ab1390d802931248bd712fc5028442fa

Sharing

Copy URL Twitter E-mail

General

Target

ab1390d802931248bd712fc5028442fa
Size

520KB
MD5

ab1390d802931248bd712fc5028442fa
SHA1

4ac853bffac2c814527991241934dfc2589aabc9
SHA256

19db217ac4246414f6106aeb50077cb5e2a7030ab89e5b0376da0632814f5c71
SHA512

dc38510c6ff70034b7610174d1907d6ad155e49ad19e6b28041dbd4417291e3e801d4673f2f0bf53fda06eb743145ced4da4c1f1e6f0ef64ac581402fb5ea8b3
SSDEEP

12288:q/mW1oGVX3+fw8EtneGgea77qWg1QdJmWCv:CmW3lvZaCkLCv

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
ab1390d802931248bd712fc5028442fa

Files

ab1390d802931248bd712fc5028442fa
.exe windows:4 windows x86 arch:x86

0e1c02e01a388fcb1054b8c1d8058512

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

PDB Paths

f:\nwqeeyppst.pdb

Imports

kernel32

GetModuleFileNameA
GetEnvironmentVariableA
GetVersionExA
GetACP
GetStartupInfoW
GetTickCount
GetEnvironmentStringsW
GetStartupInfoA
HeapAlloc
DeleteCriticalSection
TlsSetValue
CompareStringW
ReadFile
FreeEnvironmentStringsW
GetModuleFileNameW
GetFileSize
GetCommandLineW
RtlUnwind
VirtualFree
HeapCreate
VirtualProtect
GetCurrentProcess
SetHandleCount
GetStringTypeA
VirtualAlloc
SetConsoleOutputCP
HeapReAlloc
GetCPInfo
GetVolumeInformationW
CloseHandle
SetFilePointer
GetCurrentThreadId
WideCharToMultiByte
LeaveCriticalSection
GetLocaleInfoW
SetStdHandle
CreateWaitableTimerA
LoadLibraryA
TlsAlloc
QueryPerformanceCounter
GetModuleHandleA
SetEnvironmentVariableA
GetTimeZoneInformation
IsValidCodePage
EnumSystemLocalesA
GetLastError
TerminateProcess
LCMapStringA
FlushFileBuffers
FreeEnvironmentStringsA
GetCommandLineA
HeapFree
GetSystemTimeAsFileTime
GetOEMCP
GetFileType
GetUserDefaultLCID
GetCurrentThread
MapViewOfFile
InterlockedExchange
LoadLibraryW
HeapDestroy
GetProcAddress
WriteFile
GetSystemInfo
EnterCriticalSection
GetPrivateProfileSectionA
GetEnvironmentStrings
TlsGetValue
IsValidLocale
TlsFree
CreateMutexA
GetDateFormatA
LCMapStringW
GetStringTypeW
GetLocaleInfoA
OpenMutexA
VirtualQuery
GetTimeFormatA
ExitProcess
GetCurrentProcessId
CompareStringA
SetLastError
InitializeCriticalSection
MultiByteToWideChar
GetStdHandle
GlobalUnfix
HeapSize
IsBadWritePtr
SetEndOfFile
UnhandledExceptionFilter

comdlg32

ReplaceTextW
GetSaveFileNameA
GetFileTitleW

comctl32

InitCommonControlsEx

advapi32

LookupAccountSidW
StartServiceA
LookupPrivilegeNameA
DuplicateToken
AbortSystemShutdownW
RegEnumKeyA
CryptHashData
CryptAcquireContextA
RegReplaceKeyA
InitializeSecurityDescriptor
LookupPrivilegeValueW
LookupAccountNameA
CryptSignHashW
CryptCreateHash
RegQueryValueA
CryptContextAddRef

user32

SetPropW
GetInputState
DlgDirSelectComboBoxExW
MapDialogRect
SetWindowLongW
SetWindowRgn
RemovePropA
RegisterClassExA
DrawMenuBar
SetWindowPos
DlgDirSelectExW
CreateDialogParamA
GetSysColor
WINNLSGetIMEHotkey
DdeGetData
SendNotifyMessageW
RegisterClassA
RegisterDeviceNotificationA
WinHelpW
RegisterClipboardFormatA

shell32

RealShellExecuteW

gdi32

GetBitmapBits
RectVisible
GetOutlineTextMetricsW
CreateICA
GetFontLanguageInfo
GetBitmapDimensionEx
CreateDCW
CreateSolidBrush
RealizePalette
MaskBlt
PolyBezierTo
EndPage
RestoreDC
GetCharABCWidthsFloatA
GetDIBits
CreateCompatibleDC
gdiPlaySpoolStream
SetROP2
GetBkColor
CopyEnhMetaFileW

Sections

.text
Size: 338KB - Virtual size: 338KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 58KB - Virtual size: 69KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 107KB - Virtual size: 106KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 15KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

0e1c02e01a388fcb1054b8c1d8058512

Headers

File Characteristics

PDB Paths

Imports

kernel32

comdlg32

comctl32

advapi32

user32

shell32

gdi32

Sections

.text Size: 338KB - Virtual size: 338KB

.rdata Size: 58KB - Virtual size: 69KB

.data Size: 107KB - Virtual size: 106KB

.rsrc Size: 15KB - Virtual size: 15KB

.text
Size: 338KB - Virtual size: 338KB

.rdata
Size: 58KB - Virtual size: 69KB

.data
Size: 107KB - Virtual size: 106KB

.rsrc
Size: 15KB - Virtual size: 15KB