d7aa19b1081089252eb74fe72d84fff0

Sharing

Copy URL Twitter E-mail

General

Target

d7aa19b1081089252eb74fe72d84fff0
Size

87KB
MD5

d7aa19b1081089252eb74fe72d84fff0
SHA1

c37b575d20bd3b5965d6da2bc8bb66b4d14fe467
SHA256

6d8de00df4d93953d98293ad71c0ca767b2ce36c754dac4403e7468d3ece4c26
SHA512

85ddf864cd500531e97c8b44ce639601c77d53e0e352ff94500f617239e8d511a53a00ece877387442c03ae27ce7ed96ada3c92f99a3fe170be53c642f69ba29
SSDEEP

1536:it5HppxiJMVk4qSUvUkLmf8JD4XLSqXXk8aDZ1NVfRGgrVaGn+xq0og0oRca4WYZ:ibJpxqMVk4UC8JDILTxAn/RGrAn01hhs

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
d7aa19b1081089252eb74fe72d84fff0

Files

d7aa19b1081089252eb74fe72d84fff0
.exe windows:4 windows x86 arch:x86

72a877be81fe06c8b6cb0e9bbfa81642

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

shlwapi

StrStrIW
StrIsIntlEqualA
StrDupW
PathCombineW
SHCreateStreamOnFileW
PathSearchAndQualifyW
PathCompactPathExW
PathIsUNCW
PathRemoveBlanksW
PathFindSuffixArrayW
PathRemoveBlanksA
StrCmpNA
UrlEscapeA
StrRChrIW
SHRegCreateUSKeyW
UrlCombineW
SHRegEnumUSValueW
SHRegDuplicateHKey
PathFindSuffixArrayA
SHRegGetBoolUSValueW
PathIsUNCA
PathIsPrefixA
PathGetDriveNumberW
StrToIntExW
wvnsprintfW
PathAddExtensionA
PathIsRelativeA
StrCatW
SHDeleteEmptyKeyA
PathIsUNCServerA
SHGetValueW
PathRemoveFileSpecA
ColorAdjustLuma
PathIsRootW
PathIsDirectoryEmptyW
SHRegQueryUSValueA
SHRegEnumUSValueA
SHEnumKeyExW
StrNCatW
PathUnquoteSpacesA
UrlHashW
StrFromTimeIntervalA
PathStripPathW
PathIsURLW
SHDeleteValueW
PathGetArgsA
StrPBrkA
SHQueryValueExA
SHRegDeleteUSValueA
PathCommonPrefixW
SHQueryInfoKeyW
StrCmpNIA
PathRenameExtensionA
PathIsRootA
GetMenuPosFromID
PathCanonicalizeA
PathIsLFNFileSpecA
SHSkipJunction
PathIsPrefixW
PathSkipRootW
StrCmpIW
ChrCmpIA
SHQueryInfoKeyA
StrStrIA
PathIsUNCServerShareW
StrDupA
PathFindExtensionW
StrCSpnIW
StrCpyNW
StrFormatKBSizeA
SHGetInverseCMAP
PathMatchSpecA
StrFormatKBSizeW
PathIsFileSpecW
SHRegQueryUSValueW
UrlCombineA
SHCopyKeyW
UrlGetLocationA
UrlCanonicalizeA
PathFileExistsW
PathRemoveFileSpecW
PathIsURLA
PathIsNetworkPathW
PathSetDlgItemPathA
SHRegDeleteEmptyUSKeyA
PathRelativePathToW
PathCreateFromUrlA
StrCmpNIW
UrlGetLocationW
SHCreateStreamOnFileA
PathSetDlgItemPathW
UrlIsOpaqueA
PathIsRelativeW
SHRegEnumUSKeyA
StrCSpnIA
PathFindOnPathW
StrSpnW
PathAddExtensionW
PathCreateFromUrlW
PathIsUNCServerW
SHOpenRegStreamW
SHSetValueA
UrlUnescapeA
StrStrW
UrlCreateFromPathA
ColorRGBToHLS
SHDeleteKeyW
PathIsSystemFolderW
PathFindNextComponentA
StrRetToBufW
UrlCreateFromPathW
PathQuoteSpacesA
IntlStrEqWorkerA
SHRegGetUSValueW
AssocQueryKeyW
PathMakeSystemFolderW
SHRegGetBoolUSValueA
ColorHLSToRGB
PathFindFileNameW
wnsprintfW
UrlCanonicalizeW

