aa51a4747e577fcd7605a399d0bf903b

Sharing

Copy URL Twitter E-mail

General

Target

aa51a4747e577fcd7605a399d0bf903b
Size

14.0MB
MD5

aa51a4747e577fcd7605a399d0bf903b
SHA1

ffa52ed4e96083f1608bc571ba463ff5297c01a7
SHA256

0847975c93592851d701d9a6315b428a067a6e34959941c63cb3f5072ec2083e
SHA512

c31f46a9ad7382b0887f918034b20e2de2789d01dd11065c278d1f5a6bea039363a1382a57509d3a81b27e04ba27b8187b6e72fe27e29bc24a0f291bf871763f
SSDEEP

393216:wqoy9H+91hQ3vRAX2n1Gs+3ZrEY6/GElF55lGw6S0I9IYU/o:R+dYU/o

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
aa51a4747e577fcd7605a399d0bf903b

Files

aa51a4747e577fcd7605a399d0bf903b
.exe windows:6 windows x86 arch:x86

843a4b24cd35c08def44d3520c9963bb

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

D:\build\d3e1226cb5a050d3\build\build_UTIL\bin\cleaner-util-debug.pdb

Imports

kernel32

GetSystemTime
SystemTimeToFileTime
LockFileEx
UnlockFile
HeapCompact
GetSystemInfo
DeleteFileA
WaitForSingleObjectEx
LoadLibraryA
CreateFileA
FlushViewOfFile
GetFileAttributesA
GetDiskFreeSpaceA
GetTempPathA
HeapValidate
UnlockFileEx
SetEndOfFile
GetFullPathNameA
LockFile
OutputDebugStringA
GetDiskFreeSpaceW
HeapCreate
AreFileApisANSI
InitializeCriticalSection
TryEnterCriticalSection
GetSystemFirmwareTable
QueryDosDeviceW
TerminateProcess
VirtualAlloc
VirtualFree
ReadProcessMemory
CreateToolhelp32Snapshot
Process32FirstW
Process32NextW
SetEnvironmentVariableW
GetDriveTypeW
GetLogicalDrives
GetWindowsDirectoryW
GetNativeSystemInfo
IsWow64Process
DeviceIoControl
ResumeThread
FreeResource
VerSetConditionMask
lstrcpynW
VerifyVersionInfoW
FindFirstFileA
FindNextFileA
lstrcmpiA
GetCurrentDirectoryW
LocalFileTimeToFileTime
SetFileTime
GetFileInformationByHandle
GetLocalTime
CreateEventW
ResetEvent
SetEvent
GetCommandLineW
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineA
GetOEMCP
GetACP
IsValidCodePage
CreatePipe
SetStdHandle
ReadConsoleW
GetConsoleMode
GetTickCount
EnumSystemLocalesW
GetUserDefaultLCID
FormatMessageA
GetTimeFormatW
LocalAlloc
GetTimeZoneInformation
SetConsoleCtrlHandler
HeapQueryInformation
ExitThread
ExitProcess
WriteConsoleW
GetFileType
GetStdHandle
RtlUnwind
WaitForMultipleObjectsEx
UnregisterWaitEx
QueryDepthSList
InterlockedFlushSList
SetProcessAffinityMask
VirtualProtect
FreeLibraryAndExitThread
GetThreadTimes
UnregisterWait
RegisterWaitForSingleObject
SetThreadAffinityMask
GetProcessAffinityMask
GetNumaHighestNodeNumber
ChangeTimerQueueTimer
GetLogicalProcessorInformation
GetThreadPriority
SetThreadPriority
CreateThread
SignalObjectAndWait
CreateTimerQueue
GetProcessTimes
CreateSemaphoreW
ReleaseSemaphore
GetModuleHandleA
GetModuleFileNameA
CreateFileMappingA
GetFileSizeEx
GetStartupInfoW
UnhandledExceptionFilter
LCMapStringW
CompareStringW
GetCPInfo
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
InitializeCriticalSectionAndSpinCount
CreateDirectoryExW
CreateHardLinkW
SetFilePointerEx
GetDiskFreeSpaceExW
FindFirstFileExW
RtlCaptureStackBackTrace
GetModuleHandleExW
QueueUserWorkItem
GetExitCodeThread
SwitchToThread
DuplicateHandle
QueryPerformanceFrequency
GetStringTypeW
LoadLibraryExA
IsProcessorFeaturePresent
FlushInstructionCache
InterlockedPushEntrySList
InterlockedPopEntrySList
InitializeSListHead
EncodePointer
IsDebuggerPresent
Sleep
WideCharToMultiByte
IsValidLocale
ReadDirectoryChangesW
GetComputerNameW
GetSystemDirectoryW
GetVolumeInformationW
DeleteTimerQueueTimer
CreateTimerQueueTimer
TerminateThread
WTSGetActiveConsoleSessionId
lstrcmpW
FormatMessageW
MultiByteToWideChar
OutputDebugStringW
FlushFileBuffers
GetPrivateProfileSectionNamesW
WritePrivateProfileStringW
MulDiv
GlobalHandle
SetCurrentDirectoryW
CreateNamedPipeW
DisconnectNamedPipe
ConnectNamedPipe
UnmapViewOfFile
MapViewOfFile
CreateFileMappingW
VirtualQuery
GetCurrentThread
lstrcmpiW
LoadLibraryW
LoadLibraryExW
FreeLibrary
GetPhysicallyInstalledSystemMemory
GetCurrentThreadId
GetCurrentProcessId
CreateMutexW
GetDateFormatW
QueryPerformanceCounter
GetPrivateProfileStringW
MoveFileExW
MoveFileW
CopyFileW
lstrlenW
SetFileAttributesW
RemoveDirectoryW
GetFullPathNameW
GetFileAttributesW
FindNextFileW
FindFirstFileW
FindClose
GetFileTime
SetUnhandledExceptionFilter
GetLocaleInfoW
LocalFree
GlobalFree
GlobalLock
GlobalUnlock
GlobalAlloc
FindResourceW
SizeofResource
LockResource
LoadResource
GetModuleFileNameW
FindResourceExW
GetVersionExW
OpenProcess
GetCurrentProcess
GetTempPathW
GetTempFileNameW
DeleteFileW
GetLongPathNameW
WaitForMultipleObjects
GetProcAddress
GetModuleHandleW
WriteFile
SetFilePointer
ReadFile
GetFileSize
CreateFileW
GetSystemTimeAsFileTime
CreateDirectoryW
lstrcpyW
CreateProcessW
GetExitCodeProcess
WaitForSingleObject
CloseHandle
FileTimeToSystemTime
SystemTimeToTzSpecificLocalTime
GetFileAttributesExW
DeleteCriticalSection
InitializeCriticalSectionEx
LeaveCriticalSection
EnterCriticalSection
GetProcessHeap
HeapSize
HeapFree
HeapReAlloc
HeapAlloc
HeapDestroy
SetLastError
GetLastError
RaiseException
GetConsoleCP
DecodePointer

