a8a28e04c39327f79b3833aed28cbcdfb3f585fbfd27e11bbc5dd0c579248eb2

Sharing

Copy URL Twitter E-mail

General

Target

a8a28e04c39327f79b3833aed28cbcdfb3f585fbfd27e11bbc5dd0c579248eb2
Size

1.5MB
MD5

d7c0fdc96a7a4d81c3263f0ec620d42d
SHA1

000e0783d0d888747cc4b2ca0af00da9db27022f
SHA256

a8a28e04c39327f79b3833aed28cbcdfb3f585fbfd27e11bbc5dd0c579248eb2
SHA512

4223dbfd0e2c2373f4e75c2970425f8dd772d6fb1be99f65cc6802a04d5e0374567a20124aff38b88b04a56a7e8fee36da782330abbb04b34064c66e6f06789d
SSDEEP

49152:jgOQ3xPggPLd+OtBfT/LesgFHWc8qPQZbi9O:jgOI7zLxgF

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
a8a28e04c39327f79b3833aed28cbcdfb3f585fbfd27e11bbc5dd0c579248eb2

N/A. 1 IoCs

N/A.

dropper

resource	yara_rule
sample	dropper_html

Files

a8a28e04c39327f79b3833aed28cbcdfb3f585fbfd27e11bbc5dd0c579248eb2
.exe windows:4 windows x86 arch:x86

cab8034f5f14da2b7e37bc7e8fdf263f

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetLocaleInfoW
SetEnvironmentVariableA
IsValidCodePage
IsValidLocale
EnumSystemLocalesA
GetUserDefaultLCID
GetDriveTypeA
SetHandleCount
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsA
GetStdHandle
UnhandledExceptionFilter
IsBadWritePtr
VirtualFree
GetProfileIntA
SearchPathA
GetTempPathA
HeapCreate
HeapDestroy
SetUnhandledExceptionFilter
GetStringTypeW
GetStringTypeA
LCMapStringW
LCMapStringA
GetTimeZoneInformation
QueryPerformanceCounter
GetFileType
SetStdHandle
HeapSize
TerminateProcess
HeapReAlloc
GetCommandLineA
GetStartupInfoA
CreateThread
ExitThread
GetSystemTimeAsFileTime
VirtualQuery
GetSystemInfo
VirtualAlloc
HeapAlloc
HeapFree
GetDateFormatA
GetTimeFormatA
RtlUnwind
ExitProcess
FindResourceExA
SetErrorMode
LocalFileTimeToFileTime
GetCurrentDirectoryA
SystemTimeToFileTime
GetOEMCP
GetCPInfo
GlobalFlags
TlsFree
LocalReAlloc
TlsSetValue
TlsAlloc
TlsGetValue
GlobalHandle
GlobalReAlloc
InterlockedIncrement
FindNextFileA
VirtualProtect
InterlockedDecrement
LocalAlloc
GetShortPathNameA
GetVolumeInformationA
FindFirstFileA
FindClose
DuplicateHandle
GetFileSize
SetEndOfFile
UnlockFile
LockFile
FlushFileBuffers
SetFilePointer
ReadFile
MoveFileA
RaiseException
GetDiskFreeSpaceA
GetFullPathNameA
GetTempFileNameA
SetFileTime
GetFileAttributesA
CreateEventA
SuspendThread
SetEvent
ResumeThread
SetThreadPriority
GetCurrentThread
lstrcmpA
ConvertDefaultLocale
EnumResourceLanguagesA
FreeResource
GlobalGetAtomNameA
GlobalAddAtomA
GlobalFindAtomA
GlobalDeleteAtom
lstrcatA
lstrcmpW
SetLastError
GlobalFree
MulDiv
GlobalSize
GlobalAlloc
GlobalLock
GlobalUnlock
FormatMessageA
InterlockedExchange
Sleep
GetTickCount
GetPrivateProfileStringA
WritePrivateProfileStringA
GetPrivateProfileIntA
WriteFile
GetCurrentThreadId
GetCurrentProcessId
GetCurrentProcess
CreateFileA
GetFileTime
FileTimeToLocalFileTime
FileTimeToSystemTime
IsBadReadPtr
IsBadCodePtr
lstrcpynA
GetStringTypeExA
CompareStringW
CompareStringA
lstrlenA
lstrlenW
lstrcmpiA
GetVersion
MultiByteToWideChar
WaitForSingleObject
ReleaseMutex
CopyFileA
DeleteFileA
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSection
LocalFree
DeleteCriticalSection
GetModuleFileNameA
lstrcpyA
CreateDirectoryA
CreateMutexA
GetLastError
LoadLibraryA
GetProcAddress
GetModuleHandleA
FreeLibrary
OpenFileMappingA
CloseHandle
WideCharToMultiByte
FindResourceA
LoadResource
LockResource
SizeofResource
GetVersionExA
GetThreadLocale
GetLocaleInfoA
GetACP

