d4fdb96442ce0d48e99f6edb57559f1c

Sharing

Copy URL Twitter E-mail

General

Target

d4fdb96442ce0d48e99f6edb57559f1c
Size

33KB
MD5

d4fdb96442ce0d48e99f6edb57559f1c
SHA1

3d519e23f0026e13cf97e5bc2a079d0b50f95f62
SHA256

c1baf5db5588368c8974e2df7be4b783e28b1f74bf71b2160b82454fe775acaf
SHA512

007c87fbff33519796039719ee8e243ed3366213103d33cb3f303d0ce4574651b12f105f80eef56f1cba4900704e4388162931ecfc68f66b7f2deb1ec4005c04
SSDEEP

768:WkMxaRZuwXyELq14n6QWfLT5BDIdY/7Sb5KCoh:WkMMRQwX/LS7/HDIdY/7qg/

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
d4fdb96442ce0d48e99f6edb57559f1c

Files

d4fdb96442ce0d48e99f6edb57559f1c
.exe windows:4 windows x86 arch:x86

2e2371d19616ab8b61c624e2521d2f1c

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Imports

ole32

OleSetClipboard
CoBuildVersion
CLIPFORMAT_UserUnmarshal
CoAddRefServerProcess
BindMoniker
CLSIDFromProgID
OleInitialize
CoCreateGuid
CLSIDFromOle1Class
CLSIDFromProgIDEx
WriteFmtUserTypeStg
CoCopyProxy
CoCreateInstanceEx
CLIPFORMAT_UserSize
CLIPFORMAT_UserMarshal
CoCancelCall
CoDisableCallCancellation
CLSIDFromString
CoCreateInstance
CoCreateFreeThreadedMarshaler

advapi32

RegEnumValueW
RegCreateKeyExW
RegOpenKeyExW
RegDeleteValueW
RegQueryValueExW
RegCreateKeyExA
RegSetValueExW
RegQueryInfoKeyW
OpenProcessToken
InitializeSecurityDescriptor
GetTokenInformation
RegCloseKey
RegQueryValueExA
CloseServiceHandle
RegEnumKeyExW
RegOpenKeyExA
FreeSid
RegDeleteValueA
RegDeleteKeyW
RegDeleteKeyA
RegEnumKeyExA
RegSetValueExA
OpenThreadToken
AllocateAndInitializeSid

gdi32

RealizePalette
GetDeviceCaps
DeleteDC
CreateRectRgn
ExtTextOutA
SetTextColor
UnrealizeObject
CreateCompatibleDC
BitBlt
GetObjectA
CreateFontIndirectA
MoveToEx
CreateSolidBrush
GetStockObject
GetTextExtentPointA
GetSystemPaletteEntries
SaveDC
SelectPalette
CreatePen
DeleteObject
CreatePalette
SelectClipRgn
GetTextMetricsA
CreateDIBitmap
SetBkColor
RestoreDC

olecli32

OleCreateFromClip
OleSetHostNames
OleDelete
OleEqual
OleQueryLinkFromClip
OleLoadFromStream
OleCopyFromLink
OleQueryType
OleSetBounds
OleQueryCreateFromClip
OleClone
OleCopyToClipboard
OleSetTargetDevice
OleCreateLinkFromClip
OleSaveToStream

rsaenh

CPHashSessionKey
CPGenRandom
CPSetKeyParam
CPGetKeyParam
CPImportKey
CPEncrypt
CPVerifySignature
CPDecrypt
CPReleaseContext
CPDestroyKey
CPGetProvParam
CPDestroyHash
CPSignHash
CPDuplicateKey
CPCreateHash
CPDeriveKey
DllUnregisterServer
CPGetHashParam
DllRegisterServer
CPGenKey
CPSetProvParam
CPHashData
CPGetUserKey
CPDuplicateHash
CPSetHashParam

oleaut32

SafeArrayGetLBound
SetErrorInfo
VariantInit
SysStringLen
SafeArrayPtrOfIndex
VariantCopyInd
SafeArrayCreate
SysStringByteLen
VariantChangeTypeEx
VariantCopy
SafeArrayGetElement
SafeArrayGetUBound
SafeArrayAccessData
OleLoadPicture
LoadTypeLibEx
VariantClear
RegisterTypeLib
CreateErrorInfo
SysAllocStringByteLen
SysAllocStringLen
SafeArrayPutElement
VariantChangeType
SysFreeString
GetErrorInfo
SafeArrayUnaccessData
SysReAllocStringLen

