d4e4f3619d15a10fb85522ecd7f9df3f

Sharing

Copy URL Twitter E-mail

General

Target

d4e4f3619d15a10fb85522ecd7f9df3f
Size

228KB
MD5

d4e4f3619d15a10fb85522ecd7f9df3f
SHA1

6d66d9b3ac0451e87d5674bf067442f34429fea6
SHA256

62961be159afd03a82beaedd855663e4ff0dcf1a7d5963a94b4f0bf49efc4d32
SHA512

4c97c633f6397385cf73579c9c9904c05785ad22ecd12baef42e084e8b5890197ce8df107e17f2e754640a046fdde1dc6174c37c10baf99a8a2344d0896013a6
SSDEEP

3072:FqnvpRDwFRXbmrbZGg86jo0kVxwLIWkKqUa9antF5hvvJkuXpE2/0Oyy:FqjwFRbmrF1ZkryyKq99UF5hvv/l8OZ

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
d4e4f3619d15a10fb85522ecd7f9df3f

Files

d4e4f3619d15a10fb85522ecd7f9df3f
.exe windows:6 windows x86 arch:x86

ffa0be4a949e153bf38f3bcbbc83ce00

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

diskclean.pdb

Imports

advapi32

EventRegister
EventUnregister
EventWrite

kernel32

GetModuleHandleA
GetModuleHandleW
GetVersion
InterlockedDecrement
InterlockedIncrement
CreateEventW
InterlockedExchange
InterlockedCompareExchange
GetLastError
GetStartupInfoW
Sleep
SetUnhandledExceptionFilter
QueryPerformanceCounter
GetCurrentProcessId
GetCurrentThreadId
GetSystemTimeAsFileTime
GetTickCount
UnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
GetProcAddress
LoadLibraryW
HeapAlloc
HeapFree
GetProcessHeap
LoadLibraryA
GetDriveTypeW
CreateMutexW
CheckElevationEnabled
FindClose
FindFirstFileExW
FindNextFileW
GetDiskFreeSpaceExW
InitializeCriticalSection
GetFileAttributesW
OutputDebugStringA
CloseHandle
SetLastError
SetEvent
ResetEvent
WaitForSingleObject
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
CreateThreadpoolWork
SubmitThreadpoolWork
WaitForThreadpoolWorkCallbacks
CloseThreadpoolWork
MultiByteToWideChar
lstrlenA
lstrcmpA
LocalFree
LocalAlloc
WaitForMultipleObjects
GetModuleFileNameW

user32

CreateWindowExW
RegisterClassExW
PostQuitMessage
DefWindowProcW
PostMessageW
DispatchMessageW
TranslateMessage
GetMessageW
GetKeyState
LoadStringW
DestroyWindow
GetWindowLongW
SendMessageW
SetFocus
GetFocus
GetClientRect
EnableWindow
SetForegroundWindow
MessageBoxW
FindWindowW
ShowWindow
LoadCursorW
LoadIconW
SetWindowLongW

msvcrt

??1exception@@UAE@XZ
??0exception@@QAE@ABV0@@Z
??0exception@@QAE@XZ
malloc
free
_purecall
towupper
iswspace
_vsnwprintf
_XcptFilter
_CxxThrowException
__p__commode
_amsg_exit
__wgetmainargs
__set_app_type
exit
_exit
_cexit
__p__fmode
__setusermatherr
_initterm
_wcmdln
__CxxFrameHandler3
_except_handler4_common
_lock
_unlock
__dllonexit
_onexit
?what@exception@@UBEPBDXZ
?terminate@@YAXXZ
_controlfp
??1type_info@@UAE@XZ
_callnewh
_ftol2
floor
memset
_wcstoui64
memcmp

ole32

CoGetMalloc
CoInitializeEx
CoUninitialize
CoTaskMemFree
CoCreateInstance
CoTaskMemAlloc

shell32

ord825
ord16
ShellExecuteExW
SHGetKnownFolderPath
SHCreateItemFromParsingName
ord155
SHGetKnownFolderItem

