cbc31e996c6ea1d72fa5fddc9ee176d5

Sharing

Copy URL

Twitter E-mail

General

Target

cbc31e996c6ea1d72fa5fddc9ee176d5
Size

637KB
MD5

cbc31e996c6ea1d72fa5fddc9ee176d5
SHA1

4d14bd6a2d3244419ed2cc20be80bdbce2615c6a
SHA256

57e780bedb10d512f80e5324291077fd413d2206c9fe4f2588a6495bede5f939
SHA512

6547f71f84616fa44f07672f38cb216449a513d7a6f475589f276c1012c450070f244eee2fc677fe03335fce19f2e0dfdb404f41569156c3dd0ef6ca09bff172
SSDEEP

12288:rrFHeqVPUQaUaVA5rUTN6ftZKih58E4BI4R7Kv+ytwKTM39eKmuhaSEqFZe:rrBe+cQaUprUdM8JBjQv+yaKOetuMbqS

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
cbc31e996c6ea1d72fa5fddc9ee176d5

Files

cbc31e996c6ea1d72fa5fddc9ee176d5
.exe windows:4 windows x86 arch:x86

b008de21f305a375017e493b8c287779

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

shlwapi

PathFindOnPathW
StrCmpNIW
PathIsUNCA
HashData
PathSetDlgItemPathA
PathIsRelativeA
StrCpyW
UrlCombineA
SHRegEnumUSValueW
PathGetCharTypeW
SHGetValueW
PathRemoveArgsW
PathStripPathA
PathRelativePathToA
StrCmpNW
PathIsUNCServerShareA
ColorAdjustLuma
PathRemoveExtensionW
SHEnumValueA
StrCmpNIA
PathCombineA
PathIsRelativeW
PathIsDirectoryW
SHQueryValueExW
SHRegEnumUSValueA
PathUnmakeSystemFolderA
StrDupW
StrIsIntlEqualA
UrlGetLocationA
PathAddBackslashW
StrCpyNW
PathStripPathW
StrDupA
UrlCompareA
SHRegWriteUSValueW
SHRegDuplicateHKey
SHOpenRegStreamW
StrSpnW
SHEnumKeyExA
PathIsUNCW
SHGetInverseCMAP
StrPBrkW
UrlIsNoHistoryA
SHQueryValueExA
SHRegCreateUSKeyW
PathIsRootA
SHSkipJunction
UrlIsNoHistoryW
PathBuildRootA
PathQuoteSpacesW
UrlGetLocationW
StrToIntW
AssocQueryStringByKeyA
PathCommonPrefixA
PathGetDriveNumberW
UrlCanonicalizeA
SHDeleteValueA
PathRemoveBlanksW
StrSpnA
SHAutoComplete
StrRChrIW
UrlUnescapeW
StrFormatByteSizeW
PathFindNextComponentA
UrlCreateFromPathA
PathRemoveFileSpecA
PathAddBackslashA
UrlIsA
StrCmpW
PathSetDlgItemPathW
PathUnquoteSpacesA
wnsprintfW
PathStripToRootA

ole32

OleLoad
OleConvertOLESTREAMToIStorageEx
OleDraw
WriteClassStm
CoMarshalHresult
CreateObjrefMoniker
CoGetPSClsid
CLSIDFromString
CoUnmarshalHresult
OleIsRunning
CoFreeLibrary
OleRun
CreateStreamOnHGlobal
SetDocumentBitStg
CoInitializeEx
OleCreateFromDataEx
OleCreateEmbeddingHelper
CoRegisterMallocSpy
RegisterDragDrop
CoRegisterSurrogate
MonikerCommonPrefixWith
OpenOrCreateStream
OleCreateLinkToFile
OleConvertOLESTREAMToIStorage
CoQueryProxyBlanket
OleConvertIStorageToOLESTREAMEx
GetRunningObjectTable
CoGetMarshalSizeMax
CoMarshalInterThreadInterfaceInStream
OleNoteObjectVisible
CoGetCurrentProcess
StgOpenStorageEx
ReadClassStg
OleBuildVersion
CoUninitialize
OleGetIconOfFile
OleRegGetMiscStatus
GetHookInterface
OleTranslateAccelerator
CreateDataCache
OleRegEnumVerbs
UtConvertDvtd16toDvtd32
OleCreateFromFile
BindMoniker
CoSuspendClassObjects
StgCreateDocfile
CoTaskMemRealloc
CoFileTimeToDosDateTime
CoGetStandardMarshal
CoIsHandlerConnected
StringFromGUID2
StgOpenStorage
StgGetIFillLockBytesOnILockBytes
StgIsStorageILockBytes
CoCopyProxy
UtConvertDvtd32toDvtd16
CreateDataAdviseHolder
CoCreateGuid
CoQueryAuthenticationServices
CoGetClassObject
MonikerRelativePathTo
OleConvertIStorageToOLESTREAM
OleUninitialize
CoTaskMemAlloc
UpdateDCOMSettings
CreateBindCtx
CoGetInstanceFromIStorage
CoFreeUnusedLibraries

