a64fae54b1b33000ccf43f479890df90d3948000acb7d494ae421a6e10d1937b

Sharing

Copy URL Twitter E-mail

General

Target

a64fae54b1b33000ccf43f479890df90d3948000acb7d494ae421a6e10d1937b
Size

1.3MB
MD5

a076a0dd47851d65d9ef87bc0b8b0512
SHA1

073d8adda4f0a439fc5fe25f188f28b91879c139
SHA256

a64fae54b1b33000ccf43f479890df90d3948000acb7d494ae421a6e10d1937b
SHA512

7cced045f92194ba99c4bd061961bbfd61fb8fa8348bcba132ed7315139ad61b581ee3d81cdad8fc13fd6f0a04c4cf27b412626edb82e86d21156faf3b854d6a
SSDEEP

12288:z1JouL+TYsl+iFk2IzvwGtiTb9X09avdk9afql8HxBnJubxrCHD3e6Xz0iW/EXd:z/Ucsl+igal4ayyDPHDZXz0iW/EXd

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
a64fae54b1b33000ccf43f479890df90d3948000acb7d494ae421a6e10d1937b

Files

a64fae54b1b33000ccf43f479890df90d3948000acb7d494ae421a6e10d1937b
.dll windows:4 windows x86 arch:x86

92760cf7c1a919720bacfbd22da8dbce

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

ExitProcess
TerminateProcess
ExitThread
HeapSize
HeapReAlloc
FatalAppExitA
LCMapStringA
LCMapStringW
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
GetModuleFileNameA
FreeEnvironmentStringsA
FreeEnvironmentStringsW
GetEnvironmentStrings
GetEnvironmentStringsW
GetEnvironmentVariableA
GetVersionExA
HeapDestroy
HeapCreate
VirtualFree
VirtualAlloc
IsBadWritePtr
SetUnhandledExceptionFilter
UnhandledExceptionFilter
IsBadReadPtr
IsBadCodePtr
GetCPInfo
IsValidLocale
IsValidCodePage
GetLocaleInfoA
EnumSystemLocalesA
GetUserDefaultLCID
GetACP
GetOEMCP
GetStringTypeA
GetStringTypeW
SetConsoleCtrlHandler
SetStdHandle
GetLocaleInfoW
CompareStringA
CompareStringW
RaiseException
SleepEx
GetCommandLineA
GetLocalTime
GetSystemTime
GetTimeZoneInformation
RtlUnwind
SystemTimeToFileTime
LocalFileTimeToFileTime
GetShortPathNameW
GetThreadLocale
GetStringTypeExW
GetFullPathNameW
SetEndOfFile
UnlockFile
LockFile
SetFilePointer
DuplicateHandle
GlobalSize
GetProcessVersion
GetCurrentDirectoryW
WritePrivateProfileStringW
DefineDosDeviceW
SetVolumeLabelW
QueryDosDeviceA
GetLogicalDrives
GetDriveTypeW
GetDriveTypeA
QueryPerformanceCounter
VirtualQueryEx
InterlockedExchangeAdd
InterlockedExchange
InterlockedCompareExchange
CreateProcessA
ReadProcessMemory
GetThreadPriority
