6820018b96828ea11d46717babce7866107d6a9f8696d2ea30e4cc24b7738083

Sharing

Copy URL Twitter E-mail

General

Target

6820018b96828ea11d46717babce7866107d6a9f8696d2ea30e4cc24b7738083
Size

1.8MB
MD5

2cb81b12de4a87139a4c19468341780c
SHA1

22897ebc0a9dfc67cb6bb985253e73338f844192
SHA256

6820018b96828ea11d46717babce7866107d6a9f8696d2ea30e4cc24b7738083
SHA512

c1c586019e8e1e4ecb41991e34284881e5113903f0209259c271b62e894e708660a715b8787ab6659213f2fba4b0fbc13cdf866e529c7c938bc2c86586059b7d
SSDEEP

49152:ujZxx4CnLdGOTalVz9vKxRwblCvQ3g7c39j5JMX/ECZViEJkT:SDmPNB8I3g7cNjnMPXZVET

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
6820018b96828ea11d46717babce7866107d6a9f8696d2ea30e4cc24b7738083

Files

6820018b96828ea11d46717babce7866107d6a9f8696d2ea30e4cc24b7738083
.exe windows:4 windows x86 arch:x86

982a611e85a356b3fee39155e16bf007

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

FindNextFileA
lstrcmpA
FindFirstFileA
SystemTimeToFileTime
GetSystemTime
FileTimeToDosDateTime
FindClose
FileTimeToLocalFileTime
GetFileSize
GetFileTime
WriteFile
LocalFileTimeToFileTime
DosDateTimeToFileTime
FreeLibrary
GetProcAddress
LoadLibraryExA
WaitForSingleObject
CreateProcessA
LoadLibraryA
GetTempPathA
GetWindowsDirectoryA
GetTickCount
QueryPerformanceFrequency
OpenEventA
CreateEventA
GetCurrentProcess
GetVersionExA
GetShortPathNameA
CreateFileA
CloseHandle
ReadFile
SetFileTime
SetFileAttributesA
GetPrivateProfileStringA
MoveFileExA
IsBadWritePtr
InterlockedDecrement
lstrlenW
WritePrivateProfileSectionA
WritePrivateProfileStringA
RemoveDirectoryA
GlobalFree
GlobalUnlock
GlobalAlloc
GlobalLock
CreateThread
lstrcpynA
Sleep
GetVersion
SetEvent
LeaveCriticalSection
GetCommandLineA
GetModuleHandleA
InitializeCriticalSection
HeapDestroy
DeleteCriticalSection
lstrcatA
CreateFileW
LockResource
LoadResource
FindResourceA
GetDiskFreeSpaceA
EnterCriticalSection
GetSystemDirectoryA
WinExec
GetPrivateProfileSectionA
FlushFileBuffers
SetStdHandle
LocalFree
GetStringTypeW
GetStringTypeA
InterlockedIncrement
FormatMessageA
GetFileAttributesA
WideCharToMultiByte
MultiByteToWideChar
lstrlenA
GetLastError
SetLastError
MoveFileA
DeleteFileA
GetModuleFileNameA
CopyFileA
CreateDirectoryA
GetPrivateProfileSectionNamesA
IsBadReadPtr
lstrcmpiA
SetFilePointer
IsBadCodePtr
GetFileType
GetStdHandle
SetHandleCount
GetEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsW
FreeEnvironmentStringsA
VirtualAlloc
VirtualFree
HeapCreate
GetEnvironmentVariableA
UnhandledExceptionFilter
HeapSize
HeapReAlloc
TerminateProcess
GetOEMCP
GetACP
GetCPInfo
LCMapStringW
LCMapStringA
SetUnhandledExceptionFilter
TlsGetValue
GetCurrentThreadId
lstrcpyA
VirtualQuery
VirtualProtect
InterlockedExchange
UnmapViewOfFile
MapViewOfFile
SearchPathA
ResetEvent
QueryPerformanceCounter
CreateFileMappingA
RtlUnwind
RaiseException
GetCurrentThread
ExitThread
HeapAlloc
TlsSetValue
GetStartupInfoA
ExitProcess
HeapFree
TlsAlloc

user32

DestroyWindow
IsDialogMessageA
GetDlgItem
SendMessageA
CreateDialogIndirectParamA
SetDlgItemTextA
MessageBoxA
PeekMessageA
ExitWindowsEx
GetMessageA
MsgWaitForMultipleObjects
CharNextA
LoadStringA
CharUpperA
wsprintfA
CharLowerBuffA
TranslateMessage
DispatchMessageA
PostThreadMessageA
GetDesktopWindow

