c48351d73890910b23d3d38a16dd482f

Sharing

Copy URL Twitter E-mail

General

Target

c48351d73890910b23d3d38a16dd482f
Size

79KB
MD5

c48351d73890910b23d3d38a16dd482f
SHA1

2f7334d3e7b27add6066d15f2c19801b223bbd2e
SHA256

2d124a1f81356519951f2498555ab47fda3c08067a8c881f23ce62b50b40b000
SHA512

2fcd63e167dd99d721f6139a81c0389abac9db46369d9ebd78bf4c3caa6cd7a8d22df18eee37ecd29793a7702ed5f109ddd49cd233c04824333cdfc0ecca71e0
SSDEEP

1536:Kr+cBXBebprjL9yh/KSkJfuYOU47/URxorhIBVOlgvcNXkiO5AmDW:KSOBetkNUGFUocTKIB0zN0h5

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
c48351d73890910b23d3d38a16dd482f

Files

c48351d73890910b23d3d38a16dd482f
.exe windows:4 windows x86 arch:x86

f427379aa0d51610740e1ed89e71052f

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

shlwapi

SHSetValueW
StrDupW
StrCatBuffW
UrlGetLocationW
PathRemoveExtensionA
PathIsDirectoryW
SHRegQueryUSValueW
PathStripToRootA
PathIsRootW
PathSearchAndQualifyW
UrlHashW
PathFindOnPathA
PathIsUNCA
SHGetThreadRef
ColorRGBToHLS
PathParseIconLocationA
SHRegSetUSValueW
PathQuoteSpacesW
UrlCompareA
PathIsLFNFileSpecA
PathIsSystemFolderA
StrCmpNA
PathGetCharTypeA
PathIsRootA
StrTrimA
ChrCmpIW
PathCompactPathExW
HashData
PathIsUNCServerA
PathIsSameRootW
PathAddExtensionW
PathFileExistsA
UrlCompareW
PathBuildRootA
PathUnmakeSystemFolderW
StrIsIntlEqualA
PathGetArgsW
PathRelativePathToA
PathCreateFromUrlW
PathRelativePathToW
StrToIntA
StrCSpnIW
SHDeleteKeyW
StrStrIA
StrRStrIW
PathUnquoteSpacesA
PathIsContentTypeA
StrCmpW
PathRemoveArgsA
UrlGetLocationA
PathUndecorateW
PathIsNetworkPathW
StrRetToBufA
PathRemoveFileSpecA
PathCombineA
SHRegSetUSValueA
StrCmpNIA
PathIsContentTypeW
ColorAdjustLuma
PathAddBackslashA
PathUnquoteSpacesW
PathMatchSpecA
PathIsDirectoryA
PathFindExtensionW
GetMenuPosFromID
PathIsPrefixW
PathStripPathA
UrlApplySchemeA
StrPBrkA
StrCpyW
UrlHashA
PathFindFileNameW
SHOpenRegStream2W
SHRegEnumUSValueA
PathCompactPathExA
PathIsNetworkPathA
SHRegCreateUSKeyW
StrPBrkW
wvnsprintfA
StrFormatByteSizeW
PathAddExtensionA
StrRetToStrA
SHRegGetUSValueA
PathRenameExtensionA
IntlStrEqWorkerW
PathIsUNCServerW
PathFindNextComponentW
StrTrimW
PathRemoveExtensionW
PathRemoveBackslashA
StrCatBuffA
StrRetToStrW
StrFormatByteSize64A
StrToIntExA
wvnsprintfW
PathRemoveBackslashW
PathBuildRootW
SHOpenRegStreamW
SHOpenRegStreamA
PathAppendW
PathFindSuffixArrayW
PathStripToRootW
SHGetValueA
StrRChrA
SHDeleteEmptyKeyW
StrCmpNW
PathUndecorateA
SHEnumKeyExW
PathMatchSpecW
StrCSpnA
PathIsSystemFolderW
StrFormatKBSizeA
PathGetCharTypeW
PathIsUNCServerShareW
UrlIsOpaqueW
SHRegDeleteUSValueA

