be358bd69a026bfa23249370ee98e2b8

Sharing

Copy URL

Twitter E-mail

General

Target

be358bd69a026bfa23249370ee98e2b8
Size

183KB
MD5

be358bd69a026bfa23249370ee98e2b8
SHA1

1236bca10a10d3d5cda7fe46362d3423e753f2fa
SHA256

7bd563bafa99fb696ca84a97ca79eaaa9a601cc9e9c2abe973a443b061d15563
SHA512

78ef7470a9e8dd42c9d48f2f8bfe03f465cdcd7ad2cb7c21a199df947c10312594680742dd218a20a6b3e2c591ce051e39730817e89ae41a24196724c111e016
SSDEEP

3072:OBsqLsorsbcC1JoBroAcfQFvZme5txZhayG7KAh+b5MPJWK3qrdEkPVd+3gZG/b:ajkJo9qSZ37hazKAh+b5+JWOqCkNd+35

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
be358bd69a026bfa23249370ee98e2b8

Files

be358bd69a026bfa23249370ee98e2b8
.exe windows:4 windows x86 arch:x86

97ce0d9ed90cf5e3bdc0d22814a5f845

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

ole32

CoTaskMemFree
CLSIDFromString
CoCreateGuid
StringFromGUID2
CoImpersonateClient
CoTaskMemRealloc
CoRegisterClassObject
StringFromIID
CoInitializeEx
CoGetCallContext
CoDisconnectObject
CoSetProxyBlanket
CoGetClassObject
CoInitializeSecurity
CoRevertToSelf
CoQueryProxyBlanket
CoTaskMemAlloc
StringFromCLSID
CoUninitialize
CoCreateInstance
CoRevokeClassObject

version

VerQueryValueA
GetFileVersionInfoSizeA
GetFileVersionInfoA

oleacc

LresultFromObject
AccessibleObjectFromPoint

advapi32

LookupAccountSidW
AddAce
FreeSid
RegConnectRegistryA
MakeAbsoluteSD
GetUserNameA
OpenThreadToken
ControlService
RegSetKeySecurity
DuplicateToken
CopySid
GetSecurityDescriptorLength
GetSidLengthRequired
GetSecurityDescriptorOwner
OpenProcessToken
RegEnumValueA
LookupAccountNameA
AllocateAndInitializeSid
AdjustTokenPrivileges
RegEnumKeyExA
RegCloseKey
OpenSCManagerA
MakeSelfRelativeSD
RegCreateKeyExA
AccessCheck
InitializeAcl
GetAclInformation
GetTokenInformation
DuplicateTokenEx
IsValidSid
DeleteService
RegDeleteValueA
RegSetValueExA
GetAce
IsValidSecurityDescriptor
EqualSid
LookupPrivilegeValueA
GetSidSubAuthority
LookupAccountSidA
SetServiceStatus
RegQueryValueExW
DeregisterEventSource
SetSecurityDescriptorDacl
InitializeSecurityDescriptor
CreateServiceA
CloseServiceHandle
SetThreadToken
ChangeServiceConfigA
RegDeleteKeyA
RegOpenKeyExA
GetSecurityDescriptorSacl
SetSecurityDescriptorOwner
GetLengthSid
PrivilegeCheck
RegEnumKeyA
AddAccessDeniedAce
AddAccessAllowedAce
OpenServiceA
SetSecurityDescriptorGroup
RegisterServiceCtrlHandlerA
GetSecurityDescriptorDacl
StartServiceCtrlDispatcherA
RegQueryValueExA
GetSecurityDescriptorGroup
GetSecurityDescriptorControl
RegisterEventSourceA
RegCreateKeyA
RegQueryInfoKeyA
InitializeSid
QueryServiceStatus
ReportEventA
SetSecurityDescriptorSacl
RegOpenKeyExW

user32

PeekMessageA
SetTimer
GetWindowTextA
PostThreadMessageA
KillTimer
EnumWindows
DispatchMessageA
CharNextA
CharUpperA
GetWindowThreadProcessId
MessageBoxA
GetMessageA
LoadStringA
wsprintfW
IsWindowVisible
wsprintfA

