438d08a1f6b877e4d686e9875080dd453a7a59421280e83b9d6578d165708343

Sharing

Copy URL Twitter E-mail

General

Target

438d08a1f6b877e4d686e9875080dd453a7a59421280e83b9d6578d165708343
Size

665KB
MD5

f782b9796711e595fd64ed9ce4552a29
SHA1

c3ce1e682f31094306f4b83695c9f1b1b5f57ff1
SHA256

438d08a1f6b877e4d686e9875080dd453a7a59421280e83b9d6578d165708343
SHA512

0c0b734f2f065ede6b50b3ac9fdf1725b725146aba943d690fb06c0f5b40c1713bf72d14bc38a4bec8f4edc3fca2a4e7354a8bb99387e11ec994b11d819fe861
SSDEEP

12288:zE5E7qING1E7xkuwJWc3OFEK7huXuINHnmAQCTYxPOEo:z7+SKUk3JWceFEMk+I5mLCTYxPOEo

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
438d08a1f6b877e4d686e9875080dd453a7a59421280e83b9d6578d165708343

Files

438d08a1f6b877e4d686e9875080dd453a7a59421280e83b9d6578d165708343
.exe windows:6 windows x86 arch:x86

2bf79f48aedc6cb9a703fa6caaccb1a9

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

userenv

DestroyEnvironmentBlock
CreateEnvironmentBlock

wevtapi

EvtNext
EvtClose
EvtSubscribe
EvtCreateRenderContext
EvtRender

wtsapi32

WTSQuerySessionInformationW
WTSFreeMemory
WTSQueryUserToken
WTSEnumerateSessionsW

kernel32

OpenEventW
Sleep
WaitForMultipleObjects
GetCurrentProcess
GetCurrentProcessId
GetCurrentThreadId
CreateProcessW
OpenProcess
GetTickCount
GetTickCount64
FindResourceExW
FreeLibrary
GetModuleFileNameW
GetModuleHandleW
GetProcAddress
LoadLibraryExW
LoadResource
LockResource
SizeofResource
FindResourceW
FormatMessageW
lstrcmpiW
QueryFullProcessImageNameW
MultiByteToWideChar
CreateToolhelp32Snapshot
Process32FirstW
Process32NextW
K32GetModuleFileNameExW
LoadLibraryW
ResetEvent
CreateEventW
LCMapStringEx
GetVersionExW
LocalFree
OpenMutexW
GetProcessTimes
ProcessIdToSessionId
GetSystemTimeAsFileTime
GetWindowsDirectoryW
OpenFileMappingW
MapViewOfFile
UnmapViewOfFile
LocaleNameToLCID
SetThreadUILanguage
WaitForMultipleObjectsEx
CreateFileMappingW
DebugBreak
ReleaseSemaphore
WaitForSingleObjectEx
OpenSemaphoreW
CreateMutexExW
CreateSemaphoreExW
GetModuleFileNameA
GetModuleHandleExW
WideCharToMultiByte
ExpandEnvironmentStringsW
FindFirstChangeNotificationW
FindNextChangeNotification
GetFileSizeEx
GetFileTime
LockFileEx
UnlockFileEx
MulDiv
lstrcmpW
SetEnvironmentVariableW
GetFileAttributesW
GetFileSize
SetEndOfFile
SetFilePointer
EnumSystemLocalesW
GetUserDefaultLCID
IsValidLocale
GetLocaleInfoW
LCMapStringW
GetFileType
GetStdHandle
ExitProcess
WaitForSingleObject
GetCommandLineA
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
InitializeCriticalSectionAndSpinCount
RtlUnwind
GetStartupInfoW
TerminateProcess
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetCPInfo
GetStringTypeW
SleepConditionVariableSRW
WakeAllConditionVariable
QueryPerformanceCounter
GetFileInformationByHandleEx
AreFileApisANSI
SetFileInformationByHandle
GetFileInformationByHandle
GetFileAttributesExW
FindNextFileW
FindFirstFileExW
FindFirstFileW
ReleaseMutex
SetEvent
DeleteCriticalSection
WriteConsoleW
InitializeCriticalSectionEx
LeaveCriticalSection
EnterCriticalSection
GetProcessHeap
CreateMutexW
HeapSize
HeapFree
HeapReAlloc
HeapAlloc
HeapDestroy
RaiseException
DecodePointer
IsDebuggerPresent
ReadFile
FindCloseChangeNotification
DeleteFileW
WritePrivateProfileStringW
GetPrivateProfileStringW
SetLastError
GetLastError
CloseHandle
WriteFile
CreateFileW
OutputDebugStringW
FlushFileBuffers
GetConsoleOutputCP
GetConsoleMode
SetFilePointerEx
ReadConsoleW
IsValidCodePage
GetACP
GetOEMCP
GetEnvironmentStringsW
FindClose
CreateDirectoryW
GetLocaleInfoEx
FormatMessageA
TryAcquireSRWLockExclusive
AcquireSRWLockExclusive
ReleaseSRWLockExclusive
LoadLibraryExA
VirtualFree
VirtualAlloc
IsProcessorFeaturePresent
FlushInstructionCache
InterlockedPushEntrySList
InterlockedPopEntrySList
InitializeSListHead
EncodePointer
FreeEnvironmentStringsW
SetStdHandle
GetCommandLineW

