180252b9411bcac202a3a41e4fec2ded85fb4da0f43e5897a6c5fdb878469a36

Sharing

Copy URL Twitter E-mail

General

Target

180252b9411bcac202a3a41e4fec2ded85fb4da0f43e5897a6c5fdb878469a36
Size

247KB
MD5

643f1d5e60ea617acf31ebe308f15df4
SHA1

4e9855c0fa99a3ab2a097c9c0d6bccceeadd8686
SHA256

180252b9411bcac202a3a41e4fec2ded85fb4da0f43e5897a6c5fdb878469a36
SHA512

b8cfffcc24598668187a2add6e7a6542fd3fb52cc2582a1191989013aa1bc88b93b2fb04333a2f73549cca4a7cd3d2a4f35c19692b78852660bc26be8bdc7fba
SSDEEP

6144:6sB0snINqn6ih8c0ZaL9hFaE7S66Q/c4l1bJC2m50e:ZP+qf8c0Z+9L7Nc4lFy50e

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
180252b9411bcac202a3a41e4fec2ded85fb4da0f43e5897a6c5fdb878469a36

Files

180252b9411bcac202a3a41e4fec2ded85fb4da0f43e5897a6c5fdb878469a36
.exe windows:5 windows x86 arch:x86

addfeafea7a50d11993f11338e2c0393

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

wtsapi32

WTSOpenServerW
WTSVirtualChannelOpen
WTSQueryUserToken
WTSCloseServer
WTSSetSessionInformationA
WTSVirtualChannelQuery
WTSQuerySessionInformationA
WTSVirtualChannelPurgeOutput
WTSEnumerateProcessesA
WTSDisconnectSession
WTSVirtualChannelWrite
WTSEnumerateSessionsW
WTSSendMessageW
WTSWaitSystemEvent
WTSFreeMemory
WTSSetUserConfigW

azroles

AzCloseHandle
AzGetProperty

uxtheme

GetThemePosition
GetThemeColor
GetThemeBackgroundRegion
DrawThemeText
OpenThemeData
GetThemeRect
GetThemeSysFont
GetThemeInt
GetThemeBool
SetWindowTheme
GetThemeSysString
GetThemeSysBool

kernel32

IsBadStringPtrW
LoadLibraryExW
SetErrorMode
CreateMailslotA
AddAtomW
FindFirstFileA
lstrlenW
GetStringTypeA
CreateFileMappingW
GetProcAddress
GetTempFileNameW
GetConsoleAliasA
GetGeoInfoA
GetConsoleTitleW
WaitForSingleObjectEx
GetOEMCP
CopyFileA
CreateNamedPipeA
LoadLibraryA
GetAtomNameW
CreateMutexW
EncodePointer
SleepEx
FormatMessageA
GetPrivateProfileStringA
CreateSemaphoreW
GetBinaryTypeW
GetCommandLineW
GetVersionExA

msimg32

GradientFill
DllInitialize
TransparentBlt
AlphaBlend

Sections

.text
Size: 229KB - Virtual size: 229KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data1
Size: - Virtual size: 256B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_WRITE

.data
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 7KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.htext
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

addfeafea7a50d11993f11338e2c0393

Headers

DLL Characteristics

File Characteristics

Imports

wtsapi32

azroles

uxtheme

kernel32

msimg32

Sections

.text Size: 229KB - Virtual size: 229KB

.data1 Size: - Virtual size: 256B

.data Size: 2KB - Virtual size: 1KB

.rsrc Size: 7KB - Virtual size: 6KB

.htext Size: 8KB - Virtual size: 8KB

.text
Size: 229KB - Virtual size: 229KB

.data1
Size: - Virtual size: 256B

.data
Size: 2KB - Virtual size: 1KB

.rsrc
Size: 7KB - Virtual size: 6KB

.htext
Size: 8KB - Virtual size: 8KB