user32

OpenClipboard
CloseClipboard
GetWindow
ExitWindowsEx
GetTopWindow
GetClassNameW
PostMessageW
UnregisterClassW
GetWindowThreadProcessId
LoadStringW
SendMessageW
GetCursorPos
FindWindowA
CreateDialogIndirectParamW
MonitorFromPoint
GetWindowDC
SetActiveWindow
TrackPopupMenu
GetSubMenu
DestroyMenu
RegisterClassW
SetTimer
SetClipboardData
EmptyClipboard
GetMessageW
TranslateMessage
DispatchMessageW
PeekMessageW
PostThreadMessageW
PostQuitMessage
DestroyWindow
ShowWindow
BringWindowToTop
CreateDialogParamW
DialogBoxParamW
CharNextW
GetActiveWindow
GetKeyState
GetSystemMetrics
GetForegroundWindow
SetForegroundWindow
GetClientRect
GetWindowLongW
SetWindowLongW
IsWindow
IsWindowVisible
SwitchToThisWindow
GetDesktopWindow
MessageBoxW
RegisterWindowMessageW
DefWindowProcW
CallWindowProcW
RegisterClassExW
GetClassInfoExW
CreateWindowExW
IsChild
MoveWindow
SetWindowPos
DialogBoxIndirectParamW
GetDlgItem
SetFocus
GetFocus
SetCapture
ReleaseCapture
CreateAcceleratorTableW
DestroyAcceleratorTable
GetDC
ReleaseDC
BeginPaint
EndPaint
InvalidateRect
InvalidateRgn
RedrawWindow
SetWindowTextW
GetWindowTextW
GetWindowTextLengthW
ClientToScreen
ScreenToClient
GetSysColor
FillRect
GetParent
LoadCursorW
EndDialog
wsprintfW
GetWindowRect
MapWindowPoints
MonitorFromWindow
GetMonitorInfoW
SetWindowContextHelpId
LoadImageW
MapDialogRect
SendDlgItemMessageW
SetParent
UpdateWindow
LoadIconW
IsMenu
LoadMenuW
FindWindowW
GetClassLongW
SetCursor
EnableWindow
GetDlgCtrlID
KillTimer