kernel32

PeekNamedPipe
QueryDosDeviceW
GetProcessTimes
GlobalHandle
CreateWaitableTimerW
GlobalFindAtomA
GetSystemDirectoryA
SetLocaleInfoW
Beep
ReadFile
GetBinaryTypeW
GetOverlappedResult
SetProcessWorkingSetSize
GetTapeParameters
GlobalWire
SetCurrentDirectoryA
IsValidLocale
GetDiskFreeSpaceExA
CancelIo
GetPrivateProfileSectionW
GetStdHandle
GetTempFileNameW
GetLargestConsoleWindowSize
MapViewOfFileEx
WaitForDebugEvent
LocalFileTimeToFileTime
GetPrivateProfileIntW
VirtualProtect
SetVolumeLabelA
EnumResourceNamesA
VirtualAlloc
GetNumberFormatA
DeleteFiber
GetAtomNameA
WriteProfileStringW
SetLocalTime
EnumResourceTypesW
GetPrivateProfileStructW
QueueUserAPC
ResetWriteWatch
OutputDebugStringA
IsDebuggerPresent
SleepEx
GetModuleFileNameW
FindFirstChangeNotificationW
CompareFileTime
FindAtomA
GetCommMask
GetThreadPriority
Heap32Next
GetProfileStringA
GetCommandLineA
CloseHandle
DeleteFileW
GetLongPathNameW
GetSystemDirectoryW
CreateNamedPipeW
CreateRemoteThread
EnumResourceNamesW
LoadLibraryExA
SystemTimeToFileTime
GetLongPathNameA
GetFileType
WaitForSingleObjectEx
GenerateConsoleCtrlEvent
OpenWaitableTimerW
SetProcessPriorityBoost
MapViewOfFile
SetConsoleMode
GlobalGetAtomNameW
CreateEventW
GetPrivateProfileStringA
GetDriveTypeW
SetSystemTimeAdjustment
GetFullPathNameW
GetConsoleTitleW
VirtualLock
CreateTapePartition
EnumCalendarInfoA
SetDefaultCommConfigW
ReadProcessMemory
SetSystemPowerState
FileTimeToSystemTime

user32

GetClassNameA
LoadImageA
TranslateMessage
GetMenuState
GetMenuItemRect
ShowCaret
DrawFrame
CreateIconFromResourceEx
DefMDIChildProcA
DlgDirListW
ScrollWindowEx
DeferWindowPos
WINNLSGetIMEHotkey
FlashWindow
CreateDialogIndirectParamW
SetWindowLongW
GetComboBoxInfo
CreateAcceleratorTableA
DlgDirSelectComboBoxExA
CheckMenuRadioItem
IsCharAlphaNumericA
GetKeyboardState
GetCursorInfo
EqualRect
SendMessageCallbackW
DefDlgProcA
BringWindowToTop
GetWindowInfo
GetClassLongW
DdeGetData
CharToOemW
KillTimer
DdeConnect
TrackPopupMenuEx
CreateDialogParamW
DlgDirSelectExW
GetWindowRect
ShowWindowAsync
GetPropW
DdeCmpStringHandles
CallMsgFilterW
EnumDisplaySettingsA
SetWindowsHookExW
BeginPaint
GetDialogBaseUnits
GetSubMenu
RegisterClassExA
MapVirtualKeyA
GetPropA
CloseDesktop
EnableMenuItem
GetKeyboardLayout
CopyRect
LookupIconIdFromDirectoryEx
ShowScrollBar
DestroyCursor
ExcludeUpdateRgn
BroadcastSystemMessageW
DdeQueryStringW
CloseWindow
WINNLSEnableIME
GetAsyncKeyState
SetShellWindow
DlgDirSelectComboBoxExW
ArrangeIconicWindows
ScrollWindow
GetKeyState
MessageBoxIndirectW
LoadKeyboardLayoutW
WinHelpW
IsWindowEnabled
GetLastActivePopup
MapVirtualKeyW
CharLowerBuffA

