95bc0227998abcb72aafdbeb0bc59b5f786e20ef31873b48390b8355a4eda340

Sharing

Copy URL Twitter E-mail

General

Target

95bc0227998abcb72aafdbeb0bc59b5f786e20ef31873b48390b8355a4eda340
Size

1.2MB
MD5

49f4e719c7c6286c1efba5178d3301e1
SHA1

757bf9889162d33f8fb970c70961bdaa471c7466
SHA256

95bc0227998abcb72aafdbeb0bc59b5f786e20ef31873b48390b8355a4eda340
SHA512

c62a6c68874ea9425b0c0519fcec635b38ed7c3ed48b450312fd66a27d2f708fe3bce7414ea723a84e7fbf6402ce936ad01d4f8aa1717722e2bb40b9a37a4df4
SSDEEP

12288:ejpAzGD1E+poO25wuc1Kf9e9gpJtnZTh5OsRxbyGd11i9IPyw9WVlD8JB4B9dMK/:ejqLOiwF6fXnyaW8B4pqAaOn14wr

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
95bc0227998abcb72aafdbeb0bc59b5f786e20ef31873b48390b8355a4eda340

Files

95bc0227998abcb72aafdbeb0bc59b5f786e20ef31873b48390b8355a4eda340
.exe windows:5 windows x86 arch:x86

091157560adc399bac56ac188d6f1356

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

D:\masterPdf-forinstall-module\rel\Uninstall.pdb

Imports

kernel32

SetFilePointer
DeviceIoControl
GetSystemInfo
GetFileAttributesExW
InitializeCriticalSection
GetNativeSystemInfo
ResetEvent
SetEvent
PostQueuedCompletionStatus
GetExitCodeThread
TerminateThread
CreateEventW
CreateIoCompletionPort
InterlockedExchange
GetQueuedCompletionStatus
WriteConsoleW
SetEnvironmentVariableA
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineW
GetCommandLineA
GetOEMCP
IsValidCodePage
GetTimeZoneInformation
EnumSystemLocalesW
GetUserDefaultLCID
IsValidLocale
GetTimeFormatW
GetDateFormatW
GetConsoleCP
SetStdHandle
ReadConsoleW
GetConsoleMode
SetFilePointerEx
GetFileType
GetACP
SetEndOfFile
ExitProcess
GetModuleHandleExW
ExitThread
FindFirstFileExW
RtlUnwind
FreeLibraryAndExitThread
GetThreadTimes
CreateThread
CreateProcessW
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetLocaleInfoW
LCMapStringW
CompareStringW
GetCPInfo
GetSystemTimeAsFileTime
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
QueryPerformanceCounter
GetStringTypeW
WaitForSingleObjectEx
LoadLibraryExA
VirtualFree
VirtualAlloc
IsProcessorFeaturePresent
FlushInstructionCache
InterlockedPushEntrySList
InterlockedPopEntrySList
InitializeSListHead
EncodePointer
IsDebuggerPresent
FindNextFileW
lstrlenA
MoveFileExW
SetFileAttributesW
SetThreadLocale
GetThreadLocale
lstrcmpA
lstrlenW
FlushFileBuffers
GetFileSize
LocalFree
GetPrivateProfileStringW
ReadFile
GetStartupInfoW
CreatePipe
WaitForSingleObject
FindFirstFileW
TerminateProcess
Process32NextW
Process32FirstW
CreateToolhelp32Snapshot
GetShortPathNameW
GetCurrentThread
SetThreadPriority
GetCurrentProcess
SetPriorityClass
GetEnvironmentVariableW
GetVersionExW
DeleteFileW
CloseHandle
WriteFile
CreateFileW
GetTempPathW
GetTickCount
HeapDestroy
LoadLibraryW
GetCurrentProcessId
OpenProcess
MulDiv
OutputDebugStringW
FreeResource
GlobalFree
GlobalAlloc
WideCharToMultiByte
SetLastError
GetCurrentThreadId
InterlockedIncrement
InterlockedDecrement
GetModuleFileNameW
LoadLibraryExW
MultiByteToWideChar
EnterCriticalSection
LeaveCriticalSection
lstrcmpiW
GetProcAddress
FreeLibrary
DecodePointer
Sleep
InitializeCriticalSectionAndSpinCount
GetLastError
RaiseException
DeleteCriticalSection
GetVersion
FindResourceExW
FindResourceW
LoadResource
LockResource
SizeofResource
GetModuleHandleW
GetProcessHeap
HeapAlloc
HeapFree
RemoveDirectoryW
FindClose
HeapReAlloc
HeapSize
GetStdHandle

user32

GetParent
GetWindowRect
GetMonitorInfoW
MonitorFromWindow
GetWindowLongW
GetWindow
PostQuitMessage
IsWindow
ShowWindow
DestroyWindow
GetDlgItem
SetWindowLongW
DefWindowProcW
CallWindowProcW
UnregisterClassW
CharNextW
DispatchMessageW
GetClientRect
GetMessageW
PeekMessageW
MessageBoxW
SystemParametersInfoW
RegisterClassExW
GetClassInfoExW
LoadCursorW
CreateWindowExW
BeginPaint
CopyRect
EndPaint
IsIconic
MoveWindow
EnableWindow
GetForegroundWindow
GetWindowTextW
SetForegroundWindow
IsWindowVisible
IsZoomed
MonitorFromRect
OffsetRect
SetLayeredWindowAttributes
SetWindowRgn
EqualRect
InvalidateRect
PtInRect
MapWindowPoints
SetWindowPos
SendMessageW
PostMessageW
TrackMouseEvent
GetCursorPos
SetFocus
SetCapture
LoadImageW
SetRectEmpty
IsRectEmpty
GetIconInfo
DrawIconEx
SetCursor
ScreenToClient
GetDoubleClickTime
IntersectRect
FillRect
DrawTextW
ReleaseCapture
ClientToScreen
KillTimer
LoadIconW
TranslateMessage
GetDC
ReleaseDC
SetTimer
wsprintfW
UpdateLayeredWindow

