aa23de6efbe4279a616f13af507f4c8cf68bb337c3336b6f8194f1298925b219

Sharing

Copy URL Twitter E-mail

General

Target

aa23de6efbe4279a616f13af507f4c8cf68bb337c3336b6f8194f1298925b219
Size

1.1MB
MD5

b0fab4bc950f4f3dc398b7b18787befe
SHA1

44da7d87d52db01168e0c51a1c6e21d283a915d5
SHA256

aa23de6efbe4279a616f13af507f4c8cf68bb337c3336b6f8194f1298925b219
SHA512

271b01fdffe43871424f4fa575593cce916461c58d6b176c96f108e6abdd7c728a8aded3c5e0a0572595c04844bd856ceab02765049e5ed39acd4194b0f663a4
SSDEEP

24576:zjQV3XTvFoBOciOyZAdhfyHrGPJW53QJ:zI3BodiOvaHqPJW5

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
aa23de6efbe4279a616f13af507f4c8cf68bb337c3336b6f8194f1298925b219

Files

aa23de6efbe4279a616f13af507f4c8cf68bb337c3336b6f8194f1298925b219
.exe windows:6 windows x64 arch:x64

a4baa1fcc828b36f1350ea952f03de8e

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

kernel32

OutputDebugStringW
RtlUnwindEx
RtlPcToFileHeader
HeapValidate
GetSystemInfo
GetCommandLineA
GetCommandLineW
HeapQueryInformation
GetStdHandle
GetFileType
WriteConsoleW
ExitProcess
FlsAlloc
FlsGetValue
FlsSetValue
FlsFree
CompareStringW
LCMapStringW
MoveFileExW
GetTimeZoneInformation
FindFirstFileExW
FindNextFileW
IsValidCodePage
GetEnvironmentStringsW
FreeEnvironmentStringsW
SetEnvironmentVariableW
SetStdHandle
GetStringTypeW
SetFilePointerEx
GetConsoleOutputCP
GetConsoleMode
CreateFileW
VirtualQuery
InitializeSListHead
GetSystemTimeAsFileTime
QueryPerformanceCounter
GetStartupInfoW
IsDebuggerPresent
CreateEventW
IsProcessorFeaturePresent
TerminateProcess
SetUnhandledExceptionFilter
UnhandledExceptionFilter
RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext
SystemTimeToTzSpecificLocalTime
GetFileAttributesExA
FileTimeToLocalFileTime
GetCPInfo
GetOEMCP
GetVolumeInformationA
GetCurrentProcess
GetFullPathNameA
FlushFileBuffers
FindFirstFileA
FindClose
FileTimeToSystemTime
GetAtomNameA
DeleteFileA
GlobalFlags
GetUserDefaultUILanguage
GetSystemDefaultUILanguage
GetLocaleInfoW
LocalReAlloc
LocalAlloc
GlobalHandle
GlobalReAlloc
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
InitializeCriticalSection
GlobalGetAtomNameA
GlobalFindAtomA
lstrcmpW
GetSystemDirectoryW
EncodePointer
GetCurrentProcessId
GlobalAddAtomA
FormatMessageA
LocalFree
SetErrorMode
GlobalFree
GlobalUnlock
WritePrivateProfileStringA
GetPrivateProfileStringA
GetPrivateProfileIntA
GetProcAddress
GetModuleHandleW
GetModuleHandleA
CompareStringA
lstrcmpA
GlobalDeleteAtom
GlobalLock
GlobalAlloc
LoadLibraryExW
GetModuleFileNameA
FreeLibrary
GetVersionExA
GetCurrentThreadId
GetCurrentThread
QueryActCtxW
FindActCtxSectionStringW
DeactivateActCtx
ActivateActCtx
CreateActCtxW
LoadLibraryW
GetModuleHandleExW
GetModuleFileNameW
InitializeCriticalSectionAndSpinCount
OutputDebugStringA
GetACP
GetProcessHeap
DeleteCriticalSection
DecodePointer
HeapAlloc
RaiseException
HeapReAlloc
HeapSize
InitializeCriticalSectionEx
LeaveCriticalSection
EnterCriticalSection
HeapFree
WriteFile
CreateFileA
CloseHandle
CreateProcessA
Sleep
WideCharToMultiByte
FindResourceW
LoadResource
LockResource
SizeofResource
CreateDirectoryA
SetLastError
MultiByteToWideChar
GetLastError
CreateMutexA

