ac8ab33003d1ca3ea52d281156d67ddb

Sharing

Copy URL

Twitter E-mail

General

Target

ac8ab33003d1ca3ea52d281156d67ddb
Size

408KB
MD5

ac8ab33003d1ca3ea52d281156d67ddb
SHA1

4026dccad6f15b69891c50f0e50ddd056168bfa1
SHA256

92c3b1351081a547a9b013376296c1cc94c8d49b2e92569b21e6428be4894c31
SHA512

a3952f9ac5d5bc7921fc2fdf04a493799c981658425645c8f970bbeed5a15a7ae0f9660c489386aa7abd9d3cb9295cf15a52d13f7c98c34bf774a3c8c9a50374
SSDEEP

12288:bRMjoxWGt6dwVa3OkFcJ6tKaqVRkH1Dxc:bpxWGt0wVgOJpI9a

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
ac8ab33003d1ca3ea52d281156d67ddb

Files

ac8ab33003d1ca3ea52d281156d67ddb
.exe windows:5 windows x86 arch:x86

72f30d80f3599fc5fcf9559093271c10

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

shlwapi

StrStrA
StrChrA
PathFileExistsA
StrNCatA
StrToIntA
StrStrIA
wnsprintfA

rpcrt4

UuidToStringA
UuidCreate

version

VerQueryValueA
GetFileVersionInfoSizeA
GetFileVersionInfoA

kernel32

FreeLibrary
GetCurrentProcess
GetProcAddress
LoadLibraryA
DeleteFileA
GetPrivateProfileStringA
WritePrivateProfileStringA
GetComputerNameA
GetVolumeInformationA
CreateThread
HeapAlloc
GetLocalTime
GetVersionExA
lstrcpyA
GetTickCount
GlobalMemoryStatusEx
GetDiskFreeSpaceExA
ExpandEnvironmentStringsA
LocalFree
MoveFileExA
lstrcatA
SetCurrentDirectoryA
GetModuleFileNameA
GetCurrentDirectoryA
GetTempPathA
GetFileAttributesA
GetFileSize
WaitForSingleObject
ReadFile
CreateDirectoryA
ExitProcess
CreateMutexA
MultiByteToWideChar
LocalAlloc
GetModuleHandleA
GetCurrentProcessId
GetFullPathNameA
DosDateTimeToFileTime
SetFileTime
GetFileTime
LocalFileTimeToFileTime
Process32First
SetStdHandle
InitializeCriticalSectionAndSpinCount
GetStdHandle
SetHandleCount
VirtualAlloc
WriteFile
DeleteCriticalSection
VirtualFree
HeapCreate
LCMapStringW
LCMapStringA
IsValidCodePage
GetOEMCP
GetACP
GetCPInfo
GetCurrentThreadId
SetLastError
InterlockedIncrement
TlsFree
TlsSetValue
TlsAlloc
TlsGetValue
RtlUnwind
RaiseException
GetStartupInfoA
GetCommandLineA
GetFileType
GetModuleHandleW
LeaveCriticalSection
EnterCriticalSection
HeapReAlloc
GetSystemTimeAsFileTime
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
InterlockedDecrement
lstrcpynA
MapViewOfFile
GetProcessHeap
HeapFree
GetConsoleCP
GetConsoleMode
GetLocaleInfoA
FlushFileBuffers
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
SetFilePointer
SetEndOfFile
FreeEnvironmentStringsA
GetEnvironmentStrings
OpenMutexA
CreateFileA
lstrlenA
lstrcmpA
lstrcmpiA
TerminateProcess
CreateProcessA
GetExitCodeProcess
Sleep
OpenProcess
OpenFileMappingA
CloseHandle
CreateToolhelp32Snapshot
CreateFileMappingA
Process32Next
GetLastError
WideCharToMultiByte
FreeEnvironmentStringsW
GetEnvironmentStringsW
QueryPerformanceCounter
HeapSize
GetStringTypeA
GetStringTypeW

user32

RedrawWindow
GetWindowTextLengthA
IsDlgButtonChecked
CheckRadioButton
EnableWindow
FillRect
SetWindowTextA
GetUserObjectSecurity
GetWindowThreadProcessId
GetShellWindow
GetWindowDC
DrawFocusRect
GetDlgCtrlID
SetCursor
SetFocus
EndPaint
GetKeyState
GetFocus
LoadBitmapA
GetParent
IsWindowEnabled
BeginPaint
GetDC
DrawEdge
SetWindowLongA
InvalidateRect
ReleaseDC
PostMessageA
UpdateWindow
DestroyWindow
keybd_event
GetMessageA
GetWindowRect
RegisterClassExA
PostQuitMessage
LoadIconA
GetClientRect
SendMessageA
IsDialogMessageA
TranslateMessage
MapVirtualKeyA
MessageBoxA
GetWindowLongA
CreateWindowExA
DefWindowProcA
SetWindowPos
ShowWindow
DispatchMessageA
SystemParametersInfoA
LoadCursorA
FindWindowA
DrawTextA
MoveWindow
PeekMessageA
ExitWindowsEx
EnumWindows
GetClassNameA
GetWindowTextA
GetDlgItem

gdi32

CreateSolidBrush
BitBlt
SetTextColor
DeleteDC
CreateFontA
SetBkMode
DeleteObject
SetBkColor
CreateCompatibleDC
GetTextExtentPointA
GetObjectA
GetStockObject
TextOutA
SelectObject
CreateDIBitmap

advapi32

RegDeleteKeyA
AdjustTokenPrivileges
RegOpenKeyExA
RegQueryValueExA
OpenSCManagerA
QueryServiceStatus
CloseServiceHandle
OpenServiceA
SetEntriesInAclA
InitializeSecurityDescriptor
SetSecurityDescriptorDacl
RegOpenKeyA
OpenProcessToken
RegCreateKeyA
RegSetValueExA
IsValidSid
GetSecurityDescriptorOwner
AllocateAndInitializeSid
FreeSid
CheckTokenMembership
ConvertSidToStringSidA
LookupPrivilegeValueA
RegCloseKey

shell32

SHGetFolderPathA
ShellExecuteA

ole32

CoTaskMemAlloc

oleaut32

VariantClear

Sections

.text
Size: 160KB - Virtual size: 159KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 32KB - Virtual size: 31KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 929KB - Virtual size: 940KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.cdata
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 38KB - Virtual size: 38KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 15KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

72f30d80f3599fc5fcf9559093271c10

Headers

DLL Characteristics

File Characteristics

Imports

shlwapi

rpcrt4

version

kernel32

user32

gdi32

advapi32

shell32

ole32

oleaut32

Sections

.text Size: 160KB - Virtual size: 159KB

.rdata Size: 32KB - Virtual size: 31KB

.data Size: 929KB - Virtual size: 940KB

.cdata Size: 5KB - Virtual size: 4KB

.rsrc Size: 38KB - Virtual size: 38KB

.reloc Size: 15KB - Virtual size: 15KB

.text
Size: 160KB - Virtual size: 159KB

.rdata
Size: 32KB - Virtual size: 31KB

.data
Size: 929KB - Virtual size: 940KB

.cdata
Size: 5KB - Virtual size: 4KB

.rsrc
Size: 38KB - Virtual size: 38KB

.reloc
Size: 15KB - Virtual size: 15KB