ba30b0219e5a0f9608b3cf2ed18391ef37af146c2cd7972e690b07ed2edd7c87

Sharing

Copy URL Twitter E-mail

General

Target

ba30b0219e5a0f9608b3cf2ed18391ef37af146c2cd7972e690b07ed2edd7c87
Size

179KB
MD5

d1bbcaff39d2bfba81629955b05fa626
SHA1

ac58e3f0dec152e4d1f5e8d1b8175d39b022615d
SHA256

ba30b0219e5a0f9608b3cf2ed18391ef37af146c2cd7972e690b07ed2edd7c87
SHA512

5746219d4a532c158763f0f3755ec14b7fb1caea571ff68bc408232b3283b868bf59f16070a110a13c896b52cf5cf6e32cf28425eea124198aed9ce5c546b4d8
SSDEEP

3072:aaTTASJKf2n5AxE2NpxOa2XdU2QF4s5XgIDFyHb8kHofL/09rGa:a6ASJKenie2xT2NU2OTFQb8Fb0Ia

Score

10^/10

Malware Config

Signatures

Detects executables packed with aPLib. 1 IoCs

resource	yara_rule
sample	INDICATOR_EXE_Packed_aPLib

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
ba30b0219e5a0f9608b3cf2ed18391ef37af146c2cd7972e690b07ed2edd7c87

Files

ba30b0219e5a0f9608b3cf2ed18391ef37af146c2cd7972e690b07ed2edd7c87
.exe windows:5 windows x86 arch:x86

b805cc6dfcf1bef0d93757ffc6439f8b

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

Z:\coding\project\main\result\result.pdb

Imports

kernel32

GetLastError
CloseHandle
GetModuleFileNameW
DeleteFileA
Sleep
GetProcessHeap
WaitForSingleObject
HeapFree
HeapAlloc
GetCommandLineW
LocalFree
GetCurrentProcessId
GetVersionExA
LocalAlloc
LoadLibraryA
FreeLibrary
GetModuleHandleA
GetProcAddress
GetModuleFileNameA
GetVersionExW
GetSystemWindowsDirectoryA
GlobalFindAtomA
ExpandEnvironmentStringsA
GetCurrentProcess
GlobalAddAtomA
SetErrorMode
lstrcpynA
ExitProcess
GetTickCount
Module32Next
GlobalMemoryStatusEx
VirtualProtectEx
VirtualAlloc
Module32First
GetExitCodeProcess
CreateRemoteThread
VirtualFree
GetThreadContext
CreateFileA
SetThreadContext
OpenProcess
TerminateThread
CreateProcessA
TerminateProcess
FlushInstructionCache
GetShortPathNameA
GetHandleInformation
VirtualAllocEx
CreateToolhelp32Snapshot
WriteProcessMemory
ResumeThread
CreateThread
WriteFile
ReadFile
GetFileSizeEx
lstrcmpiA
CopyFileA
SetFileAttributesA
GetTempFileNameA

user32

wsprintfW
DestroyWindow
keybd_event
GetMessageA
SetTimer
RegisterClassExA
PostQuitMessage
KillTimer
TranslateMessage
DefWindowProcA
ShowWindow
FlashWindow
DispatchMessageA
UpdateWindow
CreateWindowExA

shell32

SHGetFolderPathA
ShellExecuteExA
SHGetFolderPathW
ShellExecuteExW

ole32

CoInitializeEx
CoUninitialize

psapi

GetModuleBaseNameW

shlwapi

StrRChrA
PathAppendA
PathAppendW
StrStrIA
PathFileExistsA
StrStrNIW
PathAddExtensionA
PathIsDirectoryA
PathCombineA
PathAddBackslashA

ntdll

RtlImageNtHeader
ZwClose
memset
_alloca_probe
strstr
_snprintf
ZwSetInformationThread
RtlUnwind

advapi32

CryptGetHashParam
CryptAcquireContextA
CryptCreateHash
CryptDestroyHash
CryptHashData
OpenProcessToken
GetSidSubAuthority
GetSidSubAuthorityCount
GetTokenInformation
CryptReleaseContext

Sections

.text
Size: 9KB - Virtual size: 9KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 148KB - Virtual size: 149KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.htext
Size: 12KB - Virtual size: 12KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

b805cc6dfcf1bef0d93757ffc6439f8b

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

user32

shell32

ole32

psapi

shlwapi

ntdll

advapi32

Sections

.text Size: 9KB - Virtual size: 9KB

.rdata Size: 4KB - Virtual size: 4KB

.data Size: 148KB - Virtual size: 149KB

.reloc Size: 1KB - Virtual size: 1KB

.htext Size: 12KB - Virtual size: 12KB

.text
Size: 9KB - Virtual size: 9KB

.rdata
Size: 4KB - Virtual size: 4KB

.data
Size: 148KB - Virtual size: 149KB

.reloc
Size: 1KB - Virtual size: 1KB

.htext
Size: 12KB - Virtual size: 12KB