af33c40dde9e3c80d06d48b06948830c4486a9af368cd2c4461b95aba628869d

Sharing

Copy URL Twitter E-mail

General

Target

af33c40dde9e3c80d06d48b06948830c4486a9af368cd2c4461b95aba628869d
Size

93KB
MD5

6235125b15c1212c17b0a2a5d3b78d4b
SHA1

4e2fc7d62d2d6c6a28ee554d01536936b33c6182
SHA256

af33c40dde9e3c80d06d48b06948830c4486a9af368cd2c4461b95aba628869d
SHA512

bba354339145781596275c80224030bb5521654eb155554ab58881898b69995eb7f77b7302a68b6c735cc856ef3a1f1f5279ba46abc480df5d1330591e3bd9ad
SSDEEP

1536:jQyHbpT5Tg0/DiZOdAvwl/G+B2glBeV1VfVvAe:j3Hbhq0/Dewl/BQgC/f5z

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
af33c40dde9e3c80d06d48b06948830c4486a9af368cd2c4461b95aba628869d

Files

af33c40dde9e3c80d06d48b06948830c4486a9af368cd2c4461b95aba628869d
.exe windows:6 windows x86 arch:x86

12d7c5abd681cf91407485c9f01124dc

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

msoobe.pdb

Imports

advapi32

RegCloseKey
RegCreateKeyExW
RegisterTraceGuidsW
UnregisterTraceGuids
GetTraceLoggerHandle
GetTraceEnableLevel
GetTraceEnableFlags
TraceEvent
GetSidSubAuthorityCount
GetSidLengthRequired
CopySid
GetSidSubAuthority
ConvertSidToStringSidW
QueryServiceStatusEx
OpenSCManagerW
QueryServiceConfigW
EventWrite
RegEnumKeyW
RegDeleteKeyW
OpenServiceW
StartServiceW
CloseServiceHandle
TraceMessage

kernel32

RegEnumValueW
LocalAlloc
GetFileSize
ReadFile
HeapSetInformation
HeapAlloc
GetProcessHeap
HeapFree
CloseHandle
FreeLibrary
GetProcAddress
LoadLibraryW
GetLastError
CreateMutexW
InterlockedCompareExchange
WritePrivateProfileStringW
InterlockedExchange
Sleep
GetStartupInfoA
SetUnhandledExceptionFilter
GetModuleHandleA
QueryPerformanceCounter
GetTickCount
GetCurrentThreadId
GetCurrentProcessId
GetSystemTimeAsFileTime
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
RegOpenKeyExW
RegQueryValueExW
InitializeCriticalSection
DeleteCriticalSection
EnterCriticalSection
LeaveCriticalSection
GetModuleFileNameW
SetLastError
GetFullPathNameW
CreateDirectoryW
ExpandEnvironmentStringsW
LocalFree
lstrlenW
SetEvent
OpenEventW
WaitForSingleObject
GetModuleHandleW
CreateFileW
GetFileAttributesW
FindClose
FindFirstFileW
FlushFileBuffers
FindNextFileW
RegSetValueExW
RegDeleteValueW
RegQueryInfoKeyW
NotifyUILanguageChange
CreateEventW
CompareStringW
GetVersionExW
GetExitCodeProcess
CreateProcessW
GetStartupInfoW

msvcrt

__getmainargs
_cexit
_exit
__dllonexit
_XcptFilter
_ismbblead
exit
_acmdln
_onexit
_lock
_initterm
_amsg_exit
__setusermatherr
_unlock
__set_app_type
memcpy
_vsnprintf
wcsrchr
memset
wcschr
_wcsnicmp
_vsnwprintf
_wcsicmp
_vscwprintf
swprintf_s
__p__fmode
_except_handler4_common
__p__commode
_controlfp
?terminate@@YAXXZ

shlwapi

ord16
ord437
SHRegGetValueW

ntdll

WinSqmStartSession
RtlFreeHeap
WinSqmSetDWORD
RtlpVerifyAndCommitUILanguageSettings
NtClose
NtSetValueKey
NtCreateKey
RtlInitUnicodeString
RtlAllocateHeap
WinSqmEndSession

userenv

ord206
DeleteProfileW

netapi32

NetApiBufferFree
NetUserModalsGet

Sections

.text
Size: 59KB - Virtual size: 58KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 30KB - Virtual size: 31KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

idzqucq
Size: - Virtual size: 4KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

12d7c5abd681cf91407485c9f01124dc

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

advapi32

kernel32

msvcrt

shlwapi

ntdll

userenv

netapi32

Sections

.text Size: 59KB - Virtual size: 58KB

.data Size: 512B - Virtual size: 1KB

.rsrc Size: 2KB - Virtual size: 1KB

.reloc Size: 30KB - Virtual size: 31KB

idzqucq Size: - Virtual size: 4KB

.text
Size: 59KB - Virtual size: 58KB

.data
Size: 512B - Virtual size: 1KB

.rsrc
Size: 2KB - Virtual size: 1KB

.reloc
Size: 30KB - Virtual size: 31KB

idzqucq
Size: - Virtual size: 4KB