ab1146da019f7d956b54a5b469e70e62

Sharing

Copy URL Twitter E-mail

General

Target

ab1146da019f7d956b54a5b469e70e62
Size

862KB
MD5

ab1146da019f7d956b54a5b469e70e62
SHA1

cbf8da5da538b875623af119e59228501e68a431
SHA256

e58ce5e16d3310b9023b0d11a69bb6dc7416dbc0e68dfb5a2c1151f16ea991b9
SHA512

f3d7c9d4fb8e30c41b180f01597b38271cde9f638d8d2ca162da93d1feae1f1c429f889d7049b14f636dd7d862d2bf02db3a9f228a0abab1ccf4c5d851cc0aa5
SSDEEP

24576:MlzhpgHOK+ayFJtVMCgREbg84WdV4tMEZbAzvZHok:MlFCuK+acbJgREFdytM4uZ7

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
ab1146da019f7d956b54a5b469e70e62

Files

ab1146da019f7d956b54a5b469e70e62
.exe windows:5 windows x86 arch:x86

9f1b5d8deb05095138ac631464f5f1c8

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

shlwapi

PathParseIconLocationW
SHSetValueW
PathUnquoteSpacesW
StrChrW
PathCreateFromUrlA
StrCmpNIA
StrChrNIW
StrCmpLogicalW
PathSetDlgItemPathA
PathIsDirectoryEmptyW
PathIsDirectoryA
StrChrIW
AssocQueryStringW
PathFileExistsA
StrToIntExA
PathCombineA
SHCopyKeyW
PathIsNetworkPathA
UrlCombineA
StrRetToBSTR
PathStripToRootW
PathSetDlgItemPathW
SHSetValueA
StrRChrA
PathIsUNCServerA
PathIsDirectoryEmptyA
StrCpyNW
ColorHLSToRGB
StrFromTimeIntervalA
PathStripPathA
StrCSpnIW
SHRegGetPathA
UrlIsOpaqueA
UrlIsW
StrTrimA
SHRegGetPathW
PathRemoveBlanksW
SHQueryValueExA
PathGetArgsW
StrRStrIA
UrlUnescapeW
PathUnmakeSystemFolderA
PathIsNetworkPathW

winipsec

EnumMMAuthMethods
AddQMPolicy
OpenTransportFilterHandle
DeleteMMPolicy
QueryIPSecStatistics
SetMMFilter
DeleteMMAuthMethods
SetMMPolicy
MatchMMFilter
AddTunnelFilter
OpenMMFilterHandle
EnumTunnelFilters
GetQMPolicy
AddTransportFilter
SetTransportFilter
CloseTunnelFilterHandle
MatchTunnelFilter
EnumTransportFilters
SPDApiBufferAllocate
GetMMPolicyByID
AddMMAuthMethods
SetQMPolicy
AddMMFilter
DeleteTunnelFilter
CloseTransportFilterHandle
DeleteMMFilter
SPDApiBufferFree
GetMMAuthMethods
GetQMPolicyByID
DeleteQMPolicy
GetMMFilter
GetTransportFilter
EnumMMFilters
AddMMPolicy
EnumIPSecInterfaces
EnumQMPolicies
SetTunnelFilter
GetTunnelFilter

msvcrt

ungetc
_heapset
exit
_fputchar
__DestructExceptionObject
_setmbcp
_ismbcalpha
_ismbbprint
ldiv
_fullpath
fabs
_access
putchar
??0bad_cast@@QAE@ABQBD@Z
_strset
_wcreat
_EH_prolog
_ui64toa
_atoldbl
_wspawnle
_exit
_wfdopen
_mbcasemap
___lc_handle_func
_resetstkoflw
_osplatform
rewind
abs
_strnicmp
_strupr
_wfindnexti64
__CxxExceptionFilter
_ultoa

msvcrt40

?setmode@fstream@@QAEHH@Z
iswgraph
??6ostream@@QAEAAV0@I@Z
??0__non_rtti_object@@QAE@ABV0@@Z
vsprintf
_wfdopen
gmtime
?is_open@filebuf@@QBEHXZ
??_Gstdiostream@@UAEPAXI@Z
puts
??0fstream@@QAE@XZ
?rdbuf@ostrstream@@QBEPAVstrstreambuf@@XZ
_mbsicoll
__p___mb_cur_max
??0streambuf@@IAE@XZ
isalnum
_mkdir
wctomb
??1__non_rtti_object@@UAE@XZ
_findclose
_mbstok
fflush
??0iostream@@QAE@PAVstreambuf@@@Z
_setmbcp
?ignore@istream@@QAEAAV1@HH@Z
_msize
__getmainargs
scanf
__p__acmdln
??5istream@@QAEAAV0@AAK@Z
_wstat
cos

