a1aac4ee5deeb0db941b4ccb5273284a08d001337ab16fdc8fcfa0aeb0fccedc

Sharing

Copy URL Twitter E-mail

General

Target

a1aac4ee5deeb0db941b4ccb5273284a08d001337ab16fdc8fcfa0aeb0fccedc
Size

1.9MB
MD5

f58ce9768a9d171a02e09222a8189bd9
SHA1

7328e67996e019c6a6c9be9423d86f2cade41021
SHA256

a1aac4ee5deeb0db941b4ccb5273284a08d001337ab16fdc8fcfa0aeb0fccedc
SHA512

3c2e643f340df12f180817b3a3e8848fcb2fc6cb17c7bc98e2d999d344064fb2e9a755312bc8198624979488e5e1e2477e98eddd8a06bca388d88919806c9de9
SSDEEP

24576:ixI/Hrx5prcw6hyxG7VFWIQnsetdEw8xL:aYry3GG7VzQnsetdEw8xL

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
a1aac4ee5deeb0db941b4ccb5273284a08d001337ab16fdc8fcfa0aeb0fccedc

Files

a1aac4ee5deeb0db941b4ccb5273284a08d001337ab16fdc8fcfa0aeb0fccedc
.exe windows:6 windows x86 arch:x86

5a0a304e71ec6218137dc8224965b8f5

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

d:\jenkins\workspace\A_MB4_MBSetup\bin\Win32\Release\MBSetup.pdb

Imports

kernel32

SetEndOfFile
WriteConsoleW
SetStdHandle
SetEnvironmentVariableW
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineA
GetOEMCP
GetACP
IsValidCodePage
GetTimeZoneInformation
ReadConsoleW
EnumSystemLocalesW
GetUserDefaultLCID
IsValidLocale
GetTimeFormatW
GetDateFormatW
GetFileSizeEx
SetFilePointerEx
ReadFile
GetConsoleMode
GetConsoleCP
FlushFileBuffers
GetFileType
WriteFile
GetStdHandle
ExitProcess
GetModuleHandleExW
ExitThread
RtlUnwind
UnregisterWaitEx
QueryDepthSList
InterlockedFlushSList
ReleaseSemaphore
VirtualProtect
GetVersionExW
GetModuleHandleA
OutputDebugStringW
GetThreadTimes
UnregisterWait
RegisterWaitForSingleObject
SetThreadAffinityMask
GetProcessAffinityMask
GetNumaHighestNodeNumber
DeleteTimerQueueTimer
ChangeTimerQueueTimer
CreateTimerQueueTimer
GetLogicalProcessorInformation
GetThreadPriority
SetThreadPriority
CreateThread
SignalObjectAndWait
CallNamedPipeW
GetCurrentProcessId
GetStartupInfoW
TerminateProcess
SetUnhandledExceptionFilter
UnhandledExceptionFilter
ResetEvent
SetEvent
LoadLibraryExA
VirtualFree
VirtualAlloc
IsProcessorFeaturePresent
FlushInstructionCache
InterlockedPushEntrySList
InterlockedPopEntrySList
InitializeSListHead
IsDebuggerPresent
GetCPInfo
GetLocaleInfoW
LCMapStringW
CompareStringW
GetTickCount
GetSystemTimeAsFileTime
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
CreateEventW
InitializeCriticalSectionAndSpinCount
EncodePointer
LoadLibraryW
GetLogicalDrives
CreateDirectoryW
SetThreadUILanguage
GlobalLock
GlobalAlloc
FindNextFileW
OpenProcess
GetCurrentProcess
VerSetConditionMask
VerifyVersionInfoW
CreateProcessW
GetSystemDirectoryW
FindClose
FindFirstFileW
GetWindowsDirectoryW
GetDiskFreeSpaceExW
GetCommandLineW
GetNativeSystemInfo
CreateMutexW
DecodePointer
FreeLibraryAndExitThread
CloseHandle
LocalAlloc
FormatMessageW
LocalFree
GlobalFree
Sleep
FindResourceExW
LockResource
SetLastError
GetCurrentThreadId
DeleteCriticalSection
InitializeCriticalSectionEx
GetModuleFileNameW
LoadLibraryExW
FindResourceW
LoadResource
SizeofResource
MultiByteToWideChar
GetLastError
EnterCriticalSection
RaiseException
LeaveCriticalSection
lstrcmpiW
GetModuleHandleW
GetProcAddress
FreeLibrary
GetProcessHeap
HeapAlloc
HeapFree
HeapReAlloc
HeapSize
HeapDestroy
TryEnterCriticalSection
QueryPerformanceCounter
GetCurrentThread
SwitchToThread
WaitForSingleObjectEx
DuplicateHandle
CopyFileW
AreFileApisANSI
GetTempPathW
RemoveDirectoryW
GetFileInformationByHandle
GetFileAttributesExW
GetFileAttributesW
FindFirstFileExW
DeleteFileW
CreateFileW
GetStringTypeW
WideCharToMultiByte
CreateTimerQueue
MulDiv

