f184553d5c687826dd6345f4c1aad78bcfe6615158e00511c0833bb1fcf89a39

Sharing

Copy URL Twitter E-mail

General

Target

f184553d5c687826dd6345f4c1aad78bcfe6615158e00511c0833bb1fcf89a39
Size

9.2MB
MD5

68600eef748a1c873a64f78a6966a8fd
SHA1

1780f32dd28b84878e00bb92ba1cb87d6067ac91
SHA256

f184553d5c687826dd6345f4c1aad78bcfe6615158e00511c0833bb1fcf89a39
SHA512

f3f069930e10a31c51acc441f730d636f55d0bc8a56fbc93c25b8f5bdbe40da63bbd39b541e4de6ac8ef71642e79a2d8d177905a70009155f77db0583b33c55f
SSDEEP

196608:3oK56RLrqF76M4FOASzO/LaZU/RUM15qXFM1Kh3Hi1J19i1rjidCuC5M5JjVpRT1:3/56RLrqF76M4FOASzO/LaZWRUM15qX+

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
f184553d5c687826dd6345f4c1aad78bcfe6615158e00511c0833bb1fcf89a39

Files

f184553d5c687826dd6345f4c1aad78bcfe6615158e00511c0833bb1fcf89a39
.exe windows:5 windows x86 arch:x86

91c86e6974bec3d5656601901cb35ab0

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE

Imports

ws2_32

recv
getaddrinfo
gethostname
freeaddrinfo
WSAStartup
WSACleanup
htons
gethostbyaddr
gethostbyname
inet_addr
sendto
bind
recvfrom
getpeername
getsockname
inet_ntoa
getnameinfo
__WSAFDIsSet
ioctlsocket
shutdown
getsockopt
connect
accept
closesocket
select
send
WSAGetLastError
setsockopt
socket

crypt32

CertFindCertificateInStore
CertGetNameStringA
CertGetNameStringW
CertFreeCertificateContext
CertCloseStore
CryptMsgGetParam
CryptQueryObject
CryptMsgClose

ntdll

RtlRemoveVectoredExceptionHandler
RtlAddVectoredExceptionHandler
NtOpenSymbolicLinkObject
RtlUnwind
VerSetConditionMask

