46731623abdd5dcd35492668a787ce68edb04fbf42a39e29032e507741ac4ab4

Sharing

Copy URL Twitter E-mail

General

Target

46731623abdd5dcd35492668a787ce68edb04fbf42a39e29032e507741ac4ab4
Size

536KB
MD5

e767f624ac69f9df2f32d0a4b1da2265
SHA1

cae091927cf8d84a461a785c4a21cffeafba694d
SHA256

46731623abdd5dcd35492668a787ce68edb04fbf42a39e29032e507741ac4ab4
SHA512

7ac22f07c18e1a126d9252d8b33b28c9b660b9ee7240977e828845215318073a48d4f6acf0c9cd4626bb7e3599435a07fcad2bbf2c3260de4905d45253dbb89c
SSDEEP

12288:9gwhdrrB0POdwwetK3DwAUKnq83qeh0rGeoDduBkVkb6lt:97hdfB0BwetK3DwAX9h0rGb4kVkSt

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
46731623abdd5dcd35492668a787ce68edb04fbf42a39e29032e507741ac4ab4

Files

46731623abdd5dcd35492668a787ce68edb04fbf42a39e29032e507741ac4ab4
.exe windows:6 windows x86 arch:x86

f188d086fdba36c7f1315f95ecaf8041

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

rpcrt4

NdrCStdStubBuffer2_Release
NdrStubForwardingFunction
IUnknown_Release_Proxy
NdrOleFree
NdrStubCall2
IUnknown_AddRef_Proxy
IUnknown_QueryInterface_Proxy
NdrOleAllocate

kernel32

CreateThread
GetCurrentThread
GetCurrentThreadId
GetVersionExW
LocalAlloc
LocalFree
GetLocalTime
CreateDirectoryW
DeleteFileW
FindClose
FindFirstFileW
FindNextFileW
GetFileAttributesW
GetShortPathNameW
RemoveDirectoryW
CopyFileW
MoveFileExW
CreateProcessW
ProcessIdToSessionId
OpenProcess
FindResourceExW
LockResource
CreateToolhelp32Snapshot
Process32FirstW
Process32NextW
CreateTimerQueue
CreateTimerQueueTimer
DeleteTimerQueueTimer
DeleteTimerQueueEx
OpenMutexW
GetCurrentProcessId
GetTickCount
GetWindowsDirectoryW
WritePrivateProfileStringW
CreateFileW
ReadFile
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineA
GetOEMCP
IsValidCodePage
FindFirstFileExW
EnumSystemLocalesW
GetUserDefaultLCID
GetCurrentProcess
GetLocaleInfoW
LCMapStringW
CompareStringW
GetTimeFormatW
GetDateFormatW
GetTimeZoneInformation
ReadConsoleW
SetFilePointerEx
GetConsoleMode
GetConsoleCP
FlushFileBuffers
GetFileType
GetACP
WriteFile
GetStdHandle
ExitProcess
GetModuleHandleExW
GetCPInfo
Sleep
CreateEventW
CreateMutexW
WaitForSingleObject
SetEvent
CloseHandle
OutputDebugStringW
GetTempPathW
GetCommandLineW
MultiByteToWideChar
FindResourceW
lstrcmpiW
SizeofResource
LoadResource
LoadLibraryExW
GetProcAddress
GetModuleHandleW
GetModuleFileNameW
FreeLibrary
DeleteCriticalSection
InitializeCriticalSectionEx
LeaveCriticalSection
EnterCriticalSection
GetSystemTimeAsFileTime
GetProcessHeap
HeapSize
HeapFree
HeapReAlloc
HeapAlloc
HeapDestroy
GetLastError
RaiseException
DecodePointer
SetEnvironmentVariableA
SetStdHandle
WriteConsoleW
SetEndOfFile
GetLocaleInfoEx
GetStringTypeW
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
SetLastError
RtlUnwind
InitializeSListHead
GetStartupInfoW
IsProcessorFeaturePresent
TerminateProcess
CompareStringEx
IsValidLocale
SetUnhandledExceptionFilter
UnhandledExceptionFilter
ResetEvent
InitializeCriticalSectionAndSpinCount
IsDebuggerPresent
WideCharToMultiByte
WaitForSingleObjectEx
InitOnceBeginInitialize
InitOnceComplete
QueryPerformanceCounter
EncodePointer
LCMapStringEx

