d5bce72959dfde758d198cd5bfce2ba4

Sharing

Copy URL

Twitter E-mail

General

Target

d5bce72959dfde758d198cd5bfce2ba4
Size

457KB
MD5

d5bce72959dfde758d198cd5bfce2ba4
SHA1

7b916ca6b931fafba26e4983ca8d9f82e0b89ac8
SHA256

5b1087eb16e5e689fadeed1e2a770da7b34839546469b2d9d57bed759d4f82d9
SHA512

54438938ccc8636f514bbdd8fec7ad2f69f4623daf4cfd20471b2f5b578d3883516799b4a79b1578475be9f24a4878f3d719f5a552ad2d1c51d32af8fa35cb9d
SSDEEP

6144:PYsm62bL/dOuvi6IXUiQQfTAnNXbu9jrZwz73hQ1Us/V3opWE5FbwwTL:/njfTAnpirZwztQ9w17Hn

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
d5bce72959dfde758d198cd5bfce2ba4

Files

d5bce72959dfde758d198cd5bfce2ba4
.exe windows:6 windows x86 arch:x86

4973f03be13a7ad324eb311f66a173b6

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

spinstall.pdb

Imports

advapi32

GetSecurityDescriptorControl
GetSecurityDescriptorSacl
GetSecurityDescriptorDacl
GetSecurityDescriptorGroup
GetSecurityDescriptorOwner
MakeSelfRelativeSD
GetSecurityDescriptorLength
FreeSid
CheckTokenMembership
AllocateAndInitializeSid
OpenProcessToken
LookupPrivilegeValueW
AdjustTokenPrivileges
RegCloseKey
RegQueryValueExW
RegLoadKeyW
RegOpenKeyExW
ConvertSidToStringSidW
RegDeleteValueW
RegSetValueExW
RegCreateKeyExW
CryptGenRandom
CryptAcquireContextW
CryptReleaseContext
LookupAccountNameW
AddAce
InitializeAcl
SetSecurityDescriptorControl
MakeAbsoluteSD
InitializeSecurityDescriptor
RegFlushKey
InitiateShutdownW
GetLengthSid
IsValidSid
CopySid
GetAclInformation
SetSecurityDescriptorOwner
SetSecurityDescriptorDacl
GetSidSubAuthority
InitializeSid
GetSidLengthRequired
QueryServiceConfigW
OpenServiceW
CloseServiceHandle
EnumServicesStatusW
OpenSCManagerW
EventRegister
EventUnregister
EventWrite

kernel32

CreateProcessW
ReleaseMutex
GetNativeSystemInfo
IsWow64Process
GetCurrentProcess
GetFileAttributesW
GetWindowsDirectoryW
GetUILanguageInfo
EnumUILanguagesW
GetProductInfo
GetVersionExW
DeviceIoControl
LocalFree
LocalAlloc
GetDiskFreeSpaceExW
GetDiskFreeSpaceW
SetLastError
Sleep
InterlockedIncrement
WaitForSingleObject
CreateEventW
SetEvent
InterlockedDecrement
GetSystemPowerStatus
GetFileMUIPath
CreateDirectoryW
CreateThread
SystemTimeToFileTime
GetSystemTime
GetFileSizeEx
FindClose
FindNextFileW
FindFirstFileW
GetModuleFileNameW
GetSystemWindowsDirectoryW
GetFullPathNameW
FormatMessageW
HeapFree
HeapReAlloc
HeapAlloc
GetProcessHeap
lstrlenW
WideCharToMultiByte
GlobalFree
ReadFile
GetFileSize
WriteFile
SetEndOfFile
SetFilePointer
OutputDebugStringA
GetEnvironmentVariableW
SearchPathW
GetVersionExA
DeleteCriticalSection
InitializeCriticalSection
LeaveCriticalSection
EnterCriticalSection
RaiseException
GetExitCodeProcess
CreateFileW
LoadLibraryW
GetProcAddress
FreeLibrary
CreateMutexW
CloseHandle
GetLastError
HeapSize
InterlockedExchange
InterlockedCompareExchange
SetUnhandledExceptionFilter
HeapDestroy
GetModuleHandleA
QueryPerformanceCounter
GetTickCount
GetCurrentThreadId
GetCurrentProcessId
GetSystemTimeAsFileTime
TerminateProcess
UnhandledExceptionFilter
DeleteFileW
CompareFileTime
SetFileTime
MoveFileExW
FindResourceExW
FindResourceW
LoadResource
LockResource
SizeofResource
MultiByteToWideChar
GetFileAttributesExW

