823e22bb13181add785e1b78f21af7141a27209d776df25714d8b9706e1d4db0

Sharing

Copy URL Twitter E-mail

General

Target

823e22bb13181add785e1b78f21af7141a27209d776df25714d8b9706e1d4db0
Size

157KB
MD5

dde8ec9c39a87474e3c77d56636ef08c
SHA1

8b5a5fbfeab6265eae08c71633f0b295647ddfa4
SHA256

823e22bb13181add785e1b78f21af7141a27209d776df25714d8b9706e1d4db0
SHA512

1755e811997d942cef6a7a3bfe3381cb989764312ee9a7f825724e17c2d43eae3cb5bd070c7450dff141c31da75fd494783779622cd00b6907e23c02d5cc8f36
SSDEEP

3072:cPq5OwwFGK7H5B5RGegDNXyNzyVqVqXHNuN755j533XTte9BpyJG:czbG8H5B5RGe6CIQIXuv5nXxGvD

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
823e22bb13181add785e1b78f21af7141a27209d776df25714d8b9706e1d4db0

Files

823e22bb13181add785e1b78f21af7141a27209d776df25714d8b9706e1d4db0
.exe windows:5 windows x86 arch:x86

091cf914a6c5e25e29befd127277627d

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

CreateProcessA
GetProcessHeap
HeapAlloc
HeapFree
ProcessIdToSessionId
SetWaitableTimer
CancelWaitableTimer
CreateWaitableTimerA
OpenMutexA
CreateMutexA
GetModuleFileNameA
ReleaseMutex
GetCurrentProcess
GetVersionExA
GetModuleHandleA
GetProcAddress
GetSystemInfo
GetVersion
CreateEventA
LocalAlloc
OpenEventA
WritePrivateProfileStringA
WritePrivateProfileSectionA
CopyFileA
GetPrivateProfileSectionNamesA
GetFileAttributesA
DeleteFileA
LocalFree
GetTickCount64
OpenProcess
TerminateProcess
CreateToolhelp32Snapshot
Process32First
Process32Next
DeleteCriticalSection
InitializeCriticalSection
EnterCriticalSection
GetLocalTime
LeaveCriticalSection
GetPrivateProfileIntA
GetTickCount
CreateThread
WaitForMultipleObjects
CloseHandle
GetPrivateProfileStringA
ResetEvent
WaitForSingleObject
TerminateThread
SetEvent
ReadFile
SetEndOfFile
WriteConsoleW
GetConsoleOutputCP
WriteConsoleA
LoadLibraryA
GetLocaleInfoA
GetStringTypeW
GetStringTypeA
CreateFileA
Sleep
GetLastError
OutputDebugStringA
InitializeCriticalSectionAndSpinCount
FlushFileBuffers
SetStdHandle
RtlUnwind
GetSystemTimeAsFileTime
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
RaiseException
GetCommandLineA
GetModuleHandleW
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
InterlockedIncrement
SetLastError
GetCurrentThreadId
InterlockedDecrement
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
HeapSize
ExitProcess
LCMapStringA
WideCharToMultiByte
MultiByteToWideChar
LCMapStringW
WriteFile
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
HeapCreate
VirtualFree
QueryPerformanceCounter
GetCurrentProcessId
SetFilePointer
GetConsoleCP
GetConsoleMode
VirtualAlloc
HeapReAlloc

user32

GetSystemMetrics

advapi32

StartServiceCtrlDispatcherA
ChangeServiceConfig2A
CreateServiceA
LookupPrivilegeValueA
DuplicateTokenEx
SetTokenInformation
AdjustTokenPrivileges
CreateProcessAsUserA
GetTokenInformation
IsWellKnownSid
OpenProcessToken
InitializeSecurityDescriptor
SetSecurityDescriptorDacl
ConvertStringSecurityDescriptorToSecurityDescriptorA
AllocateAndInitializeSid
FreeSid
GetNamedSecurityInfoA
SetEntriesInAclA
SetNamedSecurityInfoA
ReportEventA
DeregisterEventSource
RegisterEventSourceA
RegisterServiceCtrlHandlerExA
SetServiceStatus
OpenServiceA
ControlService
StartServiceA
CloseServiceHandle
OpenSCManagerA
DeleteService

shell32

SHCreateDirectoryExA
ShellExecuteA
SHGetSpecialFolderPathA

ole32

CoInitializeEx
CoUninitialize

wtsapi32

WTSEnumerateSessionsA
WTSFreeMemory

shlwapi

PathFileExistsA
PathRemoveFileSpecA

avifil32

AVIFileInit
AVIFileExit

userenv

CreateEnvironmentBlock
DestroyEnvironmentBlock

Sections

.text
Size: 91KB - Virtual size: 90KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 28KB - Virtual size: 27KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 5KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 32KB - Virtual size: 31KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

091cf914a6c5e25e29befd127277627d

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

advapi32

shell32

ole32

wtsapi32

shlwapi

avifil32

userenv

Sections

.text Size: 91KB - Virtual size: 90KB

.rdata Size: 28KB - Virtual size: 27KB

.data Size: 5KB - Virtual size: 13KB

.rsrc Size: 32KB - Virtual size: 31KB

.text
Size: 91KB - Virtual size: 90KB

.rdata
Size: 28KB - Virtual size: 27KB

.data
Size: 5KB - Virtual size: 13KB

.rsrc
Size: 32KB - Virtual size: 31KB