a9ddaf73b17e5c43edcaeb15f24ef31a

Sharing

Copy URL Twitter E-mail

General

Target

a9ddaf73b17e5c43edcaeb15f24ef31a
Size

168KB
MD5

a9ddaf73b17e5c43edcaeb15f24ef31a
SHA1

77e86bf28569426f9395d47c3d65d75fbdb8e2cf
SHA256

bd19448e88ffeda1864c5ae445a3523c89991329a890481fb8ade1450e3d797b
SHA512

ea28acbaa8104d89d2e140123f972d3311a6f9cd8173a9ee3063396edce5959d9edd94df2336639e6ffac5f452c2f9e31325d4e477fef45e5a376d00cb833269
SSDEEP

3072:g5C2jEBJk9ukQN1wv8S3wa6ePiFHrKraY5AWjOQYnNdqOrEbXs+YDy:vbJ9nkwaM+kNl4bXsS

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
a9ddaf73b17e5c43edcaeb15f24ef31a

Files

a9ddaf73b17e5c43edcaeb15f24ef31a
.exe windows:5 windows x86 arch:x86

830718481fadaec329a485810af0e0b0

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

user32

GetClientRect
DestroyMenu
CreateWindowExW
GetSysColorBrush
IsWindowVisible
SendDlgItemMessageA
PtInRect
CallWindowProcW
UpdateWindow
GetCursorPos
DrawIcon
DrawTextW
SendDlgItemMessageW
CharPrevW
WinHelpW
GetWindowTextA
GetDlgItemTextA
GetMonitorInfoA
SetWindowTextA
SetTimer
FindWindowW
GetClassNameW
GetDlgItem
GetWindowPlacement
FillRect
DispatchMessageW
GetClassNameA
UnregisterClassA
CreateDialogParamW
ScreenToClient
EnableMenuItem
MessageBeep
DrawFocusRect
MapWindowPoints
DrawTextA
IntersectRect
LoadCursorA
GetMenu
CreateWindowExA
GetWindowLongA
KillTimer
PostMessageW
MessageBoxA
MsgWaitForMultipleObjects
EnableWindow
OffsetRect
EndDialog
LoadBitmapW
InflateRect
LoadBitmapA
FindWindowA
GetParent
GetWindowTextW
SetMenu
LoadCursorW
CopyRect
IsDlgButtonChecked
GetMessageA
PeekMessageA
CheckDlgButton
IsWindowEnabled
UnregisterClassW
ReleaseDC
LoadStringW
GetAsyncKeyState
CharPrevA
IsWindow
GetWindowRect
SetWindowRgn
GetWindow
PeekMessageW
CharNextA
GetMenuItemCount
LoadIconA
SetDlgItemTextA

kernel32

MultiByteToWideChar
LeaveCriticalSection
FindResourceW
HeapCreate
HeapReAlloc
EnterCriticalSection
FindFirstFileW
GetDriveTypeA
GlobalUnlock
MapViewOfFile
LockResource
GetEnvironmentStringsW
SizeofResource
DisableThreadLibraryCalls
InitializeCriticalSection
GetACP
OpenEventW
GetVersion
GetLocaleInfoW
SetLastError
lstrcmpA
Sleep
TlsGetValue
SetErrorMode
InitializeCriticalSectionAndSpinCount
GetCurrentDirectoryW
CloseHandle
FormatMessageA
SetEvent
QueryPerformanceCounter
CompareStringW
VirtualAlloc
GetFileType
GetThreadLocale
MulDiv
GetFileAttributesW
GetSystemDirectoryW
GetCurrentProcessId
LoadResource
HeapAlloc
VirtualFree
GetVersionExW
WideCharToMultiByte
GetModuleHandleA
CreateProcessA
GetCommandLineW
GetCPInfo
TlsSetValue
SetFileAttributesA
lstrcpynW
VirtualQuery
GetModuleHandleW
DeleteCriticalSection
FindNextFileW
OutputDebugStringW
WriteConsoleW
WaitForSingleObject
FindFirstFileA
GetWindowsDirectoryW
GetCommandLineA
HeapDestroy
SetFileAttributesW
GetFullPathNameW
GetConsoleMode
ReleaseMutex
GetFileAttributesA
CreateEventW
ResetEvent
GetSystemTimeAsFileTime
GetUserDefaultLCID
InterlockedExchange
RtlUnwind
GetCurrentThreadId
lstrcpynA
RaiseException
IsBadWritePtr
LocalAlloc
LoadLibraryExW
SetUnhandledExceptionFilter
CreateDirectoryA
GlobalLock
lstrcatA
FindResourceA
lstrcmpiW
GetLastError
TlsAlloc
DeleteFileW
GetCurrentProcess
GetModuleFileNameW

