a9853f4eb704ea298a51f28a1e8b24a7

Sharing

Copy URL Twitter E-mail

General

Target

a9853f4eb704ea298a51f28a1e8b24a7
Size

228KB
MD5

a9853f4eb704ea298a51f28a1e8b24a7
SHA1

71b100e6ca9e7b3e262e790a33f5244db5d1047a
SHA256

79fd160c376abbd0d1bce34a694b70c1a58d1e7c6dfdfdb9836de6a1e550a4dc
SHA512

b849ce4cb3a6cee39800736cb6a28dc6b75543077ff3d52374b84e52091191aa315af746517d33dc06983bdb80c350ec4362dc465baa347040f308e80b348b4e
SSDEEP

3072:Xj3Gz+wSdSYrCXLqnZg1eMKhO4N9JLErsPFI2YUozqSPlJ1FxukBim48//vlb:jGiPwYrC7UlM88IYX+yhHdp/

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
a9853f4eb704ea298a51f28a1e8b24a7

Files

a9853f4eb704ea298a51f28a1e8b24a7
.exe windows:4 windows x86 arch:x86

88c167f5560f9532e08f71d9aa0ef850

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

advapi32

CryptGetDefaultProviderW
CryptSignHashA
CryptDecrypt
RegQueryMultipleValuesW
LookupSecurityDescriptorPartsW
RegEnumKeyA
GetUserNameA
ReportEventW
RegConnectRegistryW
CryptReleaseContext
RegReplaceKeyW
StartServiceA
LookupPrivilegeDisplayNameW
RegOpenKeyExA
CryptGetUserKey
InitiateSystemShutdownA
CryptDeriveKey

user32

FindWindowExA
GetAsyncKeyState
DlgDirListComboBoxA
GetUserObjectInformationA
VkKeyScanExW
CharLowerA
EnumDesktopWindows
SendIMEMessageExW
CreateMenu
SetWindowsHookExW
DrawMenuBar
SetWindowPos
DdeSetUserHandle
ChangeDisplaySettingsExW
GetWindowModuleFileNameA
GetKeyNameTextW
SetUserObjectInformationW
SetSysColors
EnumDisplaySettingsExW
DdeCmpStringHandles
CreateDesktopW

wininet

FindCloseUrlCache
InternetSetOptionExW
InternetGoOnlineA
InternetSecurityProtocolToStringW
UpdateUrlCacheContentPath
FtpGetCurrentDirectoryW
RetrieveUrlCacheEntryStreamW
GetUrlCacheHeaderData
InternetConfirmZoneCrossingW
InternetSetOptionExA
InternetCanonicalizeUrlW
InternetCrackUrlA
FtpRemoveDirectoryW
InternetGetLastResponseInfoW
GetUrlCacheConfigInfoW
GopherGetAttributeW
InternetOpenUrlA

shell32

SHGetMalloc
ExtractIconA
ShellHookProc
DoEnvironmentSubstW
SHGetSpecialFolderLocation
SHInvokePrinterCommandA
DuplicateIcon
SHFileOperationA
DragQueryFileW
SHQueryRecycleBinA
RealShellExecuteExW
SHGetNewLinkInfo
RealShellExecuteExA
ShellExecuteExW
SHGetSettings
DragFinish
SHGetDataFromIDListA

kernel32

TlsSetValue
EnterCriticalSection
HeapAlloc
GetStartupInfoW
GetVersionExA
GetNumberFormatW
GetTickCount
EnumResourceTypesA
HeapFree
GetCommandLineW
GetSystemInfo
GetConsoleTitleW
GetStdHandle
TlsFree
QueryPerformanceCounter
SetEnvironmentVariableA
IsValidCodePage
GetFileType
CreateDirectoryExW
GetCurrentThread
SetHandleCount
GetCurrentProcessId
RtlUnwind
CompareStringW
RtlFillMemory
GetStringTypeW
EnumSystemLocalesA
GetTimeZoneInformation
HeapCreate
WriteFile
SetLastError
ExitProcess
TerminateProcess
GetEnvironmentStrings
VirtualQuery
GetModuleHandleA
GetEnvironmentStringsW
GetStartupInfoA
LeaveCriticalSection
MoveFileA
MultiByteToWideChar
GetPrivateProfileStringA
WideCharToMultiByte
FreeEnvironmentStringsW
LCMapStringA
InterlockedExchange
FreeEnvironmentStringsA
IsBadWritePtr
HeapDestroy
HeapSize
CreateFileMappingA
GetLocaleInfoA
GetLocaleInfoW
GetProcAddress
GetCPInfo
VirtualAlloc
GetModuleFileNameA
GetCurrencyFormatA
GetStringTypeA
FindNextChangeNotification
SetConsoleActiveScreenBuffer
GetDateFormatA
ContinueDebugEvent
HeapReAlloc
CompareStringA
GetOEMCP
CreateMailslotW
GetModuleFileNameW
GetCurrentProcess
IsValidLocale
TlsAlloc
GetNumberFormatA
GetTimeFormatA
VirtualProtect
TlsGetValue
VirtualFree
GetProcessAffinityMask
GetCommandLineA
OpenSemaphoreW
InitializeCriticalSection
DeleteCriticalSection
lstrcpynA
GetCurrentThreadId
LCMapStringW
LoadLibraryA
GetSystemTimeAsFileTime
GetUserDefaultLCID
GetACP
UnhandledExceptionFilter
GetLastError

Sections

.text
Size: 110KB - Virtual size: 109KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 109KB - Virtual size: 125KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 7KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

88c167f5560f9532e08f71d9aa0ef850

Headers

File Characteristics

Imports

advapi32

user32

wininet

shell32

kernel32

Sections

.text Size: 110KB - Virtual size: 109KB

.data Size: 109KB - Virtual size: 125KB

.rsrc Size: 7KB - Virtual size: 7KB

.text
Size: 110KB - Virtual size: 109KB

.data
Size: 109KB - Virtual size: 125KB

.rsrc
Size: 7KB - Virtual size: 7KB