be73f544a79d4e44abf7a3982334253a

Sharing

Copy URL Twitter E-mail

General

Target

be73f544a79d4e44abf7a3982334253a
Size

99KB
MD5

be73f544a79d4e44abf7a3982334253a
SHA1

1ef7f6b75dadcd6a73683bfd3a1cb2bc3be5fc1d
SHA256

a21dc153661298efbca88e16d1e5d8c1f67cbc35faeae000c93d921ace78ec57
SHA512

a56caa851a6e9e0a22a317cbf8b00a78642e36cec5088eb93960326315f8e5b0644ff3e7491a64b7205bd12131992e27a7c88b8a4e69bdb417dbe42097657ee9
SSDEEP

3072:noEATYt5c6HyQJoYXYPXjOAIEGMAEL2VNx1W/IKLGb:4TYE6HyQ9o/6AuFsiNe/fLGb

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
be73f544a79d4e44abf7a3982334253a

Files

be73f544a79d4e44abf7a3982334253a
.exe windows:5 windows x86 arch:x86

26918a1d899063f5211fec8a7ab6f550

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

oleaut32

SysReAllocStringLen
SafeArrayGetUBound
VariantChangeTypeEx
LoadTypeLibEx
SafeArrayPtrOfIndex
VariantCopyInd
RegisterTypeLib
VariantClear
SysAllocStringByteLen
SafeArrayAccessData
VariantInit
SafeArrayCreate
VariantCopy
SysStringByteLen
VariantChangeType
SysStringLen
CreateErrorInfo
SafeArrayPutElement
OleLoadPicture
SafeArrayGetElement
SysAllocStringLen
GetErrorInfo
SafeArrayGetLBound
LoadTypeLib
GetActiveObject
SafeArrayUnaccessData
SysFreeString

kernel32

ReadConsoleA
GetStringTypeW
PeekConsoleInputA
TlsFree
FileTimeToSystemTime
TlsGetValue
IsValidCodePage
CompareStringA
GetComputerNameA
SetFileTime
FlushConsoleInputBuffer
QueryPerformanceCounter
SetConsoleCP
SetUnhandledExceptionFilter
GetCurrentProcessId
DefineDosDeviceA
FreeEnvironmentStringsA
GetLargestConsoleWindowSize
LoadLibraryA
CreateThread
VirtualProtect
ReadFile
FileTimeToLocalFileTime
IsBadReadPtr
FlushFileBuffers
HeapFree
GetDriveTypeA
CompareFileTime
RtlUnwind
TlsSetValue
GetNumberFormatA
GetThreadPriority
CompareStringW
TerminateProcess
GlobalUnlock
SetConsoleTitleA
ExitProcess
GlobalAlloc
FindFirstChangeNotificationA
GetSystemTime
VirtualAlloc
SetEndOfFile
FreeEnvironmentStringsW
SetConsoleCursorInfo
GetTimeZoneInformation
SetConsoleActiveScreenBuffer
GetCurrentDirectoryA
GetEnvironmentVariableA
HeapAlloc
GetTickCount
MoveFileA
PeekConsoleInputW
lstrcmpiA
HeapDestroy
LoadLibraryExA
GetCPInfo
GetLastError
WriteProcessMemory
FindClose
EnterCriticalSection
WriteFile
WriteConsoleW
Sleep
LocalFileTimeToFileTime
CloseHandle
SetConsoleScreenBufferSize
GetCurrentThreadId
GetConsoleScreenBufferInfo
GlobalLock
HeapCreate
ReadConsoleOutputW
GetProcAddress
ExitThread
HeapSize
CreateFileA
GetModuleFileNameA
WriteConsoleOutputA
SearchPathA
GetModuleHandleA
GetEnvironmentStringsW
FindNextFileA
CreateFileMappingA
CreateProcessA
CreateFileW
SetErrorMode
CopyFileA
GetFileAttributesA
CreateDirectoryA
VirtualQuery
GetACP
GetDiskFreeSpaceA
WaitForSingleObject
OpenProcess
SetConsoleMode
ReleaseMutex
ReadConsoleW
UnhandledExceptionFilter
VirtualFree
IsDebuggerPresent
GetLogicalDrives
InterlockedIncrement
SetConsoleOutputCP
LCMapStringW
GetShortPathNameA
TlsAlloc
SetFileAttributesA
GetCommandLineA
SetConsoleCursorPosition
SetFilePointer
MoveFileExA
IsBadCodePtr
InitializeCriticalSection
FileTimeToDosDateTime
AllocConsole
GetStartupInfoA
SetCurrentDirectoryA
LCMapStringA
ReadConsoleOutputA
GetFileInformationByHandle
SetConsoleTextAttribute
SetConsoleCtrlHandler
GetOEMCP
WriteConsoleInputW
lstrlenW
GetProcessHeap
UnmapViewOfFile
SetConsoleWindowInfo
GetTempPathA
SetStdHandle
DeleteCriticalSection
SystemTimeToFileTime
MultiByteToWideChar
GetLocaleInfoA
ExpandEnvironmentStringsA
GetSystemTimeAsFileTime
DeleteFileA
GetEnvironmentStrings
SetHandleCount
GetCompressedFileSizeA
GetConsoleOutputCP
SetLastError
WriteConsoleA
GetStdHandle
CreateMutexA
FindFirstFileA
WriteConsoleInputA
WriteConsoleOutputW
GetConsoleCP
GetStringTypeA
GetFileSize
GetCurrentProcess
ReadConsoleInputW
GetConsoleTitleA
GetConsoleMode
GlobalFree
GetLocalTime
FreeLibrary
GetFileType
SetThreadPriority
ResumeThread
GlobalMemoryStatus
RaiseException
FreeConsole
GetVersionExA
GetFullPathNameA
GetVolumeInformationA
RemoveDirectoryA
SetFileApisToANSI
BackupWrite
QueryDosDeviceA
HeapReAlloc
FindCloseChangeNotification
ReadConsoleInputA
GetCurrentThread
GetModuleHandleW
LeaveCriticalSection
DeviceIoControl
MapViewOfFile
WideCharToMultiByte
GetFileTime
lstrlenA
IsBadWritePtr
SetFileApisToOEM
SetEnvironmentVariableA
InterlockedDecrement
GetConsoleCursorInfo
WaitForMultipleObjects
FormatMessageA