GetPriorityClass
SetPriorityClass
MoveFileExA
RemoveDirectoryA
CopyFileA
CreateDirectoryA
MoveFileA
DeleteFileA
GetFileAttributesA
SetFileAttributesA
GetEnvironmentVariableW
GetTempPathW
GetTempPathA
GetCurrentDirectoryA
ExpandEnvironmentStringsW
GetSystemDirectoryA
ExpandEnvironmentStringsA
AllocConsole
WriteConsoleW
FreeConsole
GetExitCodeThread
TerminateThread
ResetEvent
GetVersionExW
FindResourceExW
OutputDebugStringW
FormatMessageA
GetPrivateProfileStringW
GetPrivateProfileIntW
SizeofResource
GlobalFlags
lstrcmpiW
SetErrorMode
TlsGetValue
LocalReAlloc
TlsSetValue
GlobalReAlloc
TlsFree
GlobalHandle
TlsAlloc
LocalAlloc
lstrcpynW
FileTimeToLocalFileTime
SetLastError
LoadLibraryA
lstrcatW
GlobalAddAtomW
GlobalFindAtomW
lstrcpyW
SuspendThread
SetThreadPriority
ResumeThread
GetModuleFileNameW
GlobalAlloc
GlobalDeleteAtom
lstrcmpiA
GetCurrentThread
lstrcmpA
ReleaseMutex
CreateMutexW
ReleaseSemaphore
CreateSemaphoreW
lstrlenA
lstrlenW
InterlockedDecrement
InterlockedIncrement
GlobalLock
GlobalUnlock
GlobalFree
LockResource
FindResourceW
LoadResource
WideCharToMultiByte
FormatMessageW
GetVersion
FreeLibrary
GetUserDefaultLangID
GetSystemDefaultLangID
MultiByteToWideChar
MulDiv
GetExitCodeProcess
GetProcessTimes
FileTimeToSystemTime
GetDiskFreeSpaceExW
PulseEvent
GetFileTime
SetFileTime
GetProcessHeap
HeapAlloc
HeapFree
VirtualQuery
CreateProcessW
WriteFile
GetFileSize
GetComputerNameA
GetComputerNameW
FlushFileBuffers
CreateDirectoryW
GetFileAttributesExA
GetFileAttributesExW
CreateFileW
GetVolumeInformationW
QueryDosDeviceW
DeviceIoControl
ReadFile
GetTickCount
Sleep
MoveFileW
CopyFileW
SetFileAttributesW
lstrcmpW
RemoveDirectoryW
MoveFileExW
DeleteFileW
GetSystemInfo
FindFirstFileW
FindNextFileW
FindFirstFileA
FindNextFileA
FindClose
LoadLibraryW
LocalFree
OpenProcess
GetLastError
GetCurrentProcess
CreateThread
GetModuleHandleA
CreateFileA
GetFileInformationByHandle
GetCurrentProcessId
GetCurrentThreadId
GetFileAttributesW
LeaveCriticalSection
EnterCriticalSection
WaitForSingleObject
GetSystemDirectoryW
WaitForMultipleObjects
CreateEventW
SetEvent
CloseHandle
DeleteCriticalSection
InitializeCriticalSection
GetModuleHandleW
SetEnvironmentVariableA
GetProcAddress

