317d32ccf799121bc6034a4e399e3469f6326880f8de3dcad1bcc98c68e7f0f1

Sharing

Copy URL Twitter E-mail

General

Target

317d32ccf799121bc6034a4e399e3469f6326880f8de3dcad1bcc98c68e7f0f1
Size

1.8MB
MD5

5fafd308e5aa5fb642268f31cba6a524
SHA1

72b4fff337dd6be4bf96e5e85e6942580354c3d0
SHA256

317d32ccf799121bc6034a4e399e3469f6326880f8de3dcad1bcc98c68e7f0f1
SHA512

d54edadb5223e006ddc456b6797e3457824a46d0dd5f0c2a53183ef8a84a8f64bf73b8a55240af7bdf80cea7914948e512a21986bfa69eea407ab8005c7760e1
SSDEEP

24576:/yy2Pp+WTBmvUmwZml11tmlNQ2OnBdFQtP51llPup33kT:/yy2oWTqUFZe11tmlNQ2ayVup3

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
317d32ccf799121bc6034a4e399e3469f6326880f8de3dcad1bcc98c68e7f0f1

Files

317d32ccf799121bc6034a4e399e3469f6326880f8de3dcad1bcc98c68e7f0f1
.exe windows:5 windows x86 arch:x86

0ba45f8e3256fff048470d02ee09aabb

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

C:\ninite\Output\pdbs\Release\FetchApps.pdb

Imports

kernel32

ReadFile
CreateFileW
GetFileSizeEx
GetSystemTimeAsFileTime
GetTickCount
GetVersionExW
GetProcAddress
GetModuleHandleW
SetFileTime
GetStdHandle
Sleep
LoadLibraryW
LocalFree
FormatMessageW
VirtualQuery
SetUnhandledExceptionFilter
EnterCriticalSection
LeaveCriticalSection
GetComputerNameW
GetLocalTime
InitializeCriticalSectionAndSpinCount
DeleteCriticalSection
CreateProcessW
WaitForSingleObject
GetExitCodeProcess
GetPrivateProfileStringW
SetEvent
CreateEventW
TerminateProcess
CreateThread
SetFilePointerEx
RaiseException
GetCommandLineW
GetCurrentThreadId
SetLastError
FreeLibrary
DecodePointer
FlushFileBuffers
WriteFile
GetConsoleCP
SetStdHandle
CreateDirectoryW
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineA
GetOEMCP
IsValidCodePage
FindFirstFileExW
EnumSystemLocalesW
GetUserDefaultLCID
IsValidLocale
GetFileType
GetACP
GetModuleHandleExW
ExitProcess
LoadLibraryExW
RtlUnwind
GetCurrentProcessId
QueryPerformanceCounter
GetStartupInfoW
UnhandledExceptionFilter
GetCPInfo
GetStringTypeW
GetLocaleInfoW
LCMapStringW
TlsFree
WideCharToMultiByte
GetConsoleMode
MultiByteToWideChar
GetLastError
MoveFileExW
FindClose
FindNextFileW
FindFirstFileW
GetCurrentProcess
RemoveDirectoryW
DeleteFileW
SetFileAttributesW
GetFileAttributesW
GetModuleFileNameW
ExpandEnvironmentStringsW
GetShortPathNameW
GetTempPathW
CloseHandle
LocalAlloc
GetProcessHeap
TlsSetValue
TlsGetValue
TlsAlloc
LoadLibraryExA
VirtualFree
VirtualAlloc
IsProcessorFeaturePresent
FlushInstructionCache
HeapAlloc
HeapFree
HeapReAlloc
HeapSize
HeapDestroy
FindResourceExW
FindResourceW
LoadResource
LockResource
SizeofResource
InterlockedPushEntrySList
InterlockedPopEntrySList
InitializeSListHead
EncodePointer
OutputDebugStringW
IsDebuggerPresent
WriteConsoleW

user32

GetParent
GetClientRect
GetWindowRect
MapWindowPoints
MonitorFromWindow
GetWindowLongW
GetWindow
LoadImageW
GetSystemMetrics
SendMessageW
SetWindowLongW
ShowWindow
SetWindowPos
GetWindowTextLengthW
GetWindowTextW
GetDlgItem
PostMessageW
GetMonitorInfoW
DestroyMenu
CallWindowProcW
LoadMenuW
GetSubMenu
CreateWindowExW
LoadCursorW
GetClassInfoExW
RegisterClassExW
UnregisterClassW
LoadStringW
DialogBoxParamW
PeekMessageW
GetMessageW
TranslateMessage
DispatchMessageW
DefWindowProcW
TrackPopupMenu
GetCursorPos
SetForegroundWindow
PostQuitMessage
RegisterWindowMessageW
EndDialog
MessageBoxW
WaitForInputIdle

gdi32

GetStockObject

advapi32

CheckTokenMembership
GetLengthSid
IsValidSid
GetSidSubAuthority
InitializeSid
GetSidLengthRequired
RegQueryValueExW
RegCloseKey
RegOpenKeyExW
DeregisterEventSource
RegisterEventSourceW
StartServiceCtrlDispatcherW
RegisterServiceCtrlHandlerExW
SetServiceStatus
ReportEventW
CopySid

shell32

ShellExecuteW
Shell_NotifyIconW
CommandLineToArgvW

wintrust

WinVerifyTrust

crypt32

CryptMsgGetParam
CertFindCertificateInStore
CertGetNameStringW
CertGetCertificateContextProperty
CryptUnprotectData
CryptMsgClose
CertCloseStore
CertFreeCertificateContext
CertFreeCertificateChain
CryptQueryObject

wininet

InternetConnectW
HttpSendRequestW
InternetOpenW
InternetOpenUrlW
InternetCloseHandle
InternetCrackUrlW
InternetQueryOptionW
InternetSetOptionW
HttpOpenRequestW
InternetWriteFile
InternetReadFile
HttpQueryInfoW
HttpEndRequestW
HttpSendRequestExW

rpcrt4

UuidCreateSequential
RpcStringFreeW
UuidToStringW

urlmon

ObtainUserAgentString

Sections

.text
Size: 228KB - Virtual size: 227KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 89KB - Virtual size: 89KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.gfids
Size: 512B - Virtual size: 464B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 66KB - Virtual size: 66KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1.4MB - Virtual size: 1.4MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

0ba45f8e3256fff048470d02ee09aabb

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

user32

gdi32

advapi32

shell32

wintrust

crypt32

wininet

rpcrt4

urlmon

Sections

.text Size: 228KB - Virtual size: 227KB

.rdata Size: 89KB - Virtual size: 89KB

.data Size: 4KB - Virtual size: 8KB

.gfids Size: 512B - Virtual size: 464B

.rsrc Size: 66KB - Virtual size: 66KB

.reloc Size: 1.4MB - Virtual size: 1.4MB

.text
Size: 228KB - Virtual size: 227KB

.rdata
Size: 89KB - Virtual size: 89KB

.data
Size: 4KB - Virtual size: 8KB

.gfids
Size: 512B - Virtual size: 464B

.rsrc
Size: 66KB - Virtual size: 66KB

.reloc
Size: 1.4MB - Virtual size: 1.4MB