e89527ce7fa705e7885f8eab2666e8e3cc15a039cee2c73cb045db75013817c9

Sharing

Copy URL

Twitter E-mail

General

Target

e89527ce7fa705e7885f8eab2666e8e3cc15a039cee2c73cb045db75013817c9
Size

1.3MB
MD5

d3d7fa26bff62423e44be8cbf974dad7
SHA1

8ca53df95258e433e36199af5a33fb0353d17193
SHA256

e89527ce7fa705e7885f8eab2666e8e3cc15a039cee2c73cb045db75013817c9
SHA512

441dbab6f4c91c1934a8e4f6daad65bf6fe946c0fc643a714beb2b928559d69ebd3944969e24bea59183b8cfe977c3a5f0b62e112bbad29f7e0cd4c02086fd39
SSDEEP

24576:V3LutmkEz+PAVV/bOInO4Xs2ztR4iegxLHgZpJE4VDd07ozX0j52pMkuLoiSJVla:VbutmkO+wROInO4XrztygxLHkJE4VBRb

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
e89527ce7fa705e7885f8eab2666e8e3cc15a039cee2c73cb045db75013817c9

Files

e89527ce7fa705e7885f8eab2666e8e3cc15a039cee2c73cb045db75013817c9
.exe windows:4 windows x86 arch:x86

5eb440625c49d1fc181879d5ddcfbd20

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

t:\dw\x86\ship\0\dw20.pdb

Imports

version

VerQueryValueW
GetFileVersionInfoSizeW
VerQueryValueA
GetFileVersionInfoW

secur32

GetUserNameExW

msvcr80

?_type_info_dtor_internal_method@type_info@@QAEXXZ
?terminate@@YAXXZ
_controlfp_s
_invoke_watson
_crt_debugger_hook
_decode_pointer
_onexit
_lock
__dllonexit
_unlock
_vsnprintf_s
_except_handler4_common
__set_app_type
_encode_pointer
__p__fmode
__p__commode
_adjust_fdiv
__setusermatherr
_configthreadlocale
_initterm_e
_initterm
_acmdln
exit
_ismbblead
_XcptFilter
_exit
_cexit
__getmainargs
_amsg_exit
fopen_s
fwprintf_s
fclose
vsprintf_s
wcscpy_s
vswprintf_s
wcsrchr
_wtoi
_CxxThrowException
_vsnprintf
__CxxFrameHandler3
_CIsqrt
memmove
_wcsnicmp
tolower
strncmp
ceil
strchr
strncpy_s
_strnicmp
wcsncmp
_stricmp
wcstok_s
swprintf_s
_wcsicmp
memset
memcpy
wcschr
_time32

advapi32

GetSecurityDescriptorDacl
RegQueryInfoKeyW
ReportEventW
RegisterEventSourceW
ReportEventA
DeregisterEventSource
GetUserNameA
RegQueryInfoKeyA
RegEnumValueA
RegEnumKeyExA
RegDeleteValueA
SetNamedSecurityInfoW
ConvertSidToStringSidA
ConvertStringSecurityDescriptorToSecurityDescriptorA
RegCreateKeyExA
RegDeleteValueW
RegSetValueExW
RegQueryValueExW
RegOpenKeyExA
RegQueryValueExA
RegCloseKey
RegSetValueExA
RegOpenKeyExW
RegCreateKeyExW
RegEnumKeyW
RegEnumValueW
GetLengthSid
AddAccessAllowedAce
AddAccessDeniedAce
InitializeAcl
AllocateAndInitializeSid
CopySid
OpenThreadToken
IsValidSid
CheckTokenMembership
ConvertStringSecurityDescriptorToSecurityDescriptorW
InitializeSecurityDescriptor
SetSecurityDescriptorDacl
FreeSid
OpenProcessToken
GetTokenInformation

comctl32

ImageList_ReplaceIcon
ImageList_Create
ImageList_Destroy
ord17

gdi32

DeleteDC
RestoreDC
DeleteObject
GetTextFaceA
SelectObject
CreateFontA
GetDeviceCaps
SetMapMode
SaveDC
CreateFontIndirectW
GetObjectW
GetTextExtentPoint32W
SetTextAlign
GetTextMetricsA
GetObjectA
ExtTextOutW
SetBkMode
SetTextColor
GetTextFaceW
GetOutlineTextMetricsA
CreateDCA
CreateSolidBrush
TranslateCharsetInfo
CreateFontIndirectA