kernel32

VirtualProtect
FindNextFileA
FillConsoleOutputCharacterW
GetTapeParameters
FindFirstFileA
WriteConsoleOutputCharacterW
GetConsoleTitleW
FindFirstFileW
VirtualProtectEx
SetMailslotInfo
OpenWaitableTimerA
GetFullPathNameA
SetConsoleScreenBufferSize
OpenProcess
GetModuleFileNameW
EnumDateFormatsExA
FindResourceW
OpenEventW
LocalShrink
VirtualAlloc
SetTapeParameters
SetLocaleInfoW
LockFile
ReleaseSemaphore
EraseTape
LoadLibraryA
HeapUnlock
CreateMailslotA
SearchPathW
SleepEx
SetCalendarInfoW
CreateFileMappingA
Module32First
VirtualFreeEx
LocalReAlloc
Beep
FoldStringW
SetCommBreak
SetConsoleCtrlHandler
ReadConsoleInputW
GetConsoleCursorInfo
GlobalCompact
TlsSetValue
GetFileAttributesExW
GetTempPathW
GetCommandLineA
GetFileAttributesW
GetLogicalDriveStringsA
CallNamedPipeW
IsBadReadPtr
SetHandleCount
GetProfileIntW
SetLastError
IsValidLocale
GetWindowsDirectoryA
SetLocaleInfoA
WaitNamedPipeA
SystemTimeToTzSpecificLocalTime
ConvertDefaultLocale
GetPrivateProfileSectionNamesA
MulDiv
UnmapViewOfFile
WaitNamedPipeW
lstrcpynW
GetNamedPipeHandleStateW
UpdateResourceA
ScrollConsoleScreenBufferW
GetCurrencyFormatW
DebugActiveProcess
GetNumberFormatW
lstrcmpiW
ReadFileScatter
WritePrivateProfileStringW
GlobalFree
ResetWriteWatch
FindCloseChangeNotification
EnumSystemLocalesW
ClearCommBreak
WriteFile
GetProfileStringW
GetBinaryTypeW
BackupRead
EnumDateFormatsW
CreateNamedPipeW
GetDiskFreeSpaceW
GetMailslotInfo
FindNextFileW
GetNamedPipeInfo
GetEnvironmentStringsW
CreateThread
LockFileEx
GlobalGetAtomNameW
GetCommMask
FindAtomA
LoadLibraryExA
WriteProfileStringW
GetCommandLineW
CreateEventA
GlobalFix
OpenSemaphoreA
InitAtomTable
SetFileAttributesW
SetConsoleTextAttribute
FoldStringA
CreateProcessW
IsValidCodePage
CopyFileW
HeapDestroy
SetNamedPipeHandleState
GetCPInfo
GetQueuedCompletionStatus
RtlFillMemory
WaitCommEvent
GetLocaleInfoA
ReadConsoleOutputAttribute
VerLanguageNameA
LockResource
SetThreadPriority
SetThreadAffinityMask
SetThreadPriorityBoost
VirtualFree
LocalHandle
SetLocalTime
GetPriorityClass
EnumCalendarInfoExW
TransactNamedPipe
SetProcessPriorityBoost
AddAtomW
GetSystemInfo
EnumResourceTypesW
FreeResource
EnumTimeFormatsW
GetFullPathNameW
lstrcat
GetStdHandle
GetLargestConsoleWindowSize
GetCurrentDirectoryW
SetThreadExecutionState
CreateMailslotW

