a9f8883ed47b7302bdc3d6f2ed73eb5f

Sharing

Copy URL

Twitter E-mail

General

Target

a9f8883ed47b7302bdc3d6f2ed73eb5f
Size

214KB
MD5

a9f8883ed47b7302bdc3d6f2ed73eb5f
SHA1

f4ab2d7807dc94d633f269e52fe8b68d81a543f2
SHA256

a02e670a8b1d63ed15eafd7e03f6c2ee209f5096dc0f12c1f765c64ddd5f7a27
SHA512

7941b54a9deede43a20f294dee2a628e96d41cfd0e4310f7639cc3e37562cd38f38c37da3af0fecbb40316438b03c6fa8397eeca08be0ca0ca24da707d6b8d49
SSDEEP

3072:WVSJf7zxTO56Ve/nLk+nHC/vKnoYNguVGXg5AT8IxHzQQBJglul3wFB/tskwEn5B:df7zdS6c/LkaQETUXg5AT8MZlAf6KI0

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
a9f8883ed47b7302bdc3d6f2ed73eb5f

Files

a9f8883ed47b7302bdc3d6f2ed73eb5f
.exe windows:5 windows x86 arch:x86

70b3e9f5aebde2200a4e5155c284065d

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetWindowsDirectoryA
LoadLibraryA
GetProcAddress
lstrcatA
CreateFileA
LoadLibraryW
VirtualAlloc

user32

ActivateKeyboardLayout
keybd_event
WindowFromDC
UpdateLayeredWindow
UnregisterHotKey
UnpackDDElParam
UnhookWinEvent
TrackMouseEvent
ToAsciiEx
SwitchToThisWindow
ShowWindowAsync
ShowScrollBar
ArrangeIconicWindows
ShowOwnedPopups
SetWindowsHookW
SetWindowsHookA
SetWindowWord
SetWindowTextA
SetWindowLongA
SetPropA
SetMenuItemInfoA
SetMenuInfo
SetFocus
SetCaretPos
SendNotifyMessageW
SendMessageCallbackW
SendDlgItemMessageA
ScrollWindow
RemovePropW
RegisterWindowMessageA
RegisterHotKey
RegisterClipboardFormatW
RegisterClassA
RedrawWindow
RealGetWindowClassW
RealGetWindowClassA
PostThreadMessageW
PostMessageA
PeekMessageA
OpenIcon
OemToCharA
MessageBoxIndirectW
MessageBoxExA
MessageBeep
MapVirtualKeyExW
LoadStringW
LoadStringA
LoadKeyboardLayoutW
LoadImageW
LoadAcceleratorsW
KillTimer
IsRectEmpty
IsIconic
InvalidateRgn
InvalidateRect
InSendMessageEx
GetWindowTextLengthW
GetWindowTextA
GetWindowInfo
GetWindowContextHelpId
GetWindow
GetUserObjectInformationW
GetUpdateRect
GetTopWindow
GetThreadDesktop
GetSystemMetrics
GetSysColorBrush
GetSysColor
GetScrollRange
GetScrollPos
GetQueueStatus
GetPropA
GetNextDlgGroupItem
GetMenuItemRect
GetMenuItemInfoA
GetMenuItemID
GetKeyboardType
GetKeyboardLayout
GetKeyNameTextW
GetKeyNameTextA
GetKBCodePage
GetGUIThreadInfo
GetDlgItemInt
GetClipboardOwner
GetClipboardFormatNameA
GetClassNameA
GetClassInfoExA
GetCapture
FrameRect
FillRect
ExcludeUpdateRgn
EqualRect
EnumPropsExW
EnumPropsExA
EnumDisplayDevicesA
EnumChildWindows
EnableWindow
EnableMenuItem
DrawTextW
DrawTextA
DrawFrameControl
DrawEdge
DragDetect
DlgDirSelectExW
DlgDirSelectExA
DlgDirListW
DialogBoxParamW
DialogBoxIndirectParamA
DeregisterShellHookWindow
DeleteMenu
DefMDIChildProcW
DefMDIChildProcA
DefFrameProcA
DdeFreeStringHandle
DdeEnableCallback
DdeConnect
DdeAccessData
CreateWindowStationW
CreateWindowExA
CreateMDIWindowA
CreateDialogIndirectParamA
CreateDesktopW
CreateAcceleratorTableA
CopyAcceleratorTableW
CloseWindow
CloseClipboard
CharLowerBuffA
ChangeDisplaySettingsExA
BroadcastSystemMessageA
BeginDeferWindowPos

comdlg32

GetSaveFileNameW
ReplaceTextW
ReplaceTextA
PrintDlgW
PrintDlgExW
PrintDlgExA
PrintDlgA
PageSetupDlgW
GetSaveFileNameA
GetOpenFileNameW
GetOpenFileNameA
GetFileTitleW
GetFileTitleA
FindTextW
FindTextA
CommDlgExtendedError
ChooseFontW
ChooseFontA
ChooseColorW
ChooseColorA
PageSetupDlgA