uxtheme

SetWindowTheme

duser

ForwardGadgetMessage

dui70

?GetID@Element@DirectUI@@QAEGXZ
?CreateElement@DUIXmlParser@DirectUI@@QAEJPBGPAVElement@2@1PAKPAPAV32@@Z
?SetXMLFromResource@DUIXmlParser@DirectUI@@QAEJIPAUHINSTANCE__@@0@Z
?Destroy@DUIXmlParser@DirectUI@@QAEXXZ
?Create@DUIXmlParser@DirectUI@@SGJPAPAV12@P6GPAVValue@2@PBGPAX@Z2P6GX11H2@Z2@Z
?Create@BorderLayout@DirectUI@@SGJPAPAVLayout@2@@Z
?ShowFocus@HWNDElement@DirectUI@@QAE_NXZ
?SetAccessible@Element@DirectUI@@QAEJ_N@Z
?SetLayout@Element@DirectUI@@QAEJPAVLayout@2@@Z
?SetHeight@Element@DirectUI@@QAEJH@Z
?SetWidth@Element@DirectUI@@QAEJH@Z
?SetVisible@Element@DirectUI@@QAEJ_N@Z
?Add@Element@DirectUI@@QAEJPAV12@@Z
?UpdateLayout@Element@DirectUI@@QAEXXZ
?EndDefer@Element@DirectUI@@QAEXK@Z
UnInitThread
InitThread
UnInitProcessPriv
InitProcessPriv
?OnInput@CCProgressBar@DirectUI@@UAEXPAUInputEvent@2@@Z
?GetContentSize@CCBase@DirectUI@@UAE?AUtagSIZE@@HHPAVSurface@2@@Z
?Register@CCProgressBar@DirectUI@@SGJXZ
?GetClassInfoPtr@CCProgressBar@DirectUI@@SGPAUIClassInfo@2@XZ
?Initialize@CCProgressBar@DirectUI@@QAEJIPAVElement@2@PAK@Z
??0CCProgressBar@DirectUI@@QAE@XZ
?SetKeyFocus@Element@DirectUI@@UAEXXZ
?WndProc@HWNDElement@DirectUI@@UAEJPAUHWND__@@IIJ@Z
?UpdateTooltip@HWNDElement@DirectUI@@UAEXPAVElement@2@@Z
?RemoveTooltip@HWNDElement@DirectUI@@UAEXPAVElement@2@@Z
?Paint@Element@DirectUI@@UAEXPAUHDC__@@PBUtagRECT@@1PAU4@2@Z
?OnWmThemeChanged@HWNDElement@DirectUI@@UAEXIJ@Z
?OnUnHosted@Element@DirectUI@@MAEXPAV12@@Z
?OnThemeChanged@HWNDElement@DirectUI@@UAEXPAUThemeChangedEvent@2@@Z
?OnPropertyChanged@HWNDElement@DirectUI@@UAEXPBUPropertyInfo@2@HPAVValue@2@1@Z
?OnNoChildWithShortcutFound@HWNDElement@DirectUI@@UAEXPAUKeyboardEvent@2@@Z
?OnInput@HWNDElement@DirectUI@@UAEXPAUInputEvent@2@@Z
?OnHosted@Element@DirectUI@@MAEXPAV12@@Z
?OnGroupChanged@HWNDElement@DirectUI@@UAEXH_N@Z
?OnGetDlgCode@HWNDElement@DirectUI@@UAEXPAUtagMSG@@PAJ@Z
?OnDestroy@HWNDElement@DirectUI@@UAEXXZ
?OnCompositionChanged@HWNDElement@DirectUI@@UAEXXZ
?MessageCallback@Element@DirectUI@@UAEIPAUtagGMSG@@@Z
?GetKeyFocused@Element@DirectUI@@UAE_NXZ
?GetHWND@HWNDElement@DirectUI@@UAEPAUHWND__@@XZ
?GetContentSize@Element@DirectUI@@UAE?AUtagSIZE@@HHPAVSurface@2@@Z
?GetClassInfoW@HWNDElement@DirectUI@@UAEPAUIClassInfo@2@XZ
?GetAccessibleImpl@HWNDElement@DirectUI@@UAEJPAPAUIAccessible@@@Z
?DefaultAction@Element@DirectUI@@UAEJXZ
?CreateStyleParser@HWNDElement@DirectUI@@UAEJPAPAVDUIXmlParser@2@@Z
?CanSetFocus@HWNDElement@DirectUI@@UAE_NXZ
?ActivateTooltip@HWNDElement@DirectUI@@UAEXPAVElement@2@K@Z
?Click@Button@DirectUI@@SG?AVUID@@XZ
?Initialize@HWNDElement@DirectUI@@QAEJPAUHWND__@@_NIPAVElement@2@PAK@Z
??1HWNDElement@DirectUI@@UAE@XZ
??0HWNDElement@DirectUI@@QAE@XZ
?OnEvent@HWNDElement@DirectUI@@UAEXPAUEvent@2@@Z
?SetAccValue@Element@DirectUI@@QAEJPBG@Z
?SetContentString@Element@DirectUI@@QAEJPBG@Z
?SetLayoutPos@Element@DirectUI@@QAEJH@Z
?KeyboardNavigate@Element@DirectUI@@SG?AVUID@@XZ
?FindDescendent@Element@DirectUI@@QAEPAV12@G@Z
StrToID
?_SelfLayoutUpdateDesiredSize@Element@DirectUI@@MAE?AUtagSIZE@@HHPAVSurface@2@@Z
?_SelfLayoutDoLayout@Element@DirectUI@@MAEXHH@Z
?UpdateTooltip@Element@DirectUI@@MAEXPAV12@@Z
?SetWindowDirection@HWNDHost@DirectUI@@UAEXPAUHWND__@@@Z
?SetKeyFocus@HWNDHost@DirectUI@@UAEXXZ
?RemoveTooltip@Element@DirectUI@@MAEXPAV12@@Z
?RemoveChild@ClassInfoBase@DirectUI@@UAEXXZ
?RemoveBehavior@Element@DirectUI@@UAEJPAUIDuiBehavior@@@Z
?Remove@Element@DirectUI@@UAEJPAPAV12@I@Z
?Release@ClassInfoBase@DirectUI@@UAEHXZ
?QueryInterface@Element@DirectUI@@UAGJABU_GUID@@PAPAX@Z
?PostCreate@CCBase@DirectUI@@MAEXPAUHWND__@@@Z
?Paint@HWNDHost@DirectUI@@UAEXPAUHDC__@@PBUtagRECT@@1PAU4@2@Z
?OnWindowStyleChanged@HWNDHost@DirectUI@@UAEXIPBUtagSTYLESTRUCT@@@Z
?OnUnHosted@HWNDHost@DirectUI@@MAEXPAVElement@2@@Z
