ab3e623162d47111e262dc41fd8709b3

Sharing

Copy URL Twitter E-mail

General

Target

ab3e623162d47111e262dc41fd8709b3
Size

436KB
MD5

ab3e623162d47111e262dc41fd8709b3
SHA1

38a1a490dde13054f5e317777af709c727793ef0
SHA256

d3eddd4dc6dc004eb88e26cec7c2a4609e434a2f1b6861df91f45c6b9164e8c8
SHA512

89b6dec7e71d9c452973f6f9543445e7c1e1d1ade98247c52d1b478b64065b04bc76cf1256a915e68d1c51c92be8c04dfee3675e2ee19adcc6a5635a4b9e297a
SSDEEP

12288:DSF33j413hmLB509duSXaN69MDLY3g/vmtSS:ADVT0KSXAdDaoASS

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
ab3e623162d47111e262dc41fd8709b3

Files

ab3e623162d47111e262dc41fd8709b3
.dll windows:5 windows

a99c5d6e1937ee48b70ee5a878e90a51

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GlobalLock
GlobalMemoryStatusEx
HeapAlloc
HeapCreate
HeapDestroy
HeapFree
HeapReAlloc
HeapSize
InitializeCriticalSection
InterlockedCompareExchange
InterlockedDecrement
InterlockedExchange
InterlockedIncrement
IsDBCSLeadByte
IsDebuggerPresent
IsProcessorFeaturePresent
IsValidCodePage
LCMapStringA
LCMapStringW
LeaveCriticalSection
LoadLibraryA
LoadLibraryExA
LoadResource
LocalFlags
MapViewOfFile
MultiByteToWideChar
OpenProcess
OutputDebugStringA
Process32First
Process32Next
PulseEvent
QueryPerformanceCounter
RaiseException
GetVersionExA
ReleaseSemaphore
RtlMoveMemory
RtlUnwind
SetEndOfFile
SetFilePointer
SetHandleCount
SetLastError
SetMessageWaitingIndicator
SetStdHandle
SetUnhandledExceptionFilter
SizeofResource
Sleep
TerminateProcess
TlsAlloc
TlsFree
TlsGetValue
TlsSetValue
UnhandledExceptionFilter
UnmapViewOfFile
VerSetConditionMask
VirtualAlloc
VirtualFree
VirtualProtect
VirtualQuery
WaitForSingleObject
WideCharToMultiByte
WriteConsoleA
WriteConsoleW
WriteFile
lstrcmpiA
lstrlenA
lstrlenW
GetVersion
GetTickCount
GetThreadLocale
GetSystemTimeAsFileTime
GetSystemInfo
GetSystemDirectoryA
GetSystemDefaultLangID
GetStringTypeW
GetStringTypeA
GetStdHandle
GetStartupInfoA
GetProcessHeap
GetOEMCP
GetModuleFileNameA
GetMailslotInfo
GetLocaleInfoA
GetLastError
GetModuleHandleA
GetFileType
GetFileSize
GetEnvironmentStringsW
GetEnvironmentStrings
GetCurrentThreadId
GetCurrentProcessId
GetCurrentProcess
GetCurrencyFormatW
GetConsoleOutputCP
GetConsoleMode
GetConsoleDisplayMode
GetConsoleCP
GetCompressedFileSizeW
GetCommandLineA
GetCalendarInfoW
GetCPInfo
GetACP
FreeLibrary
FreeEnvironmentStringsW
FreeEnvironmentStringsA
FlushInstructionCache
FlushFileBuffers
FindResourceA
FindNextVolumeMountPointA
ExitProcess
EnterCriticalSection
DeleteFileW
DeleteCriticalSection
DebugBreak
DebugActiveProcess
CreateToolhelp32Snapshot
CreateTimerQueue
CreateRemoteThread
CreateFileMappingA
CreateFileA
CreateDirectoryW
CompareStringA
CloseHandle
ChangeTimerQueueTimer
BuildCommDCBAndTimeoutsA
AreFileApisANSI
LoadLibraryW
GetProcAddress
ReadFile

