a4e7734fefe0eed456d4489592d0b31e2799c2422cda590f1d6b9150c4111a89

Sharing

Copy URL Twitter E-mail

General

Target

a4e7734fefe0eed456d4489592d0b31e2799c2422cda590f1d6b9150c4111a89
Size

2.3MB
MD5

509d36e8ca7eb5746e89700072c1d14a
SHA1

e3c0ab4a0288110cec28e1250d2bbcac04a230f6
SHA256

a4e7734fefe0eed456d4489592d0b31e2799c2422cda590f1d6b9150c4111a89
SHA512

d3f71905355620d469743df6274426f44d2871e6e5845c706939cc4c7edb2bba5b2dd9c57fb13516218a0b2497ee5ac76998e0064654b07a9326a72c675c4452
SSDEEP

49152:yR/k31Kqfc0NJj6RsgHz42N/moWMZZ31jv8pAe2X3JJD+defV:yR+1Kqk0NJj6pkg/3WMNvzX3NV

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
a4e7734fefe0eed456d4489592d0b31e2799c2422cda590f1d6b9150c4111a89

Files

a4e7734fefe0eed456d4489592d0b31e2799c2422cda590f1d6b9150c4111a89
.exe windows:4 windows x86 arch:x86

45c319f1d4fdff7df75ed47d26c5a768

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

CreateToolhelp32Snapshot
Process32FirstW
Process32NextW
GetCommandLineW
InterlockedCompareExchange
CopyFileW
SetFilePointerEx
SetEndOfFile
GetSystemTime
LocalFree
CreateFileW
MultiByteToWideChar
GetLastError
OutputDebugStringW
FileTimeToSystemTime
FileTimeToLocalFileTime
GetSystemTimeAsFileTime
ReadFile
UnmapViewOfFile
CloseHandle
HeapAlloc
WideCharToMultiByte
DecodePointer
HeapSize
WriteConsoleW
SetEnvironmentVariableA
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCPInfo
GetOEMCP
IsValidCodePage
FindFirstFileExW
VirtualQueryEx
SetStdHandle
GetConsoleCP
FlushFileBuffers
LCMapStringW
CompareStringW
GetStringTypeW
GetACP
SetConsoleCtrlHandler
GetModuleHandleExW
GetCommandLineA
LoadLibraryExW
FreeLibrary
TlsFree
TlsSetValue
TlsGetValue
SizeofResource
InitializeCriticalSectionAndSpinCount
EncodePointer
RaiseException
RtlUnwind
GetStartupInfoW
InitializeSListHead
IsProcessorFeaturePresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
SetConsoleMode
VirtualFree
ReadProcessMemory
VirtualAlloc
Sleep
TerminateProcess
GetLongPathNameW
GetVersionExA
ExpandEnvironmentStringsA
GetComputerNameA
GetCurrentThreadId
ExitProcess
InterlockedIncrement
IsDebuggerPresent
HeapReAlloc
GetSystemInfo
MoveFileExW
DeleteFileW
SetFileAttributesW
LockResource
LoadResource
FindResourceW
WaitForSingleObject
GetFullPathNameW
GetCurrentThread
GetVersionExW
GetProcessHeap
GetCurrentProcessId
GetCurrentProcess
DuplicateHandle
OpenProcess
OpenFileMappingW
LeaveCriticalSection
EnterCriticalSection
GetComputerNameW
GetDriveTypeW
GetLogicalDrives
GetProcAddress
LoadLibraryW
GetTickCount
MapViewOfFile
CreateFileMappingW
SystemTimeToFileTime
GetFileSize
GetLocalTime
GetFileInformationByHandle
CompareFileTime
GetFileSizeEx
FindClose
FindNextFileW
FindFirstFileW
SetFilePointer
GetFileAttributesW
SetLastError
HeapFree
WriteFile
FormatMessageW
ReadConsoleW
ReadConsoleA
GetConsoleMode
GetEnvironmentVariableW
ConvertFiberToThread
GlobalMemoryStatus
QueryPerformanceCounter
DeleteFiber
GetFileType
GetStdHandle
CreateProcessW
GetSystemDirectoryW
ExpandEnvironmentStringsW
GetTempPathW
GetDateFormatW
GetModuleHandleW
CreateThread
CreateEventW
WaitForMultipleObjects
SetEvent
ResetEvent
DeleteCriticalSection
InitializeCriticalSection
TlsAlloc
GetExitCodeProcess
GetModuleFileNameW