advapi32

RegEnumValueA
BuildTrusteeWithSidA
SetEntriesInAclA
AddAccessAllowedAce
LookupPrivilegeDisplayNameW
AdjustTokenPrivileges
OpenBackupEventLogA
StartServiceCtrlDispatcherW
CryptSetProviderExW
IsValidSecurityDescriptor
ControlService
AllocateAndInitializeSid
SetNamedSecurityInfoA
CreateServiceW
QueryServiceLockStatusA
LookupPrivilegeValueA
GetSecurityDescriptorControl
FindFirstFreeAce
GetAccessPermissionsForObjectA
GetLengthSid
RegSetValueExW
OpenServiceW
BuildImpersonateExplicitAccessWithNameA
CryptGetProvParam
ConvertSecurityDescriptorToAccessA
GetOldestEventLogRecord
ConvertSecurityDescriptorToAccessW
ObjectPrivilegeAuditAlarmW
GetSidIdentifierAuthority
PrivilegedServiceAuditAlarmA
SetSecurityDescriptorGroup
GetSecurityInfoExA
RegSaveKeyA
GetSecurityInfo
RegCreateKeyExA
GetServiceKeyNameA
SetThreadToken
GetNamedSecurityInfoW
GetMultipleTrusteeA
AccessCheckAndAuditAlarmA
SetSecurityDescriptorOwner
OpenEventLogW
CryptEncrypt
RegDeleteKeyW
ObjectOpenAuditAlarmW
ReportEventW
ConvertAccessToSecurityDescriptorW
RegQueryMultipleValuesW
GetTrusteeNameW
ObjectCloseAuditAlarmA
CancelOverlappedAccess
CryptImportKey
CryptGenRandom
SetSecurityInfoExW
ReportEventA
GetAuditedPermissionsFromAclA
CryptDestroyHash
RegOpenKeyA
CryptSetKeyParam
CopySid
OpenServiceA
IsTextUnicode
RegLoadKeyW
GetServiceDisplayNameW
GetCurrentHwProfileW
CryptSignHashA
GetTokenInformation
CryptDestroyKey
BuildExplicitAccessWithNameW
ObjectPrivilegeAuditAlarmA
CryptEnumProvidersW
LogonUserA
CryptGetHashParam
CreateServiceA
SetEntriesInAclW
GetOverlappedAccessResults
SetEntriesInAuditListW
RegLoadKeyA
InitializeAcl
LookupAccountSidA
RegUnLoadKeyA
CryptVerifySignatureA
AddAce
StartServiceW
BuildImpersonateTrusteeW
MakeSelfRelativeSD
GetEffectiveRightsFromAclW
GetExplicitEntriesFromAclW
BuildImpersonateTrusteeA

Sections

.text
Size: 67KB - Virtual size: 66KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 11KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

b008de21f305a375017e493b8c287779

Headers

DLL Characteristics

File Characteristics

Imports

shlwapi

ole32

kernel32

user32

advapi32

Sections

.text Size: 67KB - Virtual size: 66KB

.rdata Size: 11KB - Virtual size: 11KB

.data Size: 512B - Virtual size: 4KB

.text
Size: 67KB - Virtual size: 66KB

.rdata
Size: 11KB - Virtual size: 11KB

.data
Size: 512B - Virtual size: 4KB