user32

SetFocus
GetDlgCtrlID
EndDeferWindowPos
DeferWindowPos
BeginDeferWindowPos
SetWindowPos
CreateWindowExA
GetClassInfoExA
GetClassInfoA
RegisterClassA
CallWindowProcA
DefWindowProcA
GetMessageTime
GetMessagePos
RegisterWindowMessageA
CopyRect
GetSysColor
FillRect
GetSysColorBrush
GrayStringA
DrawTextExA
DrawTextA
SetMenuItemInfoA
GetMenuItemInfoA
InsertMenuItemA
EnableMenuItem
CheckMenuItem
CreatePopupMenu
LoadMenuA
LoadIconW
LoadIconA
LoadCursorA
GetWindow
GetTopWindow
GetMenu
MapWindowPoints
ScreenToClient
ClientToScreen
GetWindowRect
GetClientRect
GetScrollPos
SetWindowLongPtrA
RedrawWindow
InvalidateRect
EndPaint
BeginPaint
ReleaseDC
GetWindowDC
GetDC
SetForegroundWindow
GetForegroundWindow
UpdateWindow
KillTimer
SetTimer
GetCapture
GetSystemMetrics
UnregisterClassA
BringWindowToTop
IsIconic
IsWindowVisible
ShowOwnedPopups
GetLastActivePopup
GetWindowThreadProcessId
SetMenu
TrackPopupMenu
SetPropA
GetPropA
RemovePropA
GetWindowTextA
AdjustWindowRectEx
EqualRect
PtInRect
SetWindowLongA
GetWindowLongPtrA
PeekMessageA
PostQuitMessage
SetRectEmpty
OffsetRect
GetParent
IsWindow
DestroyWindow
GetDlgItem
GetActiveWindow
EnableWindow
IsWindowEnabled
SetActiveWindow
GetWindowLongA
GetDesktopWindow
IsMenu
GetSubMenu
GetMenuItemID
GetMenuItemCount
SendMessageA
PostMessageA
TabbedTextOutA
GetFocus
SetMenuItemBitmaps
GetMenuCheckMarkDimensions
LoadBitmapW
GetMessageA
TranslateMessage
DispatchMessageA
GetClassLongA
GetClassLongPtrA
GetClassNameA
UnhookWindowsHookEx
WinHelpA
MonitorFromWindow
GetMonitorInfoA
ShowWindow
SetWindowTextA
ReleaseCapture
SystemParametersInfoA
RealChildWindowFromPoint
DestroyMenu
InflateRect
GetClipboardFormatNameA
UnpackDDElParam
CharUpperA
LoadAcceleratorsA
TranslateAcceleratorA
IntersectRect
GetKeyState
ValidateRect
GetCursorPos
SetWindowsHookExA
CallNextHookEx
SetCursor
MessageBoxA
ReuseDDElParam

gdi32

GetDeviceCaps
DeleteDC
CreateFontIndirectA
CreatePatternBrush
CreateSolidBrush
Escape
GetObjectType
GetPixel
GetStockObject
GetTextExtentPoint32A
PtVisible
RectVisible
SelectObject
GetObjectA
TextOutA
DeleteObject
GetClipBox
RestoreDC
SaveDC
SetBkColor
SetBkMode
SetMapMode
SetTextColor
SetViewportExtEx
SetViewportOrgEx
SetWindowExtEx
OffsetViewportOrgEx
ExtTextOutA
CreateBitmap
BitBlt
CreateCompatibleBitmap
CreateCompatibleDC
ScaleWindowExtEx
ScaleViewportExtEx

winspool.drv

DocumentPropertiesA
ClosePrinter
OpenPrinterA

advapi32

RegCreateKeyExA
RegOpenKeyExA
RegQueryValueExA
RegDeleteKeyA
RegDeleteValueA
RegSetValueExA
RegEnumKeyA
RegQueryValueA
RegEnumValueA
RegCloseKey

shell32

DragQueryFileA
DragFinish

shlwapi

PathFindExtensionA
PathFindFileNameA
PathIsUNCA
PathStripToRootA
StrCmpW

ole32

CoTaskMemFree
StringFromCLSID
CoCreateInstance
CoCreateGuid
CoUninitialize
CoInitialize

oleaut32

VariantChangeType
VariantClear
VariantInit
SysAllocStringLen
SysFreeString

winhttp

WinHttpOpenRequest
WinHttpCloseHandle
WinHttpSetTimeouts
WinHttpOpen
WinHttpCrackUrl
WinHttpCheckPlatform
WinHttpSetOption
WinHttpReadData
WinHttpQueryDataAvailable
WinHttpReceiveResponse
WinHttpSendRequest
WinHttpConnect
WinHttpAddRequestHeaders

oleacc

LresultFromObject
CreateStdAccessibleObject

Sections

.text
Size: 732KB - Virtual size: 732KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 249KB - Virtual size: 249KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 39KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 38KB - Virtual size: 38KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.gxfg
Size: 22KB - Virtual size: 22KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.gehcont
Size: 512B - Virtual size: 20B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 62KB - Virtual size: 64KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

a4baa1fcc828b36f1350ea952f03de8e

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

gdi32

winspool.drv

advapi32

shell32

shlwapi

ole32

oleaut32

winhttp

oleacc

Sections

.text Size: 732KB - Virtual size: 732KB

.rdata Size: 249KB - Virtual size: 249KB

.data Size: 8KB - Virtual size: 39KB

.pdata Size: 38KB - Virtual size: 38KB

.gxfg Size: 22KB - Virtual size: 22KB

.gehcont Size: 512B - Virtual size: 20B

.rsrc Size: 62KB - Virtual size: 64KB

.reloc Size: 8KB - Virtual size: 8KB

.text
Size: 732KB - Virtual size: 732KB

.rdata
Size: 249KB - Virtual size: 249KB

.data
Size: 8KB - Virtual size: 39KB

.pdata
Size: 38KB - Virtual size: 38KB

.gxfg
Size: 22KB - Virtual size: 22KB

.gehcont
Size: 512B - Virtual size: 20B

.rsrc
Size: 62KB - Virtual size: 64KB

.reloc
Size: 8KB - Virtual size: 8KB