f2fc69af8156b0b51e15958f85635b0578fb52595baba0701578916d45c6fc04

Sharing

Copy URL Twitter E-mail

General

Target

f2fc69af8156b0b51e15958f85635b0578fb52595baba0701578916d45c6fc04
Size

1.7MB
MD5

4a61316dedad2d45239c086f5859b5b0
SHA1

5ee97d71dfda3d1a1b7b31a685d66a30ba2acfa7
SHA256

f2fc69af8156b0b51e15958f85635b0578fb52595baba0701578916d45c6fc04
SHA512

9e8dcc3351b37a111dab4957a154273f56aa6f90e504f8024bf7c6f61519cbe42f97a814e0fd027ed58471242c5ea3b4563839b7888324d0f0a312dc43e19ee7
SSDEEP

49152:VnQ0oztuUln6Syt9OTj4UmmdHsLiX71BAMXtDS:VPoztuIFy+4Um5LiXZBAQI

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
f2fc69af8156b0b51e15958f85635b0578fb52595baba0701578916d45c6fc04

Files

f2fc69af8156b0b51e15958f85635b0578fb52595baba0701578916d45c6fc04
.exe windows:5 windows x86 arch:x86

836d8f41581e6af8ae8a560531621ecb

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

D:\a\_work\1\s\src\BoxStub\bin\Release\Win32\boxstub.pdb

Imports

ole32

CoInitializeEx

comctl32

ord17

rpcrt4

UuidCreate
UuidToStringW
RpcStringFreeW

shell32

SHGetPathFromIDListW
CommandLineToArgvW
ShellExecuteExW
SHBrowseForFolderW

shlwapi

PathRemoveExtensionW

user32

GetWindowLongW
SetWindowLongW
PostQuitMessage
SetWindowTextW
DialogBoxParamW
PostMessageW
SendMessageW
GetWindow
GetWindowThreadProcessId
GetTopWindow
MessageBoxW
GetDlgItem
LoadStringW
EndDialog

advapi32

RegCloseKey
CryptGenRandom
CryptReleaseContext
DecryptFileW
RegOpenKeyExW
RegQueryValueExW
CryptAcquireContextW

kernel32

FileTimeToDosDateTime
FileTimeToLocalFileTime
MoveFileExW
GlobalFree
GlobalAlloc
SetCurrentDirectoryW
GetCurrentDirectoryW
RemoveDirectoryW
GetFileAttributesW
DeleteFileW
FileTimeToSystemTime
GetSystemInfo
CreateEventA
GetModuleHandleW
GetEnvironmentVariableW
GetTickCount
SetEnvironmentVariableW
GetLastError
ExpandEnvironmentStringsW
Sleep
GetProcessId
WaitForSingleObject
GetExitCodeProcess
CloseHandle
SetFileAttributesW
InitializeCriticalSection
CreateEventW
CreateThread
DeleteCriticalSection
EnterCriticalSection
LeaveCriticalSection
SetEvent
GetCommandLineW
lstrlenW
CompareStringW
LocalFree
CreateDirectoryW
GetTempPathW
LoadLibraryW
GetProcAddress
GetSystemDirectoryW
FreeLibrary
WaitForMultipleObjects
ExitThread
RtlUnwind
SystemTimeToTzSpecificLocalTime
GetTimeZoneInformation
GetSystemTime
FormatMessageW
lstrlenA
GetComputerNameW
GetLocalTime
GetVersionExW
CreateFileA
SetFileTime
LocalFileTimeToFileTime
DosDateTimeToFileTime
SetFilePointer
InitializeCriticalSectionAndSpinCount
ResetEvent
WaitForSingleObjectEx
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
IsProcessorFeaturePresent
IsDebuggerPresent
GetStartupInfoW
QueryPerformanceCounter
GetCurrentProcessId
GetCurrentThreadId
GetSystemTimeAsFileTime
InitializeSListHead
FreeLibraryAndExitThread
SetLastError
EncodePointer
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
LoadLibraryExW
RaiseException
GetStdHandle
WriteFile
GetModuleFileNameW
ExitProcess
GetModuleHandleExW
HeapFree
HeapAlloc
GetFileType
LCMapStringW
FindClose
FindFirstFileExW
FindNextFileW
IsValidCodePage
GetACP
GetOEMCP
GetCPInfo
GetCommandLineA
MultiByteToWideChar
WideCharToMultiByte
GetEnvironmentStringsW
FreeEnvironmentStringsW
SetStdHandle
GetStringTypeW
GetProcessHeap
GetFileSizeEx
SetFilePointerEx
FlushFileBuffers
GetConsoleCP
GetConsoleMode
HeapSize
HeapReAlloc
ReadFile
DecodePointer
CreateFileW
WriteConsoleW
DuplicateHandle
FindFirstFileW
SetEndOfFile

cabinet

ord23
ord22
ord20

oleaut32

VariantClear
SysAllocString

version

GetFileVersionInfoW
VerQueryValueW
GetFileVersionInfoSizeW

Exports

Exports

?dwPlaceholder@@3PAEA

Sections

.text
Size: 213KB - Virtual size: 213KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 3KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.boxld01
Size: 512B - Virtual size: 184B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 176KB - Virtual size: 175KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 81KB - Virtual size: 84KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

836d8f41581e6af8ae8a560531621ecb

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

ole32

comctl32

rpcrt4

shell32

shlwapi

user32

advapi32

kernel32

cabinet

oleaut32

version

Exports

Exports

Sections

.text Size: 213KB - Virtual size: 213KB

.data Size: 3KB - Virtual size: 7KB

.idata Size: 4KB - Virtual size: 4KB

.boxld01 Size: 512B - Virtual size: 184B

.rsrc Size: 176KB - Virtual size: 175KB

.reloc Size: 81KB - Virtual size: 84KB

.text
Size: 213KB - Virtual size: 213KB

.data
Size: 3KB - Virtual size: 7KB

.idata
Size: 4KB - Virtual size: 4KB

.boxld01
Size: 512B - Virtual size: 184B

.rsrc
Size: 176KB - Virtual size: 175KB

.reloc
Size: 81KB - Virtual size: 84KB