user32

SetDlgItemTextA
CheckDlgButton
RegisterWindowMessageA
WinHelpA
GetCapture
CreateWindowExA
SetWindowsHookExA
SetParent
GetSystemMenu
LockWindowUpdate
SendMessageA
EnableWindow
IsIconic
IsDialogMessageA
SetWindowTextA
MoveWindow
UpdateWindow
GetDesktopWindow
GetWindow
GetLastActivePopup
SetForegroundWindow
CallNextHookEx
GetClassLongA
GetClassInfoExA
GetClassNameA
RemovePropA
SendDlgItemMessageA
SetFocus
GetWindowTextLengthA
GetWindowTextA
GetForegroundWindow
SetActiveWindow
DispatchMessageA
BeginDeferWindowPos
EndDeferWindowPos
GetDlgItem
GetTopWindow
DestroyWindow
IsWindowEnabled
LoadBitmapA
GetMenuCheckMarkDimensions
CheckMenuItem
EnableMenuItem
ModifyMenuA
SetMenuItemBitmaps
EndDialog
GetNextDlgTabItem
UnhookWindowsHookEx
GetMessageTime
GetMessagePos
PeekMessageA
MapWindowPoints
ScrollWindow
TrackPopupMenu
SetScrollRange
GetScrollRange
SetScrollPos
GetScrollPos
ShowScrollBar
GetMenu
PostMessageA
ScreenToClient
EqualRect
DeferWindowPos
GetScrollInfo
SetScrollInfo
GetClassInfoA
CreateDialogIndirectParamA
PostQuitMessage
ValidateRect
GetCursorPos
TranslateMessage
GetMessageA
SetCursor
ShowOwnedPopups
MapDialogRect
SetWindowContextHelpId
RegisterClipboardFormatA
WaitMessage
KillTimer
GetPropA
GetActiveWindow
SetWindowLongA
GetWindowLongA
LoadIconA
SetPropA
GetWindowRect
GetDC
ReleaseDC
CharUpperA
wsprintfA
MessageBoxA
PostThreadMessageA
GetClientRect
InvalidateRect
IsWindow
LoadCursorA
GetSysColorBrush
GetIconInfo
GetSysColor
DestroyIcon
ShowWindow
IsWindowVisible
OffsetRect
GetParent
GetKeyState
RemoveMenu
GetSubMenu
GetMenuItemCount
CreateMenu
TranslateMDISysAccel
DrawMenuBar
TranslateAcceleratorA
SetMenu
BringWindowToTop
SetRectEmpty
CreatePopupMenu
InsertMenuItemA
LoadAcceleratorsA
ReuseDDElParam
UnpackDDElParam
DestroyMenu
LoadMenuA
InflateRect
RedrawWindow
SetCursorPos
DestroyCursor
GetAsyncKeyState
FillRect
TabbedTextOutA
DrawTextA
DrawTextExA
GrayStringA
GetWindowDC
BeginPaint
EndPaint
GetMenuItemInfoA
DeleteMenu
CharNextA
IsRectEmpty
SetRect
CopyAcceleratorTableA
InvalidateRgn
GetNextDlgGroupItem
MessageBeep
UnionRect
FindWindowA
DrawIcon
SetWindowRgn
IsClipboardFormatAvailable
GetDCEx
DefMDIChildProcA
DefFrameProcA
SubtractRect
LoadKeyboardLayoutA
MapVirtualKeyExA
IsCharLowerA
CharUpperBuffA
CopyIcon
EnableScrollBar
FrameRect
DrawIconEx
SetMenuDefaultItem
GetMenuDefaultItem
SetClassLongA
GetUpdateRect
OpenClipboard
EmptyClipboard
CloseClipboard
SetClipboardData
SetTimer
ClientToScreen
SetCapture
WindowFromPoint
ReleaseCapture
GetWindowThreadProcessId
RegisterClassA
UnregisterClassA
DefWindowProcA
CallWindowProcA
SetWindowPos
IntersectRect
SystemParametersInfoA
GetWindowPlacement
GetSystemMetrics
PtInRect
GetDlgCtrlID
GetFocus
IsChild
AdjustWindowRectEx
MapVirtualKeyA
GetKeyNameTextA
CopyRect
GetMenuState
LoadImageA
EnumChildWindows
CreateAcceleratorTableA
DrawFocusRect
DrawEdge
DrawStateA
GetKeyboardState
GetKeyboardLayout
ToAsciiEx
DrawFrameControl
IsMenu
IsZoomed
CopyImage
DestroyAcceleratorTable
InsertMenuA
GetMenuItemID
AppendMenuA
GetMenuStringA