user32

SetFocus
BeginPaint
EndPaint
FillRect
PostMessageW
GetParent
GetWindowTextW
GetWindowTextLengthW
SetWindowLongW
CharNextW
IsProcessDPIAware
RegisterWindowMessageW
ShowWindow
GetActiveWindow
GetSystemMenu
UnregisterClassW
DialogBoxParamW
GetWindowLongW
CreateDialogParamW
DestroyWindow
TranslateAcceleratorW
SetWindowPos
EnableMenuItem
GetWindowRect
DestroyMenu
DrawTextW
SetTimer
KillTimer
SetWindowTextW
GetSystemMetrics
DefWindowProcW
CallWindowProcW
CopyRect
UnionRect
IsWindow
MapWindowPoints
GetMonitorInfoW
MonitorFromWindow
GetWindow
EndDialog
FindWindowW
LoadStringW
MessageBoxW
GetShellWindow
GetWindowThreadProcessId
LoadImageW
GetDC
IsDialogMessageW
EnableWindow
GetDlgItem
LoadBitmapW
SendDlgItemMessageW
SetDlgItemTextW
ReleaseDC
GetDlgItemTextW
DrawFocusRect
InflateRect
GetLastActivePopup
GetWindowInfo
MoveWindow
SendMessageW
GetClientRect
InvalidateRect
DispatchMessageW
CreatePopupMenu
RemoveMenu
CreateWindowExW
MessageBeep
GetMenuItemInfoW
AppendMenuW
MonitorFromPoint
TrackPopupMenuEx
PtInRect
GetMenuItemCount
LoadCursorW
GetClassInfoExW
RegisterClassExW
LoadAcceleratorsW
LoadMenuW
PostQuitMessage
LoadStringA
PeekMessageW
GetMessageW
TranslateMessage

gdi32

AddFontMemResourceEx
RemoveFontMemResourceEx
CreateFontIndirectW
Rectangle
LineTo
MoveToEx
CreateFontW
RoundRect
BitBlt
CreatePen
CreateCompatibleBitmap
CreateCompatibleDC
ExtTextOutW
SetBkColor
SelectObject
SetBkMode
CreateSolidBrush
DeleteObject
SetTextColor
GetStockObject
DeleteDC
GetDeviceCaps

advapi32

RegSetKeyValueW
RegCloseKey
RegGetValueW
CloseServiceHandle
InitiateSystemShutdownExW
RevertToSelf
ImpersonateLoggedOnUser
CreateProcessWithTokenW
DuplicateTokenEx
AdjustTokenPrivileges
LookupPrivilegeValueW
OpenProcessToken
QueryServiceConfigW
StartServiceW
GetUserNameW
RegDeleteKeyW
RegQueryValueExW
CreateServiceW
DeleteService
ControlServiceExA
QueryServiceStatusEx
OpenServiceW
OpenSCManagerW
RegDeleteValueW
RegCreateKeyExW
RegSetValueExW
RegOpenKeyExW
RegEnumKeyExW
RegQueryInfoKeyW

shell32

SHChangeNotify
SHGetKnownFolderPath
ShellExecuteW
CommandLineToArgvW

ole32

CoTaskMemAlloc
CoCreateInstance
CoGetClassObject
CoInitializeEx
CoUninitialize
CreateStreamOnHGlobal
CoTaskMemRealloc
CoTaskMemFree

oleaut32

SysFreeString
VarUI4FromStr
SysAllocString

winhttp

WinHttpSetCredentials
WinHttpQueryDataAvailable
WinHttpReadData
WinHttpQueryHeaders
WinHttpReceiveResponse
WinHttpGetIEProxyConfigForCurrentUser
WinHttpCloseHandle
WinHttpOpen
WinHttpSetTimeouts
WinHttpConnect
WinHttpOpenRequest
WinHttpSetOption
WinHttpSendRequest

shlwapi

PathIsRootW
PathIsDirectoryW
PathFileExistsW

comctl32

InitCommonControlsEx

gdiplus

GdipDrawEllipse
GdipCreateFromHDC
GdipDeleteGraphics
GdipSetSmoothingMode
GdipCreateSolidFill
GdipDeleteBrush
GdipFree
GdipPrivateAddMemoryFont
GdipDeletePrivateFontCollection
GdipNewPrivateFontCollection
GdipFillPath
GdipSetPathGradientPresetBlend
GdipCreatePathGradientFromPath
GdipAddPathRectangleI
GdipAlloc
GdipCreatePath
GdipDisposeImage
GdipCloneImage
GdipCreateBitmapFromStream
GdiplusShutdown
GdiplusStartup
GdipDrawImageRect
GdipDeletePath
GdipSetClipRegion
GdipSetClipRectI
GdipGetClip
GdipDeleteRegion
GdipCreateRegion
GdipDrawImageRectI
GdipDrawEllipseI
GdipSetPenMode
GdipSetPenWidth
GdipDeletePen
GdipCreatePen1
GdipFillEllipseI
GdipCloneBrush

mpr

WNetGetConnectionW

version

VerQueryValueW
GetFileVersionInfoW
GetFileVersionInfoSizeW

Sections

.text
Size: 606KB - Virtual size: 605KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 148KB - Virtual size: 147KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 16KB - Virtual size: 21KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2.0MB - Virtual size: 2.0MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 35KB - Virtual size: 35KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

5a0a304e71ec6218137dc8224965b8f5

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

user32

gdi32

advapi32

shell32

ole32

oleaut32

winhttp

shlwapi

comctl32

gdiplus

mpr

version

Sections

.text Size: 606KB - Virtual size: 605KB

.rdata Size: 148KB - Virtual size: 147KB

.data Size: 16KB - Virtual size: 21KB

.rsrc Size: 2.0MB - Virtual size: 2.0MB

.reloc Size: 35KB - Virtual size: 35KB

.text
Size: 606KB - Virtual size: 605KB

.rdata
Size: 148KB - Virtual size: 147KB

.data
Size: 16KB - Virtual size: 21KB

.rsrc
Size: 2.0MB - Virtual size: 2.0MB

.reloc
Size: 35KB - Virtual size: 35KB