oleacc

AccessibleObjectFromEvent
CreateStdAccessibleProxyA
LresultFromObject
DllUnregisterServer
AccessibleObjectFromPoint
IID_IAccessible
ObjectFromLresult
GetRoleTextA
CreateStdAccessibleProxyW
GetRoleTextW
IID_IAccessibleHandler
AccessibleChildren
DllCanUnloadNow
GetStateTextW
LIBID_Accessibility
GetStateTextA
WindowFromAccessibleObject
AccessibleObjectFromWindow
DllGetClassObject
CreateStdAccessibleObject
GetOleaccVersionInfo

ws2_32

WSAGetLastError
socket
accept
send
WSAStartup
WSACleanup
recv

user32

GetDC
TranslateMessage
ReleaseDC
MessageBoxA
GetWindowRect
GetClientRect
GetDlgItem
ShowWindow
LoadStringW
EndDialog
GetSystemMetrics
EnableWindow

version

VerLanguageNameA
GetFileVersionInfoSizeW
VerQueryValueW
GetFileVersionInfoSizeA
GetFileVersionInfoA

shell32

PickIconDlg
SHGetSetSettings
IsLFNDrive
SHCoCreateInstance
DllGetClassObject
SHChangeNotifyRegister
DriveType
PifMgr_OpenProperties
Shell_GetImageLists
PathResolve
DllRegisterServer
SHILCreateFromPath
DragAcceptFiles
DllGetVersion
IsNetDrive
Shell_MergeMenus
Shell_GetCachedImageIndex
DAD_DragEnterEx
GetFileNameFromBrowse
RestartDialog
SHStartNetConnectionDialogW
DllInstall
DllUnregisterServer
SHDefExtractIconW
PathQualify
SHChangeNotifyDeregister
DAD_DragLeave

kernel32

ReadFile
SetConsoleCP
WaitForMultipleObjects
SetFileTime
GetShortPathNameA
WriteFile
GetVolumeInformationA
SetLastError
GetFullPathNameA
lstrcmpiA
IsBadReadPtr
AllocConsole
InterlockedIncrement
SetFilePointer
FlushFileBuffers
GetStdHandle
GetConsoleOutputCP
SetConsoleOutputCP
InitializeCriticalSection
SearchPathA
GetConsoleScreenBufferInfo
DeleteCriticalSection
GetEnvironmentVariableA
SetConsoleTitleA
GetConsoleCP
VirtualAlloc
GetFileInformationByHandle
GetTickCount
IsBadCodePtr
ReadConsoleInputA
GetLastError
FreeLibrary
LeaveCriticalSection
CreateDirectoryA
GetModuleFileNameA
ExpandEnvironmentStringsA
IsBadWritePtr
InterlockedDecrement
LoadLibraryA
WaitForSingleObject
FreeConsole
MoveFileA
CreateProcessA
SetConsoleWindowInfo
GetModuleHandleA
SetConsoleScreenBufferSize
SetEnvironmentVariableA
PeekConsoleInputA
SetEndOfFile

rpcrt4

DllGetClassObject
NdrAsyncClientCall
NDRCContextBinding
NdrClientInitialize
MesDecodeIncrementalHandleCreate
MesIncrementalHandleReset
NdrByteCountPointerBufferSize
NdrByteCountPointerUnmarshall
CreateStubFromTypeInfo
NdrConformantStructBufferSize
NdrByteCountPointerFree
DllRegisterServer
NdrAsyncServerCall
NDRCContextMarshall
DceErrorInqTextW
NDRSContextMarshallEx
MesInqProcEncodingId
NDRcopy
NdrAllocate
MesEncodeFixedBufferHandleCreate
MesHandleFree
CStdStubBuffer_CountRefs
NDRSContextMarshall
MesBufferHandleReset

Sections

.text
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 9KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 16KB - Virtual size: 48KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

2e2371d19616ab8b61c624e2521d2f1c

Headers

File Characteristics

Imports

ole32

advapi32

gdi32

olecli32

rsaenh

oleaut32

oleacc

ws2_32

user32

version

shell32

kernel32

rpcrt4

Sections

.text Size: 2KB - Virtual size: 1KB

.rdata Size: 9KB - Virtual size: 9KB

.data Size: 16KB - Virtual size: 48KB

.rsrc Size: 4KB - Virtual size: 3KB

.text
Size: 2KB - Virtual size: 1KB

.rdata
Size: 9KB - Virtual size: 9KB

.data
Size: 16KB - Virtual size: 48KB

.rsrc
Size: 4KB - Virtual size: 3KB