kernel32

OpenSemaphoreA
CreateEventA
OpenEventA
GetShortPathNameA
LoadLibraryW
OutputDebugStringA
LoadLibraryExW
LocalAlloc
GlobalFree
GetCurrentThreadId
CreateProcessA
GlobalAlloc
DuplicateHandle
GetSystemDirectoryW
GetTimeZoneInformation
GetDiskFreeSpaceExW
GetUserDefaultLCID
IsValidLocale
GetStringTypeExW
IsValidCodePage
CompareStringW
GetShortPathNameW
GetLongPathNameW
CreateFileA
GetCurrentThread
GlobalMemoryStatus
ReleaseSemaphore
IsProcessorFeaturePresent
EnumUILanguagesW
EnumSystemLocalesW
GetCalendarInfoW
GetUserDefaultUILanguage
VirtualProtect
QueryPerformanceCounter
GetTempFileNameA
GetTempPathA
InterlockedExchange
InterlockedCompareExchange
GetStartupInfoA
UnhandledExceptionFilter
IsDebuggerPresent
lstrcmpiW
GetThreadContext
GetThreadTimes
GetPriorityClass
HeapDestroy
HeapCreate
TerminateThread
GetThreadSelectorEntry
GetLastError
GetLocalTime
LeaveCriticalSection
EnterCriticalSection
GetCommandLineW
MapViewOfFile
ReleaseMutex
WaitForSingleObject
WaitForMultipleObjects
SetProcessWorkingSetSize
GetCurrentProcess
Sleep
TerminateProcess
DeleteFileW
CreateThread
CloseHandle
GetCurrentProcessId
SetUnhandledExceptionFilter
GetProcAddress
GetModuleHandleA
GetVersionExW
GetVersionExA
GetModuleFileNameW
FreeLibrary
InitializeCriticalSection
GetProcessHeap
DeleteCriticalSection
MultiByteToWideChar
GetSystemTimeAsFileTime
GetTimeFormatW
GetDateFormatW
GetTickCount
SetLastError
LocalFree
WriteFile
FindNextFileW
FindClose
FindFirstFileW
GetSystemWindowsDirectoryW
MoveFileW
SetFilePointer
GetComputerNameA
SetPriorityClass
UnmapViewOfFile
GetFileSize
CreateFileMappingA
SuspendThread
ExitThread
MulDiv
GetModuleFileNameA
LoadLibraryA
GetSystemDefaultLangID
GetSystemDefaultUILanguage
GetUserDefaultLangID
GetACP
GetSystemDefaultLCID
SetEvent
CreateProcessW
ExpandEnvironmentStringsW
WideCharToMultiByte
GetTempPathW
GetFileAttributesW
SetEndOfFile
IsDBCSLeadByte
GetSystemDirectoryA
SetThreadPriority
CreateRemoteThread
OpenProcess
LoadLibraryExA
SetEnvironmentVariableA
CreateDirectoryW
ReadProcessMemory
VirtualQueryEx
GetSystemInfo
HeapFree
HeapSize
HeapValidate
HeapAlloc
HeapReAlloc
VirtualAlloc
RaiseException
TlsSetValue
SetFileAttributesW
CreateSemaphoreA
FlushFileBuffers
ResumeThread
InitializeCriticalSectionAndSpinCount
TlsAlloc
VirtualFree
TlsGetValue
TlsFree
GetModuleHandleW
GetVersion
GetFileType
CreateFileW
GetLocaleInfoW
GetProcessTimes
CreateMutexA
OpenMutexA
GetThreadPriority

ole32

StringFromIID
CoTaskMemFree
CoUninitialize
CoInitializeEx
CoCreateInstance

oleacc

CreateStdAccessibleObject
LresultFromObject

oleaut32

SysFreeString
SystemTimeToVariantTime
VariantTimeToDosDateTime
SysAllocString
SysStringLen

rpcrt4

UuidCreate

shell32

ExtractIconExA
SHGetSpecialFolderPathW
ShellExecuteExA

shlwapi

AssocQueryStringW
UrlGetPartA
wnsprintfA

urlmon

CreateURLMoniker

user32

GetDlgCtrlID
IsWindow
CreateDialogIndirectParamA
DrawTextA
DrawTextW
MapDialogRect
CallWindowProcA
MoveWindow
GetKeyboardLayout
GetMenuCheckMarkDimensions
LoadBitmapA
GetMonitorInfoA
CallWindowProcW
SetRectEmpty
IsWindowVisible
PostMessageA
SendMessageA
DefWindowProcA
SetTimer
KillTimer
PostQuitMessage
DispatchMessageA
TranslateMessage
IsDialogMessageA
GetMessageA
CreateWindowExA
RegisterClassExA
DialogBoxParamA
SystemParametersInfoA
DestroyIcon
LoadStringW
DestroyWindow
SetWindowPos
GetWindowRect
GetWindowLongA
SetForegroundWindow
GetSystemMetrics
LoadIconA
SetWindowLongA
ReleaseDC
FillRect
GetSysColorBrush
MapWindowPoints
GetDC
SetWindowTextA
CreateDialogParamW
DialogBoxParamW
EnumDisplayMonitors
GetDlgItem
DrawIconEx
ShowWindow
LoadCursorA
GetClientRect
SetCursor
DrawFocusRect
SetWindowTextW
GetWindow
InvalidateRect
EnableWindow
GetSysColor
SendDlgItemMessageA
EndDialog
CheckDlgButton
SetFocus
LoadStringA
IsDlgButtonChecked
SetDlgItemTextA
GetScrollInfo
SetScrollInfo
GetFocus
FlashWindowEx
GetForegroundWindow
GetWindowPlacement
IsIconic
GetWindowThreadProcessId
EnumWindows
SendMessageTimeoutA
GetParent
UpdateWindow
IsWindowUnicode
GetClassNameA
SendMessageW
GetWindowLongW

wininet

InternetGetConnectedState
InternetCloseHandle
HttpQueryInfoA
InternetReadFileExA
HttpEndRequestA
InternetWriteFile
HttpSendRequestExA
InternetCanonicalizeUrlA
HttpOpenRequestA
InternetConnectA
InternetOpenA
InternetSetStatusCallback
InternetCrackUrlA

Sections

.text
Size: 551KB - Virtual size: 551KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 199KB - Virtual size: 271KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 14KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 588KB - Virtual size: 592KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

5eb440625c49d1fc181879d5ddcfbd20

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

version

secur32

msvcr80

advapi32

comctl32

gdi32

kernel32

ole32

oleacc

oleaut32

rpcrt4

shell32

shlwapi

urlmon

user32

wininet

Sections

.text Size: 551KB - Virtual size: 551KB

.data Size: 199KB - Virtual size: 271KB

.rsrc Size: 14KB - Virtual size: 13KB

.reloc Size: 588KB - Virtual size: 592KB

.text
Size: 551KB - Virtual size: 551KB

.data
Size: 199KB - Virtual size: 271KB

.rsrc
Size: 14KB - Virtual size: 13KB

.reloc
Size: 588KB - Virtual size: 592KB