ole32

StgIsStorageFile
CoGetTreatAsClass
OleConvertIStorageToOLESTREAMEx
DoDragDrop
CoUnmarshalHresult
CoGetInterfaceAndReleaseStream
OleRegGetMiscStatus
CoTaskMemFree
CoFileTimeToDosDateTime
CoSwitchCallContext
CreateFileMoniker
StgCreateDocfile
OleFlushClipboard
UtGetDvtd16Info
OleDoAutoConvert
CoCreateInstance
CoGetStandardMarshal
CoCreateFreeThreadedMarshaler
CoQueryProxyBlanket
CoRevertToSelf
ProgIDFromCLSID
CoLoadLibrary
OleCreateLinkFromData
GetDocumentBitStg
CoFileTimeNow
CoGetPSClsid
CreateBindCtx
OleDestroyMenuDescriptor
OleQueryLinkFromData
GetHGlobalFromILockBytes
CoInitializeSecurity
CoReleaseServerProcess
CoLockObjectExternal
CoGetObject
CoQueryAuthenticationServices
CoTreatAsClass
CoTaskMemRealloc
OleCreateEx
CoDosDateTimeToFileTime
OleSave
CoFreeAllLibraries
StringFromCLSID
CoRegisterSurrogate
CoGetClassObject
CreateAntiMoniker
WriteClassStg
StgGetIFillLockBytesOnFile
OleDuplicateData
StgCreateStorageEx
OleCreateFromFile
OleCreateStaticFromData
CoIsOle1Class
CoFreeLibrary
OleRegGetUserType
CoCopyProxy
OleLoadFromStream
OleGetIconOfClass
CreatePointerMoniker
WriteOleStg
ReadClassStm
CoCreateInstanceEx
OleGetClipboard
CoSetProxyBlanket
StgSetTimes
OpenOrCreateStream
OleCreateLinkToFileEx
OleCreateLink
WriteFmtUserTypeStg
OleRun
OleNoteObjectVisible
CreateObjrefMoniker
StringFromIID
GetHookInterface
ReadFmtUserTypeStg
ReleaseStgMedium
GetRunningObjectTable
UtConvertDvtd32toDvtd16
OleDraw
GetConvertStg
OleBuildVersion
GetHGlobalFromStream
CoRevokeClassObject
OleCreateFromData
CoQueryClientBlanket
CoUnmarshalInterface
SetConvertStg
IsEqualGUID
CoMarshalInterface
CreateGenericComposite
WriteStringStream
OleCreateFromFileEx
OleTranslateAccelerator
RegisterDragDrop
CoGetCurrentLogicalThreadId
CreateItemMoniker

advapi32

RegisterEventSourceW
DeleteService
ConvertAccessToSecurityDescriptorW
AdjustTokenPrivileges
CryptEnumProvidersW
CryptSetProviderExW
GetNumberOfEventLogRecords
RegDeleteKeyW
RegGetKeySecurity
RegOpenKeyW
CryptDecrypt
EnumDependentServicesW
CryptExportKey
GetAuditedPermissionsFromAclA
CreatePrivateObjectSecurity
AbortSystemShutdownW
NotifyChangeEventLog
RegEnumKeyW
BuildSecurityDescriptorA
CryptSetProvParam
GetCurrentHwProfileA
DeleteAce
CreateProcessAsUserW
AddAuditAccessAce
CryptSetProviderW
RegDeleteKeyA
ConvertSecurityDescriptorToAccessNamedW
RegOpenKeyExW
RevertToSelf
GetServiceKeyNameW
GetNamedSecurityInfoExA
GetSecurityInfo
QueryServiceObjectSecurity
GetSidIdentifierAuthority
AbortSystemShutdownA
CryptVerifySignatureA
GetUserNameA
BuildExplicitAccessWithNameA
EqualPrefixSid
ConvertSecurityDescriptorToAccessA
CopySid
StartServiceCtrlDispatcherW
RegNotifyChangeKeyValue
ControlService
BuildSecurityDescriptorW
GetFileSecurityA
CreateProcessAsUserA
ConvertAccessToSecurityDescriptorA
SetSecurityDescriptorOwner
GetAccessPermissionsForObjectA
CryptSignHashW
GetSidSubAuthority
BuildTrusteeWithSidA
LookupPrivilegeNameW
RegOpenKeyExA
NotifyBootConfigStatus
OpenServiceA
LookupAccountSidA
UnlockServiceDatabase
ObjectCloseAuditAlarmW
LookupAccountSidW
RegCreateKeyExA
CryptReleaseContext
RegUnLoadKeyA
ObjectDeleteAuditAlarmA
SetNamedSecurityInfoExA
RegQueryValueExW
CryptSetProviderA
ImpersonateSelf
AccessCheckAndAuditAlarmA
CryptGetHashParam
SetEntriesInAclW
IsTextUnicode
SetEntriesInAccessListA
QueryServiceConfigA
ObjectDeleteAuditAlarmW
SetEntriesInAccessListW
ImpersonateLoggedOnUser
SetNamedSecurityInfoW
CryptEnumProviderTypesW
GetSecurityDescriptorControl
LookupPrivilegeDisplayNameW
AllocateAndInitializeSid
AddAccessDeniedAce
SetFileSecurityA
EnumServicesStatusW
RegSetValueW
RegSaveKeyA
ReadEventLogA
RegConnectRegistryW
SetSecurityInfo
CryptCreateHash
RegQueryValueW
ReportEventW
GetMultipleTrusteeW
GetNamedSecurityInfoExW
RegReplaceKeyW
GetSecurityDescriptorGroup
CryptGetUserKey
GetMultipleTrusteeOperationW
GetSecurityDescriptorDacl
AccessCheckAndAuditAlarmW
RegEnumValueW
GetFileSecurityW
BackupEventLogA
BuildTrusteeWithSidW
GetTrusteeNameA
LookupPrivilegeNameA
StartServiceCtrlDispatcherA
GetCurrentHwProfileW
CryptDeriveKey
RegCreateKeyA
StartServiceA
CryptDestroyKey
CryptGetProvParam
RegisterServiceCtrlHandlerW