advapi32

RegSetValueExW
RegEnumKeyExA
FreeSid
RegDeleteKeyA
RegCreateKeyExA
RegSetValueExA
RegQueryValueExW
RegCreateKeyExW
RegQueryValueExA
InitializeSecurityDescriptor
RegDeleteValueA
RegEnumValueW
RegCloseKey
RegOpenKeyExW
GetTokenInformation
RegDeleteKeyW
RegOpenKeyExA
RegEnumKeyExW
AllocateAndInitializeSid
CloseServiceHandle
RegDeleteValueW
OpenThreadToken
OpenProcessToken
RegQueryInfoKeyW

shlwapi

SHCreateThread
SHUnlockShared
StrCmpCA
GetAcceptLanguagesA
SHFreeShared
SHLockShared
SHAllocShared

ole32

CoBuildVersion
CoAddRefServerProcess
OleGetClipboard
CoAllowSetForegroundWindow
CLIPFORMAT_UserUnmarshal
CoCopyProxy
CoCancelCall
BindMoniker
CoDisableCallCancellation
CoCreateFreeThreadedMarshaler
CoCreateInstanceEx
OleInitialize
CLSIDFromProgIDEx
CoDeactivateObject
CLSIDFromString
WriteFmtUserTypeStg
CoCreateGuid
OleSetClipboard
CLSIDFromProgID
CLIPFORMAT_UserMarshal

shell32

SHDefExtractIconW
SHCoCreateInstance
SHGetSetSettings
DllGetVersion
DllInstall
DAD_DragMove
DllCanUnloadNow
SHChangeNotifyDeregister
Shell_MergeMenus
DAD_DragEnterEx
DllUnregisterServer
IsNetDrive
DragFinish
PifMgr_OpenProperties
Shell_GetImageLists
PickIconDlg
Shell_GetCachedImageIndex
GetFileNameFromBrowse
PathQualify
PathResolve
IsLFNDrive
SHStartNetConnectionDialogW
SHILCreateFromPath
DllGetClassObject
DragAcceptFiles
RestartDialog

user32

GetClientRect
TranslateMessage
MessageBoxA
EndDialog
ReleaseDC
GetDC
GetWindowRect
GetSystemMetrics
LoadStringW
GetDlgItem
ShowWindow
EnableWindow

rsaenh

CPDestroyKey
CPDestroyHash
CPDuplicateHash
CPCreateHash
CPGetProvParam
CPHashData
DllRegisterServer
CPVerifySignature
CPReleaseContext
CPSetHashParam
CPHashSessionKey
CPImportKey
CPSetProvParam
CPGenRandom
CPSetKeyParam
CPGetHashParam
CPGetKeyParam
CPDecrypt
CPGetUserKey
DllUnregisterServer
CPGenKey
CPExportKey
CPDeriveKey
CPDuplicateKey
CPSignHash
CPEncrypt

ws2_32

WSAGetLastError
WSACleanup
WSAStartup
recv
connect
send
accept

Sections

.data
Size: 6KB - Virtual size: 76KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 33KB - Virtual size: 33KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 51KB - Virtual size: 51KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.text
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

26918a1d899063f5211fec8a7ab6f550

Headers

DLL Characteristics

File Characteristics

Imports

oleaut32

kernel32

advapi32

shlwapi

ole32

shell32

user32

rsaenh

ws2_32

Sections

.data Size: 6KB - Virtual size: 76KB

.idata Size: 33KB - Virtual size: 33KB

.reloc Size: 5KB - Virtual size: 5KB

.rsrc Size: 51KB - Virtual size: 51KB

.text Size: 1KB - Virtual size: 1KB

.data
Size: 6KB - Virtual size: 76KB

.idata
Size: 33KB - Virtual size: 33KB

.reloc
Size: 5KB - Virtual size: 5KB

.rsrc
Size: 51KB - Virtual size: 51KB

.text
Size: 1KB - Virtual size: 1KB