f83142a06280f835dfb732037ade647b1c4d41f7e6551788cec71867cb6067dd

Sharing

Copy URL Twitter E-mail

General

Target

f83142a06280f835dfb732037ade647b1c4d41f7e6551788cec71867cb6067dd
Size

1.3MB
MD5

7a5fead08878f89301e69494ef59f921
SHA1

8d705a4704a5276fc808b9754f53d2c58f333950
SHA256

f83142a06280f835dfb732037ade647b1c4d41f7e6551788cec71867cb6067dd
SHA512

7c6d58036dad9adbc82bc986e8b56428221a9473a287adbac13afb07077817e552c1bac88666c59eab1abaea254f282e7df80fdfbb3d5e1e2422be0924caf6de
SSDEEP

24576:eOZCeVKmeRnkxTHPgm6j9/GiYafLd1+MDg4w+dVazZf0TIo0Re:/ZpVKm2nkxsj9/GiVdAMxVUf0TV0

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
f83142a06280f835dfb732037ade647b1c4d41f7e6551788cec71867cb6067dd

Files

f83142a06280f835dfb732037ade647b1c4d41f7e6551788cec71867cb6067dd
.exe windows:6 windows x86 arch:x86

b827ad451a19dac2325c604861cfe0ad

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

F:\My_Lab\TabExplorer\ExTab_temp\bin\release\uninstall.pdb

Imports

kernel32

InitializeCriticalSection
GetThreadLocale
LoadLibraryExA
VirtualQuery
VirtualProtect
CreateProcessW
VirtualAllocEx
QueueUserAPC
CloseHandle
DeleteFileW
ResumeThread
GetFileAttributesW
ExpandEnvironmentStringsW
WriteProcessMemory
LoadLibraryExW
lstrcmpiW
FreeLibrary
GetProcAddress
FindResourceW
LoadResource
MultiByteToWideChar
LeaveCriticalSection
GetModuleFileNameW
EnterCriticalSection
SizeofResource
GetModuleHandleW
DeleteCriticalSection
DecodePointer
LoadLibraryW
RaiseException
GetLastError
InitializeCriticalSectionEx
GetProcessHeap
SetEnvironmentVariableW
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineA
GetOEMCP
GetACP
IsValidCodePage
GetFileSizeEx
ReadConsoleW
GetTimeZoneInformation
ReadFile
GetCurrentProcess
GetStdHandle
TerminateProcess
WaitForSingleObject
OpenProcess
CreateToolhelp32Snapshot
Process32NextW
Process32FirstW
GetSystemInfo
HeapSetInformation
GetCurrentProcessId
GetSystemTimeAsFileTime
GetTickCount
SetUnhandledExceptionFilter
CreateDirectoryW
SetLastError
WriteFile
SetFilePointer
CreateMutexW
CreateFileW
GetCurrentThreadId
ReleaseMutex
GetModuleHandleA
FormatMessageA
GetCommandLineW
LocalFree
FindNextFileW
FindClose
UnmapViewOfFile
GetVersionExW
LockResource
GetNativeSystemInfo
CreateEventW
lstrcpyW
WideCharToMultiByte
RtlCaptureStackBackTrace
IsDebuggerPresent
InitializeCriticalSectionAndSpinCount
TlsSetValue
Sleep
SetEvent
TlsAlloc
ResetEvent
TlsFree
SuspendThread
TerminateThread
FileTimeToSystemTime
SystemTimeToTzSpecificLocalTime
QueryPerformanceCounter
TlsGetValue
GetQueuedCompletionStatus
PostQueuedCompletionStatus
CreateIoCompletionPort
SetFilePointerEx
FlushFileBuffers
GetUserDefaultLangID
DeviceIoControl
lstrcmpA
GlobalSize
GlobalAlloc
GlobalLock
GlobalUnlock
GetPrivateProfileStringW
SwitchToThread
EncodePointer
CompareStringW
LCMapStringW
GetLocaleInfoW
GetStringTypeW
GetCPInfo
OutputDebugStringW
UnhandledExceptionFilter
IsProcessorFeaturePresent
WaitForSingleObjectEx
GetStartupInfoW
InitializeSListHead
RtlUnwind
FindFirstFileExW
ExitProcess
GetModuleHandleExW
SetStdHandle
GetFileType
GetConsoleCP
GetConsoleMode
WriteConsoleW
HeapAlloc
HeapFree
HeapSize
HeapReAlloc
IsValidLocale
GetUserDefaultLCID
EnumSystemLocalesW