kernel32

WritePrivateProfileStringW
VirtualProtect
WriteConsoleInputA
lstrcpyA
CreateFiber
GetStartupInfoW
CreateThread
GlobalAlloc
IsBadCodePtr
RtlFillMemory
GetCompressedFileSizeA
IsBadReadPtr
EnumResourceNamesA
CreateNamedPipeW
GetCurrentDirectoryW
LocalUnlock
SetEvent
SetCurrentDirectoryA
SignalObjectAndWait
DisconnectNamedPipe
ExpandEnvironmentStringsA
GetLongPathNameA
GetFileTime
LoadLibraryA
lstrlenW
GetFullPathNameW
IsProcessorFeaturePresent
ReadConsoleOutputAttribute
WriteConsoleA
IsBadHugeWritePtr
LocalFlags
lstrcmpA
GetCalendarInfoA
TerminateThread
FileTimeToLocalFileTime
GetComputerNameW
OpenWaitableTimerW
FillConsoleOutputAttribute
RequestWakeupLatency
SetThreadIdealProcessor
CreatePipe
WriteFileEx
EnumSystemCodePagesW
VirtualAlloc
OpenWaitableTimerA
LocalHandle
OpenSemaphoreW
GetConsoleTitleA
GetPrivateProfileSectionNamesA
FindFirstFileExW
SetProcessWorkingSetSize
GetThreadPriorityBoost
WideCharToMultiByte
LocalCompact
LocalFileTimeToFileTime
GetVolumeInformationW
GetConsoleOutputCP
GetExitCodeThread
CompareStringA
VirtualFreeEx
UnhandledExceptionFilter
GlobalSize
SetDefaultCommConfigA
SetConsoleCP
LockResource
GetModuleFileNameA
SetFileTime
SetCurrentDirectoryW
FindFirstFileW
CloseHandle
EnumResourceLanguagesA
GlobalCompact
WritePrivateProfileStringA
CommConfigDialogW
CreateIoCompletionPort
VirtualFree
LoadLibraryExA
GetTapeParameters
SetThreadLocale
GetNumberFormatW
FoldStringA
ReadConsoleOutputCharacterW
LocalFree
SetFilePointer
GetAtomNameW
CreateMutexA
GetPrivateProfileIntW
Heap32Next
SetProcessShutdownParameters
GetThreadContext
FindResourceA
FlushConsoleInputBuffer
BuildCommDCBAndTimeoutsW
GetQueuedCompletionStatus
SetDefaultCommConfigW
GlobalFindAtomA
BeginUpdateResourceA
EndUpdateResourceW
GetFileSize
FindFirstChangeNotificationW
TlsAlloc
DeleteAtom
SetConsoleCursorInfo
FillConsoleOutputCharacterW
SetThreadAffinityMask
FlushInstructionCache
LCMapStringW
PurgeComm
SetConsoleTextAttribute
Toolhelp32ReadProcessMemory
UnlockFile
GetVersion
VirtualAllocEx
PostQueuedCompletionStatus
HeapUnlock
CreateConsoleScreenBuffer
GetEnvironmentStringsW
GetDiskFreeSpaceW
GetPrivateProfileStringW
BuildCommDCBAndTimeoutsA
EnumResourceNamesW
GlobalFindAtomW
WaitCommEvent
WriteConsoleOutputCharacterA
InitializeCriticalSectionAndSpinCount
MoveFileA
GetDriveTypeA
WriteConsoleOutputAttribute
GlobalReAlloc
GlobalAddAtomW
SetCommTimeouts
GetOEMCP

