a9e8ecef41b48b8594bc69bf70e46a60

Sharing

Copy URL Twitter E-mail

General

Target

a9e8ecef41b48b8594bc69bf70e46a60
Size

596KB
MD5

a9e8ecef41b48b8594bc69bf70e46a60
SHA1

3601f635b4c11a7caaf66264ebbdd692a056d5a4
SHA256

c6e7717bec4be5cc49f5d315537a3069d40a6be7e5dfeb9dac2eba83c306ee54
SHA512

a14b0150af54a8f7715cddb18c1201000d25d1f0462d6795cc42d5e19d7e18083fab366ee92692887e98910f736b64bf1927d742edd1413a334b389bbf02f02d
SSDEEP

12288:DgUX6sYtOEJF8xwpRRkNa20cDDG6kO6hkibB0ya:MUX6ptOlxwLcDDG6kv6Rya

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
a9e8ecef41b48b8594bc69bf70e46a60

Files

a9e8ecef41b48b8594bc69bf70e46a60
.exe windows:4 windows x86 arch:x86

9da2896729e3581666a7a07c3883a222

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

user32

LoadBitmapA
EnumPropsExW
DestroyAcceleratorTable
GetComboBoxInfo
UnionRect
GetProcessWindowStation
SetDlgItemTextW
InsertMenuA
PostMessageW
CopyRect
ShowWindowAsync
IsDialogMessageW
DdeAddData
SetShellWindow
GetAncestor
EqualRect
DragObject
DdeCmpStringHandles
SetKeyboardState
PostThreadMessageW
GetWindowContextHelpId
GetMonitorInfoA
CharNextExA
FreeDDElParam
SendInput
ImpersonateDdeClientWindow
DdeImpersonateClient
DdeAbandonTransaction
BeginPaint
ChangeDisplaySettingsW
InSendMessage
IsDlgButtonChecked
GetPriorityClipboardFormat
CreateAcceleratorTableW
EnumDisplaySettingsExA
WINNLSGetIMEHotkey
ScrollWindow
IsCharUpperW
GetDCEx
ClientToScreen
DdeSetUserHandle
CloseDesktop
GetClipboardSequenceNumber
GetFocus
GetSystemMetrics
TranslateMessage
GetWindowTextW
CharUpperBuffA
FindWindowExA
GetWindowDC
SetWindowTextW
SetForegroundWindow
GetMenuBarInfo
PeekMessageA
MapVirtualKeyExW
DdeUnaccessData
SendMessageTimeoutA
GetKeyState
DdeUninitialize
EmptyClipboard
CloseWindowStation
SendIMEMessageExW
DdeFreeStringHandle
GetAsyncKeyState
OemKeyScan
LoadMenuIndirectW
SetMenuItemInfoA
LoadMenuIndirectA
ReleaseDC
ScreenToClient
OemToCharBuffW
DdeInitializeW
DrawFrameControl
DefFrameProcA
GetScrollBarInfo
LoadCursorFromFileW
UnregisterDeviceNotification
IsRectEmpty
PostQuitMessage
SetMenuDefaultItem
GetClipboardData
GetUpdateRgn
UnhookWinEvent
RegisterHotKey
SetUserObjectInformationA
GetKeyboardType
CopyIcon
GetMessageW
DlgDirSelectComboBoxExW
LoadCursorFromFileA
GetKeyboardLayoutNameA
DefWindowProcA
CopyImage
SetProcessWindowStation
RegisterClassW
BroadcastSystemMessageA
GetThreadDesktop
ToAscii
ExitWindowsEx
CreateDesktopW
GetWindowTextLengthW
RemovePropA
PackDDElParam
InvertRect
GetClassInfoExA
GetWindowInfo
LoadIconW
GetMessagePos
CloseWindow
EnableScrollBar
DdeSetQualityOfService
DdeEnableCallback
GrayStringA
SetScrollRange
SetWindowWord
EnableMenuItem
RegisterClassExW
GetTabbedTextExtentW
ValidateRgn
AppendMenuA
RemovePropW
ChangeDisplaySettingsA
DdeQueryConvInfo
LoadMenuW
GetClipboardViewer
GetClassLongW
BlockInput
MenuItemFromPoint