user32

UpdateWindow
WINNLSEnableIME
SendMessageA
ScrollWindowEx
ScreenToClient
ReleaseDC
ReleaseCapture
RegisterHotKey
PtInRect
PostQuitMessage
PeekMessageA
OffsetRect
MessageBoxA
MapWindowPoints
LoadStringA
LoadImageA
LoadCursorA
IsWindowEnabled
IsWindow
IsDialogMessageA
InvalidateRect
GetWindowTextLengthA
GetWindowTextA
GetWindowRect
GetWindowLongA
GetWindow
GetUpdateRgn
GetSystemMetrics
GetSysColor
GetQueueStatus
UnregisterClassA
GetMessageA
GetKeyboardLayoutList
GetKeyState
GetFocus
GetDlgItemTextA
GetDlgItem
GetDlgCtrlID
GetDC
GetCursorPos
GetClientRect
GetClassNameA
GetClassInfoA
GetCapture
FindWindowA
FillRect
EndPaint
EnableWindow
DrawTextA
DrawFocusRect
DispatchMessageA
DestroyWindow
DefWindowProcA
DdeConnectList
CreateWindowExA
CreateDialogParamA
CopyAcceleratorTableA
CharUpperA
CharNextA
CallWindowProcA
BroadcastSystemMessageW
TranslateMessage
ToUnicodeEx
SystemParametersInfoA
ShowWindow
SetWindowTextA
SetWindowPos
SetWindowLongA
SetRectEmpty
SetForegroundWindow
LoadIconW
BeginPaint
SetFocus
SetDlgItemTextA
SetDlgItemInt
SetCursor
GetParent
SetCapture
ExitWindowsEx

gdi32

CreateSolidBrush
GetColorSpace
AbortPath
GdiFlush
CreateMetaFileA
CreatePatternBrush
AbortDoc
GetDCBrushColor
CreateHalftonePalette
GetEnhMetaFileA
BeginPath
FillPath
DeleteMetaFile
DeleteColorSpace
GetEnhMetaFileW
CloseFigure
CopyMetaFileA
CreateFontIndirectA
GdiConvertFont
GdiGetPageCount
GetObjectA
GetStockObject
SelectObject
SetBkMode
SetTextColor
DeleteEnhMetaFile
EndDoc
EndPage
FlattenPath
DeleteDC
EndPath
CreateMetaFileW
CloseMetaFile
GetDCPenColor
DeleteObject
GetBkMode
CancelDC
CloseEnhMetaFile
CreateCompatibleDC
GdiGetBatchLimit
AddFontResourceW
AddFontResourceA
GetBkColor

advapi32

RegDeleteValueA
RegOpenKeyW
RegSetValueExA
RegQueryValueExA
RegQueryInfoKeyA
RegOpenKeyExA
RegEnumKeyExA
RegQueryValueExW
RegDeleteKeyA
RegCreateKeyExA
RegCloseKey
OpenProcessToken
LookupPrivilegeValueA
AdjustTokenPrivileges

shell32

DragQueryFileA
ShellExecuteExW
ShellExecuteA
SHGetIconOverlayIndexW
FindExecutableW
CommandLineToArgvW
ShellHookProc
ExtractAssociatedIconExW

ole32

CoTaskMemRealloc
CoTaskMemFree
CoTaskMemAlloc
CoInitialize
CoCreateInstance
CoUninitialize

shlwapi

StrStrIA
StrRStrIW
StrRChrW
PathFileExistsA
StrChrA

comctl32

InitCommonControlsEx
_TrackMouseEvent

Sections

.text
Size: 408KB - Virtual size: 407KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 17KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

a99c5d6e1937ee48b70ee5a878e90a51

Headers

File Characteristics

Imports

kernel32

user32

gdi32

advapi32

shell32

ole32

shlwapi

comctl32

Sections

.text Size: 408KB - Virtual size: 407KB

.rdata Size: 17KB - Virtual size: 16KB

.data Size: 2KB - Virtual size: 2KB

.rsrc Size: 2KB - Virtual size: 1KB

.reloc Size: 5KB - Virtual size: 5KB

.text
Size: 408KB - Virtual size: 407KB

.rdata
Size: 17KB - Virtual size: 16KB

.data
Size: 2KB - Virtual size: 2KB

.rsrc
Size: 2KB - Virtual size: 1KB

.reloc
Size: 5KB - Virtual size: 5KB