user32

UnregisterClassA
MessageBoxW

msvcrt

_initterm
vsprintf_s
_vscprintf
iswdigit
_wtoi
memcpy
wcstoul
__wgetmainargs
_cexit
_vsnwprintf
wcsncmp
wcsstr
_wcsnicmp
isdigit
_wtol
_purecall
wcschr
_wcslwr_s
towupper
wcsrchr
calloc
_resetstkoflw
wcscspn
??2@YAPAXI@Z
memset
memmove_s
malloc
free
_exit
_XcptFilter
vswprintf_s
_vscwprintf
_wcsicmp
_CxxThrowException
memcpy_s
??_V@YAXPAX@Z
__CxxFrameHandler3
exit
_vsnprintf
_controlfp
?terminate@@YAXXZ
??_U@YAPAXI@Z
??3@YAXPAX@Z
_onexit
_lock
__dllonexit
_unlock
_except_handler4_common
??1type_info@@UAE@XZ
__set_app_type
__p__fmode
__p__commode
__setusermatherr
_amsg_exit
iswspace
_ftol2

shell32

SHFileOperationW
SHCreateItemFromParsingName
CommandLineToArgvW

ole32

CoCreateInstance
CoSetProxyBlanket
CoGetMalloc
CoInitializeEx
CoInitializeSecurity
CoUninitialize
StringFromGUID2

oleaut32

VariantInit
SysFreeString
SysAllocStringLen
VariantChangeType
VariantClear

version

GetFileVersionInfoW
GetFileVersionInfoSizeW
VerQueryValueW

ntdll

RtlInitializeBitMap
RtlNumberOfClearBits
RtlAreBitsClear
RtlAreBitsSet
RtlSetBits

wtsapi32

WTSFreeMemory
WTSQuerySessionInformationW

shlwapi

PathRemoveFileSpecW
PathIsURLW
SHCreateStreamOnFileW
PathFileExistsW
PathFindFileNameW
PathCombineW

xmllite

CreateXmlReader

crypt32

CertCreateCertificateContext
CertFreeCertificateContext
CertCloseStore
CertOpenStore
CertAddCertificateContextToStore

userenv

UnloadUserProfile

sqmapi

SqmCreateNewId
SqmSetMachineId
SqmSet
SqmIsWindowsOptedIn
SqmStartUpload
SqmWaitForUploadComplete
SqmEndSession
SqmReadSharedMachineId
SqmSetBits
SqmSetString
SqmSetAppId
SqmSetEnabled
SqmGetSession
SqmAddToStreamV
SqmWriteSharedMachineId

winbrand

BrandingFormatString

wer

WerReportSetUIOption
WerReportSetParameter
WerpSetCallBack
WerReportCreate
WerReportCloseHandle
WerReportSubmit

wintrust

CryptCATAdminReleaseContext
CryptCATAdminReleaseCatalogContext
CryptCATCatalogInfoFromContext
CryptCATAdminEnumCatalogFromHash
WinVerifyTrust
CryptCATAdminCalcHashFromFileHandle
CryptCATAdminAcquireContext

Sections

.text
Size: 402KB - Virtual size: 402KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 2KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 49KB - Virtual size: 49KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

4973f03be13a7ad324eb311f66a173b6

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

advapi32

kernel32

user32

msvcrt

shell32

ole32

oleaut32

version

ntdll

wtsapi32

shlwapi

xmllite

crypt32

userenv

sqmapi

winbrand

wer

wintrust

Sections

.text Size: 402KB - Virtual size: 402KB

.data Size: 2KB - Virtual size: 3KB

.rsrc Size: 2KB - Virtual size: 2KB

.reloc Size: 49KB - Virtual size: 49KB

.text
Size: 402KB - Virtual size: 402KB

.data
Size: 2KB - Virtual size: 3KB

.rsrc
Size: 2KB - Virtual size: 2KB

.reloc
Size: 49KB - Virtual size: 49KB