advapi32

SetSecurityDescriptorGroup
DuplicateTokenEx
RegGetKeySecurity
SetEntriesInAclW
RegisterServiceCtrlHandlerW
LookupAccountSidW
GetSidSubAuthority
GetSecurityInfoExA
RegSetValueA
BuildTrusteeWithSidW
BuildTrusteeWithNameA
TrusteeAccessToObjectA
CryptDestroyHash
RegSetValueExA
NotifyChangeEventLog
RegQueryValueW
GetMultipleTrusteeOperationA
CryptDecrypt
SetServiceBits
ObjectCloseAuditAlarmA
RegCreateKeyExA
RegCloseKey
AreAnyAccessesGranted
MakeAbsoluteSD
GetNamedSecurityInfoExA
GetSecurityDescriptorDacl
BuildExplicitAccessWithNameW
ImpersonateSelf
CryptEnumProviderTypesW
RegSetKeySecurity
RegSetValueExW
RegConnectRegistryA
GetAuditedPermissionsFromAclW
ClearEventLogA
OpenThreadToken
SetFileSecurityW
ConvertAccessToSecurityDescriptorA
EnumDependentServicesW
CryptGetDefaultProviderA
CryptGetProvParam
RegOpenKeyW
PrivilegedServiceAuditAlarmW
OpenServiceW
LookupSecurityDescriptorPartsW
GetAce
AreAllAccessesGranted
GetSidSubAuthorityCount
RegOpenKeyA
BuildTrusteeWithSidA
InitializeSid
GetSecurityDescriptorGroup
GetServiceKeyNameA
SetSecurityInfoExA
GetLengthSid
IsValidSid
LookupPrivilegeDisplayNameW
RegFlushKey
AdjustTokenGroups
RegQueryValueExA
CreateServiceW
ObjectPrivilegeAuditAlarmA
CopySid
CryptCreateHash
DuplicateToken
BuildImpersonateTrusteeA
RegCreateKeyW
QueryServiceStatus
ObjectOpenAuditAlarmW
GetServiceKeyNameW
CryptEnumProvidersA
BuildSecurityDescriptorW
RegReplaceKeyW
ConvertSecurityDescriptorToAccessW
GetSecurityDescriptorLength
FreeSid
AdjustTokenPrivileges
RegDeleteKeyA
CryptSetProviderW
LookupPrivilegeValueW
QueryServiceLockStatusW
BuildTrusteeWithNameW
ReportEventW
RegQueryValueExW
SetPrivateObjectSecurity
ObjectPrivilegeAuditAlarmW
ChangeServiceConfigW
CryptReleaseContext
LookupSecurityDescriptorPartsA
MakeSelfRelativeSD
GetTrusteeNameA
RegQueryInfoKeyA
SetEntriesInAclA
CryptSetHashParam
BuildExplicitAccessWithNameA
GetNamedSecurityInfoW
BackupEventLogA
GetTrusteeTypeA
RegSetValueW
GetSidLengthRequired
CryptSignHashW
ObjectOpenAuditAlarmA
RegisterEventSourceA
GetCurrentHwProfileA
SetServiceObjectSecurity