advapi32

GetUserNameW
CryptSetProviderA
CryptEnumProvidersW
ConvertAccessToSecurityDescriptorW
EnumServicesStatusW
SetFileSecurityW
CryptAcquireContextA
GetEffectiveRightsFromAclA
CloseEventLog
LogonUserW
ObjectDeleteAuditAlarmW
GetSecurityDescriptorDacl
CryptReleaseContext
LookupAccountSidW
ConvertSecurityDescriptorToAccessA
SetSecurityInfo
SetSecurityDescriptorSacl
CryptAcquireContextW
TrusteeAccessToObjectA
GetNamedSecurityInfoExA
RegLoadKeyW
QueryServiceObjectSecurity
MapGenericMask
GetServiceKeyNameA
CryptGetHashParam
LookupPrivilegeDisplayNameA
ObjectCloseAuditAlarmA
BuildTrusteeWithSidA
ControlService
CryptGetDefaultProviderA
SetSecurityDescriptorDacl
CryptHashSessionKey
ReadEventLogA
GetSecurityDescriptorControl
OpenProcessToken
OpenThreadToken
RegSaveKeyA
LookupPrivilegeDisplayNameW
AccessCheckAndAuditAlarmA
GetLengthSid
RegCloseKey
CreatePrivateObjectSecurity
RegOpenKeyExA
SetThreadToken
AbortSystemShutdownA
GetCurrentHwProfileW
OpenEventLogA
AddAuditAccessAce
RegCreateKeyA
SetNamedSecurityInfoExA
SetNamedSecurityInfoExW
CryptEnumProviderTypesW
ConvertSecurityDescriptorToAccessNamedA
RegGetKeySecurity
GetOldestEventLogRecord
AllocateLocallyUniqueId
CryptCreateHash
RegEnumKeyExA
PrivilegedServiceAuditAlarmA
DuplicateToken
CryptSetProviderExW
AdjustTokenGroups
GetMultipleTrusteeOperationA
GetTrusteeTypeW
RegConnectRegistryA
GetServiceDisplayNameW
CryptGetProvParam
GetServiceKeyNameW
EqualPrefixSid
RegisterEventSourceA
RegOpenKeyW
BuildExplicitAccessWithNameW
GetExplicitEntriesFromAclA
GetServiceDisplayNameA
GetNamedSecurityInfoA
RegEnumValueW
BuildTrusteeWithNameW
CreateServiceA
EqualSid
RegOpenKeyExW
BuildSecurityDescriptorA
RegEnumKeyA
CryptGenKey
ObjectOpenAuditAlarmW
QueryServiceConfigW
RegUnLoadKeyW
RegSetValueExW
CloseServiceHandle
SetNamedSecurityInfoW
GetKernelObjectSecurity
OpenSCManagerW
OpenSCManagerA
GetAuditedPermissionsFromAclW
ReadEventLogW
InitiateSystemShutdownW
BuildExplicitAccessWithNameA
BuildImpersonateExplicitAccessWithNameA
ReportEventA
StartServiceCtrlDispatcherA
BuildTrusteeWithSidW
SetSecurityInfoExA
ConvertSecurityDescriptorToAccessW
ObjectOpenAuditAlarmA
CryptGetDefaultProviderW
UnlockServiceDatabase
LookupAccountNameA
ObjectPrivilegeAuditAlarmA
CryptGenRandom
AreAnyAccessesGranted
GetTrusteeNameW
CryptDeriveKey
ChangeServiceConfigW
RegRestoreKeyA
RegQueryMultipleValuesW
CancelOverlappedAccess
RegNotifyChangeKeyValue
CryptSetProviderExA

user32

IsMenu
CreatePopupMenu
GetClassNameA
CharLowerBuffA
PaintDesktop
ChangeDisplaySettingsExW
ShowWindow
GetUserObjectInformationA
WINNLSEnableIME
ToAsciiEx
DdeDisconnect
DdeSetUserHandle
SetWindowLongA
CreateDesktopW
MonitorFromRect
SetShellWindow
EnableWindow
GetForegroundWindow
MessageBoxExA
EnumWindowStationsA
GetPropW
IsCharLowerA
OemKeyScan
SetWindowPos
InvalidateRect
DlgDirSelectExW
CreateWindowStationA
GetMonitorInfoA
LoadCursorFromFileA
DdeDisconnectList
PostMessageW
WINNLSGetEnableStatus
GetMessageA
IsChild
GetTabbedTextExtentW
OpenWindowStationA
SetMenuInfo
GetTabbedTextExtentA
MessageBeep
DragDetect
DrawTextExW
RegisterClipboardFormatW
ValidateRgn
GetKeyboardLayoutList
EnumWindowStationsW
RemovePropW
OpenWindowStationW
GetWindow
DdeUninitialize
DdeGetLastError
GetKBCodePage
UnregisterClassW
BroadcastSystemMessage
CharPrevExA
SubtractRect
RemoveMenu
LookupIconIdFromDirectoryEx
FreeDDElParam
CheckMenuItem
FindWindowA
LoadMenuIndirectA
TileWindows
DefFrameProcW
SetForegroundWindow
GetGUIThreadInfo
GetTopWindow
IsCharAlphaNumericW
DragObject
SendDlgItemMessageA
PtInRect
EditWndProc
UnhookWindowsHookEx
TranslateAcceleratorW
GetCursorInfo
CharLowerBuffW
MapVirtualKeyExW
ChangeMenuW
CallMsgFilter
SetSysColors
MessageBoxIndirectA
EmptyClipboard
InsertMenuItemW
ShowCursor
InflateRect
DefFrameProcA
ChildWindowFromPoint
ReleaseDC
SendDlgItemMessageW
OemToCharBuffW
GetDlgCtrlID
InsertMenuItemA
ExcludeUpdateRgn
CheckRadioButton
LoadStringA
UnloadKeyboardLayout
SetDlgItemTextA
SetFocus
SetScrollPos
CallNextHookEx
GetCaretBlinkTime
UpdateWindow
RegisterDeviceNotificationA
GetClientRect
SetClipboardViewer
DialogBoxParamW
UnregisterHotKey
RegisterWindowMessageA
ShowScrollBar
EnumPropsW
SetProcessWindowStation
EndDeferWindowPos
GetClipboardViewer
GetMenuDefaultItem
RegisterClassW
LoadIconW
GetProcessDefaultLayout
GetMenuItemInfoW
DdeEnableCallback
MessageBoxIndirectW
CharLowerA
GetParent
EnumDisplaySettingsA
DrawTextA
GetClassInfoW
CreateMDIWindowA
ChangeMenuA
DispatchMessageW