gdi32

GetCurrentObject
GetTextColor
CreateFontIndirectW
RestoreDC
Rectangle
CreatePen
SaveDC
CreateRectRgnIndirect
ExtSelectClipRgn
GetStockObject
SetTextColor
SetBkMode
CreateSolidBrush
SetBitmapBits
GetBitmapBits
StretchBlt
SetStretchBltMode
SetPixel
GetObjectW
CreateDIBSection
CreateRectRgn
CombineRgn
CreateRoundRectRgn
DeleteDC
DeleteObject
BitBlt
SelectObject
CreateCompatibleDC
SetTextCharacterExtra

advapi32

RegCloseKey
RegQueryInfoKeyW
FreeSid
CheckTokenMembership
AllocateAndInitializeSid
DeleteService
CloseServiceHandle
ControlService
QueryServiceStatus
OpenServiceW
OpenSCManagerW
RegEnumKeyW
RegQueryValueExW
RegDeleteValueW
RegCreateKeyExW
RegSetValueExW
RegOpenKeyExW
RegEnumKeyExW
RegDeleteKeyW

shell32

SHGetPathFromIDListW
SHCreateDirectoryExW
ord165
ShellExecuteExW
ShellExecuteW
SHGetSpecialFolderPathW
SHGetMalloc
SHGetSpecialFolderLocation
SHChangeNotify

ole32

CoInitialize
CoCreateInstance
CoTaskMemAlloc
CoUninitialize
CoTaskMemRealloc
CreateStreamOnHGlobal
OleRun
CoTaskMemFree

oleaut32

GetErrorInfo
VariantClear
VariantCopy
LoadTypeLi
LoadRegTypeLi
SysFreeString
VarUI4FromStr
SysAllocString
SysStringLen
VarBstrCmp
VariantInit

shlwapi

StrCmpIW
PathRemoveBackslashW
PathSearchAndQualifyW
PathIsDirectoryW
PathFindFileNameW
SHGetValueW
PathCombineW
PathAppendW
PathFileExistsW
PathRemoveFileSpecW

comctl32

ord17
InitCommonControlsEx

msimg32

AlphaBlend

gdiplus

GdipDeleteGraphics
GdipAlloc
GdipDisposeImage
GdipGetImageGraphicsContext
GdiplusStartup
GdipDeleteFont
GdipCreateFont
GdipDeleteFontFamily
GdipCreateFontFamilyFromName
GdipDrawString
GdipSetTextRenderingHint
GdipCreateFromHDC
GdipCreateSolidFill
GdipCloneBrush
GdipDeleteBrush
GdipCreateBitmapFromScan0
GdipCreateBitmapFromStream
GdipSetInterpolationMode
GdipCreateBitmapFromFile
GdipGetImagePixelFormat
GdipGetImageHeight
GdipGetImageWidth
GdipCloneImage
GdipDrawImageRectI
GdipFree

wininet

HttpSendRequestW
InternetReadFile
HttpQueryInfoW
InternetCrackUrlW
InternetOpenW
InternetSetOptionW
InternetConnectW
HttpOpenRequestW
InternetCloseHandle

crypt32

CryptStringToBinaryW
CryptBinaryToStringW

psapi

GetModuleFileNameExW

netapi32

Netbios

iphlpapi

GetAdaptersInfo
GetIpAddrTable

Sections

.text
Size: 532KB - Virtual size: 532KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 130KB - Virtual size: 129KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 8KB - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.gfids
Size: 1024B - Virtual size: 692B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.tls
Size: 512B - Virtual size: 9B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 440KB - Virtual size: 440KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 98KB - Virtual size: 100KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

091157560adc399bac56ac188d6f1356

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

user32

gdi32

advapi32

shell32

ole32

oleaut32

shlwapi

comctl32

msimg32

gdiplus

wininet

crypt32

psapi

netapi32

iphlpapi

Sections

.text Size: 532KB - Virtual size: 532KB

.rdata Size: 130KB - Virtual size: 129KB

.data Size: 8KB - Virtual size: 17KB

.gfids Size: 1024B - Virtual size: 692B

.tls Size: 512B - Virtual size: 9B

.rsrc Size: 440KB - Virtual size: 440KB

.reloc Size: 98KB - Virtual size: 100KB

.text
Size: 532KB - Virtual size: 532KB

.rdata
Size: 130KB - Virtual size: 129KB

.data
Size: 8KB - Virtual size: 17KB

.gfids
Size: 1024B - Virtual size: 692B

.tls
Size: 512B - Virtual size: 9B

.rsrc
Size: 440KB - Virtual size: 440KB

.reloc
Size: 98KB - Virtual size: 100KB