msdart

?GetDefaultSpinCount@CFakeLock@@SGGXZ
?SetDefaultSpinAdjustmentFactor@CReaderWriterLock3@@SGXN@Z
MPInitializeCriticalSectionAndSpinCount
?sm_wDefaultSpinCount@CReaderWriterLock@@1GA
mpRealloc
?ReadLock@CLKRLinearHashTable@@QBEXXZ
?ConvertSharedToExclusive@CReaderWriterLock@@QAEXXZ
?IsReadUnlocked@CSpinLock@@QBE_NXZ
?Size@CLKRHashTable@@QBEKXZ
??1CDoubleList@@QAE@XZ
?IsReadUnlocked@CLKRLinearHashTable@@QBE_NXZ
??0CSmallSpinLock@@QAE@XZ
??1CLockedSingleList@@QAE@XZ
??1CLockedDoubleList@@QAE@XZ
?DeleteIf@CLKRHashTable@@QAEKP6G?AW4LK_PREDICATE@@PBXPAX@Z1@Z
?GetDefaultSpinCount@CSpinLock@@SGGXZ
?sm_dblDfltSpinAdjFctr@CSmallSpinLock@@1NA
?Pop@CLockedSingleList@@QAEQAVCSingleListEntry@@XZ
?WriteUnlock@CReaderWriterLock@@QAEXXZ
?IsReadUnlocked@CFakeLock@@QBE_NXZ
?Unlock@CLockedDoubleList@@QAEXXZ
?IsEmpty@CLockedDoubleList@@QBE_NXZ
??1CFakeLock@@QAE@XZ
?_ReadLockSpin@CReaderWriterLock2@@AAEXXZ
?NumSubTables@CLKRHashTable@@QBEHXZ
?SetDefaultSpinAdjustmentFactor@CSmallSpinLock@@SGXN@Z
MpHeapAlloc
?_ReadOrWriteUnlock@CLKRLinearHashTable@@ABEX_N@Z
?sm_wDefaultSpinCount@CReaderWriterLock2@@1GA
?IsWriteLocked@CCritSec@@QBE_NXZ
?ReadLock@CSpinLock@@QAEXXZ
??4CSmallSpinLock@@QAEAAV0@ABV0@@Z
?_LockSpin@CReaderWriterLock2@@AAEX_N@Z
?WriteUnlock@CReaderWriterLock2@@QAEXXZ
?_CmpExch@CReaderWriterLock2@@AAE_NJJ@Z

kernel32

EnumDateFormatsExW
GlobalAddAtomW
IsValidCodePage
ReadConsoleOutputCharacterA
DnsHostnameToComputerNameW
GetProcessHeap
FindFirstFileW
GetCompressedFileSizeA
OpenProcess
EndUpdateResourceA
GetSystemWow64DirectoryA
VirtualAlloc
SetFileShortNameA
VerifyVersionInfoW
WriteConsoleInputW
GetConsoleAliasesLengthW
SetProcessAffinityMask
LeaveCriticalSection
AddConsoleAliasA
Beep
GetProfileIntW
CreateEventA
GlobalMemoryStatusEx
WriteConsoleOutputCharacterW
GetThreadSelectorEntry
LoadLibraryA
CompareStringA
SetTimerQueueTimer
lstrcpyW
GetBinaryTypeA
LZCloseFile
EnumLanguageGroupLocalesA
ExpandEnvironmentStringsA
CreateFiber
EnterCriticalSection
GetWindowsDirectoryA
FillConsoleOutputCharacterA
lstrcmpA
GetCurrentActCtx
BeginUpdateResourceA
DeleteCriticalSection
FindResourceExW
FindAtomW
SetHandleCount
GetConsoleKeyboardLayoutNameA
GlobalGetAtomNameW
GetConsoleAliasW
_llseek

iernonce

InitCallback
RunOnceExProcess

shell32

SHGetMalloc

user32

MessageBoxA
EndDialog

Sections

.text
Size: 73KB - Virtual size: 73KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 235KB - Virtual size: 235KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 550KB - Virtual size: 1.9MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 984B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

9f1b5d8deb05095138ac631464f5f1c8

Headers

DLL Characteristics

File Characteristics

Imports

shlwapi

winipsec

msvcrt

msvcrt40

msdart

kernel32

iernonce

shell32

user32

Sections

.text Size: 73KB - Virtual size: 73KB

.rdata Size: 235KB - Virtual size: 235KB

.data Size: 550KB - Virtual size: 1.9MB

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 1024B - Virtual size: 984B

.text
Size: 73KB - Virtual size: 73KB

.rdata
Size: 235KB - Virtual size: 235KB

.data
Size: 550KB - Virtual size: 1.9MB

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 1024B - Virtual size: 984B