user32

PostThreadMessageW
CharUpperW
MessageBoxW
DispatchMessageW
LoadStringW
GetMessageW
CharNextW
TranslateMessage

shell32

SHGetSpecialFolderPathW
SHCreateDirectoryExW
ShellExecuteW
SHGetPathFromIDListW
SHGetSpecialFolderLocation
ord680

ole32

CoUninitialize
CoInitializeEx
CoRegisterClassObject
CoRevokeClassObject
CoResumeClassObjects
CoTaskMemFree
CoReleaseServerProcess
CoInitializeSecurity
CoCreateInstance
StringFromGUID2
CoCreateGuid
CoAddRefServerProcess
CoTaskMemAlloc
CoTaskMemRealloc

oleaut32

BSTR_UserFree
BSTR_UserUnmarshal
BSTR_UserMarshal
BSTR_UserSize
UnRegisterTypeLi
RegisterTypeLi
LoadRegTypeLi
LoadTypeLi
VarUI4FromStr
SysStringLen
SysFreeString
VariantClear
SysAllocString

advapi32

RegisterEventSourceW
RegCreateKeyExW
RegDeleteKeyW
SetTokenInformation
RevertToSelf
ImpersonateLoggedOnUser
DuplicateTokenEx
CreateProcessAsUserW
ConvertStringSecurityDescriptorToSecurityDescriptorW
ConvertStringSidToSidW
StartServiceCtrlDispatcherW
SetServiceStatus
RegisterServiceCtrlHandlerW
OpenServiceW
OpenSCManagerW
DeleteService
CreateServiceW
ControlService
CloseServiceHandle
RegQueryValueExW
ReportEventW
DeregisterEventSource
SetSecurityDescriptorSacl
SetSecurityDescriptorOwner
SetSecurityDescriptorGroup
SetSecurityDescriptorDacl
IsValidSid
InitializeSecurityDescriptor
InitializeAcl
GetTokenInformation
GetSecurityDescriptorSacl
GetLengthSid
CopySid
AddAccessAllowedAce
OpenThreadToken
OpenProcessToken
RegSetValueExW
RegQueryInfoKeyW
RegOpenKeyExW
RegEnumKeyExW
RegDeleteValueW
RegCloseKey

shlwapi

PathAppendW
PathFindFileNameW
PathFileExistsW

version

GetFileVersionInfoSizeW
VerQueryValueW
GetFileVersionInfoW

wtsapi32

WTSQueryUserToken

userenv

CreateEnvironmentBlock

crypt32

CertGetNameStringW

wintrust

WTHelperGetProvSignerFromChain
WTHelperGetProvCertFromChain
WTHelperProvDataFromStateData
WinVerifyTrust

Sections

.text
Size: 335KB - Virtual size: 335KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.orpc
Size: 512B - Virtual size: 69B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 88KB - Virtual size: 87KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 9KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 85KB - Virtual size: 88KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

f188d086fdba36c7f1315f95ecaf8041

Headers

DLL Characteristics

File Characteristics

Imports

rpcrt4

kernel32

user32

shell32

ole32

oleaut32

advapi32

shlwapi

version

wtsapi32

userenv

crypt32

wintrust

Sections

.text Size: 335KB - Virtual size: 335KB

.orpc Size: 512B - Virtual size: 69B

.rdata Size: 88KB - Virtual size: 87KB

.data Size: 9KB - Virtual size: 14KB

.rsrc Size: 4KB - Virtual size: 3KB

.reloc Size: 85KB - Virtual size: 88KB

.text
Size: 335KB - Virtual size: 335KB

.orpc
Size: 512B - Virtual size: 69B

.rdata
Size: 88KB - Virtual size: 87KB

.data
Size: 9KB - Virtual size: 14KB

.rsrc
Size: 4KB - Virtual size: 3KB

.reloc
Size: 85KB - Virtual size: 88KB