user32

GetClassInfoExW
CreateWindowExW
DestroyWindow
CharNextW
AllowSetForegroundWindow
UnregisterClassW
SetWindowLongW
FindWindowW
GetWindowThreadProcessId
PostMessageW
PeekMessageW
DispatchMessageW
TranslateMessage
LoadCursorW
DestroyIcon
LoadStringW
GetSystemMetrics
GetDC
RegisterWindowMessageW
RegisterHotKey
UnregisterHotKey
SendMessageW
DefWindowProcW
RegisterClassExW
GetMessageW
SetUserObjectInformationW
MessageBoxA
PostQuitMessage
GetClassNameW
EnumWindows
IsIconic
MonitorFromWindow
SystemParametersInfoW
LoadImageW
GetWindow
GetParent
GetDesktopWindow
FillRect
GetSysColorBrush
GetSysColor
MapWindowPoints
SetCursor
GetWindowRect
GetClientRect
SetWindowTextW
RedrawWindow
InvalidateRect
ReleaseDC
GetDlgCtrlID
SetDlgItemTextW
GetDlgItem
IsWindowVisible
IsWindow
ChangeWindowMessageFilterEx
GetMonitorInfoW
MonitorFromPoint
IsDialogMessageW
GetLastActivePopup
GetWindowLongW
GetCursorPos
MessageBoxW
SetForegroundWindow
TrackPopupMenu
AppendMenuW
DestroyMenu
CreatePopupMenu
KillTimer
SetTimer
MsgWaitForMultipleObjectsEx
CreateDialogParamW
SetWindowPos
ShowWindow
CallWindowProcW

gdi32

Polygon
SelectObject
DeleteObject
CreatePen
CreateCompatibleBitmap
GetDeviceCaps
DeleteDC
CreateCompatibleDC

advapi32

LookupPrivilegeValueW
RegCreateKeyExW
RegDeleteValueW
StartServiceW
StartServiceCtrlDispatcherW
SetServiceStatus
RegisterServiceCtrlHandlerExW
QueryServiceStatusEx
OpenServiceW
OpenSCManagerW
ControlService
CloseServiceHandle
ChangeServiceConfigW
CreateProcessAsUserW
ConvertStringSecurityDescriptorToSecurityDescriptorW
RegCloseKey
FreeSid
CheckTokenMembership
AllocateAndInitializeSid
AdjustTokenPrivileges
OpenProcessToken
RegOpenKeyExW
RegEnumKeyExW
RegDeleteKeyW
RegSetValueExW
RegQueryValueExW
RegQueryInfoKeyW
RegEnumValueW

shell32

SetCurrentProcessExplicitAppUserModelID
Shell_NotifyIconW
ShellExecuteW

ole32

CoTaskMemFree
StringFromGUID2
CoCreateGuid
CoUninitialize
CoCreateInstance
CoInitialize
IIDFromString
CoTaskMemRealloc
CoTaskMemAlloc

oleaut32

VariantInit
VariantClear
VarI4FromStr
VarDecCmp
VarDecFromStr
VarDateFromStr
SysAllocString
SysFreeString
VarUI4FromStr
VarR8FromStr

comctl32

ord381
ord345

uxtheme

SetWindowTheme

winhttp

WinHttpWriteData
WinHttpSetStatusCallback
WinHttpCloseHandle
WinHttpReadData
WinHttpSetCredentials
WinHttpSendRequest
WinHttpAddRequestHeaders
WinHttpOpenRequest
WinHttpSetOption
WinHttpConnect
WinHttpOpen
WinHttpCrackUrl
WinHttpQueryHeaders
WinHttpReceiveResponse
WinHttpQueryAuthSchemes

Sections

.text
Size: 475KB - Virtual size: 474KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 99KB - Virtual size: 99KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 35KB - Virtual size: 35KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 23KB - Virtual size: 22KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

2bf79f48aedc6cb9a703fa6caaccb1a9

Headers

DLL Characteristics

File Characteristics

Imports

userenv

wevtapi

wtsapi32

kernel32

user32

gdi32

advapi32

shell32

ole32

oleaut32

comctl32

uxtheme

winhttp

Sections

.text Size: 475KB - Virtual size: 474KB

.rdata Size: 99KB - Virtual size: 99KB

.data Size: 12KB - Virtual size: 15KB

.rsrc Size: 35KB - Virtual size: 35KB

.reloc Size: 23KB - Virtual size: 22KB

.text
Size: 475KB - Virtual size: 474KB

.rdata
Size: 99KB - Virtual size: 99KB

.data
Size: 12KB - Virtual size: 15KB

.rsrc
Size: 35KB - Virtual size: 35KB

.reloc
Size: 23KB - Virtual size: 22KB