695a52725d4af5d6020e592c708d0e045bd57112f79314aa1e70ac7100c19eb6[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

695a52725d4af5d6020e592c708d0e045bd57112f79314aa1e70ac7100c19eb6.exe
Size

1.9MB
MD5

da3312e7fe8f4bd6980fcd6dc3c15f7f
SHA1

563b10c2b9261fb9a8f62ea682ec92940cc235cc
SHA256

695a52725d4af5d6020e592c708d0e045bd57112f79314aa1e70ac7100c19eb6
SHA512

726f55212b498e5d3fdc3caa3c8debec974128b3e06885b651339f671931711d6c67b363231169570232cad64623f91dd6108b41b0c2f1b920c7427fa886487b
SSDEEP

12288:nsf7THARCXfI+oAGBoD/HpXlXKOHzemvYQqLWRc0qpb0qD0xc9nQiR:sjv6UHpXl6iqmvYJLYq2qDF5

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
695a52725d4af5d6020e592c708d0e045bd57112f79314aa1e70ac7100c19eb6.exe

Files

695a52725d4af5d6020e592c708d0e045bd57112f79314aa1e70ac7100c19eb6.exe
.exe windows:6 windows x86 arch:x86

914f48205872e2a197aaae4775f619b3

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

setup_wm.pdb

Imports

advapi32

EventRegister
EventUnregister
EventWrite
RegCloseKey
RegQueryValueExW
RegOpenKeyExW
RegDeleteValueW
RegSetValueExW
RegCreateKeyExW
RegEnumValueW
RegQueryInfoKeyW
RegEnumKeyExW
RegDeleteKeyW
ConvertSidToStringSidW
LookupAccountNameW
TraceMessage
LookupAccountSidW
RegEnumKeyW
GetSecurityInfo
GetAclInformation
GetAce
GetLengthSid
InitializeAcl
AddAce
AddAccessAllowedAceEx
SetSecurityInfo
QueryServiceConfigW
DeleteService
CreateServiceW
StartServiceW
OpenSCManagerW
OpenServiceW
ControlService
EnumDependentServicesW
QueryServiceStatus
CloseServiceHandle
GetNamedSecurityInfoW
ConvertStringSidToSidW
SetEntriesInAclW
SetNamedSecurityInfoW
LookupPrivilegeValueW
AdjustTokenPrivileges
InitiateShutdownW
RegOpenKeyExA
OpenProcessToken
GetTokenInformation
AllocateAndInitializeSid
EqualSid
FreeSid
RegQueryValueExA

kernel32

GetExitCodeThread
QueryDosDeviceW
GetVersion
DeviceIoControl
DebugBreak
GetDriveTypeW
lstrlenW
SetErrorMode
GetUserDefaultLangID
ReadFile
GlobalAlloc
GlobalLock
GlobalUnlock
GetLongPathNameW
OpenEventW
WritePrivateProfileStringW
DeleteFileA
GetComputerNameW
CompareStringW
MoveFileExW
CreateProcessW
WaitForMultipleObjects
GetExitCodeProcess
FindNextFileW
GetShortPathNameW
GetDiskFreeSpaceExW
GetNumberFormatW
GetLocaleInfoW
CopyFileW
SetFileAttributesW
GetFileTime
FileTimeToSystemTime
GetTimeZoneInformation
GetModuleHandleW
GetVersionExA
GetFileAttributesW
CreateFileA
GetWindowsDirectoryA
SetFilePointer
GetLocalTime
GetSystemDefaultLangID
SetCurrentDirectoryW
GetTempPathA
GetFileSize
WriteFile
SetLastError
GetUserDefaultLCID
GetUserGeoID
CreateDirectoryW
RemoveDirectoryW
GetVersionExW
WideCharToMultiByte
MultiByteToWideChar
UnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
GetSystemTimeAsFileTime
GetCurrentProcessId
GetCurrentThreadId
GetTickCount
QueryPerformanceCounter
GetModuleHandleA
SetUnhandledExceptionFilter
GetStartupInfoA
InterlockedCompareExchange
LockResource
Sleep
InterlockedExchange
CloseHandle
FindClose
FindFirstFileW
GetCurrentDirectoryW
GlobalFree
GetCommandLineW
GetModuleFileNameW
GetSystemInfo
ReleaseMutex
CreateMutexW
GetSystemDirectoryW
GetWindowsDirectoryW
MoveFileW
CreateFileW
GetTempPathW
LoadResource
FindResourceW
DeleteFileW
ExpandEnvironmentStringsW
GetSystemWindowsDirectoryW
CreateThread
RegisterApplicationRestart
HeapSetInformation
GetProcAddress
LoadLibraryW
FreeLibrary
LoadLibraryExW
LocalFree
LocalAlloc
InitializeCriticalSection
WaitForSingleObject
CreateEventW
DeleteCriticalSection
ResetEvent
LeaveCriticalSection
EnterCriticalSection
SetEvent
InterlockedIncrement
InterlockedDecrement
lstrlenA
GetLastError
GetFileAttributesA

gdi32

GetTextMetricsW
CreatePen
GetTextFaceA
ExtTextOutW
CreateFontA
CreateSolidBrush
CreateCompatibleDC
CreateFontIndirectW
SetMapMode
SelectObject
GetObjectW
DeleteDC
DeleteObject
SetBkColor
SetBkMode
SetTextColor
GetStockObject
PatBlt
GetDeviceCaps