gdi32

DeleteDC
CreatePatternBrush
SelectPalette
CreatePen
CreateSolidBrush
SetRectRgn
CombineRgn
GetMapMode
DPtoLP
GetTextExtentPoint32A
GetTextMetricsA
GetBkColor
GetTextColor
GetRgnBox
CreateEllipticRgn
SaveDC
Ellipse
EnumFontFamiliesExA
BitBlt
ExtSelectClipRgn
CreateCompatibleBitmap
CreateBitmap
SetBkColor
SetTextColor
GetClipBox
PatBlt
CreateRectRgnIndirect
CreateFontIndirectA
GetObjectA
GetStockObject
GetPixel
DeleteObject
GetDeviceCaps
CopyMetaFileA
GetWindowExtEx
GetViewportExtEx
CreateRectRgn
SelectClipRgn
SetTextAlign
MoveToEx
LineTo
IntersectClipRect
ExcludeClipRect
SetMapMode
SetROP2
SetPolyFillMode
ScaleWindowExtEx
SetWindowExtEx
OffsetWindowOrgEx
SetWindowOrgEx
ScaleViewportExtEx
SetViewportExtEx
OffsetViewportOrgEx
SetViewportOrgEx
Escape
ExtTextOutA
TextOutA
RectVisible
PtVisible
CreateCompatibleDC
EnumFontFamiliesA
GetTextCharsetInfo
CreateDIBitmap
CreatePolygonRgn
Polyline
Polygon
SetPixel
GetDIBits
RealizePalette
CreateDIBSection
StretchBlt
OffsetRgn
Rectangle
RoundRect
GetPaletteEntries
CreatePalette
SetPaletteEntries
ExtFloodFill
SetBkMode
SelectObject
RestoreDC
LPtoDP
GetTextFaceA
GetWindowOrgEx
GetViewportOrgEx
SetPixelV
FrameRgn
PtInRegion
GetNearestPaletteIndex
GetSystemPaletteEntries

comdlg32

GetOpenFileNameA
ChooseColorA
GetSaveFileNameA
GetFileTitleA

winspool.drv

ClosePrinter
DocumentPropertiesA
OpenPrinterA

advapi32

RegEnumKeyExA
RegCreateKeyA
GetFileSecurityA
SetFileSecurityA
RegQueryValueA
RegEnumKeyA
RegDeleteKeyA
RegOpenKeyA
RegSetValueA
RegCreateKeyExA
RegSetValueExA
RegFlushKey
RegQueryValueExA
RegDeleteValueA
RegOpenKeyExA
RegQueryInfoKeyA
RegCloseKey
RegEnumValueA