ole32

CreateOleAdviseHolder
WriteStringStream
OleLockRunning
CreateDataCache
UtConvertDvtd32toDvtd16
CoRegisterSurrogate
OleRegGetMiscStatus
CreateAntiMoniker
CoGetObject
CoTreatAsClass
StgIsStorageILockBytes
OleConvertIStorageToOLESTREAMEx
DllDebugObjectRPCHook
OleBuildVersion
OleRun
OleCreateMenuDescriptor
CoBuildVersion
CoAddRefServerProcess
OleDraw
WriteClassStm
WriteOleStg
CoGetCurrentProcess
CoFileTimeNow
CoRevertToSelf
UtConvertDvtd16toDvtd32
CoUninitialize
CreateStreamOnHGlobal
CoTaskMemRealloc
StgOpenStorageOnILockBytes
StgCreateStorageEx
PropVariantCopy
MonikerCommonPrefixWith
OleMetafilePictFromIconAndLabel
SetDocumentBitStg
OleCreate
CoRegisterClassObject
CoFreeLibrary
CoIsOle1Class
CoRegisterPSClsid
CoGetMalloc
StgIsStorageFile
CLSIDFromProgID
OleGetAutoConvert
CoCreateFreeThreadedMarshaler
OleQueryLinkFromData
OleGetIconOfClass
IsAccelerator
GetConvertStg
CoRegisterMessageFilter
CoGetTreatAsClass
MkParseDisplayName
OleIsRunning
GetClassFile
CoTaskMemFree
OleSetMenuDescriptor
OleNoteObjectVisible
CoReleaseServerProcess
OleDoAutoConvert
CoGetCallContext
OleCreateLinkFromDataEx
CoSuspendClassObjects
CoQueryProxyBlanket
OleSave
CreatePointerMoniker
OleIsCurrentClipboard
UpdateDCOMSettings
OleTranslateAccelerator
ReadFmtUserTypeStg
EnableHookObject
CoReleaseMarshalData
FreePropVariantArray
GetDocumentBitStg
StgOpenStorageEx
CoCopyProxy
CreateGenericComposite
CoFreeUnusedLibraries
CreateItemMoniker
CoIsHandlerConnected
OleConvertOLESTREAMToIStorage
OleRegEnumFormatEtc
CreateDataAdviseHolder
CoDosDateTimeToFileTime
OleCreateLink
CoGetInstanceFromIStorage
CoImpersonateClient
OleCreateLinkEx
OleQueryCreateFromData
OleCreateEx
OleCreateFromDataEx
OleConvertOLESTREAMToIStorageEx
OleSetAutoConvert
OleCreateEmbeddingHelper
OleSetContainedObject
CreateClassMoniker

Sections

.text
Size: 61KB - Virtual size: 61KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 16KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 180B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

f427379aa0d51610740e1ed89e71052f

Headers

DLL Characteristics

File Characteristics

Imports

shlwapi

kernel32

advapi32

user32

ole32

Sections

.text Size: 61KB - Virtual size: 61KB

.rdata Size: 16KB - Virtual size: 16KB

.data Size: 512B - Virtual size: 180B

.text
Size: 61KB - Virtual size: 61KB

.rdata
Size: 16KB - Virtual size: 16KB

.data
Size: 512B - Virtual size: 180B