GetProcessHeaps
VirtualAlloc
PrepareTape
GetComputerNameW
GetVersionExA
FindFirstFileA
GetModuleHandleA
FileTimeToLocalFileTime
GetProfileIntW
GetMailslotInfo
CopyFileExA
GlobalGetAtomNameA
GetDateFormatW
DefineDosDeviceW
GetConsoleCP
GetThreadContext
GetACP
GetDiskFreeSpaceA
CreateEventW
FoldStringA
Heap32ListFirst
GlobalUnfix
HeapValidate
TlsAlloc
ClearCommBreak
SetCalendarInfoW
ReadConsoleOutputA
VirtualProtect
GlobalSize
VirtualProtectEx
FatalExit
ReadFileEx
ScrollConsoleScreenBufferW
SetProcessPriorityBoost
SetTapeParameters
OpenSemaphoreW
GetThreadTimes
TerminateProcess
FreeLibraryAndExitThread
GetTempFileNameA
ReadFile
CreateFiber
CreateMutexA
GetWriteWatch
CreateFileW
WaitForMultipleObjects
CallNamedPipeW
DebugBreak
CommConfigDialogA
FindResourceA
lstrlenW
GetNumberOfConsoleInputEvents
GetThreadPriority
GetCalendarInfoA
SetConsoleCtrlHandler
QueryDosDeviceA
IsSystemResumeAutomatic
ReadFileScatter
LCMapStringA
GetOverlappedResult
GetNamedPipeHandleStateW
lstrcpynA
GetPrivateProfileStringW
MulDiv
lstrlenA
FreeLibrary
GetWindowsDirectoryA
HeapDestroy
GetLargestConsoleWindowSize
ReadConsoleOutputCharacterA
GetPrivateProfileIntA
EnumDateFormatsW
ResetWriteWatch
DeleteFileA
GetFileType
EnumResourceNamesW
VerLanguageNameW
FindFirstFileExW
WriteFile
PeekConsoleInputW
SetCurrentDirectoryA
GetCommandLineA
lstrcmp
SwitchToFiber
GetEnvironmentStringsA
HeapCompact
GetDefaultCommConfigW
CallNamedPipeA
GetCommandLineW
ResumeThread
SetHandleCount
GlobalGetAtomNameW
CreateNamedPipeA
WritePrivateProfileStringA
BackupWrite
OpenFileMappingA
CreateIoCompletionPort
GetProfileStringA
lstrcatA
GetConsoleScreenBufferInfo

Sections

.text
Size: 68KB - Virtual size: 68KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 16KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 200B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

79dca16bb97e320bab275a8ad80068b9

Headers

DLL Characteristics

File Characteristics

Imports

ole32

shlwapi

advapi32

user32

kernel32

Sections

.text Size: 68KB - Virtual size: 68KB

.rdata Size: 16KB - Virtual size: 16KB

.data Size: 512B - Virtual size: 200B

.text
Size: 68KB - Virtual size: 68KB

.rdata
Size: 16KB - Virtual size: 16KB

.data
Size: 512B - Virtual size: 200B