8ba87110a6f5abf798062cbec6494b46ce9837708a5358604f38811d82531ea8

Sharing

Copy URL Twitter E-mail

General

Target

8ba87110a6f5abf798062cbec6494b46ce9837708a5358604f38811d82531ea8
Size

956KB
MD5

b8c4239afc70f59d546cea73f418c103
SHA1

636df15b9acf13713775e108f66b34c03f0836e1
SHA256

8ba87110a6f5abf798062cbec6494b46ce9837708a5358604f38811d82531ea8
SHA512

d1d6dbad743ee9cd68d198cf917254002f0579a2f16050ea9cd752cb27f68b5a45a7762628171a27e2842a11a3bce6dee0f82b8ade072b2d3a7c7ec8d6788461
SSDEEP

24576:ly5pJtBmeIH/WCQYF7TWtm9CMzdH0CFrwUmCuJyqpxVDX:w/E6Y3FnuJyAVb

Score

10^/10

Malware Config

Signatures

Detects executables (downlaoders) containing URLs to raw contents of a paste 1 IoCs

resource	yara_rule
sample	INDICATOR_SUSPICIOUS_EXE_RawPaste_URL

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
8ba87110a6f5abf798062cbec6494b46ce9837708a5358604f38811d82531ea8

Files

8ba87110a6f5abf798062cbec6494b46ce9837708a5358604f38811d82531ea8
.exe windows:6 windows x86 arch:x86

b17b5c7b908fdb97a33fed90410ad279

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

wsock32

htons
getservbyname
htonl
recv
WSAAsyncSelect
inet_addr
inet_ntoa
gethostbyname
ioctlsocket
WSASetLastError
WSAGetLastError
gethostbyaddr
getservbyport
ntohs
send
gethostname
shutdown
WSACleanup
closesocket
connect
socket
WSAStartup

winmm

joyGetPosEx
mciSendStringW
joyGetDevCapsW

version

GetFileVersionInfoSizeW
VerQueryValueW
GetFileVersionInfoW

comctl32

ImageList_GetIconSize
ImageList_Create
ImageList_Destroy
ImageList_AddMasked
ImageList_ReplaceIcon
CreateStatusWindowW

psapi

GetProcessImageFileNameW

wininet

InternetCloseHandle
InternetReadFileExA
InternetReadFile
InternetOpenW
InternetOpenUrlW

shlwapi

StrCmpLogicalW

uxtheme

EnableThemeDialogTexture
SetWindowTheme
IsAppThemed

dwmapi

DwmGetWindowAttribute

kernel32

GlobalAlloc
GlobalFree
GlobalUnlock
WideCharToMultiByte
GetCPInfo
GetSystemDirectoryA
LoadLibraryA
GetProcAddress
FreeLibrary
GetCurrentThreadId
GetEnvironmentVariableW
IsValidCodePage
LoadLibraryW
GetLastError
OutputDebugStringW
lstrcmpiW
GetStringTypeExW
CreateThread
SetThreadPriority
GetExitCodeThread
CloseHandle
CreateMutexW
VirtualProtect
SetLastError
GetModuleHandleW
GetDiskFreeSpaceExW
GetDriveTypeW
CreateFileW
DeviceIoControl
SetVolumeLabelW
GetVolumeInformationW
GetDiskFreeSpaceW
SetEnvironmentVariableW
MultiByteToWideChar
GetFullPathNameW
GetFileAttributesW
CreateDirectoryW
ReadFile
DeleteFileW
LoadResource
LockResource
WriteFile
SizeofResource
SetCurrentDirectoryW
CopyFileW
SetFileAttributesW
FindFirstFileW
FindNextFileW
FindClose
FileTimeToLocalFileTime
LocalFileTimeToFileTime
FindResourceW
SetFileTime
GetFileSizeEx
MoveFileW
GetCurrentProcessId
OpenProcess
TerminateProcess
SetPriorityClass
GetProcessId
QueryDosDeviceW
EnterCriticalSection
LeaveCriticalSection
Beep
GetLocalTime
GetDateFormatW
GetTimeFormatW
GetDateFormatEx
GetTickCount64
GetSystemTime
GetSystemDefaultUILanguage
GetComputerNameW
GetCurrentDirectoryW
GetSystemWindowsDirectoryW
GetTempPathW
WaitForSingleObject
GetExitCodeProcess
WriteProcessMemory
ReadProcessMemory
GetVersionExW
DeleteCriticalSection
GetModuleFileNameW
SetDllDirectoryW
GetModuleHandleExW
GetShortPathNameW
CreateProcessW
FormatMessageW
CompareStringW
RemoveDirectoryW
GetCurrentProcess
CreateToolhelp32Snapshot
Process32FirstW
Process32NextW
GetPrivateProfileStringW
GetPrivateProfileSectionW
GetPrivateProfileSectionNamesW
WritePrivateProfileStringW
WritePrivateProfileSectionW
SetEndOfFile
GetACP
GetFileType
GetStdHandle
SetFilePointerEx
SystemTimeToFileTime
FileTimeToSystemTime
GetFileSize
IsWow64Process
VirtualAllocEx
VirtualFreeEx
EnumResourceNamesW
LoadLibraryExW
GlobalSize
SetErrorMode
InitializeCriticalSection
Sleep
GetTickCount
MulDiv
SetUnhandledExceptionFilter
GetStartupInfoW
QueryPerformanceCounter
InitializeSListHead
RtlUnwind
RaiseException
EncodePointer
InitializeCriticalSectionAndSpinCount
TlsAlloc
TlsGetValue
IsProcessorFeaturePresent
IsDebuggerPresent
TlsSetValue
TlsFree
GetCommandLineA
GetCommandLineW
ExitProcess
HeapSize
HeapReAlloc
HeapQueryInformation
HeapFree
HeapAlloc
LCMapStringW
GetProcessHeap
FindFirstFileExW
GetOEMCP
GetEnvironmentStringsW
FreeEnvironmentStringsW
GlobalLock
SetStdHandle
GetStringTypeW
FlushFileBuffers
GetConsoleOutputCP
GetConsoleMode
WriteConsoleW
DecodePointer
GetSystemTimeAsFileTime
VirtualQuery
UnhandledExceptionFilter

