ae32802f1396d1053ccd5405fa6d3148

Sharing

Copy URL

Twitter E-mail

General

Target

ae32802f1396d1053ccd5405fa6d3148
Size

111KB
MD5

ae32802f1396d1053ccd5405fa6d3148
SHA1

b3ce8b6440b5e4c2c8fc1e239c5ea40c6c19dac5
SHA256

7329123e59fb3115b08ea8c93f1f09aba7bb384102dcfa643c4dec4b34919cac
SHA512

4190c51fdb62da4b5cadaf16903ef33e3c1f501ee37ed613377d23b7a148193d6a0efcaeca50a9981065f0cd852cc079104ac0f96420bc0ce2e9d063f56c8fcf
SSDEEP

3072:u5RWWAe4l62fmXQrEVg/q+rQNOGH69fTLOeaR:unWlajXQgW/HnE6NyR

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

Processes:

resource
unpack001/fbbecb1d0c70fc6aa7e265a6fd16cb387046ee19c12f72506ddb5fc13c45a6d0

Files

ae32802f1396d1053ccd5405fa6d3148
.zip

Password: infected
fbbecb1d0c70fc6aa7e265a6fd16cb387046ee19c12f72506ddb5fc13c45a6d0
.exe windows:4 windows x86 arch:x86

eabd19b2306a7d7a4634f2a00d783f37

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

d:\12\Wind\63\Why\33\47\Shoe\oxygen\53\Unit\65\Dark\well\22snow.pdb

Imports

advapi32

SetSecurityDescriptorOwner
SetSecurityDescriptorGroup
RegOpenKeyA
RegCreateKeyExA
QueryServiceStatus
OpenThreadToken
OpenServiceA
OpenSCManagerA
LookupPrivilegeValueA
SetServiceStatus
SetSecurityDescriptorDacl
RegisterServiceCtrlHandlerA
RegSetValueExA
RegEnumKeyA
InitializeSecurityDescriptor
StartServiceCtrlDispatcherA
OpenProcessToken
RegQueryValueExA
FreeSid
AllocateAndInitializeSid
RegOpenKeyExA
RegCloseKey

user32

GetKeyNameTextA
DrawEdge
IsDlgButtonChecked
GetWindowTextA
DispatchMessageA
PtInRect
GetClassNameA
GetWindowRect
GetDlgCtrlID
GetWindow
ClientToScreen
GetFocus
CheckMenuItem
EnableMenuItem
ModifyMenuA
LoadBitmapA
GetMenuCheckMarkDimensions
SetMenuItemBitmaps
GetWindowPlacement
IsIconic
GetKeyState
ValidateRect
LoadCursorA
GetSystemMetrics
GetDC
ReleaseDC
GetSysColor
GetSysColorBrush
UnhookWindowsHookEx
GetWindowThreadProcessId
SendMessageA
GetParent
GetWindowLongA
GetLastActivePopup
IsWindowEnabled
EnableWindow
SetWindowTextA
UnregisterClassA
MessageBoxA
GetMenuState
GetMenuItemID
GetMenuItemCount
GetSubMenu
SetWindowsHookExA
CallNextHookEx
PeekMessageA
PostQuitMessage
GrayStringA
DrawTextExA
DrawTextA
TabbedTextOutA
DestroyMenu
RegisterWindowMessageA
LoadIconA
WinHelpA
GetCapture
GetClassLongA
SetPropA
GetPropA
RemovePropA
IsWindow
GetForegroundWindow
GetDlgItem
GetTopWindow
DestroyWindow
GetMessageTime
GetMessagePos
MapWindowPoints
SetForegroundWindow
GetClientRect
GetMenu
PostMessageA
CreateWindowExA
GetClassInfoExA
GetClassInfoA
RegisterClassA
AdjustWindowRectEx
CopyRect
DefWindowProcA
CallWindowProcA
SetWindowLongA
SetWindowPos
SystemParametersInfoA

gdi32

GetStockObject
DeleteDC
OffsetViewportOrgEx
SetViewportOrgEx
SelectObject
Escape
TextOutA
RectVisible
PtVisible
SetViewportExtEx
ScaleViewportExtEx
SetWindowExtEx
ScaleWindowExtEx
SetMapMode
RestoreDC
SaveDC
ExtTextOutA
SetBkColor
SetTextColor
GetClipBox
CreateBitmap
DeleteObject
GetDeviceCaps

comctl32

ImageList_DragEnter
ImageList_GetImageInfo
ImageList_GetImageCount
ImageList_EndDrag
ImageList_Create