shell32

SHGetInstanceExplorer
CommandLineToArgvW
DoEnvironmentSubstA
DragAcceptFiles
DragFinish
DragQueryFile
DragQueryFileA
DragQueryFileW
Shell_NotifyIconW
ShellExecuteW
ShellExecuteExW
ShellExecuteEx
ShellAboutA
SHQueryRecycleBinW
SHQueryRecycleBinA
SHPathPrepareForWriteW
SHPathPrepareForWriteA
SHLoadInProc
SHIsFileAvailableOffline
SHInvokePrinterCommandW
SHInvokePrinterCommandA
SHGetSpecialFolderPathW
SHGetSpecialFolderPathA
SHGetSpecialFolderLocation
SHGetPathFromIDListW
SHGetPathFromIDListA
SHGetMalloc
DragQueryPoint
SHGetIconOverlayIndexA
SHGetFolderPathA
SHGetFolderLocation
SHGetFileInfoW
SHGetFileInfoA
SHGetFileInfo
SHGetDiskFreeSpaceA
SHGetDesktopFolder
SHGetDataFromIDListA
SHFormatDrive
SHFileOperationW
SHEmptyRecycleBinA
SHCreateDirectoryExW
SHCreateDirectoryExA
SHChangeNotify
SHBrowseForFolderW
SHBrowseForFolder
SHBindToParent
SHAddToRecentDocs
FindExecutableW
ExtractIconW
ExtractIconExW
ExtractIconEx
ExtractIconA
ExtractAssociatedIconW
ExtractAssociatedIconExW
ExtractAssociatedIconExA
ExtractAssociatedIconA
DuplicateIcon

ole32

WriteStringStream
WriteClassStg
WdtpInterfacePointer_UserUnmarshal
UtGetDvtd32Info
UtGetDvtd16Info
UtConvertDvtd32toDvtd16
UpdateDCOMSettings
StgOpenStorageOnILockBytes
StgOpenStorageEx
StgOpenAsyncDocfileOnIFillLockBytes
StgCreatePropStg
StgCreatePropSetStg
StgCreateDocfileOnILockBytes
StgCreateDocfile
StgConvertVariantToProperty
StgConvertPropertyToVariant
SetDocumentBitStg
STGMEDIUM_UserSize
SNB_UserSize
RevokeDragDrop
ReadOleStg
ReadClassStg
PropVariantCopy
PropVariantClear
OpenOrCreateStream
OleSetContainedObject
OleRun
OleRegGetMiscStatus
OleRegEnumFormatEtc
OleQueryLinkFromData
OleQueryCreateFromData
OleNoteObjectVisible
OleMetafilePictFromIconAndLabel
OleLoadFromStream
OleLoad
OleInitializeWOW
OleGetAutoConvert
OleFlushClipboard
OleDuplicateData
OleDraw
OleDoAutoConvert
OleCreateLinkFromDataEx
OleCreateLinkEx
OleCreateFromData
OleCreateEx
OleConvertIStorageToOLESTREAMEx
OleBuildVersion
MonikerCommonPrefixWith
IsEqualGUID
IsAccelerator
HkOleRegisterObject
HWND_UserUnmarshal
HWND_UserSize
HWND_UserMarshal
HPALETTE_UserFree
HMETAFILE_UserUnmarshal
HMETAFILE_UserSize
HMETAFILEPICT_UserSize
HMETAFILEPICT_UserMarshal
HMETAFILEPICT_UserFree
HGLOBAL_UserUnmarshal
HGLOBAL_UserSize
HGLOBAL_UserMarshal
HGLOBAL_UserFree
HENHMETAFILE_UserUnmarshal
HDC_UserUnmarshal
HDC_UserSize
HDC_UserFree
HBRUSH_UserUnmarshal
HBITMAP_UserMarshal
HACCEL_UserUnmarshal
HACCEL_UserSize
HACCEL_UserMarshal
HACCEL_UserFree
GetRunningObjectTable
GetHGlobalFromStream
GetDocumentBitStg
EnableHookObject
DllGetClassObjectWOW
CreatePointerMoniker
CreateItemMoniker
CreateFileMoniker
CreateClassMoniker
CreateAntiMoniker
CoTaskMemRealloc
CoRevokeMallocSpy
CoRevokeClassObject
CoRevertToSelf
CoRegisterSurrogate
CoRegisterMallocSpy
CoRegisterClassObject
CoRegisterChannelHook
CoQueryClientBlanket
CoIsOle1Class
CoIsHandlerConnected
CoInitializeWOW
CoImpersonateClient
CoGetStdMarshalEx
CoGetObjectContext
CoGetMarshalSizeMax
CoGetMalloc
CoGetInterfaceAndReleaseStream
CoGetInstanceFromIStorage
CoGetInstanceFromFile
CoGetCurrentLogicalThreadId
CoGetClassObject
CoGetCallerTID
CoGetCallContext
CoFreeLibrary
CoFreeAllLibraries
CoDosDateTimeToFileTime
CoCreateObjectInContext
CoCreateInstanceEx
CoCreateFreeThreadedMarshaler
CoCopyProxy
CLIPFORMAT_UserMarshal
BindMoniker
CoInitializeSecurity