user32

GetLastInputInfo
EnumChildWindows
SetActiveWindow
IsWindowVisible
IsChild
SetWindowRgn
SetWindowPos
EnumWindows
IsZoomed
IsIconic
GetLayeredWindowAttributes
SetLayeredWindowAttributes
DestroyWindow
RegisterClassExW
SystemParametersInfoW
CreateWindowExW
GetMenu
EnableMenuItem
LoadAcceleratorsW
AddClipboardFormatListener
RemoveClipboardFormatListener
LoadImageW
CheckMenuItem
RegisterWindowMessageW
DefWindowProcW
SetForegroundWindow
MonitorFromPoint
GetSystemMenu
GetMenuItemCount
GetMenuItemID
GetSubMenu
GetMenuStringW
ExitWindowsEx
GetPropW
GetClassLongW
SetMenu
SetPropW
RemovePropW
GetSysColor
RedrawWindow
DrawTextW
SetParent
GetClassInfoExW
AdjustWindowRectEx
GetAncestor
UpdateWindow
FlashWindow
GetMessagePos
GetSysColorBrush
FillRect
CallWindowProcW
CheckRadioButton
IntersectRect
GetUpdateRect
PtInRect
CreateDialogIndirectParamW
CreateAcceleratorTableW
DestroyAcceleratorTable
InsertMenuItemW
RemoveMenu
SetMenuItemInfoW
GetMenuItemInfoW
SetMenuDefaultItem
CreateMenu
CreatePopupMenu
SetMenuInfo
DestroyMenu
TrackPopupMenuEx
CopyImage
CreateIconIndirect
CreateIconFromResourceEx
DrawIconEx
EnumClipboardFormats
GetWindow
BringWindowToTop
GetKeyboardLayoutNameW
LoadCursorW
GetLastActivePopup
GetShellWindow
GetWindowTextW
mouse_event
WindowFromPoint
keybd_event
SetKeyboardState
GetKeyboardState
GetCursorPos
GetAsyncKeyState
AttachThreadInput
SendInput
UnregisterHotKey
RegisterHotKey
PostQuitMessage
SendMessageTimeoutW
CharUpperW
UnhookWindowsHookEx
SetWindowsHookExW
PostThreadMessageW
IsCharAlphaNumericW
IsCharUpperW
IsCharLowerW
ToUnicodeEx
GetKeyboardLayout
CallNextHookEx
CharLowerW
ReleaseDC
DialogBoxParamW
ScrollWindow
GetSystemMetrics
GetWindowRect
SetFocus
DefDlgProcW
MoveWindow
MapWindowPoints
GetClientRect
EnableWindow
MapDialogRect
GetDlgItem
SetWindowTextW
MessageBoxW
OpenClipboard
GetClipboardData
GetClipboardFormatNameW
CloseClipboard
SetClipboardData
EmptyClipboard
PostMessageW
FindWindowW
EndDialog
IsWindow
DispatchMessageW
TranslateMessage
ShowWindow
IsClipboardFormatAvailable
CountClipboardFormats
GetCursorInfo
ClientToScreen
MessageBeep
GetIconInfo
GetWindowTextLengthW
InvalidateRect
AdjustWindowRect
SetDlgItemTextW
SendDlgItemMessageW
IsCharAlphaW
DestroyIcon
EnumDisplayMonitors
GetMonitorInfoW
BlockInput
MapVirtualKeyW
VkKeyScanExW
SetWindowLongW
ScreenToClient
ActivateKeyboardLayout
IsDialogMessageW
SendMessageW
IsWindowEnabled
GetWindowLongW
GetKeyState
TranslateAcceleratorW
KillTimer
PeekMessageW
GetFocus
GetClassNameW
GetWindowThreadProcessId
GetForegroundWindow
GetMessageW
SetTimer
GetParent
GetDlgCtrlID
GetQueueStatus
MapVirtualKeyExW
GetGUIThreadInfo
GetDC

