ae2635114829eb0aae2b46af4df3afd1

Sharing

Copy URL

Twitter E-mail

General

Target

ae2635114829eb0aae2b46af4df3afd1
Size

174KB
MD5

ae2635114829eb0aae2b46af4df3afd1
SHA1

e218ea9a073f8847e893b85ccf02bb7efb63695b
SHA256

2a131c51ef508ee97bed81ab1f8d6724e9c204e9e7f3a4b582a6d166566becf9
SHA512

1fa171ceb6260e4c86d78f801b59d3ed7dbdb97c6b947a0d2cd6b07a32912ccb0b4fcd10667d64dc8a8af288e28081924c03c3384e597cc7dcde6867399e331f
SSDEEP

3072:W30pKrjCTJ6NhBicoaeFTorbwn/DEYIEjOvidBzmjkYLGWBXSy+wInkLS3wip13N:FqjkJ6NhBic2tofw7EYPOadBzIDuy+wz

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
ae2635114829eb0aae2b46af4df3afd1

Files

ae2635114829eb0aae2b46af4df3afd1
.exe windows:5 windows x86 arch:x86

e6c52e0aa2dbb9df4d39773fa26b69a6

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetTapeParameters
GetVolumeInformationW
IsBadStringPtrW
GetCurrencyFormatW
FindFirstVolumeW
EnumTimeFormatsA
QueryPerformanceFrequency
GlobalReAlloc
DeleteFileA
WriteConsoleInputW
GetNumberFormatA
IsWow64Process
CancelDeviceWakeupRequest
BeginUpdateResourceW
GetSystemWow64DirectoryA
ReadConsoleW
UnregisterConsoleIME
GetFileType
GetDiskFreeSpaceA
InitAtomTable
SetConsoleScreenBufferSize
CreateProcessInternalA
SetFileShortNameA
SetFileApisToOEM
GetNumaHighestNodeNumber
RegisterConsoleOS2
GetPrivateProfileStructW
GetPrivateProfileSectionNamesA
GetCPInfoExW
SetConsoleCursorMode
LoadLibraryA
SetProcessWorkingSetSize
DeleteFiber
FindActCtxSectionGuid
CreateTimerQueue
ReadFileEx
GetModuleHandleA
WritePrivateProfileSectionA
EnumDateFormatsExA
RegisterWaitForInputIdle
ScrollConsoleScreenBufferW
VirtualAlloc
FreeEnvironmentStringsA
IsBadReadPtr
LZSeek
lstrlenA
TlsFree
ExpungeConsoleCommandHistoryW
SetWaitableTimer
CreateMailslotW
SetComputerNameExA
FillConsoleOutputCharacterW
GetCurrentThread
Process32Next
GetLogicalDriveStringsW
GetVDMCurrentDirectories
GetUserDefaultLCID
SetMessageWaitingIndicator
FillConsoleOutputAttribute
ReplaceFileW
FreeUserPhysicalPages
GetConsoleCursorMode
HeapAlloc
BackupSeek
GetProfileIntA
AddAtomW
GetShortPathNameW
BeginUpdateResourceA
EnumResourceNamesA
QueryActCtxW
WriteConsoleOutputAttribute
lstrcmpi
RemoveDirectoryA
GetPrivateProfileStringW
LocalAlloc

wininet

FindFirstUrlCacheEntryExA
CreateUrlCacheEntryA
GopherOpenFileW
CreateUrlCacheContainerA
ResumeSuspendedDownload
InternetCreateUrlA
CreateMD5SSOHash
HttpOpenRequestA
HttpOpenRequestW
ForceNexusLookupExW
SetUrlCacheConfigInfoA
HttpSendRequestExA
FindNextUrlCacheEntryExA
InternetShowSecurityInfoByURLW
ShowX509EncodedCertificate
GetUrlCacheHeaderData
IncrementUrlCacheHeaderData
InternetSecurityProtocolToStringW
FtpGetFileA
InternetGetPerSiteCookieDecisionW
FindFirstUrlCacheEntryExW
HttpEndRequestW
GopherFindFirstFileW
DeleteIE3Cache
GetUrlCacheEntryInfoExA
InternetEnumPerSiteCookieDecisionA
FindNextUrlCacheContainerA
HttpAddRequestHeadersA
InternetTimeFromSystemTimeW
InternetGetConnectedState
InternetAttemptConnect
InternetGetCertByURLA
InternetConnectW
InternetCrackUrlA
CommitUrlCacheEntryW
DeleteUrlCacheGroup
FtpCreateDirectoryA
FtpRemoveDirectoryA
GetUrlCacheEntryInfoW
InternetEnumPerSiteCookieDecisionW
InternetGoOnline
ShowCertificate
SetUrlCacheEntryGroup