shell32

SHGetSpecialFolderPathA
SHGetPathFromIDListA
SHBrowseForFolderA
SHGetFileInfoA
DragFinish
DragQueryFileA
ExtractIconA
Shell_NotifyIconA
ShellExecuteA

comctl32

ImageList_GetIconSize
ImageList_DrawEx
CreatePropertySheetPageA
DestroyPropertySheetPage
PropertySheetA
ImageList_LoadImageA
ImageList_Create
ImageList_Destroy
ImageList_GetIcon
ImageList_Remove
ImageList_GetImageInfo
ImageList_Draw
ImageList_ReplaceIcon
ImageList_GetImageCount
ord17
ImageList_AddMasked

shlwapi

StrDupA
PathCompactPathA
PathCombineA
PathFileExistsA
PathAppendA
PathFindFileNameA
PathStripToRootA
PathIsUNCA
UrlUnescapeA
PathFindExtensionA

oledlg

ord8

ole32

OleInitialize
CoFreeUnusedLibraries
OleUninitialize
CLSIDFromString
CLSIDFromProgID
OleDuplicateData
ReleaseStgMedium
CoTaskMemAlloc
CoTaskMemFree
CoRegisterMessageFilter
CoGetClassObject
CreateStreamOnHGlobal
StgOpenStorageOnILockBytes
StgCreateDocfileOnILockBytes
CreateILockBytesOnHGlobal
CoRevokeClassObject
OleIsCurrentClipboard
OleFlushClipboard
CoUninitialize
CoInitialize
OleLockRunning
DoDragDrop
OleGetClipboard
OleTranslateAccelerator
IsAccelerator
OleCreateMenuDescriptor
OleDestroyMenuDescriptor
RegisterDragDrop
CoLockObjectExternal
RevokeDragDrop

oleaut32

VarUdateFromDate
OleCreateFontIndirect
VarBstrFromDate
SysAllocString
SystemTimeToVariantTime
VariantTimeToSystemTime
SafeArrayDestroy
VariantCopy
SysAllocStringByteLen
SysStringLen
SysFreeString
SysAllocStringLen
VariantInit
VariantChangeType
VariantClear

ws2_32

WSAStartup
WSACleanup

ttoolkit

ord10
ord3
ord14
g_error1
ord4

clientcc

ord3
ord4
ord16
ord8
ord9
TEB_Open
TEB_GetPageCount
TEB_HasAppInfo
ord10
TEB_HasCatalog
ord11
ord12
ord13
ord5
ord15
TEB_Close
ord14
ord2

sysinfo

ord1

wininet

HttpAddRequestHeadersA
HttpQueryInfoA
InternetCloseHandle
InternetGetLastResponseInfoA
InternetOpenA
InternetSetStatusCallback
InternetSetFilePointer
InternetWriteFile
InternetReadFile
HttpSendRequestA
InternetConnectA
HttpOpenRequestA
InternetCrackUrlA
InternetCanonicalizeUrlA
InternetQueryDataAvailable

winmm

PlaySoundA

Sections

.text
Size: 1.2MB - Virtual size: 1.2MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 212KB - Virtual size: 208KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 16KB - Virtual size: 35KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 64KB - Virtual size: 63KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

cab8034f5f14da2b7e37bc7e8fdf263f

Headers

File Characteristics

Imports

kernel32

user32

gdi32

comdlg32

winspool.drv

advapi32

shell32

comctl32

shlwapi

oledlg

ole32

oleaut32

ws2_32

ttoolkit

clientcc

sysinfo

wininet

winmm

Sections

.text Size: 1.2MB - Virtual size: 1.2MB

.rdata Size: 212KB - Virtual size: 208KB

.data Size: 16KB - Virtual size: 35KB

.rsrc Size: 64KB - Virtual size: 63KB

.text
Size: 1.2MB - Virtual size: 1.2MB

.rdata
Size: 212KB - Virtual size: 208KB

.data
Size: 16KB - Virtual size: 35KB

.rsrc
Size: 64KB - Virtual size: 63KB