user32

GetMenuItemID
GetClipboardFormatNameW
CreateIconIndirect
GetMenuItemRect
EnumDesktopWindows
GetNextDlgGroupItem
GetWindowPlacement
MessageBoxIndirectW
OffsetRect
EnableWindow
ChangeMenuW
EmptyClipboard
GetCapture
SetMessageExtraInfo
MsgWaitForMultipleObjectsEx
OemToCharW
DdeFreeDataHandle
DialogBoxIndirectParamW
EnumDisplaySettingsW
SetMenuDefaultItem
DdeConnectList
IntersectRect
LoadMenuW
ImpersonateDdeClientWindow
SetWindowsHookExW
SendDlgItemMessageA
DdeDisconnectList
UnhookWindowsHookEx
SystemParametersInfoA
RemovePropW
GetKeyboardLayoutList
LoadAcceleratorsA
MessageBeep
RegisterHotKey
GetKeyboardState
EnumDisplayDevicesA
GetWindowTextA
DdeNameService
GetListBoxInfo
CreateAcceleratorTableW
VkKeyScanW
SetMenuItemBitmaps
GetThreadDesktop
CreateAcceleratorTableA
GetKBCodePage
CharUpperW
GetUserObjectInformationA
GetDlgCtrlID
DestroyAcceleratorTable
GetSysColorBrush
DdeGetLastError
SetUserObjectInformationA
GetCaretPos
BroadcastSystemMessageA
FrameRect
GetCursorInfo
UnloadKeyboardLayout
GetDlgItem
MapVirtualKeyA
IsDialogMessageW
EndTask
AppendMenuA
ValidateRect
GetShellWindow
CreateWindowExW
GetScrollPos
SetClipboardData
GetWindowRect
UnregisterClassW
MessageBoxIndirectA
GetClientRect
MonitorFromPoint
DlgDirListComboBoxA
GetDlgItemTextA
TranslateAcceleratorA
FindWindowW
ShowCaret
GetCursor
DdeQueryConvInfo
LookupIconIdFromDirectory
GetWindowTextW
SendDlgItemMessageW
GetNextDlgTabItem
CopyAcceleratorTableW
GetScrollRange
GetWindowContextHelpId
MapWindowPoints
LoadMenuIndirectA
BroadcastSystemMessageW
CloseWindow
SendNotifyMessageW
SystemParametersInfoW
SetPropA
DefWindowProcW
CheckRadioButton
DrawCaption
GetProcessDefaultLayout
WinHelpA
GetMenuState
DdeUninitialize
SwapMouseButton
DrawEdge
DrawMenuBar
GetWindowLongA
UnhookWindowsHook
IsChild
RegisterClipboardFormatW
GetMonitorInfoA
MonitorFromRect
EndPaint
DlgDirListW
DdeQueryStringW
EnableScrollBar
DdeSetQualityOfService
CharToOemA
FillRect
FindWindowA
RegisterClipboardFormatA
AppendMenuW
GetMenuContextHelpId
SwitchDesktop

Sections

.text
Size: 69KB - Virtual size: 68KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 16KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 48B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

72a877be81fe06c8b6cb0e9bbfa81642

Headers

DLL Characteristics

File Characteristics

Imports

shlwapi

ole32

advapi32

kernel32

user32

Sections

.text Size: 69KB - Virtual size: 68KB

.rdata Size: 16KB - Virtual size: 16KB

.data Size: 512B - Virtual size: 48B

.text
Size: 69KB - Virtual size: 68KB

.rdata
Size: 16KB - Virtual size: 16KB

.data
Size: 512B - Virtual size: 48B