ole32

OleConvertOLESTREAMToIStorageEx
GetHGlobalFromILockBytes
GetHGlobalFromStream
OleCreateLinkToFile
CreateItemMoniker
StringFromCLSID
StgIsStorageILockBytes
OleSetMenuDescriptor
RegisterDragDrop
OleSetClipboard
OleMetafilePictFromIconAndLabel
StgOpenStorage
CreateOleAdviseHolder
CoRegisterSurrogate
DoDragDrop
OleConvertIStorageToOLESTREAM
OleCreateLinkEx
OleCreateLinkFromData
OleCreateFromDataEx
CoSetProxyBlanket
CoGetInstanceFromFile
OleGetAutoConvert
StgCreateDocfile
OleRegGetMiscStatus
OleSaveToStream
StgOpenStorageEx
CoRegisterMessageFilter
CoBuildVersion
CreateClassMoniker
CreateGenericComposite
OleUninitialize
CoUnmarshalHresult
OleDraw
WriteClassStm
SetConvertStg
CoGetObject
StgOpenStorageOnILockBytes
CoInitialize
OleSetAutoConvert
CoTreatAsClass
MonikerCommonPrefixWith
OleGetIconOfClass
CoIsOle1Class
OleDoAutoConvert
OleIsRunning
RevokeDragDrop
CoInitializeSecurity
CreateStreamOnHGlobal
ReleaseStgMedium
PropVariantClear
CoQueryAuthenticationServices
UtGetDvtd32Info
ReadStringStream
CoGetCallContext
ReadFmtUserTypeStg
CreateBindCtx
OleRegEnumVerbs
CoDosDateTimeToFileTime
DllDebugObjectRPCHook
CoTaskMemRealloc
OleGetIconOfFile
StringFromIID
CoTaskMemFree
OleNoteObjectVisible
CoFreeLibrary
CoCreateFreeThreadedMarshaler
CoInitializeEx
GetConvertStg
CreateObjrefMoniker
OleDuplicateData
OleCreateFromFileEx
CoGetClassObject
StgGetIFillLockBytesOnILockBytes
CoGetCurrentLogicalThreadId
CreateILockBytesOnHGlobal
CoSuspendClassObjects
EnableHookObject
CoUninitialize
CoFreeAllLibraries
IsAccelerator
OleDestroyMenuDescriptor
CoCreateInstance
CLSIDFromString
CoQueryClientBlanket
WriteClassStg
OleSetContainedObject
OleIsCurrentClipboard
OleCreateEmbeddingHelper
OleCreateFromData
CoRegisterClassObject
CoFileTimeToDosDateTime
OleLoad
CoCopyProxy
CoResumeClassObjects
OleCreateLink
CoCreateGuid
OleFlushClipboard
OleConvertIStorageToOLESTREAMEx
OleCreateLinkFromDataEx
CoRegisterPSClsid
ProgIDFromCLSID
UtConvertDvtd16toDvtd32
OleTranslateAccelerator
StgOpenAsyncDocfileOnIFillLockBytes
OleSave
CoGetPSClsid

kernel32

GetThreadPriorityBoost
CompareStringA
lstrcmpiA
CreateEventA
WriteConsoleInputW
EnumSystemCodePagesW
GetVersionExW
EnumResourceNamesW
ScrollConsoleScreenBufferW
SetCalendarInfoW
HeapWalk
CreateMailslotA
GetProcAddress
GetStartupInfoW
GetConsoleTitleA
SetFileApisToOEM
GlobalLock
ReadProcessMemory
SetLastError
IsSystemResumeAutomatic
GlobalAddAtomA
GetConsoleScreenBufferInfo
GetTempPathA
EnumDateFormatsA
IsDebuggerPresent
GetVolumeInformationW
SetFileTime
VerLanguageNameA
ReadConsoleInputA
lstrcpyW
FillConsoleOutputAttribute
GetNumberOfConsoleInputEvents
GetSystemDirectoryW
GetSystemTimeAsFileTime
GlobalFlags
FindResourceExW
LocalShrink
GetModuleHandleW
VirtualAlloc
GetDiskFreeSpaceW
GetLogicalDriveStringsA
WriteConsoleA
SleepEx
GetLocaleInfoA
SetHandleInformation
BuildCommDCBAndTimeoutsA
FatalAppExitW
FatalAppExitA
GetModuleHandleA
LoadLibraryExW
EnumSystemLocalesA
GetNumberFormatW
SetCurrentDirectoryW
WriteConsoleOutputW
LoadLibraryA
DeleteFileA
GlobalUnfix
CreatePipe
SetupComm
ReadConsoleInputW
SystemTimeToTzSpecificLocalTime
ReadConsoleOutputW
SizeofResource
QueryPerformanceFrequency
LCMapStringA
InitAtomTable
SearchPathA
GetProfileSectionA
GlobalCompact
GetTempPathW
CreateFiber
EnumTimeFormatsW
BeginUpdateResourceW
GetCPInfoExA
lstrlenA
SetHandleCount
WriteConsoleOutputCharacterW
WriteFile
GetStringTypeA
TerminateProcess
EnumCalendarInfoW
WaitForSingleObject
FindFirstFileExA
DebugBreak
LoadLibraryW
GetCurrencyFormatW
SetEndOfFile
Process32First
OpenMutexA
GetNamedPipeHandleStateA
Thread32First
WriteTapemark
GetModuleFileNameW
SetConsoleScreenBufferSize
GetLastError
CreateFileMappingA
EscapeCommFunction
Module32Next
UnlockFile
FormatMessageA
SetThreadAffinityMask
SuspendThread
SetEvent
OpenSemaphoreA
BuildCommDCBA
GetStringTypeExW
IsBadReadPtr
lstrcmp
HeapFree
LocalReAlloc
SetMailslotInfo
WriteProfileStringW
Module32First
SetConsoleTitleA
DefineDosDeviceW
RaiseException
Heap32Next
SetFileAttributesA
LocalFree
lstrcatA
SetUnhandledExceptionFilter
SetCommTimeouts
ResetEvent
IsValidLocale
GetCommMask
FlushFileBuffers
GetNumberFormatA
CreateEventW
CancelWaitableTimer
GetVolumeInformationA
AddAtomW
LocalSize
CopyFileExW
GetThreadPriority
TlsAlloc
GetHandleInformation
WriteProfileSectionW
FatalExit
FillConsoleOutputCharacterW
GetProcessTimes
SetProcessAffinityMask
GetCurrencyFormatA
SwitchToThread
GetPrivateProfileStructA
GetPriorityClass
VirtualProtect

