aa2e163c75651a2f83596b597a02ea0b

Sharing

Copy URL Twitter E-mail

General

Target

aa2e163c75651a2f83596b597a02ea0b
Size

176KB
MD5

aa2e163c75651a2f83596b597a02ea0b
SHA1

2a752791e83eb9fc6ca2f607cfe1d154e889b0fc
SHA256

8f0158a03aadd02d70252ca6218112cbe7b0affe8fdf3e946cca3f289377040e
SHA512

7cf28536bdebd5abb745d5dd8db831edbf49d3cb229041dbde371a477300de448ecfbd37a6aa1de6e800148df867976630bc1fad2fff7cf08e5eaafaab4202a6
SSDEEP

3072:hkVqU+78LgIo+aeWOz8Nv+mR48dLERDgDNUo61os6x9tRdNWMzfE:0qU2GLo+UO4N/ECUlfYR3vj

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
aa2e163c75651a2f83596b597a02ea0b

Files

aa2e163c75651a2f83596b597a02ea0b
.exe windows:4 windows x86 arch:x86

a3433f8b714e6c21ec8009b135805096

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

version

GetFileVersionInfoSizeW
GetFileVersionInfoA
VerQueryValueW
GetFileVersionInfoSizeA
GetFileVersionInfoW
VerQueryValueA

gdiplus

GdipFree
GdipGetImagePixelFormat
GdipDisposeImage
GdipAlloc
GdipCreateBitmapFromFile
GdipCreateBitmapFromFileICM
GdipCloneImage

wininet

InternetReadFile
InternetOpenA
InternetOpenUrlA
InternetCloseHandle

user32

GetDesktopWindow
ReleaseCapture
GetQueueStatus
GetClassNameA
GetFocus
MsgWaitForMultipleObjects
CreateDialogParamA
GetParent
GetClientRect
IsWindow
DestroyAcceleratorTable
CreateWindowExA
LoadCursorA
SendMessageTimeoutA
wsprintfA
wvsprintfA
SetTimer
RedrawWindow
PeekMessageA
DefWindowProcA
SetRect
UnregisterClassA
FillRect
SendMessageA
EnumDisplayDevicesA
CharNextA
SendNotifyMessageA
SetCapture
BeginPaint
SetWindowLongA
RegisterWindowMessageA
GetWindowTextA
GetDC
GetWindow
InvalidateRect
CallWindowProcA
CopyRect
RegisterClassExA
DrawTextA
GetActiveWindow
KillTimer
SetWindowTextA
FindWindowA
PostThreadMessageA
GetWindowTextLengthA
CreateAcceleratorTableA
DispatchMessageA
PostMessageA
EndPaint
GetWindowRect
GetSysColor
DestroyWindow
GetWindowLongA
ShowWindow
SetParent
InvalidateRgn
IsChild
EqualRect
MoveWindow
ReleaseDC
GetClassInfoExA
SetFocus
GetDlgItem
SetWindowPos

