ae43f35b7a6d9bb8c411a0e1abe3022c65d1b66f263ae5338c21d36821ac7937

General

Target

ae43f35b7a6d9bb8c411a0e1abe3022c65d1b66f263ae5338c21d36821ac7937
Size

3.3MB
MD5

25959f34034b8f4081b8ec19219ebfc4
SHA1

98fc798264d821a84e8078e14fb68b209eb20457
SHA256

ae43f35b7a6d9bb8c411a0e1abe3022c65d1b66f263ae5338c21d36821ac7937
SHA512

e82c5669b1029a13664383ea201e209a7b503ad35b0bc7e497de179452823c16f3229df118e854be8f69d1bc58db6515f766e55e8460d6834b3c8407f6cf2df9
SSDEEP

98304:6mYuHOtRaMMMMM2MMMMMvmYuHOtRaMMMMM2MMMMMu1ODi:gfU1gi

Score

10^/10

Malware Config

Signatures

UPX dump on OEP (original entry point) 1 IoCs

resource	yara_rule
sample	UPX

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
ae43f35b7a6d9bb8c411a0e1abe3022c65d1b66f263ae5338c21d36821ac7937

Files

ae43f35b7a6d9bb8c411a0e1abe3022c65d1b66f263ae5338c21d36821ac7937
.exe windows:5 windows x86 arch:x86

5e160c5aededb66cfa73373838c044cc

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

PDB Paths

INETWIZ.pdb

Imports

msvcrt

__p__commode
_adjust_fdiv
__setusermatherr
__p__fmode
__getmainargs
_acmdln
exit
__set_app_type
_except_handler3
_controlfp
_initterm
_cexit
_XcptFilter
_exit
_c_exit
setlocale
mbstowcs

advapi32

LookupPrivilegeValueW
AdjustTokenPrivileges
RegCreateKeyW
RegSetValueExW
RegOpenKeyW
RegQueryValueExW
RegCloseKey
RegOpenKeyExW
OpenProcessToken

kernel32

GetSystemTimeAsFileTime
GetCurrentProcessId
SetUnhandledExceptionFilter
GetTickCount
QueryPerformanceCounter
TerminateProcess
GetModuleFileNameW
GetShortPathNameW
GetModuleHandleA
GetStartupInfoA
GetCurrentProcess
UnhandledExceptionFilter
lstrcatW
lstrlenW
DeleteFileW
GetCurrentThreadId
WriteFile
CloseHandle
GetLastError
CreateSemaphoreW
CreateFileW
GetVersionExW

user32

FindWindowW
SetFocus
SetForegroundWindow
LoadStringW
MessageBoxW
ExitWindowsEx

inetcfg

_LaunchSignupWizard@12

shell32

SHGetPathFromIDListW
SHGetSpecialFolderLocation
SHGetMalloc

Sections

.text
Size: 8KB - Virtual size: 5KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 584B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

5e160c5aededb66cfa73373838c044cc

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

msvcrt

advapi32

kernel32

user32

inetcfg

shell32

Sections

.text Size: 8KB - Virtual size: 5KB

.data Size: 4KB - Virtual size: 584B

.rsrc Size: 4KB - Virtual size: 3KB

.text
Size: 8KB - Virtual size: 5KB

.data
Size: 4KB - Virtual size: 584B

.rsrc
Size: 4KB - Virtual size: 3KB