shlwapi

SHRegGetBoolUSValueA
StrCatW
PathAddBackslashW
UrlCreateFromPathA
PathSkipRootA
SHDeleteEmptyKeyA
PathMakeSystemFolderW
SHRegCloseUSKey
PathCompactPathExA
PathCanonicalizeW
PathCombineW
StrRetToBufA
PathFindNextComponentW
StrDupW
SHGetValueW
UrlCombineW
PathIsLFNFileSpecW
SHDeleteKeyW
SHRegEnumUSKeyW
PathCombineA
PathParseIconLocationW
StrCmpIW
PathGetCharTypeA
SHStrDupW
PathRenameExtensionW
SHEnumValueW
StrCatBuffA
StrRetToBufW
PathIsUNCA
GetMenuPosFromID
SHDeleteKeyA
PathCreateFromUrlA
PathRemoveBlanksW
UrlGetLocationW
SHRegCreateUSKeyA
StrCpyNW
UrlEscapeA
PathRemoveArgsA
StrRChrA
UrlCombineA
PathRelativePathToW
PathStripPathW
StrFormatByteSizeW
StrNCatA
StrFromTimeIntervalW
SHCreateStreamOnFileW
SHCreateStreamOnFileA
PathUnmakeSystemFolderW
PathStripPathA
StrCSpnW
PathIsRelativeA
StrToIntW
SHCreateShellPalette
PathRemoveBlanksA
PathFindSuffixArrayW
PathParseIconLocationA
UrlGetPartA
PathFileExistsW
StrCmpNA
SHOpenRegStreamA
PathFileExistsA
PathIsUNCServerShareW
SHRegWriteUSValueW
PathIsDirectoryEmptyA
SHRegQueryInfoUSKeyA
SHRegSetUSValueA
StrCSpnIA
PathUndecorateW
PathMakePrettyW
PathCompactPathA
PathGetArgsA
UrlApplySchemeA
PathQuoteSpacesW
SHGetValueA
StrSpnA
UrlIsW
PathIsSameRootA
PathRemoveFileSpecA
SHEnumKeyExA
PathSearchAndQualifyW
PathSearchAndQualifyA
PathIsContentTypeW
PathGetCharTypeW
AssocQueryStringByKeyA
ColorAdjustLuma
UrlIsOpaqueW
SHRegCreateUSKeyW
PathMakePrettyA
SHRegDuplicateHKey
PathIsUNCW
UrlHashA
StrToIntExA
PathFindOnPathW
UrlCanonicalizeW
SHCopyKeyW
SHQueryValueExW
UrlHashW
wvnsprintfA
PathUnquoteSpacesA
PathBuildRootW
UrlIsOpaqueA
UrlGetPartW
PathIsRootW
PathStripToRootA
StrRChrIW
PathRemoveFileSpecW

Sections

.text
Size: 68KB - Virtual size: 68KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 16KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 283B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

9da2896729e3581666a7a07c3883a222

Headers

DLL Characteristics

File Characteristics

Imports

user32

advapi32

ole32

kernel32

shlwapi

Sections

.text Size: 68KB - Virtual size: 68KB

.rdata Size: 16KB - Virtual size: 16KB

.data Size: 512B - Virtual size: 283B

.text
Size: 68KB - Virtual size: 68KB

.rdata
Size: 16KB - Virtual size: 16KB

.data
Size: 512B - Virtual size: 283B