kernel32

GetFileAttributesW
GetCurrentProcessId
GetTickCount64
RaiseException
DuplicateHandle
GetExitCodeThread
GetCurrentThreadId
GetUserDefaultUILanguage
GetLocalTime
GetACP
GetTempPathA
GetDiskFreeSpaceA
SystemTimeToFileTime
SetConsoleCtrlHandler
GetCurrentDirectoryA
GetModuleHandleA
TerminateProcess
SetThreadPriority
SetPriorityClass
GetCurrentThread
HeapFree
VirtualQuery
VirtualProtect
GetModuleFileNameA
GetVersionExA
SetLastError
GetNativeSystemInfo
GetSystemWindowsDirectoryA
GetSystemInfo
GetComputerNameA
GetWindowsDirectoryA
GetSystemDirectoryA
IsBadReadPtr
GetModuleHandleExA
Process32First
Process32Next
CloseHandle
UnmapViewOfFile
GetLastError
MapViewOfFileEx
CreateDirectoryA
ReleaseMutex
CreateMutexA
CreateSemaphoreA
ReleaseSemaphore
GetProcessTimes
FindFirstFileA
FindNextFileA
FindClose
RemoveDirectoryA
GetFileSizeEx
SetFilePointer
SwitchToThread
LocalFree
CreateFileMappingA
WriteFile
GetProcAddress
CreateFileA
QueryPerformanceFrequency
SetEndOfFile
QueryPerformanceCounter
GetTickCount
FormatMessageA
WaitForSingleObject
OpenProcess
GetSystemTimeAsFileTime
CreateFileW
GetFileInformationByHandle
DeviceIoControl
GetCurrentDirectoryW
GetFileTime
CreateDirectoryW
SetFileTime
SetFilePointerEx
GetEnvironmentVariableW
GetWindowsDirectoryW
GetFullPathNameW
WideCharToMultiByte
SetFileAttributesW
DeleteFileW
RemoveDirectoryW
FlushFileBuffers
CopyFileExW
CreateDirectoryExW
SetCurrentDirectoryW
GetFileAttributesExW
FormatMessageW
MoveFileExW
GetModuleHandleW
FindFirstFileW
FindNextFileW
AreFileApisANSI
MultiByteToWideChar
GetModuleFileNameW
LoadLibraryA
FreeLibrary
SetCurrentDirectoryA
GetFileAttributesA
SearchPathA
GetEnvironmentVariableA
GetFullPathNameA
GetSystemTime
FileTimeToSystemTime
GetTimeZoneInformation
SetFileApisToOEM
SetFileApisToANSI
GetCurrentProcess
FlushConsoleInputBuffer
GetNumberOfConsoleInputEvents
ReadConsoleInputA
Sleep
GetConsoleMode
GetStdHandle
CreateProcessA
GetExitCodeProcess
DeleteCriticalSection
LeaveCriticalSection
EnterCriticalSection
InitializeCriticalSection
DeleteFileA
CopyFileA
ExitThread
ReadFile
GlobalFree
GetProfileStringA
IsWow64Process
VerifyVersionInfoW
GetProfileIntA
IsDebuggerPresent
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsProcessorFeaturePresent
ExitProcess
GetModuleHandleExW
GetDriveTypeW
GetFileType
PeekNamedPipe
SystemTimeToTzSpecificLocalTime
GetCPInfo
CreateThread
FreeLibraryAndExitThread
InitializeCriticalSectionAndSpinCount
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
LoadLibraryExW
GetDateFormatW
GetTimeFormatW
CompareStringW
LCMapStringW
GetCommandLineW
IsValidLocale
GetUserDefaultLCID
EnumSystemLocalesW
GetConsoleCP
ReadConsoleW
SetStdHandle
GetStringTypeW
HeapReAlloc
HeapSize
IsValidCodePage
GetOEMCP
WriteConsoleW
OutputDebugStringW
EncodePointer
DecodePointer
GetEnvironmentStringsW
FreeEnvironmentStringsW
SetEnvironmentVariableW
LocalAlloc
GetPrivateProfileSectionA
GetPrivateProfileStringA
GetPrivateProfileIntA
WritePrivateProfileSectionA
WritePrivateProfileStringA
OpenFileMappingA
MapViewOfFile
CreateToolhelp32Snapshot
Thread32First
Thread32Next
ProcessIdToSessionId
CreateEventA
OpenEventA
WaitForMultipleObjects
SetEvent
ResetEvent
PulseEvent
IsBadWritePtr
OpenSemaphoreA
WinExec
FlushInstructionCache
GetVersion
HeapDestroy
IsBadStringPtrA
IsBadStringPtrW
LockFile
UnlockFile
SetErrorMode
GetDriveTypeA
GetThreadContext
SetThreadContext
GetSystemFirmwareTable
EnumSystemFirmwareTables
GetLogicalDrives
CreateEventW
GetOverlappedResult
OpenMutexA
TryEnterCriticalSection
InitializeCriticalSectionEx
AcquireSRWLockExclusive
ReleaseSRWLockExclusive
InitializeSRWLock
InitializeSListHead
WaitForSingleObjectEx
HeapAlloc
GetStartupInfoW
HeapCreate
GetProcessHeap
GetConsoleScreenBufferInfo
LCMapStringEx
GetLocaleInfoEx
CompareStringEx
InterlockedPushEntrySList
InterlockedFlushSList
FindFirstFileExW
GetCommandLineA
SetConsoleMode
GetLocaleInfoW

user32

SetTimer
OffsetRect
UpdateWindow
SendDlgItemMessageA
ShowWindow
UnregisterClassA
SetWindowTextA
MoveWindow
SetWindowPos
DrawIcon
GetWindowPlacement
IsWindowVisible
GetWindowRect
PeekMessageA
SetDlgItemTextA
EndPaint
SetFocus
GetDlgItem
EndDialog
wsprintfA
PostMessageA
EnumWindows
GetAncestor
GetWindowThreadProcessId
LoadStringA
DestroyWindow
TranslateMessage
CallMsgFilterA
DispatchMessageA
EnumDisplayDevicesA
MessageBoxA
AppendMenuA
DrawMenuBar
GetSystemMetrics
CharLowerBuffA
GetSystemMenu
CharUpperBuffA
SetWindowPlacement
MessageBoxW

