abb50c1fa612a2af7c32ba1d7164bbb8

Sharing

Copy URL Twitter E-mail

General

Target

abb50c1fa612a2af7c32ba1d7164bbb8
Size

665KB
MD5

abb50c1fa612a2af7c32ba1d7164bbb8
SHA1

cade04d98825c046029757d2d293b6d7482b24f1
SHA256

dc934dda8931ea27181c654b72fe42c6170291112ecc6d8a925546a9fb50e821
SHA512

0abc19386a688fd12bb18173e1e2c86699c66fba7330e2cf966ee48bd8db5a178d6de4e16bcc0bf33c1889004dbcaa2a342c74846e342a59939942f85d902428
SSDEEP

12288:QxxLfnZkIfnrEvxmFtrRMkA8JpbzIXHkrsgFzyn5jGpkFV4:QxxLSIfn4OrR9puEl2Ekv4

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
abb50c1fa612a2af7c32ba1d7164bbb8

Files

abb50c1fa612a2af7c32ba1d7164bbb8
.exe windows:4 windows x86 arch:x86

b61b6f086cbf0f7205aa29341b2a3905

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

PDB Paths

D:\RVBUOCXSIC\ASHPCUTKI\YRCEVBE\

Imports

user32

GetNextDlgGroupItem
RegisterDeviceNotificationW
EmptyClipboard
RegisterClassExA
IsRectEmpty
GetMenuItemID
DialogBoxIndirectParamW
LoadImageW
IsDialogMessageW
DefMDIChildProcW
ExitWindowsEx
CharLowerW
SendNotifyMessageA
RegisterClassExW
RegisterClassA
SetDlgItemTextA
LoadBitmapW
TabbedTextOutW
DrawTextExA
UnregisterDeviceNotification
GetSystemMenu

comdlg32

PageSetupDlgA
ChooseFontA
ReplaceTextA

advapi32

CreateServiceW
RegEnumKeyExW
ReportEventW
DuplicateTokenEx
RegSetValueExW
CryptEnumProvidersW
RegFlushKey
CryptGetDefaultProviderA
RegLoadKeyW
CryptDuplicateKey
RegOpenKeyW
RegCloseKey
RegQueryMultipleValuesW
CreateServiceA
CryptSetHashParam
RegCreateKeyW
CryptSetProviderExA
RegEnumValueW
CryptGetUserKey
AbortSystemShutdownW
RegOpenKeyExA
RegDeleteKeyA
CryptEncrypt
InitiateSystemShutdownW
CryptGetKeyParam

kernel32

OpenMutexA
GetLocaleInfoW
GetFileType
GetEnvironmentStrings
OpenSemaphoreW
HeapCreate
GetStringTypeA
GetConsoleTitleW
IsValidCodePage
ResetEvent
UnhandledExceptionFilter
GetStartupInfoW
GetStartupInfoA
GetTempFileNameA
DeleteCriticalSection
GetProcessHeap
GlobalUnlock
GetConsoleMode
TlsGetValue
ReadFile
EnterCriticalSection
IsValidLocale
GetDiskFreeSpaceW
GetEnvironmentStringsW
CompareStringA
VirtualQuery
GetUserDefaultLCID
GetCurrentProcessId
GetCommandLineW
WriteConsoleA
GetDateFormatA
UnlockFile
FlushFileBuffers
GetTimeFormatA
InterlockedIncrement
ExitProcess
GetModuleHandleA
VirtualAlloc
GetCommandLineA
GetTimeZoneInformation
TlsFree
GetStringTypeW
GetCurrentProcess
GetConsoleCP
ConnectNamedPipe
LCMapStringA
GetLocaleInfoA
WriteConsoleW
EnumSystemLocalesA
CreateFileA
MultiByteToWideChar
InterlockedExchange
InitializeCriticalSection
HeapSize
VirtualFree
GetConsoleOutputCP
CreateMutexA
HeapAlloc
GetStdHandle
TlsSetValue
CreateMutexW
FillConsoleOutputCharacterW
TerminateProcess
HeapReAlloc
FreeLibrary
InterlockedDecrement
SetStdHandle
GetCurrentThread
WriteFile
GetCPInfo
GetVersionExA
LeaveCriticalSection
HeapFree
WideCharToMultiByte
CloseHandle
GetModuleFileNameW
TlsAlloc
SetFilePointer
GetCurrentThreadId
IsDebuggerPresent
GetCompressedFileSizeW
SetUnhandledExceptionFilter
SetHandleCount
RtlUnwind
GetACP
GetProcAddress
CompareStringW
FileTimeToLocalFileTime
OpenFileMappingA
GetProfileSectionW
QueryPerformanceCounter
HeapDestroy
Sleep
GetSystemTimeAsFileTime
GetTickCount
GetModuleFileNameA
FreeEnvironmentStringsW
GetLastError
SetLastError
GetCompressedFileSizeA
GetOEMCP
FreeEnvironmentStringsA
GlobalGetAtomNameA
LCMapStringW
LoadLibraryA
SetEnvironmentVariableA
SetConsoleCtrlHandler

comctl32

InitCommonControlsEx

wininet

FindNextUrlCacheGroup
InternetDial
DetectAutoProxyUrl
FtpPutFileW
RetrieveUrlCacheEntryFileA

gdi32

RealizePalette
CreateEnhMetaFileA

Sections

.text
Size: 492KB - Virtual size: 491KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 42KB - Virtual size: 64KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 113KB - Virtual size: 112KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 17KB - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

b61b6f086cbf0f7205aa29341b2a3905

Headers

File Characteristics

PDB Paths

Imports

user32

comdlg32

advapi32

kernel32

comctl32

wininet

gdi32

Sections

.text Size: 492KB - Virtual size: 491KB

.rdata Size: 42KB - Virtual size: 64KB

.data Size: 113KB - Virtual size: 112KB

.rsrc Size: 17KB - Virtual size: 17KB

.text
Size: 492KB - Virtual size: 491KB

.rdata
Size: 42KB - Virtual size: 64KB

.data
Size: 113KB - Virtual size: 112KB

.rsrc
Size: 17KB - Virtual size: 17KB