user32

IsWindow
SetWindowPos
GetClientRect
GetDesktopWindow
CharNextA
CharNextW
LoadStringA
MessageBoxW
LoadStringW
PostMessageW
SetWindowTextW
FindWindowW
LockSetForegroundWindow
SendMessageW
SetFocus
MoveWindow
MapWindowPoints
PeekMessageW
PostThreadMessageW
CallWindowProcW
DestroyCursor
GetActiveWindow
GetScrollInfo
SetScrollInfo
ScrollWindow
LoadCursorW
SetCursor
GetMessageW
IsDialogMessageW
TranslateMessage
DispatchMessageW
LoadIconW
SetForegroundWindow
UpdateWindow
PostQuitMessage
BeginPaint
CreateDialogParamW
GetWindowLongW
SetWindowLongW
EndPaint
GetSystemMetrics
DestroyWindow
SetTimer
KillTimer
GetSystemMenu
EnableMenuItem
LoadImageW
GetSysColor
InvalidateRect
CheckRadioButton
IsDlgButtonChecked
SendDlgItemMessageW
CreateWindowExW
FindWindowExW
RegisterWindowMessageA
EnableWindow
ShowWindow
SystemParametersInfoW
DrawTextW
DrawFocusRect
DefWindowProcW
GetDlgItem
GetWindowRect
GetParent
GetDC
ReleaseDC

msvcrt

?terminate@@YAXXZ
_controlfp
_unlock
__dllonexit
wcstok
_wtoi
_purecall
strstr
strrchr
ceil
_itow
free
malloc
memcpy
_wcsupr
calloc
wcstol
time
_stricmp
_endthread
iswalnum
towupper
iswdigit
bsearch
_except_handler4_common
wcsncmp
memmove
towlower
iswspace
_vsnprintf
_beginthreadex
_wtol
__set_app_type
__p__fmode
_wcsnicmp
_ftol2
swscanf
wcsrchr
_wcslwr
??_U@YAPAXI@Z
_lock
_onexit
__p__commode
__setusermatherr
_amsg_exit
_initterm
memset
_ftol2_sse
wcschr
??3@YAXPAX@Z
_acmdln
exit
_ismbblead
_XcptFilter
_exit
_cexit
wcspbrk
wcsstr
_wcsicmp
??2@YAPAXI@Z
__getmainargs
??_V@YAXPAX@Z
_strlwr
_vsnwprintf

atl

ord32

pdh

PdhCollectQueryData
PdhOpenQueryW
PdhAddCounterW
PdhCloseQuery
PdhGetFormattedCounterValue

ole32

CoRegisterClassObject
CoTaskMemFree
CoRevokeClassObject
CoCreateInstance
CLSIDFromString
CoUninitialize
CoInitialize
OleUninitialize
OleInitialize
PropVariantClear
CreateStreamOnHGlobal
CoInitializeEx

oleaut32

SystemTimeToVariantTime
SysAllocString
VariantTimeToSystemTime
VariantInit
VariantClear
SysAllocStringLen
SysFreeString
SysStringLen

comctl32

ord345
InitCommonControlsEx

shell32

CommandLineToArgvW
SHGetFolderPathW
SHChangeNotify
SHGetPathFromIDListW
ord102
SetCurrentProcessExplicitAppUserModelID
ShellExecuteW
ShellExecuteExW
SHGetFolderLocation
SHGetMalloc
SHGetSpecialFolderLocation

gdiplus

GdipImageRotateFlip
GdipCreateBitmapFromFile
GdipCreateBitmapFromFileICM
GdipCreateBitmapFromHBITMAP
GdipDisposeImage
GdiplusShutdown
GdiplusStartup
GdipCloneImage
GdipCreateHBITMAPFromBitmap
GdipAlloc
GdipFree

wininet

InternetCrackUrlW

setupapi

SetupGetBinaryField
SetupGetLineTextW
SetupFindFirstLineW
SetupGetLineCountW
SetupGetStringFieldW
SetupFindNextLine
SetupIterateCabinetA
SetupCloseInfFile

wintrust

WTHelperGetProvSignerFromChain
WinVerifyTrust
WTHelperProvDataFromStateData

urlmon

UrlMkSetSessionOption
ObtainUserAgentString

shlwapi

PathAddBackslashA
PathFindExtensionW
PathAddBackslashW
ord158
PathGetCharTypeA
PathGetCharTypeW
PathFindFileNameW
SHDeleteKeyW

crypt32

CertVerifyCertificateChainPolicy

userenv

ExpandEnvironmentStringsForUserW
LoadUserProfileW
UnloadUserProfile

secur32

GetUserNameExW

version

VerQueryValueW
GetFileVersionInfoSizeW
GetFileVersionInfoW

mpr

WNetCancelConnection2W
WNetAddConnection2W
WNetGetConnectionW

mf

MFGetSupportedSchemes

Sections

.text
Size: 452KB - Virtual size: 451KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 6KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1.4MB - Virtual size: 1.4MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 42KB - Virtual size: 42KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

914f48205872e2a197aaae4775f619b3

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

advapi32

kernel32

gdi32

user32

msvcrt

atl

pdh

ole32

oleaut32

comctl32

shell32

gdiplus

wininet

setupapi

wintrust

urlmon

shlwapi

crypt32

userenv

secur32

version

mpr

mf

Sections

.text Size: 452KB - Virtual size: 451KB

.data Size: 6KB - Virtual size: 13KB

.rsrc Size: 1.4MB - Virtual size: 1.4MB

.reloc Size: 42KB - Virtual size: 42KB

.text
Size: 452KB - Virtual size: 451KB

.data
Size: 6KB - Virtual size: 13KB

.rsrc
Size: 1.4MB - Virtual size: 1.4MB

.reloc
Size: 42KB - Virtual size: 42KB