0b9a4cf94d813c559e91bcc7dd11467217d7ea26bd176796cc82705b1b15f840

Sharing

Copy URL Twitter E-mail

General

Target

0b9a4cf94d813c559e91bcc7dd11467217d7ea26bd176796cc82705b1b15f840
Size

14.2MB
MD5

73d11f0cbbbc0838d66bf324052115d1
SHA1

e1e23f9f1270bf455f2ccfc27c84fd7334a097d7
SHA256

0b9a4cf94d813c559e91bcc7dd11467217d7ea26bd176796cc82705b1b15f840
SHA512

7f5654200ecb3ed0592ac819690fe345b4d60b69490767d8585165164c1e5790bf2382ac008df6a6adcb570711c2841a86414b3d356f8e1f72fbe90a1eb8438a
SSDEEP

393216:tmpcHHvQfjIhx8/I1LFluXShdpAs8iI/S:dvQfMP8/mLT8SO3iIK

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
0b9a4cf94d813c559e91bcc7dd11467217d7ea26bd176796cc82705b1b15f840

Files

0b9a4cf94d813c559e91bcc7dd11467217d7ea26bd176796cc82705b1b15f840
.exe windows:5 windows x86 arch:x86

5d330ba49316182acfc01f724450ba9e

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

E:\works\10780\UniAccess3_1\src\UniAccessAgent\Prometheus2\lva_setup_exe\Release\lva_setup_exe.pdb

Imports

wldap32

ord301
ord147
ord133
ord79
ord145
ord167
ord127
ord27
ord26
ord117
ord41
ord208
ord216
ord14
ord46
ord219
ord142

kernel32

MapViewOfFile
UnmapViewOfFile
CreateFileMappingW
CreateDirectoryW
RemoveDirectoryW
GetFileAttributesExW
FindFirstFileW
FindNextFileW
CopyFileW
MoveFileExW
GetLogicalDrives
GetDriveTypeW
ReleaseMutex
CreateMutexA
GetVersionExW
OpenFileMappingW
DecodePointer
RaiseException
InitializeCriticalSectionAndSpinCount
SystemTimeToFileTime
FileTimeToLocalFileTime
FileTimeToSystemTime
GetVolumeInformationW
LockResource
LoadResource
SizeofResource
LoadLibraryExW
FindResourceW
GetCommandLineW
lstrcmpiA
OpenEventA
GetVolumeNameForVolumeMountPointW
HeapReAlloc
SetEndOfFile
IsValidCodePage
SleepEx
QueryPerformanceCounter
CompareFileTime
GetEnvironmentVariableA
GetLocaleInfoW
GetStdHandle
PeekNamedPipe
VerSetConditionMask
VerifyVersionInfoW
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
SwitchToFiber
DeleteFiber
CreateFiber
GetModuleHandleExW
GetConsoleMode
SetConsoleMode
ReadConsoleA
ReadConsoleW
ConvertFiberToThread
ConvertThreadToFiber
GetSystemTime
GetACP
SetConsoleCtrlHandler
SystemTimeToTzSpecificLocalTime
ExitProcess
GetTimeZoneInformation
FreeLibraryAndExitThread
ExitThread
CreateThread
RtlUnwind
OutputDebugStringW
GetCPInfo
LCMapStringW
CompareStringW
SwitchToThread
EncodePointer
GetStringTypeW
InitializeSListHead
GetStartupInfoW
IsDebuggerPresent
WaitForSingleObjectEx
IsProcessorFeaturePresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
FindClose
LocalAlloc
MoveFileW
DeleteFileW
GetUserDefaultUILanguage
HeapSize
IsBadReadPtr
QueryDosDeviceW
GetCurrentDirectoryW
GetTempPathW
GetSystemDirectoryW
GetEnvironmentVariableW
GetModuleFileNameW
LoadLibraryW
TryEnterCriticalSection
SetLastError
DuplicateHandle
ResumeThread
SuspendThread
GetFullPathNameW
ExpandEnvironmentStringsW
GetLongPathNameW
GetModuleHandleA
TerminateProcess
FlushFileBuffers
CreateProcessW
SetFileAttributesW
GetFileAttributesW
CreateMutexW
MultiByteToWideChar
DeviceIoControl
GetNativeSystemInfo
FormatMessageW
LocalFree
CreateSemaphoreW
ReleaseSemaphore
SetFilePointerEx
GetUserDefaultLCID
IsValidLocale
GetLocaleInfoA
GetFileType
WideCharToMultiByte
CreateEventW
WaitForMultipleObjects
FreeLibrary
LoadLibraryA
InterlockedCompareExchange
CreateIoCompletionPort
GetProcessHeap
HeapAlloc
GetQueuedCompletionStatus
HeapFree
CancelIo
GetTickCount
InterlockedIncrement
GetCurrentProcessId
GetCurrentThread
GetCurrentThreadId
GetExitCodeProcess
GetSystemTimeAsFileTime
GetModuleHandleW
GetProcAddress
GetDiskFreeSpaceExW
Sleep
OpenProcess
GetCurrentProcess
GetSystemWindowsDirectoryW
DeleteCriticalSection
InitializeCriticalSection
LeaveCriticalSection
InterlockedDecrement
EnterCriticalSection
CreateEventA
ResetEvent
WriteConsoleW
SetEvent
WaitForSingleObject
GetFileSizeEx
GetFileTime
DosDateTimeToFileTime
LocalFileTimeToFileTime
SetFileTime
CloseHandle
CreateFileA
GetLastError
CreateFileW
SetFilePointer
WriteFile
ReadFile
GetConsoleCP
GetDateFormatW
GetTimeFormatW
EnumSystemLocalesW
SetStdHandle
FindFirstFileExW
GetOEMCP
GetCommandLineA
GetEnvironmentStringsW
FreeEnvironmentStringsW
SetEnvironmentVariableA