user32

SetScrollInfo
ShowScrollBar
GetScrollRange
GetScrollPos
SetScrollPos
GetTopWindow
IsChild
GetCapture
WinHelpW
wsprintfW
GetClassInfoW
RegisterClassW
GetMenu
GetMenuItemCount
GetSubMenu
GetMenuItemID
TrackPopupMenu
SetWindowPlacement
GetWindowTextLengthW
GetDlgCtrlID
SetPropW
UnhookWindowsHookEx
GetPropW
CallWindowProcW
RemovePropW
SendMessageW
EnableWindow
GetDesktopWindow
GetWindowRect
SetTimer
EnableMenuItem
GetSystemMenu
GetScrollInfo
GetMessageTime
GetMessagePos
GetWindow
RegisterWindowMessageW
OffsetRect
IntersectRect
SystemParametersInfoW
IsIconic
GetWindowPlacement
GetMenuCheckMarkDimensions
LoadBitmapW
EqualRect
ModifyMenuW
SetMenuItemBitmaps
CheckMenuItem
GetFocus
GetMessageW
GetKeyState
CallNextHookEx
ValidateRect
GetCursorPos
SetWindowsHookExW
GetLastActivePopup
ShowOwnedPopups
PostQuitMessage
GetNextDlgTabItem
EndDialog
GetActiveWindow
SetActiveWindow
CreateDialogIndirectParamW
DestroyWindow
GetDlgItem
ScrollWindow
EndDeferWindowPos
CopyRect
BeginDeferWindowPos
KillTimer
DeferWindowPos
IsWindowEnabled
IsWindow
SetParent
GetSysColorBrush
CloseDesktop
SetThreadDesktop
SetScrollRange
GetThreadDesktop
OpenDesktopW
OpenInputDesktop
GetUserObjectInformationW
GetProcessWindowStation
FindWindowExW
GetWindowThreadProcessId
GetClassNameW
GetForegroundWindow
CloseWindowStation
MessageBoxA
SetProcessWindowStation
OpenWindowStationW
MessageBoxW
ScreenToClient
AdjustWindowRectEx
SetFocus
MapWindowPoints
SendDlgItemMessageA
SendDlgItemMessageW
CheckDlgButton
CheckRadioButton
GetDlgItemInt
GetDlgItemTextW
SetDlgItemInt
SetDlgItemTextW
IsDlgButtonChecked
ScrollWindowEx
IsDialogMessageW
SetWindowTextW
MoveWindow
wvsprintfW
LoadStringW
DestroyMenu
ClientToScreen
GetDC
ReleaseDC
GetWindowDC
TabbedTextOutW
GrayStringW
InflateRect
PtInRect
GetDialogBaseUnits
InsertMenuW
DeleteMenu
GetMenuStringW
AppendMenuW
SendMessageTimeoutW
EnumDesktopWindows
IsWindowVisible
GetWindowLongW
RemoveMenu
CharUpperW
GetMenuState
DrawTextW
BeginPaint
EndPaint
UnregisterClassW
GetClassInfoExW
LoadIconW
RegisterClassExW
PostMessageW
GetSystemMetrics
SetWindowLongW
MsgWaitForMultipleObjects
PeekMessageW
TranslateMessage
DispatchMessageW
DefWindowProcW
SetRectEmpty
LoadCursorW
SetCursor
FillRect
RedrawWindow
InvalidateRect
UpdateWindow
GetSysColor
CreateWindowExW
GetClientRect
AttachThreadInput
ShowWindow
SetWindowPos
SetForegroundWindow
GetWindowTextW
GetWindowTextA
EnumChildWindows
EnumWindows
GetParent

gdi32

GetClipRgn
CreateRectRgn
SelectClipPath
ExtSelectClipRgn
PlayMetaFileRecord
EnumMetaFile
PlayMetaFile
GetViewportExtEx
GetWindowExtEx
CreatePen
ExtCreatePen
CreateHatchBrush
CreatePatternBrush
CreateDIBPatternBrushPt
PtVisible
PolyDraw
TextOutW
ExtTextOutW
Escape
GetMapMode
PatBlt
SetRectRgn
CombineRgn
CreateRectRgnIndirect
DPtoLP
GetTextMetricsW
CopyMetaFileW
CreateDCW
SetArcDirection
PolyBezierTo
GetCurrentPositionEx
SetMapperFlags
SetTextCharacterExtra
SetTextJustification
SetTextAlign
LineTo
MoveToEx
OffsetClipRgn
IntersectClipRect
ExcludeClipRect
SelectClipRgn
ScaleWindowExtEx
SetWindowExtEx
OffsetWindowOrgEx
SetWindowOrgEx
ScaleViewportExtEx
SetViewportExtEx
OffsetViewportOrgEx
SetViewportOrgEx
SetMapMode
SetStretchBltMode
SetROP2
SetPolyFillMode
SelectPalette
RestoreDC
SaveDC
StartDocW
DeleteDC
SetBkColor
GetClipBox
SetColorAdjustment
ArcTo
PolylineTo
GetBitmapBits
GetObjectA
CreateDCA
GetDCOrgEx
CreateBitmap
SelectObject
CreateFontIndirectW
GetDeviceCaps
GetObjectW
GetStockObject
GetTextExtentPoint32W
BitBlt
CreateCompatibleBitmap
CreateCompatibleDC
GetObjectType
DeleteObject
CreateSolidBrush
SetTextColor
RectVisible
SetBkMode
GetTextColor