ole32

StringFromIID
OleRun
StringFromGUID2
CoCreateGuid
CoRevokeClassObject
ReleaseStgMedium
OleRegEnumVerbs
CoUninitialize
CoGetMalloc
OleRegGetMiscStatus
StgCreateDocfile
OleInitialize
StgOpenStorage
CLSIDFromString
CoFreeUnusedLibraries
CoMarshalInterface
CoInitializeEx

msvcrt

_purecall
_wcsdup
iswalpha
qsort
_lseeki64
fclose
__pioinfo
srand
towlower
_ftol
_commit
_exit
__p__osver
_errno
_access
wcsncpy
malloc
_amsg_exit
sprintf
_cexit
_snprintf
_ultow
fopen
ctime
isdigit
_initterm
_rotr
_wtoi
_CIpow
_strlwr
rand
memcpy
calloc
_c_exit
__CxxFrameHandler
_wcsupr
tolower
_finite
_CIsqrt
wcscmp
iswctype
wcscpy
wcsrchr
isleadbyte
strtok
swprintf
isxdigit
_ltoa
_wcslwr
__p__iob
_XcptFilter
time
_chsize
isalpha
sscanf
__badioinfo
wcstoul
wcscat
_controlfp
mbstowcs
_strnicmp
wcsspn
_unlock
exit

oleaut32

VariantChangeTypeEx
SysStringLen
SafeArrayPtrOfIndex
SafeArrayPutElement
GetErrorInfo
SafeArrayCreate
VariantChangeType
SysFreeString
GetActiveObject
SysAllocStringLen
SafeArrayGetElement
RegisterTypeLib
SafeArrayUnaccessData
SafeArrayGetUBound
SysAllocStringByteLen
VariantInit
CreateErrorInfo
VariantClear
SetErrorInfo
OleLoadPicture
LoadTypeLib
VariantCopyInd
SafeArrayAccessData
SysReAllocStringLen
VariantCopy
SafeArrayGetLBound
SysStringByteLen

version

GetFileVersionInfoW
GetFileVersionInfoSizeW
GetFileVersionInfoA
VerQueryValueW
VerFindFileW
VerLanguageNameA
VerQueryValueA
GetFileVersionInfoSizeA

comctl32

ImageList_Destroy
PropertySheetW
CreatePropertySheetPageW
ImageList_Create
PropertySheetA
ImageList_Draw
ImageList_ReplaceIcon
InitCommonControlsEx
InitCommonControls

ntdll

RtlLengthSid
RtlGetOwnerSecurityDescriptor
RtlInitUnicodeString
NtOpenSymbolicLinkObject
RtlRaiseStatus
NtOpenFile
NtSetValueKey
NtDuplicateObject
RtlLookupElementGenericTable
NtClose
RtlGetFullPathName_U
NtAllocateLocallyUniqueId
NtQueryInformationProcess
wcstol
RtlSetDaclSecurityDescriptor
RtlCreateUnicodeStringFromAsciiz
RtlDeleteResource
NtDelayExecution
NtSetInformationFile
RtlxOemStringToUnicodeSize
RtlRunDecodeUnicodeString
RtlExtendedLargeIntegerDivide
NtQuerySymbolicLinkObject
RtlQueryRegistryValues
RtlSetGroupSecurityDescriptor
RtlAddAccessAllowedAce
RtlLengthRequiredSid
RtlInsertElementGenericTable
NtCreateFile
NtWaitForMultipleObjects
RtlFreeSid
NtSetEvent
NtOpenProcessToken
NtWaitForSingleObject
strrchr
RtlQueryEnvironmentVariable_U
NtQueryDirectoryObject
RtlUnicodeStringToOemString
wcsncpy
RtlAdjustPrivilege
NtOpenDirectoryObject
NtImpersonateAnonymousToken
RtlSubAuthoritySid
RtlInitializeResource
RtlSystemTimeToLocalTime
RtlMultiByteToUnicodeN
NtDeleteKey
RtlReleaseResource
NtQueryValueKey
RtlCreateUnicodeString
NtQuerySecurityObject
RtlEnterCriticalSection
NtRequestWaitReplyPort
NtTerminateProcess
RtlSetSaclSecurityDescriptor
RtlxUnicodeStringToOemSize
RtlNtStatusToDosError
_wcsnicmp
NtQuerySystemInformation
RtlLeaveCriticalSection
NtOpenEvent
wcsrchr
RtlStringFromGUID
NtFreeVirtualMemory
RtlCreateUserThread
NtWriteFile
RtlSizeHeap
NtFsControlFile
NtPowerInformation
RtlUpcaseUnicodeString
NtEnumerateValueKey
swprintf
NtQueryPerformanceCounter
RtlAddAce
NtDeviceIoControlFile
RtlInitializeGenericTable
RtlInitializeCriticalSection
RtlxAnsiStringToUnicodeSize
RtlTimeToTimeFields
wcscmp
DbgBreakPoint
_wcslwr
RtlAnsiStringToUnicodeString