shell32

ShellExecuteExA

advapi32

InitializeSecurityDescriptor
RegQueryValueExA
RegCloseKey
RegOpenKeyExA
ConvertStringSecurityDescriptorToSecurityDescriptorA
SetSecurityDescriptorSacl
GetSecurityDescriptorSacl
OpenProcessToken
GetTokenInformation
GetLengthSid
CopySid
GetUserNameA
EqualSid
LookupAccountNameA
LookupAccountSidA
FreeSid
OpenThreadToken
AllocateAndInitializeSid
RegCreateKeyExA
RegEnumValueA
RegDeleteValueA
RegSetValueExA
RegEnumKeyExA
CryptReleaseContext
CryptAcquireContextA
CryptGenRandom
RegDeleteKeyA
RegFlushKey
StartServiceA
QueryServiceConfigA
QueryServiceStatus
CloseServiceHandle
OpenServiceA
OpenSCManagerA
QueryServiceStatusEx
SetSecurityDescriptorDacl

shlwapi

SHDeleteKeyA

psapi

GetModuleFileNameExA

powrprof

PowerReadFriendlyName

version

GetFileVersionInfoSizeA
VerQueryValueA
GetFileVersionInfoA

iphlpapi

GetIpAddrTable

winhttp

WinHttpGetDefaultProxyConfiguration
WinHttpOpen
WinHttpCloseHandle
WinHttpGetProxyForUrl
WinHttpGetIEProxyConfigForCurrentUser

wintrust

WinVerifyTrust

Exports

Exports

?XJ000001@YS0166@@IAEXXZ
?XJ000002@YS0166@@IAEXXZ
?XJ000003@YS0166@@IAEXXZ

Sections

__wibu00
Size: 676KB - Virtual size: 676KB

IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

__wibu01
Size: 161KB - Virtual size: 160KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

__wibu02
Size: 25KB - Virtual size: 32KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 268KB - Virtual size: 268KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

__wibu03
Size: 35KB - Virtual size: 35KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

__wibu04
Size: 5.0MB - Virtual size: 5.0MB

IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

__wibu05
Size: 2.1MB - Virtual size: 2.1MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_READ

__wibu06
Size: 10KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

__wibu07
Size: 477KB - Virtual size: 496KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

__wibu08
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

__wibu09
Size: 498KB - Virtual size: 500KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

91c86e6974bec3d5656601901cb35ab0

Headers

DLL Characteristics

File Characteristics

Imports

ws2_32

crypt32

ntdll

kernel32

user32

shell32

advapi32

shlwapi

psapi

powrprof

version

iphlpapi

winhttp

wintrust

Exports

Exports

Sections

__wibu00 Size: 676KB - Virtual size: 676KB

__wibu01 Size: 161KB - Virtual size: 160KB

__wibu02 Size: 25KB - Virtual size: 32KB

.rsrc Size: 268KB - Virtual size: 268KB

__wibu03 Size: 35KB - Virtual size: 35KB

__wibu04 Size: 5.0MB - Virtual size: 5.0MB

__wibu05 Size: 2.1MB - Virtual size: 2.1MB

__wibu06 Size: 10KB - Virtual size: 12KB

__wibu07 Size: 477KB - Virtual size: 496KB

__wibu08 Size: 512B - Virtual size: 4KB

__wibu09 Size: 498KB - Virtual size: 500KB

__wibu00
Size: 676KB - Virtual size: 676KB

__wibu01
Size: 161KB - Virtual size: 160KB

__wibu02
Size: 25KB - Virtual size: 32KB

.rsrc
Size: 268KB - Virtual size: 268KB

__wibu03
Size: 35KB - Virtual size: 35KB

__wibu04
Size: 5.0MB - Virtual size: 5.0MB

__wibu05
Size: 2.1MB - Virtual size: 2.1MB

__wibu06
Size: 10KB - Virtual size: 12KB

__wibu07
Size: 477KB - Virtual size: 496KB

__wibu08
Size: 512B - Virtual size: 4KB

__wibu09
Size: 498KB - Virtual size: 500KB