rpcrt4

NdrClientCall
RpcStringBindingComposeA
RpcBindingSetAuthInfoA
RpcBindingFromStringBindingA
RpcStringFreeA

shlwapi

PathFindExtensionA

kernel32

CreateFileA
GetProcessTimes
WritePrivateProfileStringA
HeapAlloc
HeapFree
LoadLibraryW
GetStringTypeW
LCMapStringA
GetStartupInfoA
GetPrivateProfileSectionA
SetLastError
UnhandledExceptionFilter
RaiseException
CreateDirectoryA
DuplicateHandle
OpenProcess
GetStringTypeA
lstrcatA
lstrcpynA
FindResourceExA
lstrcpyA
WriteFile
WaitForSingleObject
ExitProcess
lstrlenA
GetSystemDirectoryA
CreateEventA
SetEvent
SetFilePointer
VirtualQuery
SetEndOfFile
SetStdHandle
SetEnvironmentVariableA
HeapReAlloc
CreateMutexA
GetPrivateProfileSectionNamesA
IsBadReadPtr
CreateThread
GetModuleHandleA
GetVersionExA
CreateFileMappingA
Sleep
VirtualProtect
InterlockedIncrement
LocalFree
GetProcessHeap
GetCurrentThreadId
MapViewOfFile
GetProcAddress
SetErrorMode
CompareStringW
LoadLibraryA
lstrlenW
LocalSize
ReleaseMutex
GetThreadLocale
GetCurrentProcess
EnumSystemLanguageGroupsW
CloseHandle
ReadProcessMemory
FreeEnvironmentStringsA
FreeEnvironmentStringsW
RtlUnwind
TlsFree
FreeLibrary
GetLocaleInfoA
IsDBCSLeadByte
InterlockedExchange
HeapDestroy
GetVersion
SetHandleCount
GetModuleHandleW
InterlockedDecrement
TerminateProcess
GetEnvironmentStringsW
GetCPInfo
GetOEMCP
GetSystemTimeAsFileTime
WriteProfileStringA
VirtualAlloc
GetCommandLineA
ResetWriteWatch
GetStdHandle
QueryPerformanceCounter
CreateProcessW
InitializeCriticalSection
ReadFile
GetCurrentThread
EnterCriticalSection
GetTickCount
GetPrivateProfileIntA
GetFileType
GetExitCodeProcess
UnmapViewOfFile
GetModuleFileNameA
GetComputerNameA
MultiByteToWideChar
TerminateThread
FindResourceA
GetCurrentProcessId
CreateProcessA
FlushFileBuffers
IsBadWritePtr
LoadLibraryExA
GetPrivateProfileStringA
HeapCreate
LoadResource
GetProfileStringA
SizeofResource
WideCharToMultiByte
lstrcmpiA
GetModuleFileNameW
LeaveCriticalSection
FindClose
GetACP
TlsSetValue
DeleteCriticalSection
VirtualFree
CompareStringA
FormatMessageA
HeapSize
LockResource
GetFileAttributesA
IsBadCodePtr
TlsGetValue
GetEnvironmentStrings
GetSystemInfo
LocalAlloc
FindFirstFileA
InterlockedCompareExchange
GetLastError
SetUnhandledExceptionFilter
LCMapStringW
TlsAlloc
HeapFree

Sections

.text
Size: 64KB - Virtual size: 63KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 7KB - Virtual size: 151KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 110KB - Virtual size: 109KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

97ce0d9ed90cf5e3bdc0d22814a5f845

Headers

File Characteristics

Imports

ole32

version

oleacc

advapi32

user32

rpcrt4

shlwapi

kernel32

Sections

.text Size: 64KB - Virtual size: 63KB

.rdata Size: 7KB - Virtual size: 151KB

.data Size: 110KB - Virtual size: 109KB

.rsrc Size: 512B - Virtual size: 4KB

.text
Size: 64KB - Virtual size: 63KB

.rdata
Size: 7KB - Virtual size: 151KB

.data
Size: 110KB - Virtual size: 109KB

.rsrc
Size: 512B - Virtual size: 4KB