d1d5595f0992292eddf8ac5cc72a20c91506dd72736c7ec5c8affb4dff53f1a4

Sharing

Copy URL Twitter E-mail

General

Target

d1d5595f0992292eddf8ac5cc72a20c91506dd72736c7ec5c8affb4dff53f1a4
Size

179KB
MD5

877ff2ce892bc190c7eda5bca2c772fc
SHA1

28400ee954318223c3d68f3851d93393e0feea10
SHA256

d1d5595f0992292eddf8ac5cc72a20c91506dd72736c7ec5c8affb4dff53f1a4
SHA512

8097193330c653a760720a8bc5130fb14a1974130b868f9a80443724e7140f347b2b14136ba93abe7170d5a99a3338faac58a8e75404cd7c7f9fa60796adcdf6
SSDEEP

3072:wXTTASJKf2n5AxE2NpxOa2XdU2QF4s5XgIDFyHb8kHofL/09rGB:wvASJKenie2xT2NU2OTFQb8Fb0IB

Score

10^/10

Malware Config

Signatures

Detects executables packed with aPLib. 1 IoCs

resource	yara_rule
sample	INDICATOR_EXE_Packed_aPLib

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
d1d5595f0992292eddf8ac5cc72a20c91506dd72736c7ec5c8affb4dff53f1a4

Files

d1d5595f0992292eddf8ac5cc72a20c91506dd72736c7ec5c8affb4dff53f1a4
.exe windows:5 windows x86 arch:x86

b805cc6dfcf1bef0d93757ffc6439f8b

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

Z:\coding\project\main\result\result.pdb

Imports

kernel32

GetLastError
CloseHandle
GetModuleFileNameW
DeleteFileA
Sleep
GetProcessHeap
WaitForSingleObject
HeapFree
HeapAlloc
GetCommandLineW
LocalFree
GetCurrentProcessId
GetVersionExA
LocalAlloc
LoadLibraryA
FreeLibrary
GetModuleHandleA
GetProcAddress
GetModuleFileNameA
GetVersionExW
GetSystemWindowsDirectoryA
GlobalFindAtomA
ExpandEnvironmentStringsA
GetCurrentProcess
GlobalAddAtomA
SetErrorMode
lstrcpynA
ExitProcess
GetTickCount
Module32Next
GlobalMemoryStatusEx
VirtualProtectEx
VirtualAlloc
Module32First
GetExitCodeProcess
CreateRemoteThread
VirtualFree
GetThreadContext
CreateFileA
SetThreadContext
OpenProcess
TerminateThread
CreateProcessA
TerminateProcess
FlushInstructionCache
GetShortPathNameA
GetHandleInformation
VirtualAllocEx
CreateToolhelp32Snapshot
WriteProcessMemory
ResumeThread
CreateThread
WriteFile
ReadFile
GetFileSizeEx
lstrcmpiA
CopyFileA
SetFileAttributesA
GetTempFileNameA

user32

wsprintfW
DestroyWindow
keybd_event
GetMessageA
SetTimer
RegisterClassExA
PostQuitMessage
KillTimer
TranslateMessage
DefWindowProcA
ShowWindow
FlashWindow
DispatchMessageA
UpdateWindow
CreateWindowExA

shell32

SHGetFolderPathA
ShellExecuteExA
SHGetFolderPathW
ShellExecuteExW

ole32

CoInitializeEx
CoUninitialize

psapi

GetModuleBaseNameW

shlwapi

StrRChrA
PathAppendA
PathAppendW
StrStrIA
PathFileExistsA
StrStrNIW
PathAddExtensionA
PathIsDirectoryA
PathCombineA
PathAddBackslashA

ntdll

RtlImageNtHeader
ZwClose
memset
_alloca_probe
strstr
_snprintf
ZwSetInformationThread
RtlUnwind

advapi32

CryptGetHashParam
CryptAcquireContextA
CryptCreateHash
CryptDestroyHash
CryptHashData
OpenProcessToken
GetSidSubAuthority
GetSidSubAuthorityCount
GetTokenInformation
CryptReleaseContext

Sections

.text
Size: 9KB - Virtual size: 9KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 148KB - Virtual size: 149KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.htext
Size: 12KB - Virtual size: 12KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

b805cc6dfcf1bef0d93757ffc6439f8b

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

user32

shell32

ole32

psapi

shlwapi

ntdll

advapi32

Sections

.text Size: 9KB - Virtual size: 9KB

.rdata Size: 4KB - Virtual size: 4KB

.data Size: 148KB - Virtual size: 149KB

.reloc Size: 1KB - Virtual size: 1KB

.htext Size: 12KB - Virtual size: 12KB

.text
Size: 9KB - Virtual size: 9KB

.rdata
Size: 4KB - Virtual size: 4KB

.data
Size: 148KB - Virtual size: 149KB

.reloc
Size: 1KB - Virtual size: 1KB

.htext
Size: 12KB - Virtual size: 12KB