user32

TranslateAcceleratorW
ClientToScreen
SetTimer
DispatchMessageW
ShowWindow
InvalidateRect
ReleaseDC
BeginPaint
EndPaint
MessageBoxW
SendMessageW
LoadStringW
LoadAcceleratorsW
RegisterClassExW
ScreenToClient
CreateWindowExW
SetWindowPos
GetDC
DefWindowProcW
LoadIconW
UpdateLayeredWindow
PeekMessageW
GetCursorPos
LoadCursorW
UpdateWindow
KillTimer
PostQuitMessage
SystemParametersInfoW
PtInRect
GetUserObjectInformationW
TranslateMessage
SetCursor
GetMessageW
GetClientRect
RegisterDeviceNotificationW
UnregisterDeviceNotification
GetProcessWindowStation
MsgWaitForMultipleObjects

gdi32

DeleteObject
SetBkMode
DeleteDC
CreateCompatibleDC
SelectObject
CreateCompatibleBitmap

advapi32

ConvertStringSecurityDescriptorToSecurityDescriptorW
StartServiceW
QueryServiceStatusEx
QueryServiceStatus
QueryServiceConfigW
OpenServiceW
OpenSCManagerW
DeleteService
CreateServiceW
ControlService
CloseServiceHandle
ChangeServiceConfigW
SetSecurityInfo
AddAccessAllowedAce
RegSetValueExW
RegCreateKeyExW
ReportEventW
RegisterEventSourceW
DeregisterEventSource
RegQueryValueExW
RegOpenKeyExW
RegCloseKey
SetNamedSecurityInfoW
GetNamedSecurityInfoW
ConvertSecurityDescriptorToStringSecurityDescriptorW
SetFileSecurityW
GetSecurityDescriptorSacl
SetSecurityDescriptorControl
GetSecurityDescriptorControl
AddAccessAllowedAceEx
AddAce
InitializeAcl
GetUserNameW
ConvertStringSidToSidW
DuplicateTokenEx
CreateProcessWithLogonW
CreateProcessAsUserW
GetLengthSid
IsValidSid
SetTokenInformation
AllocateAndInitializeSid
LogonUserW
FreeSid
GetTokenInformation
SetSecurityDescriptorDacl
GetSecurityDescriptorDacl
GetAclInformation
GetAce
EqualSid
GetFileSecurityW
InitializeSecurityDescriptor
LookupAccountNameW
LookupPrivilegeValueW
AdjustTokenPrivileges
OpenProcessToken
CryptAcquireContextW
CryptGenRandom
CryptReleaseContext
RegQueryValueExA
ConvertSidToStringSidW
CryptDestroyKey
CryptSetHashParam
CryptGetProvParam
CryptGetUserKey
CryptExportKey
CryptDecrypt
CryptCreateHash
CryptDestroyHash
CryptSignHashW
CryptEnumProvidersW

shell32

ShellExecuteExW
SHFileOperationW

ws2_32

getnameinfo
WSAEventSelect
WSAGetLastError
closesocket
setsockopt
ioctlsocket
inet_ntoa
ntohs
send
getsockname
shutdown
WSAStringToAddressA
recv
__WSAFDIsSet
htons
getsockopt
connect
socket
inet_addr
select
listen
bind
accept
htonl
ntohl
gethostname
WSAStartup
WSACleanup
getaddrinfo
freeaddrinfo
recvfrom
sendto
getpeername
WSASetLastError
WSAIoctl
WSACloseEvent
WSACreateEvent
WSAEnumNetworkEvents

