2e817ad6c405c2dfce8dfdda9f7ef085042e7939a62dd4b3e974e4f59f6956fe

Sharing

Copy URL

Twitter E-mail

General

Target

2e817ad6c405c2dfce8dfdda9f7ef085042e7939a62dd4b3e974e4f59f6956fe
Size

2.8MB
MD5

aabd81de7e49b879021a65f7240a382d
SHA1

7dabd441683071092fe4d76d872ac7377177304e
SHA256

2e817ad6c405c2dfce8dfdda9f7ef085042e7939a62dd4b3e974e4f59f6956fe
SHA512

e6fff839735057b93e3525b3aad6aa375a89d372e65d8411570830cbecc27827c044daba4ef64e81b9d1300004f942381cd52fbe3c47b3b991008474ccda9867
SSDEEP

49152:y1ZCFbOGsWPuKwa5K+FjGay/1bQF5QL6gAL48W/yEqwoGD0:uEOGseuKrvy/y/Q2rBvEnoV

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2e817ad6c405c2dfce8dfdda9f7ef085042e7939a62dd4b3e974e4f59f6956fe

Files

2e817ad6c405c2dfce8dfdda9f7ef085042e7939a62dd4b3e974e4f59f6956fe
.exe windows:5 windows x86 arch:x86

1ef8cd8e242a24e2ebb776815adb440b

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

F:\AideClock\adsInstaller\bin\Install.pdb

Imports

ws2_32

inet_addr

kernel32

FindNextFileA
ProcessIdToSessionId
WTSGetActiveConsoleSessionId
Module32FirstW
InterlockedDecrement
DeviceIoControl
GetVersion
CreateThread
Sleep
LoadResource
SizeofResource
FindResourceW
GetEnvironmentVariableW
FreeResource
LockResource
LocalAlloc
InitializeCriticalSection
FindResourceExW
TerminateProcess
GetProcessId
GetNativeSystemInfo
CreateMutexW
GetPrivateProfileStringA
GetTempPathW
RemoveDirectoryW
MoveFileExW
GetSystemDefaultLangID
SetFileTime
LocalFileTimeToFileTime
GetFileAttributesA
VirtualProtect
UnregisterWaitEx
InitializeSListHead
FreeLibraryAndExitThread
ExitThread
UnregisterWait
RegisterWaitForSingleObject
SetThreadAffinityMask
GetProcessAffinityMask
GetNumaHighestNodeNumber
DeleteTimerQueueTimer
ChangeTimerQueueTimer
CreateTimerQueueTimer
GetLogicalProcessorInformation
GetThreadPriority
SetThreadPriority
SwitchToThread
SignalObjectAndWait
WaitForSingleObjectEx
QueryDepthSList
InterlockedFlushSList
InterlockedPushEntrySList
InterlockedPopEntrySList
CreateTimerQueue
CreateFileA
RemoveDirectoryA
CreateDirectoryA
GetWindowsDirectoryA
GetDriveTypeA
GetCommandLineA
CreateProcessA
GetModuleHandleA
LoadLibraryA
FindFirstFileA
GetLogicalDriveStringsA
lstrcmpiW
lstrcmpiA
GetSystemInfo
GetCurrentProcess
LocalFree
GlobalFree
GlobalUnlock
GlobalLock
GlobalAlloc
FreeLibrary
Process32NextW
Process32FirstW
CreateToolhelp32Snapshot
MultiByteToWideChar
GetVersionExW
CopyFileW
FindNextFileW
FindFirstFileW
DeleteFileW
SetFileAttributesW
CreateDirectoryW
GetEnvironmentVariableA
CreateProcessW
GetModuleHandleW
GetModuleFileNameA
OpenMutexW
lstrcatW
lstrcpyW
lstrcmpW
WinExec
FindClose
WaitForSingleObject
ReleaseMutex
DeleteCriticalSection
InitializeCriticalSectionAndSpinCount
LeaveCriticalSection
EnterCriticalSection
GetLastError
GetCurrentThread
RaiseException
OpenProcess
GetProcessHeap
HeapSize
HeapFree
HeapReAlloc
HeapAlloc
HeapDestroy
GetProcAddress
DecodePointer
GetDiskFreeSpaceExW
WideCharToMultiByte
CreateFileW
CreateFileMappingW
UnmapViewOfFile
MapViewOfFile
GetTickCount
FileTimeToSystemTime
SystemTimeToFileTime
GetLocalTime
CloseHandle
SetFilePointer
ReadFile
WriteFile
GetFileSize
GetFileInformationByHandle
lstrlenW
GetModuleFileNameW
DeleteFileA
GetLogicalDriveStringsW
GetFileAttributesW
GetCurrentDirectoryW
UnhandledExceptionFilter
lstrlenA
EncodePointer
GetStringTypeW
RtlUnwind
IsDebuggerPresent
IsProcessorFeaturePresent
GetSystemTimeAsFileTime
GetCommandLineW
GetCPInfo
SetUnhandledExceptionFilter
SetLastError
CreateEventW
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
GetStartupInfoW
CreateSemaphoreW
GetDateFormatW
GetTimeFormatW
CompareStringW
LCMapStringW
GetLocaleInfoW
IsValidLocale
GetUserDefaultLCID
EnumSystemLocalesW
ExitProcess
GetModuleHandleExW
AreFileApisANSI
GetCurrentThreadId
IsValidCodePage
GetACP
GetOEMCP
GetStdHandle
GetConsoleCP
GetConsoleMode
GetFileType
ReadConsoleW
SetFilePointerEx
QueryPerformanceCounter
GetCurrentProcessId
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetTimeZoneInformation
LoadLibraryExW
OutputDebugStringW
SetStdHandle
FlushFileBuffers
WriteConsoleW
SetEndOfFile
SetEnvironmentVariableA
GetThreadTimes
LoadLibraryW
MulDiv
DuplicateHandle
DosDateTimeToFileTime
InterlockedIncrement
FormatMessageW
VirtualAlloc
VirtualFree
FileTimeToDosDateTime
FileTimeToLocalFileTime
SetEvent
ResetEvent
ReleaseSemaphore
WaitForMultipleObjects