rpcrt4

CStdStubBuffer_QueryInterface
NdrCStdStubBuffer_Release
NdrServerCall2
RpcStringFreeA
UuidToStringW
RpcRevertToSelf
NdrClientCall2
CStdStubBuffer_IsIIDSupported
RpcServerRegisterIfEx
CStdStubBuffer_Invoke
RpcBindingFromStringBindingW
NdrOleAllocate
NdrStubCall2
NdrDllUnregisterProxy
RpcBindingSetAuthInfoW
RpcImpersonateClient
IUnknown_AddRef_Proxy
RpcBindingToStringBindingW
RpcServerUnregisterIf
RpcStringBindingParseW
NdrDllGetClassObject
RpcStringFreeW
CStdStubBuffer_AddRef
RpcEpResolveBinding
UuidToStringA
RpcServerRegisterAuthInfoW
CStdStubBuffer_DebugServerRelease
NdrDllRegisterProxy
CStdStubBuffer_DebugServerQueryInterface
UuidFromStringW
CStdStubBuffer_Connect
NdrOleFree
IUnknown_QueryInterface_Proxy
RpcRaiseException
IUnknown_Release_Proxy
RpcBindingSetAuthInfoExW
RpcServerUseProtseqEpW
RpcStringBindingComposeW
UuidCreate
NdrStubForwardingFunction
CStdStubBuffer_CountRefs
NdrDllCanUnloadNow
RpcBindingVectorFree
RpcServerInqBindings

shell32

SHGetFolderPathW
SHGetPathFromIDListW
SHChangeNotify
SHBindToParent
DragQueryFileW
SHGetSpecialFolderPathW
SHGetDesktopFolder
SHGetFileInfoW
CommandLineToArgvW
SHBrowseForFolderW
ShellExecuteA
SHGetPathFromIDListA
ShellExecuteExW
SHGetSpecialFolderLocation

Sections

.bss
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.text
Size: 26KB - Virtual size: 25KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.tls
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.textbss
Size: 1024B - Virtual size: 34KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

BSS
Size: 128KB - Virtual size: 128KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 784B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

830718481fadaec329a485810af0e0b0

Headers

DLL Characteristics

File Characteristics

Imports

user32

kernel32

ole32

msvcrt

oleaut32

version

comctl32

ntdll

rpcrt4

shell32

Sections

.bss Size: 2KB - Virtual size: 2KB

.text Size: 26KB - Virtual size: 25KB

.tls Size: 1KB - Virtual size: 1KB

.textbss Size: 1024B - Virtual size: 34KB

BSS Size: 128KB - Virtual size: 128KB

.rsrc Size: 6KB - Virtual size: 6KB

.reloc Size: 1024B - Virtual size: 784B

.bss
Size: 2KB - Virtual size: 2KB

.text
Size: 26KB - Virtual size: 25KB

.tls
Size: 1KB - Virtual size: 1KB

.textbss
Size: 1024B - Virtual size: 34KB

BSS
Size: 128KB - Virtual size: 128KB

.rsrc
Size: 6KB - Virtual size: 6KB

.reloc
Size: 1024B - Virtual size: 784B