oleaut32

SafeArrayGetIID
SafeArrayGetLBound
SafeArrayGetVartype
SafeArrayLock
SafeArrayPutElement
SafeArraySetIID
SafeArraySetRecordInfo
SafeArrayUnlock
SysReAllocString
SystemTimeToVariantTime
UnRegisterTypeLi
VARIANT_UserFree
VarBoolFromCy
VarBoolFromDate
VarBoolFromDec
VarBoolFromI1
VarBoolFromStr
VarBoolFromUI4
VarBstrFromDate
VarBstrFromI4
VarBstrFromUI2
VarCat
VarCmp
VarCyAbs
VarCyCmp
VarCyFromDisp
VarCyFromI2
VarCyFromI4
VarCyFromR4
VarCyFromStr
VarCyFromUI1
VarCyInt
VarCyMulI4
VarCySu
VarDateFromCy
VarDateFromR4
VarDateFromUI2
VarDateFromUI4
VarDateFromUdateEx
VarDecCmpR8
VarDecDiv
VarDecFix
VarDecFromI2
VarDecFromStr
VarDecNeg
VarDecSu
BSTR_UserSize
VarEqv
VarFix
VarFormatCurrency
VarI1FromCy
VarI1FromDisp
VarI1FromI4
VarI1FromR4
VarI2FromDate
VarI2FromI4
VarI4FromBool
VarI4FromDisp
VarI4FromI1
VarI4FromR4
VarI4FromStr
VarI4FromUI4
VarInt
VarMul
VarNeg
VarOr
VarR4CmpR8
VarR4FromBool
VarR4FromDate
VarR4FromDec
VarR4FromUI4
VarR8FromDate
VarR8FromDec
VarR8FromDisp
VarR8FromI2
VarR8FromI4
VarR8FromR4
VarSu
VarUI1FromCy
VarUI1FromDate
VarUI2FromBool
VarUI2FromDec
VarUI2FromI4
VarUI2FromStr
VarUI2FromUI1
VarUI2FromUI4
VarUI4FromBool
VarUI4FromDate
VarUI4FromDec
VarUI4FromI2
VarUI4FromI4
VarUI4FromUI1
VarUdateFromDate
VarXor
VariantChangeType
VariantChangeTypeEx
VariantCopyInd
VariantInit
SafeArrayGetElement
BSTR_UserUnmarshal
BstrFromVector
ClearCustData
CreateStdDispatch
DispGetParam
DispInvoke
GetActiveObject
GetAltMonthNames
LPSAFEARRAY_Marshal
LoadTypeLi
OACreateTypeLib2
OleCreatePictureIndirect
OleLoadPictureFile
OleLoadPicturePath
QueryPathOfRegTypeLi
RegisterTypeLi
SafeArrayAllocDescriptor
SafeArrayAllocDescriptorEx
SafeArrayCopy
SafeArrayCreateVector
SafeArrayDestroyDescriptor
VarDiv

shlwapi

StrStrA
StrChrIA
StrChrIW
StrChrW
StrCmpNA
StrCmpNIA
StrCmpNIW
StrCmpNW
StrRChrA
StrRChrIA
StrStrW
StrStrIW
StrStrIA
StrChrA
StrRStrIW
StrRStrIA
StrRChrIW

msvcrt

memcpy

Sections

.text
Size: 186KB - Virtual size: 185KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 11KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 180B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data5
Size: 1024B - Virtual size: 1000B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data4
Size: 1024B - Virtual size: 1000B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data3
Size: 1024B - Virtual size: 1000B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data2
Size: 1024B - Virtual size: 1000B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 7KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

70b3e9f5aebde2200a4e5155c284065d

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

comdlg32

shell32

ole32

oleaut32

shlwapi

msvcrt

Sections

.text Size: 186KB - Virtual size: 185KB

.rdata Size: 11KB - Virtual size: 10KB

.data Size: 512B - Virtual size: 180B

.data5 Size: 1024B - Virtual size: 1000B

.data4 Size: 1024B - Virtual size: 1000B

.data3 Size: 1024B - Virtual size: 1000B

.data2 Size: 1024B - Virtual size: 1000B

.rsrc Size: 7KB - Virtual size: 6KB

.reloc Size: 3KB - Virtual size: 3KB

.text
Size: 186KB - Virtual size: 185KB

.rdata
Size: 11KB - Virtual size: 10KB

.data
Size: 512B - Virtual size: 180B

.data5
Size: 1024B - Virtual size: 1000B

.data4
Size: 1024B - Virtual size: 1000B

.data3
Size: 1024B - Virtual size: 1000B

.data2
Size: 1024B - Virtual size: 1000B

.rsrc
Size: 7KB - Virtual size: 6KB

.reloc
Size: 3KB - Virtual size: 3KB