user32

ReleaseCapture
SetTimer
KillTimer
BeginPaint
EndPaint
GetUpdateRect
InvalidateRect
GetCursorPos
ScreenToClient
MapWindowPoints
IsRectEmpty
PtInRect
IsIconic
IsZoomed
SetWindowRgn
MessageBoxW
CharNextW
IntersectRect
CreateCaret
HideCaret
ShowCaret
SetCaretPos
ClientToScreen
GetSysColor
MoveWindow
GetWindowRgn
SetCapture
DrawTextW
FillRect
SetRect
GetWindowTextW
GetWindowTextLengthW
CreateAcceleratorTableW
InvalidateRgn
CharUpperW
CharPrevExA
FindWindowW
SetForegroundWindow
GetKeyState
GetFocus
UpdateLayeredWindow
GetMonitorInfoW
PostQuitMessage
PostMessageW
ExitWindowsEx
GetAncestor
MonitorFromWindow
LoadImageW
GetWindow
GetParent
SetWindowLongW
GetWindowLongW
InflateRect
GetClientRect
GetPropW
SetPropW
EnableWindow
SetFocus
SendMessageW
DestroyWindow
SetWindowPos
GetWindowRect
IsWindow
IsWindowVisible
OpenClipboard
CreateWindowExW
GetClassInfoExW
RegisterClassExW
RegisterClassW
CallWindowProcW
DefWindowProcW
DispatchMessageW
TranslateMessage
GetMessageW
CloseClipboard
SetClipboardData
GetClipboardData
LoadCursorW
OffsetRect
SetCursor
wvsprintfW
ShowWindow
wsprintfW
GetDesktopWindow
AnimateWindow
CharPrevW
LoadStringW
EmptyClipboard
GetSystemMetrics
GetDC
GetWindowDC
ReleaseDC
SetWindowTextW

gdi32

ExtTextOutW
TextOutW
MoveToEx
SetTextColor
SetStretchBltMode
StretchBlt
SetBkMode
SetBkColor
ExtSelectClipRgn
SelectClipRgn
RoundRect
LineTo
GetTextExtentPoint32W
GetClipBox
GetCharABCWidthsW
CreateSolidBrush
CreateRectRgnIndirect
CreatePenIndirect
CombineRgn
PtInRegion
CreateRectRgn
GetDeviceCaps
GetObjectA
CreateRoundRectRgn
SetWindowOrgEx
GetObjectW
CreateDIBSection
GetTextMetricsW
SaveDC
RestoreDC
DeleteDC
CreateFontIndirectW
RemoveFontMemResourceEx
AddFontMemResourceEx
SetROP2
SelectObject
Rectangle
GetStockObject
EnumFontFamiliesExW
DeleteObject
CreatePen
CreateCompatibleDC
BitBlt
CreateCompatibleBitmap