?OnSysChar@HWNDHost@DirectUI@@UAE_NG@Z
?OnSinkThemeChanged@HWNDHost@DirectUI@@UAE_NIIJPAJ@Z
?OnReceivedDialogFocus@CCBase@DirectUI@@UAE_NPAVDialogElement@2@@Z
?OnPropertyChanging@Element@DirectUI@@UAE_NPBUPropertyInfo@2@HPAVValue@2@1@Z
?OnPropertyChanging@Element@DirectUI@@UAE_NPAUPropertyInfo@2@HPAVValue@2@1@Z
?OnPropertyChanged@Element@DirectUI@@UAEXPAUPropertyInfo@2@HPAVValue@2@1@Z
?OnPropertyChanged@CCBase@DirectUI@@UAEXPBUPropertyInfo@2@HPAVValue@2@1@Z
?OnNotify@CCBase@DirectUI@@UAE_NIIJPAJ@Z
?OnMouseFocusMoved@Element@DirectUI@@UAEXPAV12@0@Z
?OnMessage@HWNDHost@DirectUI@@UAE_NIIJPAJ@Z
?OnLostDialogFocus@CCBase@DirectUI@@UAE_NPAVDialogElement@2@@Z
?OnKeyFocusMoved@Element@DirectUI@@UAEXPAV12@0@Z
?OnHosted@HWNDHost@DirectUI@@MAEXPAVElement@2@@Z
?OnGroupChanged@Element@DirectUI@@UAEXH_N@Z
?OnEvent@HWNDHost@DirectUI@@UAEXPAUEvent@2@@Z
?OnDestroy@HWNDHost@DirectUI@@UAEXXZ
?OnCustomDraw@CCBase@DirectUI@@UAE_NPAUtagNMCUSTOMDRAWINFO@@PAJ@Z
?OnCtrlThemeChanged@HWNDHost@DirectUI@@UAE_NIIJPAJ@Z
?OnAdjustWindowSize@HWNDHost@DirectUI@@UAEHHHI@Z
?MessageCallback@HWNDHost@DirectUI@@UAEIPAUtagGMSG@@@Z
?IsValidProperty@ClassInfoBase@DirectUI@@UBE_NPBUPropertyInfo@2@@Z
?IsSubclassOf@ClassInfoBase@DirectUI@@UBE_NPAUIClassInfo@2@@Z
?IsRTLReading@Element@DirectUI@@UAE_NXZ
?IsGlobal@ClassInfoBase@DirectUI@@UBE_NXZ
??0CritSecLock@DirectUI@@QAE@PAU_RTL_CRITICAL_SECTION@@@Z
??1CritSecLock@DirectUI@@QAE@XZ
?Destroy@Element@DirectUI@@QAEJ_N@Z
?FireEvent@Element@DirectUI@@QAEXPAUEvent@2@_N1@Z
?GetFactoryLock@Element@DirectUI@@SGPAU_RTL_CRITICAL_SECTION@@XZ
?GetDisplayNode@Element@DirectUI@@QAEPAUHGADGET__@@XZ
??0ClassInfoBase@DirectUI@@QAE@XZ
??1ClassInfoBase@DirectUI@@UAE@XZ
?Initialize@ClassInfoBase@DirectUI@@QAEJPAUHINSTANCE__@@PBG_NPBQBUPropertyInfo@2@I@Z
?Register@ClassInfoBase@DirectUI@@QAEJXZ
?ClassExist@ClassInfoBase@DirectUI@@SG_NPAPAUIClassInfo@2@PBQBUPropertyInfo@2@IPAU32@PAUHINSTANCE__@@PBG_N@Z
??1CCBase@DirectUI@@UAE@XZ
?OnInput@CCBase@DirectUI@@UAEXPAUInputEvent@2@@Z
?CreateHWND@CCBase@DirectUI@@UAEPAUHWND__@@PAU3@@Z
??0CCListView@DirectUI@@QAE@XZ
?Initialize@CCListView@DirectUI@@QAEJIPAVElement@2@PAK@Z
?GetClassInfoPtr@CCListView@DirectUI@@SGPAUIClassInfo@2@XZ
?Register@CCListView@DirectUI@@SGJXZ
?ActivateTooltip@Element@DirectUI@@MAEXPAV12@K@Z
?Add@Element@DirectUI@@UAEJPAPAV12@I@Z
?AddBehavior@Element@DirectUI@@UAEJPAUIDuiBehavior@@@Z
?AddChild@ClassInfoBase@DirectUI@@UAEXXZ
?AddRef@ClassInfoBase@DirectUI@@UAEXXZ
?AssertPIZeroRef@ClassInfoBase@DirectUI@@UBEXXZ
?DefaultAction@CCBase@DirectUI@@UAEJXZ
?EnsureVisible@Element@DirectUI@@UAE_NHHHH@Z
?EnumPropertyInfo@ClassInfoBase@DirectUI@@UAEPBUPropertyInfo@2@I@Z
?EraseBkgnd@HWNDHost@DirectUI@@MAE_NPAUHDC__@@PAJ@Z
?GetAccessibleImpl@HWNDHost@DirectUI@@UAEJPAPAUIAccessible@@@Z
?GetAdjacent@Element@DirectUI@@UAEPAV12@PAV12@HPBUNavReference@2@K@Z
?GetByClassIndex@ClassInfoBase@DirectUI@@UAEPBUPropertyInfo@2@I@Z
?GetChildren@ClassInfoBase@DirectUI@@UBEHXZ
?GetContentSize@CCListView@DirectUI@@UAE?AUtagSIZE@@HHPAVSurface@2@@Z
?GetContentStringAsDisplayed@Element@DirectUI@@UAEPBGPAPAVValue@2@@Z
?GetElementProviderImpl@Element@DirectUI@@UAEJPAVInvokeHelper@2@PAPAVElementProvider@2@@Z
?GetGlobalIndex@ClassInfoBase@DirectUI@@UBEIXZ
?GetHWND@HWNDHost@DirectUI@@UAEPAUHWND__@@XZ
?GetKeyFocused@HWNDHost@DirectUI@@UAE_NXZ
?GetModule@ClassInfoBase@DirectUI@@UBEPAUHINSTANCE__@@XZ
?GetName@ClassInfoBase@DirectUI@@UBEPBGXZ
?GetPICount@ClassInfoBase@DirectUI@@UBEIXZ
?HandleUiaDestroyListener@Element@DirectUI@@UAEXXZ
?HandleUiaEventListener@Element@DirectUI@@UAEXPAUEvent@2@@Z
?HandleUiaPropertyChangingListener@Element@DirectUI@@UAEXPBUPropertyInfo@2@@Z
?HandleUiaPropertyListener@Element@DirectUI@@UAEXPBUPropertyInfo@2@HPAVValue@2@1@Z
?Insert@Element@DirectUI@@UAEJPAPAV12@II@Z
?IsContentProtected@Element@DirectUI@@UAE_NXZ