comdlg32

GetSaveFileNameA
GetOpenFileNameA

ole32

CoUninitialize
CoInitialize

oleaut32

VariantInit
VariantChangeType
VariantClear

version

GetFileVersionInfoSizeA
VerQueryValueA
GetFileVersionInfoA

wininet

InternetConnectA
HttpSendRequestExA
InternetAttemptConnect
HttpEndRequestA
InternetWriteFile
InternetSetOptionA
InternetReadFile
InternetQueryOptionA
InternetQueryDataAvailable
InternetOpenA
InternetGetCookieA
InternetCrackUrlA
InternetCloseHandle
HttpSendRequestA
HttpOpenRequestA
HttpAddRequestHeadersA

shlwapi

PathRemoveBackslashA
UrlEscapeA
PathStripPathA
PathRemoveBlanksA
PathRemoveArgsA

winmm

timeEndPeriod
mciSendCommandA
mciGetErrorStringA
timeBeginPeriod

uxtheme

DrawThemeBackground
GetThemeBackgroundRegion
CloseThemeData

avifil32

AVIStreamFindSample
AVIStreamEndStreaming
AVIStreamSetFormat
AVIStreamRelease
AVIFileExit
AVIFileInit

kernel32

LocalAlloc
LocalFree
GetProcAddress
FreeLibrary
LoadLibraryA
RaiseException
VirtualProtect
lstrlenA
WriteConsoleW
GetConsoleOutputCP
WriteConsoleA
SetStdHandle
GetStringTypeW
GetStringTypeA
LCMapStringW
LCMapStringA
GetConsoleMode
GetConsoleCP
GetACP
GetSystemTimeAsFileTime
GetTickCount
QueryPerformanceCounter
GetStartupInfoA
GetFileType
SetHandleCount
GetCommandLineW
GetCommandLineA
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsA
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
TerminateProcess
GetStdHandle
HeapCreate
HeapDestroy
VirtualFree
ExitProcess
HeapSize
GetStartupInfoW
GetProcessHeap
RtlUnwind
VirtualAlloc
HeapReAlloc
HeapFree
HeapAlloc
CreateFileA
GetCurrentProcess
FlushFileBuffers
SetFilePointer
WriteFile
GetOEMCP
GetCPInfo
GetLocaleInfoA
GlobalAddAtomA
GlobalFindAtomA
GlobalDeleteAtom
lstrcmpW
GetVersionExA
GetThreadLocale
GlobalGetAtomNameA
GlobalFlags
lstrcmpA
CloseHandle
InterlockedIncrement
InterlockedDecrement
GetModuleFileNameW
GetModuleHandleA
TlsFree
DeleteCriticalSection
LocalReAlloc
TlsSetValue
TlsAlloc
InitializeCriticalSection
GlobalHandle
GlobalReAlloc
EnterCriticalSection
TlsGetValue
LeaveCriticalSection
GlobalFree
GlobalAlloc
GlobalLock
GlobalUnlock
FormatMessageA
FindResourceA
LoadResource
LockResource
SizeofResource
SetLastError
InterlockedExchange
MultiByteToWideChar
WideCharToMultiByte
CompareStringA
GetWindowsDirectoryA
GetSystemInfo
GetTempPathA
GetSystemDirectoryA
Sleep
GetEnvironmentVariableA
FindFirstChangeNotificationA
FindNextChangeNotification
FindCloseChangeNotification
GetModuleFileNameA
GetFileTime
GetCurrentProcessId
GetLocalTime
RemoveDirectoryA
GetCurrentThreadId
SetFileAttributesA
CreateProcessA
GetVersion
GetLastError

Sections

.text
Size: 124KB - Virtual size: 121KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 44KB - Virtual size: 42KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 8.6MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 44KB - Virtual size: 41KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

Password: infected

eabd19b2306a7d7a4634f2a00d783f37

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

advapi32

user32

gdi32

comctl32

comdlg32

ole32

oleaut32

version

wininet

shlwapi

winmm

uxtheme

avifil32

kernel32

Sections

.text Size: 124KB - Virtual size: 121KB

.rdata Size: 44KB - Virtual size: 42KB

.data Size: 8KB - Virtual size: 8.6MB

.rsrc Size: 4KB - Virtual size: 2KB

.reloc Size: 44KB - Virtual size: 41KB

.text
Size: 124KB - Virtual size: 121KB

.rdata
Size: 44KB - Virtual size: 42KB

.data
Size: 8KB - Virtual size: 8.6MB

.rsrc
Size: 4KB - Virtual size: 2KB

.reloc
Size: 44KB - Virtual size: 41KB