adf6428896e4a087724400e9ece80863

Sharing

Copy URL Twitter E-mail

General

Target

adf6428896e4a087724400e9ece80863
Size

79KB
MD5

adf6428896e4a087724400e9ece80863
SHA1

cbcf2c2e2c8c7b7cf1a60e25268a2f0c5a1ac04f
SHA256

a2bb2e1fed92925203652494e74707d83c704af8862219bdaee45dc89f84bc41
SHA512

8c6e29ad5242bbe94c8cde1134da56db5e310501c11045a6837337fd81be14ab22ab2f106ff74efe06d46deaf0f569fa0dedeccf55ee6787464a922693c2a2d2
SSDEEP

1536:UKcS0tlJRKAdwjDz9dTrgMqC5d56Ev/VoUC+dxyoLQJTq54gkEFpk:UKB6HRlADpdkC5T6EloURdxyoR30

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
adf6428896e4a087724400e9ece80863

Files

adf6428896e4a087724400e9ece80863
.exe windows:4 windows x86 arch:x86

2c926a059641eb1f6fc5075cb948d056

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

gdi32

GetStockObject
CreateFontIndirectW
DeleteObject
GetDeviceCaps
GetObjectW

ole32

OleInitialize
OleUninitialize
CoTaskMemFree

crypt32

CryptFormatObject

usp10

ScriptGetProperties

shlwapi

PathCombineW
PathAppendW
PathBuildRootW
PathFileExistsW
StrStrIW
StrChrW
StrRChrW
PathAddBackslashW
PathRemoveFileSpecW

advapi32

AllocateAndInitializeSid
RegDeleteValueW
FreeSid
AdjustTokenPrivileges
RegOpenKeyExW
RegEnumKeyW
LookupPrivilegeValueW
RegQueryValueExA
RegLoadKeyW
RegFlushKey
RegSaveKeyW
RegEnumValueW
RegCreateKeyExW
RegCloseKey
EqualSid
OpenProcessToken
RegDeleteKeyW
RegOpenKeyExA
RegQueryValueExW
RegQueryInfoKeyW
RegSetValueW
GetTokenInformation
RegUnLoadKeyW
RegSetValueExW

kernel32

RtlUnwind
FreeLibrary
lstrcmpiA
lstrlenA
WriteFile
CreateDirectoryW
FindResourceExW
GetSystemInfo
GetSystemDirectoryW
WideCharToMultiByte
GetModuleFileNameW
GetSystemTimeAsFileTime
ExpandEnvironmentStringsW
GetPrivateProfileIntW
SetFilePointer
SetLastError
GetVolumeInformationW
CloseHandle
GetProcAddress
MapViewOfFileEx
GetVersionExW
CopyFileW
lstrlenW
GetEnvironmentVariableW
QueryPerformanceCounter
TerminateProcess
FindClose
GetCurrentThreadId
WritePrivateProfileStringW
GetDiskFreeSpaceW
GetLastError
GetShortPathNameW
SetFileAttributesW
lstrcmpW
MulDiv
Sleep
GetTempFileNameW
WritePrivateProfileSectionW
GetCurrentProcess
CompareStringW
GetTickCount
EnumResourceLanguagesW
LocalReAlloc
GetProcessHeap
GetDriveTypeW
HeapAlloc
FindFirstFileW
DisableThreadLibraryCalls
LoadLibraryW
GetFullPathNameW
GetWindowsDirectoryW
InterlockedExchange
RemoveDirectoryW
GetFileAttributesW
lstrcmpiW
CreateFileMappingW
SizeofResource
GetFileTime
FormatMessageW
VirtualAlloc
SetUnhandledExceptionFilter
CreateProcessW
GetLocaleInfoW
GetProfileStringW
MultiByteToWideChar
GetLocalTime
MapViewOfFile
HeapFree
LoadLibraryExW
InterlockedCompareExchange
SetFileTime
GetPrivateProfileStringW
GetUserDefaultUILanguage
LoadResource
LocalAlloc
GetTempPathW
LockResource
FindNextFileW
AttachConsole
FindResourceW
MoveFileExW
ReadFile
GetCurrentProcessId
DeleteFileW
UnmapViewOfFile
MoveFileW
GetPrivateProfileSectionW
GetSystemDefaultUILanguage
SearchPathW
UnhandledExceptionFilter
GetFileSize

setupapi

SetupFindFirstLineW
SetupGetLineTextW
SetupOpenInfFileW
SetupCommitFileQueueW
SetupOpenFileQueue
SetupGetStringFieldW
SetupInitDefaultQueueCallbackEx
SetupTermDefaultQueueCallback
SetupOpenAppendInfFileW
SetupSetDirectoryIdW
SetupQueueCopyW
SetupDefaultQueueCallbackW
SetupInstallFromInfSectionW
SetupCloseFileQueue
SetupFindNextLine
SetupCloseInfFile

msvcrt

bsearch
_wtol
memset
memcpy
wcsncmp
longjmp
_vsnwprintf
_adjust_fdiv
memmove
_setjmp3
malloc
_vsnprintf
_wcsicmp
_XcptFilter
_amsg_exit
_initterm
_wcsnicmp
free
_wtoi
_ultow

user32

ExitWindowsEx
MsgWaitForMultipleObjects
GetDlgItemTextW
PeekMessageW
EnableWindow
DispatchMessageW
SetWindowTextW
LoadStringW
DialogBoxParamW
SetDlgItemTextW
GetDC
MessageBeep
CharPrevW
SendMessageW
MessageBoxW
GetDlgItem
DestroyWindow
CharNextA
CreateDialogParamW
CharNextW
UpdateWindow
SetWindowPos
ReleaseDC
ShowWindow
GetSystemMetrics
IsWindow
OemToCharA
GetWindowRect
GetDesktopWindow
SendDlgItemMessageW
CharUpperW
EndDialog

version

VerQueryValueW
GetFileVersionInfoW
GetFileVersionInfoSizeW

Sections

.text
Size: 512B - Virtual size: 432B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 50KB - Virtual size: 50KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 28B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.idata
Size: 7KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: - Virtual size: 656KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 19KB - Virtual size: 19KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

2c926a059641eb1f6fc5075cb948d056

Headers

DLL Characteristics

File Characteristics

Imports

gdi32

ole32

crypt32

usp10

shlwapi

advapi32

kernel32

setupapi

msvcrt

user32

version

Sections

.text Size: 512B - Virtual size: 432B

.rsrc Size: 50KB - Virtual size: 50KB

.reloc Size: 512B - Virtual size: 28B

.idata Size: 7KB - Virtual size: 7KB

.data Size: - Virtual size: 656KB

.rdata Size: 19KB - Virtual size: 19KB

.text
Size: 512B - Virtual size: 432B

.rsrc
Size: 50KB - Virtual size: 50KB

.reloc
Size: 512B - Virtual size: 28B

.idata
Size: 7KB - Virtual size: 7KB

.data
Size: - Virtual size: 656KB

.rdata
Size: 19KB - Virtual size: 19KB