shlwapi

SHCreateStreamOnFileEx
StrCmpIW
PathRemoveFileSpecW
PathIsSameRootW
PathFindExtensionW
PathAppendW
StrCmpW
PathStripToRootW
StrToIntW
StrStrIW
ord165
StrFormatByteSizeW
ord16
ord219
SHStrDupW

propsys

ord430

ntdll

NtClose
NtQueryInformationToken
NtOpenProcessToken
NtOpenThreadToken

xmllite

CreateXmlReader

Sections

.text
Size: 79KB - Virtual size: 78KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 121KB - Virtual size: 121KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 26KB - Virtual size: 27KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

ffa0be4a949e153bf38f3bcbbc83ce00

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

advapi32

kernel32

user32

msvcrt

ole32

shell32

uxtheme

duser

dui70

shlwapi

propsys

ntdll

xmllite

Sections

.text Size: 79KB - Virtual size: 78KB

.data Size: 512B - Virtual size: 1KB

.rsrc Size: 121KB - Virtual size: 121KB

.reloc Size: 26KB - Virtual size: 27KB

.text
Size: 79KB - Virtual size: 78KB

.data
Size: 512B - Virtual size: 1KB

.rsrc
Size: 121KB - Virtual size: 121KB

.reloc
Size: 26KB - Virtual size: 27KB