b8bcb9850a9a847873ab1b34fb8c1180

Sharing

Copy URL Twitter E-mail

General

Target

b8bcb9850a9a847873ab1b34fb8c1180
Size

228KB
MD5

b8bcb9850a9a847873ab1b34fb8c1180
SHA1

2e6bf23591e04fea1949a8ba62699d395e036836
SHA256

53e637366bb73856158893e1802e7938b16972d7c3d496f60ef859b988d5adbc
SHA512

b84c7bbf2257eea1dcc7620b4ac8ac6b621c2c4f7e5ff9ac71d6b7be0b161dc419d637c504739c85babd079aedb94bcec9301b666d53f683fdf230429ef4c212
SSDEEP

3072:8YvJYHjFyoXMtwgp3SvSl612Ta8Ixzcdc01m4z7nrs0FMimaGoN7MU:nv6jEoXawe3qWabp01/7Y0FeaGoV

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
b8bcb9850a9a847873ab1b34fb8c1180

Files

b8bcb9850a9a847873ab1b34fb8c1180
.exe windows:5 windows x86 arch:x86

d895b1cf60ec5bf7aa2b0fa5494c4fec

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

advapi32

IsTextUnicode
RegCloseKey
RegOpenKeyW
RegQueryValueExW
RegSetValueExW
RegSetValueW

ole32

CoTaskMemFree
CoTaskMemRealloc
CoTreatAsClass
CreateBindCtx
CreateStreamOnHGlobal
CoCreateInstance
CoDisconnectObject
OleDuplicateData
OleRegGetUserType
ReadClassStg
ReadFmtUserTypeStg
ReleaseStgMedium
SetConvertStg
StringFromCLSID
StringFromGUID2
WriteClassStg
WriteFmtUserTypeStg
CoInitialize
CLSIDFromString
CoTaskMemAlloc

gdi32

GetStockObject

user32

DialogBoxParamW
EnableWindow
EndDialog
GetCursorPos
GetDlgItem
GetDlgItemTextW
GetMessageTime
GetWindowLongW
IsDlgButtonChecked
LoadCursorW
LoadImageW
LoadStringW
MessageBoxW
CheckDlgButton
SendMessageW
SetCursor
SetDlgItemTextW
SetFocus
SetWindowLongW
wsprintfW

kernel32

SetUnhandledExceptionFilter
Sleep
TerminateProcess
UnhandledExceptionFilter
DelayLoadFailureHook
DeleteCriticalSection
EnterCriticalSection
FreeLibrary
GetCurrentProcess
GetCurrentProcessId
GetCurrentThreadId
GetModuleFileNameA
GetProcAddress
GetSystemInfo
GetSystemTimeAsFileTime
GetTickCount
GetVersion
GetVersionExW
InitializeCriticalSection
InterlockedCompareExchange
InterlockedDecrement
InterlockedExchange
InterlockedIncrement
LeaveCriticalSection
LoadLibraryA
QueryPerformanceCounter
RtlUnwind

ntdll

NtCreateFile
NtDelayExecution
NtDeviceIoControlFile
NtFsControlFile
NtOpenFile
NtOpenProcessToken
NtOpenSymbolicLinkObject
NtQueryInformationFile
NtQuerySymbolicLinkObject
NtQuerySystemInformation
NtQuerySystemTime
NtQueryVolumeInformationFile
NtReadFile
NtSetInformationFile
NtSetThreadExecutionState
NtSetVolumeInformationFile
NtWriteFile
RtlAddAccessAllowedAce
RtlAddAce
RtlAllocateAndInitializeSid
RtlAllocateHeap
RtlClearBits
RtlCopySid
RtlCreateAcl
RtlCreateSecurityDescriptor
RtlDeleteElementGenericTable
RtlDosPathNameToNtPathName_U
RtlEnumerateGenericTableWithoutSplaying
RtlFindSetBits
RtlFreeHeap
RtlFreeUnicodeString
RtlInitUnicodeString
RtlInitializeBitMap
RtlInitializeGenericTable
RtlInitializeSid
RtlInsertElementGenericTable
RtlLengthRequiredSid
RtlLengthSecurityDescriptor
RtlLengthSid
RtlLookupElementGenericTable
RtlNewSecurityObject
RtlNumberOfSetBits
RtlQueryInformationAcl
RtlQueryRegistryValues
RtlSetBits
RtlSetDaclSecurityDescriptor
RtlSetGroupSecurityDescriptor
RtlSubAuthoritySid
RtlValidRelativeSecurityDescriptor
RtlValidSecurityDescriptor
RtlWriteRegistryValue
NtClose

shell32

SHChangeNotify
SHCreateDirectoryExW
SHFileOperationW
SHGetDesktopFolder
SHGetFileInfoW
SHGetFolderLocation
SHGetFolderPathW
SHGetSpecialFolderPathW

comctl32

DestroyPropertySheetPage
CreatePropertySheetPageW

comdlg32

ChooseColorA
ChooseFontA

Sections

.text
Size: 156KB - Virtual size: 155KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 30KB - Virtual size: 29KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 17KB - Virtual size: 32KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 13KB - Virtual size: 16KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 10KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

d895b1cf60ec5bf7aa2b0fa5494c4fec

Headers

DLL Characteristics

File Characteristics

Imports

advapi32

ole32

gdi32

user32

kernel32

ntdll

shell32

comctl32

comdlg32

Sections

.text Size: 156KB - Virtual size: 155KB

.rdata Size: 30KB - Virtual size: 29KB

.data Size: 17KB - Virtual size: 32KB

.reloc Size: 13KB - Virtual size: 16KB

.rsrc Size: 10KB - Virtual size: 12KB

.text
Size: 156KB - Virtual size: 155KB

.rdata
Size: 30KB - Virtual size: 29KB

.data
Size: 17KB - Virtual size: 32KB

.reloc
Size: 13KB - Virtual size: 16KB

.rsrc
Size: 10KB - Virtual size: 12KB