advapi32

RegOpenKeyW
CryptReleaseContext
RegCloseKey
RegCreateKeyExW
RegDeleteKeyW
RegDeleteValueW
RegEnumKeyExW
RegEnumValueW
RegOpenKeyExA
RegOpenKeyExW
RegQueryInfoKeyW
RegQueryValueExA
RegQueryValueExW
RegSetValueExW
GetUserNameA
GetUserNameW
RegCreateKeyW
RegSetValueExA
OpenProcessToken
GetTokenInformation
LookupAccountSidA
LookupAccountSidW
ConvertSidToStringSidA
AdjustTokenPrivileges
LookupPrivilegeValueW
RegCreateKeyA
RegDeleteKeyA
RegDeleteValueA
RegOpenKeyA
CryptGenRandom
CryptAcquireContextA

shell32

SHGetSpecialFolderLocation
ShellExecuteExW
ShellExecuteW
SHChangeNotify
SHGetPathFromIDListW
SHFileOperationW
SHCreateDirectoryExW
SHBrowseForFolderW
SHGetSpecialFolderPathW

ole32

CoUninitialize
CoCreateInstance
CoCreateGuid
CoInitializeSecurity
CoSetProxyBlanket
CoTaskMemFree
CLSIDFromString
CLSIDFromProgID
OleLockRunning
CoInitialize

oleaut32

SysFreeString
SysAllocStringLen
VariantCopy
SysAllocString
VariantInit
VariantClear

shlwapi

ChrCmpIW
PathIsDirectoryW
PathIsRootW
SHDeleteKeyW
StrCmpIW
PathRemoveFileSpecW
SHCreateStreamOnFileEx
ChrCmpIA
PathFileExistsW

version

VerQueryValueA
GetFileVersionInfoA
GetFileVersionInfoSizeA

psapi

GetModuleFileNameExA
GetModuleFileNameExW
EnumProcessModules

iphlpapi

GetAdaptersInfo
SendARP

userenv

GetUserProfileDirectoryW
GetUserProfileDirectoryA

wtsapi32

WTSQuerySessionInformationW
WTSFreeMemory
WTSEnumerateSessionsA

comctl32

_TrackMouseEvent
ord17

gdiplus

GdipCreateStringFormat
GdipDrawString
GdipDeleteFont
GdipCreateFontFromLogfontA
GdipCreateFontFromDC
GdipSetTextRenderingHint
GdipDeleteGraphics
GdipCreateLineBrushI
GdipDeleteBrush
GdipCloneBrush
GdiplusShutdown
GdiplusStartup
GdipFree
GdipAlloc
GdipSetStringFormatLineAlign
GdipSetStringFormatAlign
GdipCreateFromHDC
GdipDeleteStringFormat

Sections

.text
Size: 1.1MB - Virtual size: 1.1MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 214KB - Virtual size: 214KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 28KB - Virtual size: 90KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1.3MB - Virtual size: 1.3MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 62KB - Virtual size: 61KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

1ef8cd8e242a24e2ebb776815adb440b

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

ws2_32

kernel32

user32

gdi32

advapi32

shell32

ole32

oleaut32

shlwapi

version

psapi

iphlpapi

userenv

wtsapi32

comctl32

gdiplus

Sections

.text Size: 1.1MB - Virtual size: 1.1MB

.rdata Size: 214KB - Virtual size: 214KB

.data Size: 28KB - Virtual size: 90KB

.rsrc Size: 1.3MB - Virtual size: 1.3MB

.reloc Size: 62KB - Virtual size: 61KB

.text
Size: 1.1MB - Virtual size: 1.1MB

.rdata
Size: 214KB - Virtual size: 214KB

.data
Size: 28KB - Virtual size: 90KB

.rsrc
Size: 1.3MB - Virtual size: 1.3MB

.reloc
Size: 62KB - Virtual size: 61KB