kernel32

VirtualQuery
GetShortPathNameW
GetModuleHandleA
WaitForMultipleObjects
GlobalReAlloc
RaiseException
SetEvent
GetSystemTimeAsFileTime
OutputDebugStringA
GetSystemInfo
GetModuleFileNameA
HeapFree
WaitForSingleObject
GetSystemTime
GetCurrentThreadId
GetTempPathA
SetEnvironmentVariableW
SizeofResource
MulDiv
GetFileAttributesW
FlushInstructionCache
InterlockedIncrement
GetLastError
GetCurrentThread
LoadResource
IsBadWritePtr
LeaveCriticalSection
GetProcessAffinityMask
InitializeCriticalSection
ExitProcess
GetCurrentProcessId
VirtualProtect
GetACP
Sleep
FindResourceA
GetTempPathW
GetVersionExA
lstrcpynA
HeapAlloc
ResetEvent
GetProcAddress
CreateFileMappingA
EnterCriticalSection
GetLocaleInfoA
WriteProcessMemory
GlobalFree
WideCharToMultiByte
IsDebuggerPresent
GlobalLock
VirtualFree
CreateDirectoryA
EnumResourceTypesW
GetProcessHeap
CreateEventA
LoadLibraryExA
MapViewOfFile
InterlockedExchange
InterlockedDecrement
WriteFile
lstrcmpiA
GlobalUnlock
ReadFile
LocalFree
LoadLibraryA
CreateDirectoryW
lstrcmpA
GetCurrentProcess
QueryPerformanceCounter
GetFileAttributesA
GetModuleFileNameW
lstrlenA
GetThreadPriority
CreateFileA
IsBadReadPtr
DeleteFileA
Beep
CreateThread
IsDBCSLeadByte
GetTickCount
TerminateProcess
GlobalAlloc
OpenFileMappingA
OutputDebugStringW
lstrcpyA
GetDriveTypeW
DeviceIoControl
LoadLibraryW
CloseHandle
MultiByteToWideChar
FreeLibrary
SetThreadPriority
DeleteCriticalSection
VirtualAlloc
GetThreadLocale
GetVolumeInformationW
_llseek
GlobalSize
CreateSemaphoreA
lstrlenW

ole32

CreateBindCtx
OleLockRunning
OleUninitialize
CLSIDFromProgID
StgOpenStorage
BindMoniker
StringFromGUID2
StgCreateDocfile
CoTaskMemFree
CoInitialize
OleInitialize
CoSetProxyBlanket
CoUninitialize
CoCreateInstance
StgIsStorageFile
CoTaskMemRealloc
CreateItemMoniker
GetRunningObjectTable
CoInitializeSecurity
CoGetClassObject
CoTaskMemAlloc
CreateStreamOnHGlobal
CLSIDFromString

advapi32

CryptAcquireContextA
CryptReleaseContext
RegQueryValueExA
CryptDestroyHash
RegDeleteValueA
CryptGetHashParam
RegSetValueExA
CryptImportKey
RegOpenKeyExA
RegQueryInfoKeyA
CryptHashData
RegCreateKeyExA
CryptEncrypt
CryptDestroyKey
RegEnumKeyExA
RegEnumValueA
CryptCreateHash
RegCloseKey
RegDeleteKeyA

gdi32

CreateDIBSection
CreateSolidBrush
CreateFontA
CreateDIBitmap
StretchDIBits
DeleteDC
CreateCompatibleDC
GetDIBits
GetObjectA
SetStretchBltMode
GetStockObject
ExtEscape
GetDeviceCaps
CreateCompatibleBitmap
SelectPalette
DeleteObject
BitBlt
RealizePalette
SelectObject
SetBkMode

winmm

timeGetTime
timeSetEvent

shlwapi

PathFileExistsW
PathCombineW

shell32

SHGetSpecialFolderPathA
SHGetSpecialFolderPathW

setupapi

SetupDiEnumDeviceInfo
SetupDiGetDeviceRegistryPropertyA
SetupDiGetClassDevsA

Sections

.text
Size: 100KB - Virtual size: 99KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 7KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.bss
Size: 67KB - Virtual size: 66KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 1024B - Virtual size: 252KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

a3433f8b714e6c21ec8009b135805096

Headers

File Characteristics

Imports

version

gdiplus

wininet

user32

kernel32

ole32

advapi32

gdi32

winmm

shlwapi

shell32

setupapi

Sections

.text Size: 100KB - Virtual size: 99KB

.rdata Size: 7KB - Virtual size: 6KB

.bss Size: 67KB - Virtual size: 66KB

.tls Size: 1024B - Virtual size: 252KB

.text
Size: 100KB - Virtual size: 99KB

.rdata
Size: 7KB - Virtual size: 6KB

.bss
Size: 67KB - Virtual size: 66KB

.tls
Size: 1024B - Virtual size: 252KB