advapi32

RegEnumValueA
RegEnumKeyExA
RegConnectRegistryA
RegDeleteValueA
RegQueryInfoKeyA
RegSetValueExA
OpenProcessToken
LookupPrivilegeValueA
AdjustTokenPrivileges
RegOpenKeyA
RegDeleteKeyA
RegCloseKey
RegCreateKeyExA
RegOpenKeyExA
RegQueryValueExA
FreeSid
EqualSid
RegQueryValueA
AllocateAndInitializeSid
GetTokenInformation
OpenThreadToken

shell32

SHGetMalloc
SHGetSpecialFolderLocation
SHGetPathFromIDListA

ole32

OleSaveToStream
StgOpenStorage
CoUninitialize
CoMarshalInterThreadInterfaceInStream
CoCreateInstance
CoInitialize
CoGetInterfaceAndReleaseStream
CoTaskMemFree
ProgIDFromCLSID
WriteClassStm
StgCreateDocfile
OleLoadFromStream
CreateStreamOnHGlobal
StringFromCLSID
CoRegisterClassObject
CoRevokeClassObject
CLSIDFromString
GetRunningObjectTable
CreateFileMoniker
CoReleaseMarshalData
CoMarshalInterface
CoUnmarshalInterface

oleaut32

SysStringByteLen
SafeArrayGetDim
SysAllocString
SafeArrayGetUBound
SafeArrayGetLBound
SysAllocStringByteLen
RegisterTypeLi
SafeArrayCopy
LoadTypeLi
SafeArrayDestroy
SafeArrayCreate
SafeArrayGetElement
VariantChangeType
SafeArrayPutElement
VariantCopy
SysAllocStringLen
VariantInit
LoadRegTypeLi
VariantClear
SysStringLen
SysReAllocStringLen
VariantCopyInd
SetErrorInfo
CreateErrorInfo
SysFreeString

msi

ord136
ord49
ord159
ord8
ord46
ord117
ord79
ord75
ord116
ord146
ord189
ord124
ord17
ord120
ord7
ord95
ord168
ord141
ord67
ord33
ord144
ord18
ord91
ord93
ord87
ord31
ord73
ord112
ord103
ord160

rpcrt4

NdrConformantStringUnmarshall
NdrPointerBufferSize
NdrPointerMarshall
NdrPointerFree
NdrServerInitializeNew
NdrConvert
I_RpcGetBuffer
RpcRaiseException
RpcServerListen
RpcServerRegisterIf
RpcServerUseProtseqEpA
RpcServerUnregisterIf
RpcMgmtStopServerListening

comctl32

ord17

version

VerQueryValueA
GetFileVersionInfoA
GetFileVersionInfoSizeA

Sections

.text
Size: 404KB - Virtual size: 404KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 76KB - Virtual size: 75KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 32KB - Virtual size: 117KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 168KB - Virtual size: 168KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

dodhsup
Size: - Virtual size: 4KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.text
Size: 548KB - Virtual size: 548KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

qnspexv
Size: 72KB - Virtual size: 72KB

IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.text
Size: 548KB - Virtual size: 548KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

982a611e85a356b3fee39155e16bf007

Headers

File Characteristics

Imports

kernel32

user32

advapi32

shell32

ole32

oleaut32

msi

rpcrt4

comctl32

version

Sections

.text Size: 404KB - Virtual size: 404KB

.rdata Size: 76KB - Virtual size: 75KB

.data Size: 32KB - Virtual size: 117KB

.rsrc Size: 168KB - Virtual size: 168KB

dodhsup Size: - Virtual size: 4KB

.text Size: 548KB - Virtual size: 548KB

qnspexv Size: 72KB - Virtual size: 72KB

.text Size: 548KB - Virtual size: 548KB

.text
Size: 404KB - Virtual size: 404KB

.rdata
Size: 76KB - Virtual size: 75KB

.data
Size: 32KB - Virtual size: 117KB

.rsrc
Size: 168KB - Virtual size: 168KB

dodhsup
Size: - Virtual size: 4KB

.text
Size: 548KB - Virtual size: 548KB

qnspexv
Size: 72KB - Virtual size: 72KB

.text
Size: 548KB - Virtual size: 548KB