gdi32

CreateSolidBrush
CreateCompatibleBitmap
BitBlt
DeleteObject
GetObjectW
GetDeviceCaps
CreateDIBSection
SelectObject
CreateCompatibleDC
AddFontResourceW
DeleteDC
GetStockObject
CreateFontIndirectW
DPtoLP
SetBkMode
SetTextColor
GetTextExtentPoint32W
SetBkColor
SetDIBColorTable
ExtTextOutW

shell32

CommandLineToArgvW
ShellExecuteExW
SHFileOperationW
SHGetFolderPathW
SHGetMalloc
SHGetDesktopFolder
Shell_NotifyIconW
ShellExecuteW

ole32

OleUninitialize
OleLockRunning
CoSetProxyBlanket
StringFromGUID2
OleRun
CoInitializeSecurity
CoInitializeEx
StringFromCLSID
CoCreateGuid
CoTaskMemFree
CoUninitialize
CoCreateInstance
CoInitialize
CreateStreamOnHGlobal
CoTaskMemAlloc
CoTaskMemRealloc
CoGetClassObject
CLSIDFromString
CLSIDFromProgID
OleInitialize

oleaut32

VariantChangeType
OleCreateFontIndirect
LoadRegTypeLi
LoadTypeLi
VariantClear
SysAllocStringByteLen
SysStringByteLen
SysAllocStringLen
SysAllocString
VarUI4FromStr
SysFreeString
VariantInit
DispCallFunc
GetErrorInfo
SetErrorInfo
CreateErrorInfo
SysStringLen
VariantCopy

advapi32

RegCreateKeyExW
AddAce
RegSetValueExW
RegOpenKeyExW
LookupPrivilegeValueW
GetTokenInformation
DuplicateTokenEx
AdjustTokenPrivileges
OpenProcessToken
RegCloseKey
CryptDestroyHash
CryptHashData
CryptCreateHash
CryptGetHashParam
CryptReleaseContext
CryptAcquireContextW
MapGenericMask
GetFileSecurityW
AccessCheck
RegDeleteKeyW
GetLengthSid
GetSidLengthRequired
GetSidSubAuthority
InitializeAcl
InitializeSid
IsValidSid
SetNamedSecurityInfoW
ChangeServiceConfigW
ChangeServiceConfig2W
CloseServiceHandle
ControlService
CreateServiceW
DeleteService
OpenSCManagerW
OpenServiceW
RegDeleteValueW
RegEnumKeyExW
RegQueryInfoKeyW
ConvertSidToStringSidW
RegQueryValueExW
CreateProcessAsUserW
ImpersonateLoggedOnUser
SetTokenInformation
RegisterServiceCtrlHandlerW
SetServiceStatus
StartServiceCtrlDispatcherW
LookupAccountNameW
SystemFunction036
GetAclInformation
GetSecurityDescriptorControl
GetSecurityDescriptorDacl
GetSecurityDescriptorGroup
GetSecurityDescriptorOwner
GetSecurityDescriptorSacl
InitializeSecurityDescriptor
MakeAbsoluteSD
SetSecurityDescriptorDacl
RegEnumValueW
SetSecurityInfo
GetAce
GetNamedSecurityInfoW
EnumServicesStatusExW
QueryServiceConfigW
QueryServiceConfig2W
FreeSid
ConvertStringSidToSidW
RegEnumKeyA
RegOpenKeyExA
RegQueryValueExA
EnumServicesStatusW
QueryServiceStatusEx
StartServiceW
CopySid
EnumDependentServicesW
QueryServiceStatus
EqualSid
LookupAccountSidW