user32

RegisterClipboardFormatW
GetKeyState
IsChild
GetActiveWindow
WindowFromPoint
GetWindowRect
EnableWindow
GetWindowRgn
EndPaint
IsIconic
GetAncestor
InvalidateRect
SetForegroundWindow
ReleaseCapture
GetParent
EnableMenuItem
SetRect
UpdateLayeredWindow
IsZoomed
GetClientRect
SetCursor
GetWindowDC
SetCapture
GetUpdateRect
SetFocus
IntersectRect
SetLayeredWindowAttributes
IsRectEmpty
IsWindowEnabled
GetForegroundWindow
TrackMouseEvent
ValidateRect
SetWindowPlacement
MapWindowPoints
ClientToScreen
GetMonitorInfoW
DestroyIcon
RedrawWindow
GetCapture
OffsetRect
ShowWindow
GetWindowPlacement
NotifyWinEvent
SetWindowTextW
UnionRect
SetWindowRgn
EnumChildWindows
MonitorFromWindow
MonitorFromRect
IsWindowVisible
GetFocus
GetWindow
GetSystemMenu
MonitorFromPoint
GetWindowInfo
TrackPopupMenu
AdjustWindowRectEx
SetRectEmpty
MapVirtualKeyW
GetWindowTextW
SystemParametersInfoW
SetWindowLongW
UnregisterClassW
MessageBoxW
LoadStringW
GetClassNameW
InflateRect
InvertRect
FrameRect
DrawFocusRect
GetSysColorBrush
SetWindowPos
DrawEdge
DrawFrameControl
BeginPaint
FillRect
DrawTextW
GetGuiResources
EnumWindows
CreateWindowExW
PostMessageW
GetWindowLongW
CharNextW
DefWindowProcW
ScreenToClient
GetCursorPos
GetSystemMetrics
GetSysColor
IsWindow
LoadCursorW
GetDC
CreateIconIndirect
ReleaseDC
DestroyWindow
WaitMessage
RegisterClassExW
DispatchMessageW
SetTimer
PeekMessageW
MsgWaitForMultipleObjectsEx
CallMsgFilterW
GetQueueStatus
TranslateMessage
KillTimer
PostQuitMessage
GetWindowThreadProcessId
SendMessageW

advapi32

RegCloseKey
RegQueryInfoKeyW
RegDeleteKeyW
RegCreateKeyExW
RegEnumKeyExW
RegSetValueExW
RegOpenKeyExW
RegDeleteValueW
RegQueryValueExW

shell32

SHFileOperationW
DragFinish
SHAppBarMessage
ShellExecuteA
SHGetSpecialFolderPathW
DragQueryFileW
ShellExecuteW
CommandLineToArgvW

ole32

CoCreateInstance
OleInitialize
OleUninitialize
CoInitialize
CoTaskMemRealloc
DoDragDrop
RevokeDragDrop
CoTaskMemFree
ReleaseStgMedium
OleDuplicateData
RegisterDragDrop
CoTaskMemAlloc

oleaut32

VarUI4FromStr
VariantClear
SysAllocString
SysFreeString
SysStringLen
LoadTypeLi
LoadRegTypeLi

shlwapi

UrlCreateFromPathW
PathFindFileNameW
SHDeleteValueW
SHDeleteKeyW
PathFileExistsW
PathRemoveExtensionW
PathIsUNCA
PathFileExistsA
PathIsUNCW
PathFindExtensionW
UrlCreateFromPathA
SHGetValueW
PathAppendW
SHSetValueW

version

VerQueryValueW
GetFileVersionInfoSizeW
GetFileVersionInfoW

dbghelp

SymFromAddr
SymSetOptions
SymGetLineFromAddr64
SymInitialize

wininet

InternetQueryOptionW
InternetOpenW
HttpQueryInfoW
InternetCrackUrlW
HttpOpenRequestW
InternetCloseHandle
InternetConnectW
InternetSetOptionW
InternetReadFile
HttpAddRequestHeadersW
HttpQueryInfoA
HttpAddRequestHeadersA
HttpSendRequestW

winmm

timeBeginPeriod
timeEndPeriod
timeGetTime

netapi32

Netbios

oleacc

AccessibleObjectFromWindow
LresultFromObject

msimg32

AlphaBlend

gdi32

GetTextMetricsW
SetMapMode
GetObjectW
CreateRectRgnIndirect
EqualRgn
CreateRectRgn
ExcludeClipRect
CreateFontIndirectW
GetRgnBox
CreateCompatibleBitmap
GetDeviceCaps
GetTextExtentPoint32W
CreatePolygonRgn
StretchBlt
SaveDC
GetStockObject
RestoreDC
CreateSolidBrush
PtInRegion
SelectObject
CreateDIBSection
CreateCompatibleDC
DeleteDC
DeleteObject
BitBlt
IntersectClipRect
GetFontData
GetGlyphIndicesW
GetGlyphOutlineW
GetOutlineTextMetricsW
SetTextAlign
ExtTextOutW
CreateBitmap
GdiAlphaBlend
GdiFlush
SetBrushOrgEx
SetGraphicsMode
AbortPath
BeginPath
PolyBezier
PathToRegion
SetPolyFillMode
SetTextColor
EndPath
SetBkMode
SelectClipRgn
SetArcDirection
SetDCBrushColor
SetBkColor
SetStretchBltMode
SetROP2
SetDCPenColor
SetWorldTransform

psapi

GetProcessMemoryInfo

usp10

ScriptItemize
ScriptFreeCache
ScriptShape

Sections

.text
Size: 948KB - Virtual size: 948KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 215KB - Virtual size: 215KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 14KB - Virtual size: 39KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 132KB - Virtual size: 132KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

b827ad451a19dac2325c604861cfe0ad

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

user32

advapi32

shell32

ole32

oleaut32

shlwapi

version

dbghelp

wininet

winmm

netapi32

oleacc

msimg32

gdi32

psapi

usp10

Sections

.text Size: 948KB - Virtual size: 948KB

.rdata Size: 215KB - Virtual size: 215KB

.data Size: 14KB - Virtual size: 39KB

.rsrc Size: 132KB - Virtual size: 132KB

.text
Size: 948KB - Virtual size: 948KB

.rdata
Size: 215KB - Virtual size: 215KB

.data
Size: 14KB - Virtual size: 39KB

.rsrc
Size: 132KB - Virtual size: 132KB