cd5bff03231cf2612b9e42b9c6629038

Sharing

Copy URL Twitter E-mail

General

Target

cd5bff03231cf2612b9e42b9c6629038
Size

482KB
MD5

cd5bff03231cf2612b9e42b9c6629038
SHA1

b98e5dab9b20fdc8cd3f8acbcabaf7116577af88
SHA256

ef20813b4b1bb7d281acc07a9f7410a40148458bdbb954eb6314c01956a1e8d2
SHA512

03f53e8dfaf0ca7f37d1b41c295441b4e02ab793139983a4c76a958d98d05db55e9054a628387eb1ec1848d33c91f2229293920e9c51278de659279f84110d67
SSDEEP

12288:3f6F5OLpdNIrd4Ds5OLpdNIrd4DEkemB:3f6TmXIrdFmXIrdMB

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
cd5bff03231cf2612b9e42b9c6629038

Files

cd5bff03231cf2612b9e42b9c6629038
.exe windows:6 windows x86 arch:x86

4118834ae1918861b0f28d700aa947a8

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

ieinstal.pdb

Imports

advapi32

RegCreateKeyExW
RegDeleteValueW
AllocateAndInitializeSid
FreeSid
CheckTokenMembership
RegCloseKey
RegSetValueExW
RegCreateKeyW
RegSetValueExA
RegQueryValueExA
RegQueryValueExW
RegDeleteKeyW
RegCreateKeyA
RegOpenKeyExA
RegEnumValueW
RegOpenKeyExW
CopySid
EqualSid
InitializeSecurityDescriptor
ConvertStringSidToSidW
SetSecurityDescriptorDacl
SetEntriesInAclW
CreateWellKnownSid
GetTraceEnableFlags
GetTraceLoggerHandle
TraceEvent
UnregisterTraceGuids
GetTraceEnableLevel
RegisterTraceGuidsW
GetKernelObjectSecurity
GetTokenInformation
OpenProcessToken
InitializeAcl
SetSecurityInfo
IsValidSid
GetSecurityDescriptorSacl
GetLengthSid
AddMandatoryAce
RegOverridePredefKey
RegOpenCurrentUser
GetSidSubAuthority
GetSidSubAuthorityCount
GetAce

kernel32

lstrcmpiA
GetProcAddress
EnterCriticalSection
SetFileAttributesA
GetExitCodeThread
lstrcmpiW
DeleteCriticalSection
DuplicateHandle
CloseHandle
DeleteFileW
DeleteFileA
CreateThread
lstrcmpA
CreateDirectoryExA
WideCharToMultiByte
CopyFileW
GetFileAttributesA
MultiByteToWideChar
lstrlenW
RemoveDirectoryA
FindClose
LocalAlloc
FindNextFileA
GetTempPathA
GetCurrentProcess
InterlockedCompareExchange
SetEvent
CreateEventW
HeapSetInformation
GetVersionExA
HeapAlloc
InterlockedIncrement
InterlockedDecrement
HeapFree
CreateFileW
GetFileAttributesW
LeaveCriticalSection
LoadLibraryW
OpenProcess
FindFirstFileA
InitializeCriticalSection
GetModuleFileNameW
DeactivateActCtx
ActivateActCtx
ReleaseActCtx
CreateActCtxW
SetLastError
ResumeThread
SuspendThread
VirtualProtect
VirtualAlloc
FlushInstructionCache
WaitForSingleObject
GetModuleHandleW
VirtualFree
VirtualQuery
SetThreadContext
GetThreadContext
GetCurrentThread
UnhandledExceptionFilter
TerminateProcess
GetSystemTimeAsFileTime
GetCurrentProcessId
GetCurrentThreadId
GetTickCount
QueryPerformanceCounter
GetProcessHeap
InterlockedExchange
GetLastError
SetProcessShutdownParameters
lstrlenA
FreeLibrary
CreateProcessW
LoadLibraryExW
GetModuleHandleA
SetUnhandledExceptionFilter
GetStartupInfoW
Sleep
LocalFree

user32

LoadStringW
CharNextW
PostQuitMessage

msvcrt

memset
wcstok
__wgetmainargs
_cexit
_XcptFilter
exit
_wcmdln
_initterm
memcpy_s
_amsg_exit
__setusermatherr
__p__commode
_wcsnicmp
_vsnprintf
_vsnwprintf
wcsrchr
__p__fmode
__set_app_type
_unlock
__dllonexit
_lock
_onexit
?terminate@@YAXXZ
_except_handler4_common
_controlfp
_exit

psapi

GetModuleBaseNameW

ole32

CoRevokeClassObject
CoRegisterClassObject
CoCreateInstance
CoUninitialize
CoInitialize
CoRevertToSelf
CoTaskMemFree
CoImpersonateClient
CoTaskMemAlloc
CoGetCallContext
StringFromGUID2
CoInitializeSecurity
CoInitializeEx

oleaut32

RegisterTypeLi
UnRegisterTypeLi
RegisterTypeLibForUser
SysFreeString
SysStringLen
SysAllocString
UnRegisterTypeLibForUser

rpcrt4

RpcStringFreeW
UuidToStringW
UuidCreate

urlmon

CompatFlagsFromClsid
CoInternetSetFeatureEnabled
CoInternetCreateSecurityManager
ord107
Extract

wintrust

CryptCATAdminAddCatalog
CryptCATAdminReleaseContext
CryptCATAdminAcquireContext
CryptCATAdminReleaseCatalogContext

iertutil

ord658
ord650
ord201
ord200

ntdll

NtFreeVirtualMemory

Sections

.text
Size: 43KB - Virtual size: 43KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 404KB - Virtual size: 403KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 33KB - Virtual size: 34KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

htbxvop
Size: - Virtual size: 4KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

4118834ae1918861b0f28d700aa947a8

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

advapi32

kernel32

user32

msvcrt

psapi

ole32

oleaut32

rpcrt4

urlmon

wintrust

iertutil

ntdll

Sections

.text Size: 43KB - Virtual size: 43KB

.data Size: 1024B - Virtual size: 1KB

.rsrc Size: 404KB - Virtual size: 403KB

.reloc Size: 33KB - Virtual size: 34KB

htbxvop Size: - Virtual size: 4KB

.text
Size: 43KB - Virtual size: 43KB

.data
Size: 1024B - Virtual size: 1KB

.rsrc
Size: 404KB - Virtual size: 403KB

.reloc
Size: 33KB - Virtual size: 34KB

htbxvop
Size: - Virtual size: 4KB