gdi32

GdiFlush
CreateDIBSection
EnumFontFamiliesExW
SetBrushOrgEx
CreatePatternBrush
GetClipBox
GetObjectW
SetBkMode
SetBkColor
GetDeviceCaps
CreateCompatibleDC
CreateFontIndirectW
GetStockObject
CreateSolidBrush
GetCharABCWidthsW
GetTextMetricsW
GetPixel
GetDIBits
SelectObject
CreateDCW
CreateFontW
CreatePolygonRgn
CreateRectRgn
CreateRoundRectRgn
CreateEllipticRgn
DeleteObject
BitBlt
CreateCompatibleBitmap
DeleteDC
GetSystemPaletteEntries
SetTextColor

advapi32

UnlockServiceDatabase
RegDeleteKeyW
RegSetValueExW
RegCreateKeyExW
RegQueryValueExW
AdjustTokenPrivileges
LookupPrivilegeValueW
OpenProcessToken
RegDeleteValueW
GetUserNameW
RegConnectRegistryW
RegCloseKey
RegOpenKeyExW
RegQueryInfoKeyW
RegEnumValueW
RegEnumKeyExW
CreateProcessWithLogonW
OpenSCManagerW
LockServiceDatabase
CloseServiceHandle
RegDeleteKeyExW

shell32

SHBrowseForFolderW
DragFinish
SHGetKnownFolderPath
ExtractIconW
DragQueryPoint
SHEmptyRecycleBinW
SHFileOperationW
SHGetPathFromIDListW
DragQueryFileW
SHGetDesktopFolder
SHGetMalloc
SHCreateItemFromParsingName
ShellExecuteExW
SHGetFolderPathW
Shell_NotifyIconW

ole32

CoCreateInstance
CoTaskMemFree
CLSIDFromString
OleInitialize
OleUninitialize
CoInitialize
CoUninitialize
CLSIDFromProgID
CoGetObject
StringFromGUID2
CreateStreamOnHGlobal

oleaut32

SafeArrayUnaccessData
SafeArrayGetElemsize
SafeArrayAccessData
SafeArrayUnlock
SafeArrayPtrOfIndex
SafeArrayLock
SafeArrayGetDim
OleLoadPicture
SafeArrayDestroy
SysFreeString
GetActiveObject
SysStringLen
SafeArrayCreate
VariantClear
VariantChangeType
SafeArrayGetLBound
SysAllocString
SafeArrayCopy
SysAllocStringLen
VariantCopyInd
SafeArrayGetUBound

Sections

.text
Size: 729KB - Virtual size: 728KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 167KB - Virtual size: 167KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 24KB - Virtual size: 36KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 34KB - Virtual size: 33KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

b17b5c7b908fdb97a33fed90410ad279

Headers

File Characteristics

Imports

wsock32

winmm

version

comctl32

psapi

wininet

shlwapi

uxtheme

dwmapi

kernel32

user32

gdi32

advapi32

shell32

ole32

oleaut32

Sections

.text Size: 729KB - Virtual size: 728KB

.rdata Size: 167KB - Virtual size: 167KB

.data Size: 24KB - Virtual size: 36KB

.rsrc Size: 34KB - Virtual size: 33KB

.text
Size: 729KB - Virtual size: 728KB

.rdata
Size: 167KB - Virtual size: 167KB

.data
Size: 24KB - Virtual size: 36KB

.rsrc
Size: 34KB - Virtual size: 33KB