comctl32

_TrackMouseEvent
InitCommonControlsEx

uxtheme

SetWindowTheme

gdiplus

GdipAlloc
GdipFree
GdiplusStartup
GdipCloneImage
GdipDisposeImage
GdipGetImageGraphicsContext
GdipGetImageWidth
GdipGetImageHeight
GdipGetImagePixelFormat
GdipStartPathFigure
GdipGetImagePalette
GdipSetStringFormatTrimming
GdipSetStringFormatLineAlign
GdipSetStringFormatAlign
GdipSetStringFormatFlags
GdipDeleteStringFormat
GdipCreateStringFormat
GdipMeasureString
GdipDrawString
GdipGetFontSize
GdipGetFontStyle
GdipGetFamily
GdipDeleteFont
GdipCreateFont
GdipGetFamilyName
GdipGetGenericFontFamilySansSerif
GdipDeleteFontFamily
GdipCreateFontFamilyFromName
GdipFillPath
GdipFillRectangleI
GdipGraphicsClear
GdipDrawPath
GdipDrawRectangleI
GdipSetSmoothingMode
GdipCreateBitmapFromGraphics
GdipLoadImageFromStream
GdipSetPenColor
GdipDeletePen
GdipCreatePen1
GdipCreateLineBrushFromRectI
GdipSetSolidFillColor
GdipCreateSolidFill
GdipDeleteBrush
GdipCloneBrush
GdipAddPathArcI
GdipClosePathFigure
GdipGetImagePaletteSize
GdipDeletePath
GdipCreatePath
GdipDrawImageRectI
GdipCreateFromHDC
GdipGetPropertyItem
GdipGetPropertyItemSize
GdipImageSelectActiveFrame
GdipImageGetFrameCount
GdipImageGetFrameDimensionsList
GdipImageGetFrameDimensionsCount
GdipLoadImageFromFileICM
GdipLoadImageFromStreamICM
GdipLoadImageFromFile
GdipDrawImageI
GdipDeleteGraphics
GdipBitmapUnlockBits
GdipBitmapLockBits
GdipCreateBitmapFromScan0
GdipCreateBitmapFromStreamICM
GdipCreateBitmapFromStream
GdiplusShutdown

version

GetFileVersionInfoSizeW
VerQueryValueW
GetFileVersionInfoW

wininet

InternetGetCookieW
InternetSetCookieW

userenv

CreateEnvironmentBlock
UnloadUserProfile

dbghelp

SymFunctionTableAccess64
SymGetModuleBase64
SymInitialize
ImageNtHeader
SymCleanup
MakeSureDirectoryPathExists
SymGetOptions
SymSetOptions
StackWalk64

rpcrt4

UuidToStringW
UuidCreate
RpcStringFreeW

crypt32

CryptMsgClose
CryptMsgGetParam
CertCloseStore
CryptQueryObject

imagehlp

UnMapAndLoad
MapAndLoad

winhttp

WinHttpSetTimeouts
WinHttpSetOption
WinHttpWriteData
WinHttpAddRequestHeaders
WinHttpCrackUrl
WinHttpSendRequest
WinHttpReceiveResponse
WinHttpOpenRequest
WinHttpQueryHeaders
WinHttpSetStatusCallback
WinHttpOpen
WinHttpCloseHandle
WinHttpConnect
WinHttpReadData

ws2_32

socket
send
recv
inet_addr
htons
WSAStartup
inet_ntoa
gethostbyname
connect
closesocket

iphlpapi

GetAdaptersInfo

psapi

GetDeviceDriverBaseNameW
EnumDeviceDrivers
GetProcessImageFileNameW

mpr

WNetGetProviderNameA

shlwapi

PathFileExistsW

Sections

.text
Size: 8.1MB - Virtual size: 8.1MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4.7MB - Virtual size: 4.7MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 101KB - Virtual size: 131KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 809KB - Virtual size: 809KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 295KB - Virtual size: 295KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

843a4b24cd35c08def44d3520c9963bb

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

user32

gdi32

shell32

ole32

oleaut32

advapi32

comctl32

uxtheme

gdiplus

version

wininet

userenv

dbghelp

rpcrt4

crypt32

imagehlp

winhttp

ws2_32

iphlpapi

psapi

mpr

shlwapi

Sections

.text Size: 8.1MB - Virtual size: 8.1MB

.rdata Size: 4.7MB - Virtual size: 4.7MB

.data Size: 101KB - Virtual size: 131KB

.rsrc Size: 809KB - Virtual size: 809KB

.reloc Size: 295KB - Virtual size: 295KB

.text
Size: 8.1MB - Virtual size: 8.1MB

.rdata
Size: 4.7MB - Virtual size: 4.7MB

.data
Size: 101KB - Virtual size: 131KB

.rsrc
Size: 809KB - Virtual size: 809KB

.reloc
Size: 295KB - Virtual size: 295KB