051d378402d0071b4ae6dadca9604f6b97ee3f5273ac925e5098a7bbdfea1415

Sharing

Copy URL Twitter E-mail

General

Target

051d378402d0071b4ae6dadca9604f6b97ee3f5273ac925e5098a7bbdfea1415
Size

288KB
MD5

d3731f9038505fbe47f791a82ca8fa40
SHA1

9099198ecc582659795fcf210828891f9803190e
SHA256

051d378402d0071b4ae6dadca9604f6b97ee3f5273ac925e5098a7bbdfea1415
SHA512

bcbad9d11ecc1b41fd2cf1b1521dc72772614c7db295eca55b6e8cdba43c6a6c3922d44122d604431b97b2b3aa8eb6544faad1df89ae5f9b89d2145998a2326a
SSDEEP

6144:+8OS7LtKfBcmgxmzi/yESXVU1kIlTzz0/YtNYiH1oHthCNvJLv:xzYpc4+/t1ZTH0/6NYzHwv5v

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
051d378402d0071b4ae6dadca9604f6b97ee3f5273ac925e5098a7bbdfea1415

Files

051d378402d0071b4ae6dadca9604f6b97ee3f5273ac925e5098a7bbdfea1415
.exe windows:4 windows x86 arch:x86

a911135d941abdc66080a2900ee2bea0

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

advapi32

RegCloseKey
CryptReleaseContext
CryptGenRandom
RegQueryValueExW
LogonUserW
GetUserNameW
CryptAcquireContextW
ImpersonateLoggedOnUser
RegQueryValueW
RegOpenKeyExW

msimg32

AlphaBlend

oleaut32

VariantTimeToSystemTime
SystemTimeToVariantTime
SysFreeString
SysAllocString

kernel32

LoadResource
SetUnhandledExceptionFilter
LocalUnlock
FindFirstFileW
CloseHandle
FormatMessageW
LocalFileTimeToFileTime
FreeLibrary
VirtualFree
SetFilePointer
LocalFree
LockResource
CreateProcessW
SetFileAttributesW
CreateFileW
IsDebuggerPresent
GetVolumeInformationW
WaitForSingleObject
SetFileTime
VirtualAlloc
lstrcpyW
LeaveCriticalSection
lstrlenW
GetModuleHandleW
LocalLock
FindNextFileW
DeleteCriticalSection
CreateMutexW
EnterCriticalSection
DuplicateHandle
GetDiskFreeSpaceW
SystemTimeToFileTime
GetCurrentThreadId
DeleteFileW
FindClose
MoveFileW
GetSystemTimeAsFileTime
GetFileSize
FindResourceW
OpenProcess
LocalAlloc
FlushFileBuffers
WinExec
ResumeThread
UnhandledExceptionFilter
WideCharToMultiByte
GetCurrentDirectoryW
CopyFileW
WriteFile
SetEndOfFile
HeapCreate
VirtualAllocEx

comctl32

InitCommonControlsEx

shlwapi

PathStripPathW
PathIsUNCServerShareW
PathFileExistsW
SHQueryValueExW
SHDeleteEmptyKeyW
PathQuoteSpacesA
SHGetInverseCMAP
StrCatBuffW
SHCreateStreamOnFileW
StrCSpnW
PathFindExtensionA
UrlIsW
StrFormatKBSizeA
AssocQueryStringW
UrlCompareW
PathIsPrefixW
SHOpenRegStreamW
SHRegDeleteEmptyUSKeyW
PathStripToRootA
SHRegDeleteEmptyUSKeyA
GetMenuPosFromID
SHEnumValueW
StrFormatByteSizeW
StrFromTimeIntervalW
wvnsprintfA
StrStrIW
PathIsDirectoryEmptyA
SHRegQueryUSValueW
StrFormatKBSizeW
PathSearchAndQualifyW
PathSearchAndQualifyA
AssocQueryKeyW
SHCopyKeyW
SHRegGetUSValueW
AssocQueryKeyA
PathCompactPathA

shell32

SHGetPathFromIDListW
SHGetFolderPathW
SHCreateDirectoryExW
SHBrowseForFolderW
SHGetMalloc
ShellExecuteW

gdi32

GetTextExtentPoint32W
SelectObject
DeleteObject
CreateSolidBrush
GetDIBits
CreateDIBSection
CreateFontIndirectW
DeleteDC
SetStretchBltMode
CreateCompatibleBitmap
GetTextMetricsW
GetDeviceCaps
SetTextJustification
StretchBlt
CreateCompatibleDC
GetStockObject
GetObjectW

user32

IsWindow
FillRect
LoadImageW
GetDC
FindWindowW
IsWindowVisible
MessageBoxW
GetWindowRect
CreateIconIndirect
GetDlgItem
UpdateWindow
GetParent
MapDialogRect
PtInRect
ScreenToClient
BringWindowToTop
GetForegroundWindow
SetForegroundWindow
GetSysColor
MsgWaitForMultipleObjects
SystemParametersInfoW
GetSystemMetrics
SetCursor
InvalidateRect
RemovePropW
SetFocus
GetIconInfo
GetWindowLongW
DestroyIcon
EnableWindow
GetWindowPlacement
GetClientRect
CopyImage
SendMessageW
SetWindowPos
AttachThreadInput
GetWindowThreadProcessId
GetPropW
PostMessageW
SetPropW
GetDesktopWindow
GetCursorPos
LoadIconW
DrawTextW
GetAncestor
GetWindowDC
SetWindowLongW
RedrawWindow
LoadCursorW
PeekMessageW
CopyRect
ReleaseDC

tsbyuv

DriverProc

Sections

.text
Size: 21KB - Virtual size: 20KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 252KB - Virtual size: 2.5MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 5KB - Virtual size: 226KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 9KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

a911135d941abdc66080a2900ee2bea0

Headers

File Characteristics

Imports

advapi32

msimg32

oleaut32

kernel32

comctl32

shlwapi

shell32

gdi32

user32

tsbyuv

Sections

.text Size: 21KB - Virtual size: 20KB

.data Size: 252KB - Virtual size: 2.5MB

.rdata Size: 5KB - Virtual size: 226KB

.rsrc Size: 9KB - Virtual size: 9KB

.text
Size: 21KB - Virtual size: 20KB

.data
Size: 252KB - Virtual size: 2.5MB

.rdata
Size: 5KB - Virtual size: 226KB

.rsrc
Size: 9KB - Virtual size: 9KB