gdiplus

GdipDrawImageI
GdipCreatePen1
GdipSetStringFormatAlign
GdipDeletePen
GdipCreateBitmapFromFile
GdipGetImageWidth
GdipGetFontSize
GdipDeleteStringFormat
GdipDeleteGraphics
GdipGetImageGraphicsContext
GdipCloneBrush
GdipCreateFromHDC
GdipSetPenLineJoin
GdipSetImageAttributesWrapMode
GdipDrawPath
GdipFree
GdipCreateImageAttributes
GdipAddPathStringI
GdipFillPath
GdipGetFontStyle
GdipCreateSolidFill
GdipCreateFont
GdipSetStringFormatLineAlign
GdipCreatePath
GdipSetSmoothingMode
GdipDisposeImage
GdipDeletePath
GdipDisposeImageAttributes
GdipAlloc
GdipDeleteBrush
GdipCloneImage
GdipDrawImageRectRect
GdipCreateFontFamilyFromName
GdipGetFamily
GdipGetImageHeight
GdipDeleteFontFamily
GdipCreateStringFormat
GdiplusShutdown
GdiplusStartup
GdipCreateBitmapFromScan0

comctl32

_TrackMouseEvent

rpcrt4

UuidCreate
RpcStringFreeA
UuidToStringA

userenv

CreateEnvironmentBlock
DestroyEnvironmentBlock

crypt32

CertGetCertificateContextProperty
CertOpenStore
CertOpenSystemStoreW
CertGetIntendedKeyUsage
CertEnumCertificatesInStore
CertDuplicateCertificateContext
CertFindCertificateInStore
CertCloseStore
CertFreeCertificateContext
CertGetEnhancedKeyUsage

setupapi

SetupDiGetClassDevsW
SetupDiDestroyDeviceInfoList
SetupDiEnumDeviceInfo
CM_Get_Device_ID_List_SizeW
CM_Get_Device_Interface_ListW
CM_Get_Device_Interface_List_SizeW
SetupDiRemoveDevice
CM_Get_Device_IDW
CM_Get_Device_ID_ListW
CM_Get_DevNode_Status

dnsapi

DnsQuery_W
DnsFree

version

GetFileVersionInfoW
VerQueryValueW
GetFileVersionInfoSizeW

Exports

Exports

CloseZipU
FormatZipMessageU
GetZipItem
OpenZip
SetUnzipBaseDir
UnzipItem

Sections

.text
Size: 2.5MB - Virtual size: 2.5MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 643KB - Virtual size: 643KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 34KB - Virtual size: 58KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Shared
Size: 512B - Virtual size: 1B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 794KB - Virtual size: 793KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 96KB - Virtual size: 96KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

lva.x64
Size: 161.0MB - Virtual size: 161.0MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

lva.man
Size: 368KB - Virtual size: 368KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

lva.ini
Size: 12KB - Virtual size: 11KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

lva.bg
Size: 135KB - Virtual size: 134KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

5d330ba49316182acfc01f724450ba9e

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

wldap32

kernel32

user32

gdi32

advapi32

shell32

ws2_32

gdiplus

comctl32

rpcrt4

userenv

crypt32

setupapi

dnsapi

version

Exports

Exports

Sections

.text Size: 2.5MB - Virtual size: 2.5MB

.rdata Size: 643KB - Virtual size: 643KB

.data Size: 34KB - Virtual size: 58KB

Shared Size: 512B - Virtual size: 1B

.rsrc Size: 794KB - Virtual size: 793KB

.reloc Size: 96KB - Virtual size: 96KB

lva.x64 Size: 161.0MB - Virtual size: 161.0MB

lva.man Size: 368KB - Virtual size: 368KB

lva.ini Size: 12KB - Virtual size: 11KB

lva.bg Size: 135KB - Virtual size: 134KB

.text
Size: 2.5MB - Virtual size: 2.5MB

.rdata
Size: 643KB - Virtual size: 643KB

.data
Size: 34KB - Virtual size: 58KB

Shared
Size: 512B - Virtual size: 1B

.rsrc
Size: 794KB - Virtual size: 793KB

.reloc
Size: 96KB - Virtual size: 96KB

lva.x64
Size: 161.0MB - Virtual size: 161.0MB

lva.man
Size: 368KB - Virtual size: 368KB

lva.ini
Size: 12KB - Virtual size: 11KB

lva.bg
Size: 135KB - Virtual size: 134KB