08d2cc1382f0a92dcab69a763c32ca81d24b878b8223abcd4d4e4b657d8eb3a9

Sharing

Copy URL Twitter E-mail

General

Target

08d2cc1382f0a92dcab69a763c32ca81d24b878b8223abcd4d4e4b657d8eb3a9
Size

288KB
MD5

71fb17765a1a92190fb064f26167824c
SHA1

9d4c9279826fad7c26efea15c54107e07c6ced05
SHA256

08d2cc1382f0a92dcab69a763c32ca81d24b878b8223abcd4d4e4b657d8eb3a9
SHA512

7cabe4b6df94c653611a24de52714d504dd6b365bf3c84325020d9b4747d7a5c419e1e8994342544245bf3fd0d5a98cf98b3cd015c692dfa80f0b9709d8345b3
SSDEEP

3072:vct/5ZfZ1DqRfnA5jA2YUpmgjh9vFtMtKBqIHT6ZzvtnBrT:vcdDmnA5lY0jhLKIHT

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
08d2cc1382f0a92dcab69a763c32ca81d24b878b8223abcd4d4e4b657d8eb3a9

Files

08d2cc1382f0a92dcab69a763c32ca81d24b878b8223abcd4d4e4b657d8eb3a9
.exe windows:5 windows x86 arch:x86

618ff39ed433204da61de1201b6d4b9a

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

PDB Paths

wisptis.pdb

Imports

msvcrt

__setusermatherr
_adjust_fdiv
__p__commode
__p__fmode
__set_app_type
_except_handler3
?terminate@@YAXXZ
__dllonexit
_onexit
??1type_info@@UAE@XZ
_controlfp
_initterm
__wgetmainargs
_wcmdln
exit
_cexit
_XcptFilter
_exit
_c_exit
??2@YAPAXI@Z
__CxxFrameHandler
_CxxThrowException
_vsnwprintf
swscanf
wcscmp
fclose
wcscpy
wcsstr
wcstol
malloc
free
_wcsicmp
_ftol
_beginthreadex
_CIpow
_purecall
_itow
wcslen
_wfopen
fputws
??3@YAXPAX@Z

atl

ord18
ord20
ord17
ord23
ord57
ord16
ord45
ord44
ord43
ord58
ord32
ord30

advapi32

OpenProcessToken
RegSetValueW
OpenThreadToken
RegDeleteKeyW
RegCreateKeyW
GetTokenInformation
SetSecurityDescriptorGroup
SetSecurityDescriptorOwner
IsValidSid
GetLengthSid
CopySid
InitializeSecurityDescriptor
RegOpenKeyW
RegQueryValueExA
RegCreateKeyExW
RegSetValueExW
RegOpenKeyExA
RegOpenKeyExW
RegEnumKeyW
RegCloseKey
RegQueryValueExW

kernel32

LoadLibraryW
GetCurrentProcessId
GetSystemTimeAsFileTime
TerminateProcess
CreateFileW
LoadLibraryA
VirtualFree
VirtualAlloc
GetSystemDirectoryW
VerSetConditionMask
CompareStringW
GetCommandLineW
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetModuleHandleA
GetStartupInfoW
GlobalDeleteAtom
HeapFree
GetProcessHeap
InitializeCriticalSection
DeleteCriticalSection
lstrcpyW
EnterCriticalSection
LeaveCriticalSection
GetTickCount
ReleaseMutex
SetThreadExecutionState
SetEvent
WaitForSingleObject
UnmapViewOfFile
QueueUserAPC
MapViewOfFile
CreateFileMappingW
CreateMutexW
CreateEventW
DuplicateHandle
GetCurrentProcess
OpenProcess
InterlockedIncrement
InterlockedDecrement
GetLastError
ReadFile
WaitForMultipleObjects
QueryPerformanceCounter
lstrlenW
CancelWaitableTimer
SetWaitableTimer
CloseHandle
CancelIo
ResetEvent
GetOverlappedResult
GetCurrentThreadId
SetThreadPriority
GetCurrentThread
QueryPerformanceFrequency
CreateWaitableTimerW
FlushInstructionCache
InterlockedExchange
InterlockedCompareExchange
SetLastError
FreeLibrary
GetProcAddress
InitializeCriticalSectionAndSpinCount
WaitForMultipleObjectsEx
OpenEventW
SetProcessShutdownParameters
SetPriorityClass
GlobalAddAtomW
VerifyVersionInfoW
MulDiv
HeapAlloc

gdi32

CreateCompatibleBitmap
SelectObject
DeleteDC
CreateCompatibleDC
GetDeviceCaps
CreateSolidBrush
DeleteObject

user32

MonitorFromPoint
CallWindowProcW
DefWindowProcW
GetThreadDesktop
SetThreadDesktop
OpenInputDesktop
OpenDesktopW
GetUserObjectInformationW
CloseDesktop
CharNextW
GetPropW
PtInRect
ClientToScreen
GetClientRect
GetAncestor
GetWindowLongW
IsWindow
SetCursorPos
PostMessageW
SendInput
GetSystemMetrics
EnumDisplaySettingsW
ShowWindow
MoveWindow
ReleaseDC
GetDC
GetDesktopWindow
UpdateLayeredWindow
DrawIconEx
FillRect
GetSysColor
GetSysColorBrush
UnregisterDeviceNotification
RegisterDeviceNotificationW
DestroyWindow
SetWindowLongW
CreateWindowExW
RegisterWindowMessageW
UnhookWindowsHookEx
CallNextHookEx
SetWindowsHookExW
DispatchMessageW
GetMessageW
GetMonitorInfoW
MonitorFromWindow
LoadStringW
PostThreadMessageW
DestroyIcon
LoadImageW
SystemParametersInfoW
GetDoubleClickTime
WindowFromPoint
InflateRect
EnumDisplayMonitors

msvcp60

??0_Lockit@std@@QAE@XZ
??1_Lockit@std@@QAE@XZ

hid

HidP_GetCaps
HidD_GetAttributes
HidD_GetPreparsedData
HidP_MaxUsageListLength
HidP_GetSpecificValueCaps
HidP_GetSpecificButtonCaps
HidD_FreePreparsedData
HidP_GetUsageValue
HidD_GetProductString
HidD_GetHidGuid
HidP_GetUsages

ole32

CoInitializeSecurity
CoTaskMemFree
CoInitializeEx
CoUninitialize
CoTaskMemAlloc
CoCreateInstance

oleaut32

SysFreeString
SysStringLen
SysAllocString
LoadRegTypeLi

setupapi

SetupDiOpenDevRegKey
SetupDiGetDeviceInterfaceDetailW
SetupDiEnumDeviceInfo
SetupDiEnumDeviceInterfaces
SetupDiGetClassDevsExW
SetupDiDestroyDeviceInfoList

Sections

.text
Size: 149KB - Virtual size: 149KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 26KB - Virtual size: 26KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 111KB - Virtual size: 112KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

618ff39ed433204da61de1201b6d4b9a

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

msvcrt

atl

advapi32

kernel32

gdi32

user32

msvcp60

hid

ole32

oleaut32

setupapi

Sections

.text Size: 149KB - Virtual size: 149KB

.data Size: 26KB - Virtual size: 26KB

.rsrc Size: 111KB - Virtual size: 112KB

.text
Size: 149KB - Virtual size: 149KB

.data
Size: 26KB - Virtual size: 26KB

.rsrc
Size: 111KB - Virtual size: 112KB