user32

PostMessageW
IsWindow
BroadcastSystemMessageExA
DisplayExitWindowsWarnings
TranslateMessage
DrawMenuBar
OemKeyScan
RealGetWindowClassW
OpenDesktopA
CharUpperBuffW
MsgWaitForMultipleObjects
SwapMouseButton
SetSystemMenu
AdjustWindowRect
LookupIconIdFromDirectory
LoadCursorFromFileA
GetWindowRgn
GetCaretBlinkTime
DlgDirSelectComboBoxExW
SetUserObjectSecurity
IMPQueryIMEA
AllowForegroundActivation
DdeUninitialize
IsDialogMessage
EnumThreadWindows
GetCursor
UnregisterMessagePumpHook
IsZoomed
GetKeyboardLayoutNameA
GetWindowTextW
SetClassWord
ReuseDDElParam
SetCapture
GetMenuState
IsDialogMessageA
GetClipboardFormatNameW
GetShellWindow
UnhookWindowsHook
DrawStateA
CheckDlgButton
GetKeyboardType
TranslateMessageEx
DefMDIChildProcA

mapi32

LPropCompareProp@8
MAPIReadMail
UlRelease@4
MNLS_WideCharToMultiByte@32
FPropContainsProp@12
cmc_logoff
HrGetOmiProvidersFlags@8
PRProviderInit
MAPISendMail
MAPIOpenFormMgr@8
MAPIUninitialize@0
HrQueryAllRows@24
FPropExists@8
UNKOBJ_ScSzFromIdsAlloc@20
cmc_query_configuration
FBinFromHex@8
HrAllocAdviseSink@12
BMAPIGetAddress
HrGetOmiProvidersFlags
MNLS_MultiByteToWideChar@24
MAPIFreeBuffer
UNKOBJ_ScAllocateMore@16
FixMAPI
OpenTnefStream@28
OpenTnefStreamEx@32
OpenStreamOnFile@24
MAPIInitialize@4
FEqualNames@8
FBadEntryList@4
BMAPISaveMail
FtAddFt@16
MAPILogonEx@20
MAPIUninitialize
MAPISaveMail
UNKOBJ_COFree@8
FtNegFt@8
WrapCompressedRTFStream@12
HrDecomposeEID@28
MAPILogonEx

resutils

ResUtilVerifyResourceService
ResUtilVerifyService
ResUtilVerifyPrivatePropertyList
ResUtilGetResourceDependencyByClass
ResUtilGetSzProperty
ClusWorkerCreate
ResUtilCreateDirectoryTree
ResUtilDupString
ResUtilStartResourceService
ResUtilResourcesEqual
ResUtilGetPropertiesToParameterBlock
ClusWorkerCheckTerminate
ResUtilGetCoreClusterResources
ResUtilSetPrivatePropertyList
ResUtilDupParameterBlock
ResUtilPropertyListFromParameterBlock
ResUtilFindSzProperty
ResUtilGetResourceNameDependency
ResUtilGetEnvironmentWithNetName
ClusWorkerStart
ResUtilSetDwordValue
ResUtilGetMultiSzProperty
ResUtilGetPrivateProperties
ResUtilSetPropertyTableEx
ResUtilSetExpandSzValue
ResUtilFindDependentDiskResourceDriveLetter
ResUtilGetPropertyFormats
ResUtilGetDwordProperty
ResUtilEnumProperties
ResUtilFindBinaryProperty
ResUtilSetResourceServiceStartParameters
ResUtilFindExpandedSzProperty
ResUtilGetResourceDependencyByName
ResUtilAddUnknownProperties
ResUtilGetResourceName
ResUtilGetSzValue
ResUtilEnumResourcesEx
ResUtilGetDwordValue
ResUtilFindDwordProperty
ResUtilGetAllProperties

regapi

WaitForTSConnectionsPolicyChanges
RegWdEnumerateA
RegUserConfigSet
RegWinStationSetSecurityA
RegCdCreateA
RegPdCreateA
RegQueryUtilityCommandList
RegWdQueryA
RegOpenServerA
RegCdCreateW
RegGetTServerVersion
RegWinStationQueryDefaultSecurity
RegWinStationSetSecurityW
RegWinStationQuerySecurityW
RegCloseServer
RegWinStationQueryEx
RegPdQueryA
RegBuildNumberQuery
RegWinStationEnumerateW
RegCdEnumerateW
RegUserConfigRename
RegIsMachinePolicyAllowHelp
RegWinStationQuerySecurityA
RegWdQueryW
RegCdQueryA
RegWinStationQueryValueW
RegFreeUtilityCommandList
RegCdQueryW
RegWdDeleteW
RegGetMachinePolicyEx
RegWdEnumerateW
RegGetUserPolicy
RegCdDeleteA
RegDefaultUserConfigQueryA
RegWinStationCreateA

Sections

.text
Size: 52KB - Virtual size: 52KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 34KB - Virtual size: 34KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 81KB - Virtual size: 262KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 860B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

e6c52e0aa2dbb9df4d39773fa26b69a6

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

wininet

user32

mapi32

resutils

regapi

Sections

.text Size: 52KB - Virtual size: 52KB

.rdata Size: 34KB - Virtual size: 34KB

.data Size: 81KB - Virtual size: 262KB

.rsrc Size: 3KB - Virtual size: 3KB

.reloc Size: 1024B - Virtual size: 860B

.text
Size: 52KB - Virtual size: 52KB

.rdata
Size: 34KB - Virtual size: 34KB

.data
Size: 81KB - Virtual size: 262KB

.rsrc
Size: 3KB - Virtual size: 3KB

.reloc
Size: 1024B - Virtual size: 860B