user32

GetWindowTextW
GetWindowThreadProcessId
EnumWindows
CharUpperBuffW
CharUpperA
GetDesktopWindow
SendMessageW
GetDlgItem
GetUserObjectInformationW
GetProcessWindowStation
EndDialog
DialogBoxParamW
GetWindowRect
GetClientRect
LoadImageW
GetClassNameW
SystemParametersInfoW
ReleaseDC
GetParent
SetWindowLongW
LoadIconW
SetClassLongW
SetWindowPos
GetWindowLongW
CharLowerBuffW
SetWindowTextW
KillTimer
PostMessageW
SetDlgItemTextW
CheckDlgButton
GetDlgItemTextW
IsWindowVisible
LoadStringW
SetCursor
MessageBoxW
GetDC
DestroyIcon
GetDlgCtrlID
FindWindowW
MoveWindow
IsCharAlphaW
CreateCursor
LoadCursorW
FillRect
GetWindow
EndDeferWindowPos
DeferWindowPos
BeginDeferWindowPos
IsWindow
GetAsyncKeyState
GetSystemMetrics
ClientToScreen
EnableWindow
SetTimer
ShowWindow
SetFocus
GetWindowTextLengthW
IsDlgButtonChecked
InvalidateRect
CallWindowProcW

gdi32

TextOutW
GetTextExtentPoint32W
DeleteObject
GetStockObject
SetBkMode
SetTextColor
SelectObject
GetObjectW
CreateFontIndirectW
GetDeviceCaps

comdlg32

GetSaveFileNameW
GetOpenFileNameW

advapi32

DuplicateToken
CryptSignHashW
CryptDestroyHash
CryptCreateHash
CryptDecrypt
CryptExportKey
CryptGetUserKey
CryptGetProvParam
CryptSetHashParam
CryptDestroyKey
ReportEventW
RegisterEventSourceW
DeregisterEventSource
CloseEventLog
ReadEventLogW
OpenEventLogW
CryptReleaseContext
CryptGenRandom
CryptAcquireContextW
GetCurrentHwProfileW
RegQueryValueExA
GetUserNameA
AdjustTokenPrivileges
LookupPrivilegeValueW
RegSetValueExW
RegDeleteValueW
GetTokenInformation
FreeSid
AccessCheck
IsValidSecurityDescriptor
SetSecurityDescriptorOwner
SetSecurityDescriptorGroup
SetSecurityDescriptorDacl
AddAccessAllowedAce
InitializeAcl
GetLengthSid
InitializeSecurityDescriptor
AllocateAndInitializeSid
CryptEnumProvidersW
OpenProcessToken
OpenThreadToken
RegQueryValueExW
RegQueryInfoKeyW
GetUserNameW
RegCloseKey
RegOpenKeyExW

shell32

DragQueryFileW
ShellExecuteExW
SHGetSpecialFolderPathW
SHGetFolderPathA
SHGetFileInfoW
DragAcceptFiles
SHBrowseForFolderW
SHGetMalloc
ShellExecuteW
SHGetFolderPathW
SHGetPathFromIDListW

ole32

CoInitialize
CoCreateInstance
CLSIDFromProgID
CoGetClassObject

oleaut32

SysAllocString
SysFreeString

ntdll

NtEnumerateValueKey
NtSetInformationFile

comctl32

PropertySheetW
CreatePropertySheetPageW
ord17

shlwapi

PathFileExistsW
StrStrIW
PathFindFileNameW

crypt32

CertFindCertificateInStore
CertDuplicateCertificateContext
CertFreeCertificateContext
CertGetCertificateContextProperty
CryptDecodeObjectEx
CertOpenStore
CertCloseStore
CryptStringToBinaryA
CertEnumCertificatesInStore
CryptDecodeObject

ws2_32

closesocket
WSACleanup
WSASetLastError
send
WSAGetLastError
recv

mpr

WNetEnumResourceW
WNetCloseEnum
WNetOpenEnumW

version

GetFileVersionInfoW
VerQueryValueW
GetFileVersionInfoSizeW

psapi

GetProcessImageFileNameW

wininet

InternetOpenW
InternetGetConnectedState
InternetCheckConnectionW
InternetReadFile
InternetCloseHandle
InternetOpenUrlW

Sections

.text
Size: 941KB - Virtual size: 940KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.gcode
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 935KB - Virtual size: 935KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 158KB - Virtual size: 170KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.gdata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 286KB - Virtual size: 285KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

45c319f1d4fdff7df75ed47d26c5a768

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

gdi32

comdlg32

advapi32

shell32

ole32

oleaut32

ntdll

comctl32

shlwapi

crypt32

ws2_32

mpr

version

psapi

wininet

Sections

.text Size: 941KB - Virtual size: 940KB

.gcode Size: 5KB - Virtual size: 4KB

.rdata Size: 935KB - Virtual size: 935KB

.data Size: 158KB - Virtual size: 170KB

.gdata Size: 1KB - Virtual size: 1KB

.rsrc Size: 286KB - Virtual size: 285KB

.text
Size: 941KB - Virtual size: 940KB

.gcode
Size: 5KB - Virtual size: 4KB

.rdata
Size: 935KB - Virtual size: 935KB

.data
Size: 158KB - Virtual size: 170KB

.gdata
Size: 1KB - Virtual size: 1KB

.rsrc
Size: 286KB - Virtual size: 285KB