comdlg32

GetOpenFileNameW
GetFileTitleW
GetSaveFileNameW

winspool.drv

OpenPrinterW
DocumentPropertiesW
ClosePrinter

advapi32

OpenSCManagerW
CloseServiceHandle
QueryServiceStatus
RegOpenKeyA
RegisterEventSourceA
ReportEventA
DeregisterEventSource
RegSetKeySecurity
RegCreateKeyExA
RegCreateKeyA
RegEnumValueW
RegQueryInfoKeyW
RegEnumKeyW
RegSetValueExA
RegQueryValueExA
RegConnectRegistryW
RegSetValueW
RegDeleteKeyW
RegDeleteValueW
RegOpenKeyExW
RegCreateKeyExW
GetAclInformation
GetLengthSid
InitializeAcl
GetAce
AddAce
AddAccessAllowedAce
GetSecurityDescriptorDacl
InitializeSecurityDescriptor
SetSecurityDescriptorDacl
LookupAccountNameW
GetFileSecurityW
AllocateAndInitializeSid
EqualSid
FreeSid
SetFileSecurityW
RegSetValueExW
RegOpenKeyW
GetUserNameW
GetTokenInformation
LookupAccountSidW
OpenProcessToken
LookupPrivilegeValueW
AdjustTokenPrivileges
RegCreateKeyW
RegQueryValueExW
RegCloseKey
OpenServiceW

shell32

DragAcceptFiles
SHGetPathFromIDListW
SHGetSpecialFolderPathW
ShellExecuteW
SHGetFileInfoW

comctl32

_TrackMouseEvent
ord17

ole32

WriteClassStg
WriteFmtUserTypeStg
OleRegGetUserType
CreateBindCtx
CoTaskMemAlloc
OleDuplicateData
CoInitialize
CoCreateInstance
CoUninitialize
ReadFmtUserTypeStg
ReadClassStg
StringFromCLSID
CoTreatAsClass
ReleaseStgMedium
CoDisconnectObject
SetConvertStg
CoTaskMemFree

oleaut32

VarDateFromStr
SafeArrayUnaccessData
SafeArrayAccessData
SysReAllocStringLen
SysAllocStringLen
SafeArrayDestroyDescriptor
SafeArrayDestroyData
SafeArrayDestroy
SafeArrayUnlock
SafeArrayLock
SafeArrayPutElement
SafeArrayPtrOfIndex
SafeArrayGetElement
SafeArrayAllocDescriptor
SafeArrayAllocData
SafeArrayCopy
VarBstrFromDate
SystemTimeToVariantTime
VarBstrFromCy
VarCyFromStr
SysAllocStringByteLen
SysStringByteLen
VariantChangeType
SysAllocString
VariantCopy
SafeArrayRedim
VariantClear
SafeArrayCreate
SafeArrayGetDim
SafeArrayGetElemsize
SafeArrayGetLBound
SafeArrayGetUBound

version

GetFileVersionInfoSizeW
GetFileVersionInfoW
VerQueryValueW

rpcrt4

UuidToStringA
RpcStringFreeA
UuidCreate

Exports

Exports

AddEncryUdiskVol
AddNotifyMsg
CloseLockDlg
DealRunUrl
GetLockBackgroundWnd
InitLockBackground
OutgoingSel
ReleaseLockBackground
SetAgtPID
SetCloseNotifyMsg
ShowCountDownDlg
ShowLockDlg
StartAgentUExt
StopAgentUExt

Sections

.text
Size: 948KB - Virtual size: 946KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 144KB - Virtual size: 143KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 88KB - Virtual size: 115KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 32KB - Virtual size: 28KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 64KB - Virtual size: 63KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

92760cf7c1a919720bacfbd22da8dbce

Headers

File Characteristics

Imports

kernel32

user32

gdi32

comdlg32

winspool.drv

advapi32

shell32

comctl32

ole32

oleaut32

version

rpcrt4

Exports

Exports

Sections

.text Size: 948KB - Virtual size: 946KB

.rdata Size: 144KB - Virtual size: 143KB

.data Size: 88KB - Virtual size: 115KB

.rsrc Size: 32KB - Virtual size: 28KB

.reloc Size: 64KB - Virtual size: 63KB

.text
Size: 948KB - Virtual size: 946KB

.rdata
Size: 144KB - Virtual size: 143KB

.data
Size: 88KB - Virtual size: 115KB

.rsrc
Size: 32KB - Virtual size: 28KB

.reloc
Size: 64KB - Virtual size: 63KB