d7bcd839182768b987be0d9f795f2af4a2ad48ff2041045766c05af112085518

Sharing

Copy URL Twitter E-mail

General

Target

d7bcd839182768b987be0d9f795f2af4a2ad48ff2041045766c05af112085518
Size

370KB
MD5

2fbd22796fbaacae14d0f9504ac443b7
SHA1

d08f98a83ac92f8e33e4cefc7017b520c57f5d80
SHA256

d7bcd839182768b987be0d9f795f2af4a2ad48ff2041045766c05af112085518
SHA512

a81ed7d0f8f5963cba608facda3bec2ff30fd3b42abd127c8454f1cc9d704dcb21d8d040f9b4f3905581f8628a03411abdbc5837ec807a559c61fde6d09a2d17
SSDEEP

6144:mr/W35vSV6Bui97AdB+xgf7Oy7tJlL3aVXGT2p3wZWvv:XJv6i976HfN7rl2VXPp3Ei

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
d7bcd839182768b987be0d9f795f2af4a2ad48ff2041045766c05af112085518

Files

d7bcd839182768b987be0d9f795f2af4a2ad48ff2041045766c05af112085518
.exe windows:4 windows x86 arch:x86

d5a771212f81228efbbced6562ccb43e

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

advapi32

RegSetValueExW
RegQueryValueExA
GetTraceEnableFlags
RegisterTraceGuidsW
RegCreateKeyExW
RegOpenKeyExW
UnregisterTraceGuids
RegQueryInfoKeyW
ControlTraceW
TraceMessage
RegCloseKey
RegEnumKeyExW
RegDeleteValueW
RegDeleteKeyW
GetTraceLoggerHandle
RegQueryValueExW
GetTraceEnableLevel

kernel32

GetSystemTime
CloseHandle
FindResourceW
UnhandledExceptionFilter
LeaveCriticalSection
LoadLibraryExW
HeapReAlloc
GetCurrentThreadId
FindResourceExW
CreateFileW
HeapSize
GetSystemTimeAsFileTime
IsDebuggerPresent
RaiseException
SetUnhandledExceptionFilter
LoadResource
lstrlenW
GetProcessHeap
HeapFree
DeviceIoControl
LockResource
DeleteCriticalSection
SizeofResource
EnterCriticalSection
LocalAlloc
GetACP
FreeLibrary
SetLastError
WideCharToMultiByte
HeapAlloc
HeapDestroy
lstrcmpiW
DisableThreadLibraryCalls
lstrlenA
GetModuleHandleW
VirtualAllocEx
IsBadWritePtr

iphlpapi

GetAdaptersAddresses
GetIpForwardTable
GetIpAddrTable
GetAdaptersInfo

shlwapi

PathAddBackslashW
SHDeleteKeyW

ole32

IIDFromString
CoTaskMemAlloc
CoTaskMemRealloc
CLSIDFromString
CoTaskMemFree
CoCreateInstance

oleaut32

VarUI4FromStr

user32

CharNextW

userenv

GetAllUsersProfileDirectoryA
RsopResetPolicySettingStatus
DllCanUnloadNow
DllUnregisterServer
GetGPOListA

dsound

DirectSoundCreate8

Sections

.text
Size: 222KB - Virtual size: 221KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.KbNK
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rdata
Size: 2KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.mMPya
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 8KB - Virtual size: 201KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.ZBwRRYc
Size: 1024B - Virtual size: 654B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.CeFeRYc
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.htext
Size: 124KB - Virtual size: 124KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

d5a771212f81228efbbced6562ccb43e

Headers

DLL Characteristics

File Characteristics

Imports

advapi32

kernel32

iphlpapi

shlwapi

ole32

oleaut32

user32

userenv

dsound

Sections

.text Size: 222KB - Virtual size: 221KB

.KbNK Size: 3KB - Virtual size: 3KB

.rdata Size: 2KB - Virtual size: 14KB

.mMPya Size: 2KB - Virtual size: 1KB

.data Size: 8KB - Virtual size: 201KB

.rsrc Size: 2KB - Virtual size: 1KB

.ZBwRRYc Size: 1024B - Virtual size: 654B

.CeFeRYc Size: 4KB - Virtual size: 4KB

.htext Size: 124KB - Virtual size: 124KB

.text
Size: 222KB - Virtual size: 221KB

.KbNK
Size: 3KB - Virtual size: 3KB

.rdata
Size: 2KB - Virtual size: 14KB

.mMPya
Size: 2KB - Virtual size: 1KB

.data
Size: 8KB - Virtual size: 201KB

.rsrc
Size: 2KB - Virtual size: 1KB

.ZBwRRYc
Size: 1024B - Virtual size: 654B

.CeFeRYc
Size: 4KB - Virtual size: 4KB

.htext
Size: 124KB - Virtual size: 124KB