80318c0519675974bdf229f774012b9e5b097efdaafa50f8de928ed01a350218

Sharing

Copy URL Twitter E-mail

General

Target

80318c0519675974bdf229f774012b9e5b097efdaafa50f8de928ed01a350218
Size

198KB
MD5

9566b6e3ca9960f7cd9325de86f2a565
SHA1

d81db870c4e2419ff79e55384b626cc0d228005a
SHA256

80318c0519675974bdf229f774012b9e5b097efdaafa50f8de928ed01a350218
SHA512

93e795174739c12bdf9ceb7a602f9576883f47caa3695643fe4912c3175923aea29f85637d2caea7c920b89273c7acd20223986b051b600b26c9e543b0a73edb
SSDEEP

3072:JLZarp/sQZCac0ZU0QhRkKqUa9antF5hvvJkuXp+n+:6rRBZC5xPhSKq99UF5hvv/

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
80318c0519675974bdf229f774012b9e5b097efdaafa50f8de928ed01a350218

Files

80318c0519675974bdf229f774012b9e5b097efdaafa50f8de928ed01a350218
.exe windows:10 windows x86 arch:x86

7d5eee5ebbbeb4dac8f8621dfae748e4

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

cleanmgr.pdb

Imports

gdi32

SetBkMode
SetTextColor
SetBkColor
GetTextExtentPoint32W
GetLayout
ExtTextOutW

user32

SetDlgItemTextW
GetParent
SendDlgItemMessageW
SetWindowLongW
GetDlgItem
SendMessageW
ShowWindow
MessageBoxW
LoadStringW
GetClientRect
DispatchMessageW
TranslateMessage
PeekMessageW
SetForegroundWindow
GetWindowTextW
PostMessageW
GetSystemMetrics
GetWindowLongW
DrawFocusRect
DrawIconEx
GetSysColor
SetFocus
EndDialog
DialogBoxParamW
DestroyWindow
CreateDialogParamW
IsDialogMessageW
DestroyIcon
LoadIconW
EnableWindow
EnumWindows

msvcrt

memset
_CIsqrt
toupper
_vsnwprintf
_except_handler4_common
_controlfp
?terminate@@YAXXZ
_initterm
__setusermatherr
__p__fmode
_cexit
_exit
exit
__set_app_type
__getmainargs
_amsg_exit
__p__commode
_XcptFilter
_wcsicmp

comctl32

ImageList_Create
ord345
CreatePropertySheetPageW
PropertySheetW
ImageList_ReplaceIcon
ord17

shell32

SHGetFileInfoW
ord680
ShellExecuteExW
ExtractIconExW

shlwapi

StrCmpNW
StrCmpW
StrToIntW
StrStrIW
ord271
ord487
PathStripToRootW
SHDeleteKeyW
StrFormatByteSizeW

api-ms-win-core-heap-l1-2-0

GetProcessHeap
HeapSetInformation
HeapFree
HeapAlloc

api-ms-win-core-sysinfo-l1-2-1

GetSystemTime
GetWindowsDirectoryW
GetSystemTimeAsFileTime
GetTickCount

api-ms-win-core-libraryloader-l1-2-0

FreeLibrary
GetModuleHandleW
GetModuleHandleA
GetModuleFileNameW
LoadLibraryExW

api-ms-win-core-errorhandling-l1-1-1

UnhandledExceptionFilter
SetUnhandledExceptionFilter
SetErrorMode
GetLastError

api-ms-win-core-heap-l2-1-0

LocalAlloc
LocalFree

api-ms-win-core-synch-l1-2-0

WaitForSingleObject
SetEvent
Sleep
CreateEventW

api-ms-win-core-handle-l1-1-0

CloseHandle

api-ms-win-core-file-l1-2-1

GetDiskFreeSpaceExW
GetVolumeInformationW
GetVolumeNameForVolumeMountPointW
GetDiskFreeSpaceW
GetDriveTypeW

api-ms-win-core-processenvironment-l1-2-0

GetCommandLineW

api-ms-win-core-com-l1-1-1

CoGetMalloc
CoInitializeEx
CoTaskMemFree
CoCreateInstance
CLSIDFromString
CoUninitialize
CoTaskMemAlloc

api-ms-win-core-string-l1-1-0

WideCharToMultiByte

api-ms-win-eventing-provider-l1-1-0

EventWriteTransfer
EventUnregister
EventRegister
EventActivityIdControl
EventSetInformation

api-ms-win-core-registry-l1-1-0

RegOpenKeyExW
RegSetValueExW
RegQueryValueExW
RegCloseKey
RegEnumKeyExW
RegGetValueW

oleaut32

VariantInit
SysStringLen
VariantClear

api-ms-win-core-processthreads-l1-1-2

GetCurrentProcess
CreateThread
GetCurrentProcessId
GetCurrentThreadId
TerminateProcess

api-ms-win-core-timezone-l1-1-0

SystemTimeToFileTime

api-ms-win-core-localization-l1-2-1

FormatMessageW

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

kernel32

MulDiv
GetStartupInfoA
CheckElevationEnabled
lstrlenW

ntdll

NtOpenProcessToken
RtlNtStatusToDosError
NtQueryInformationToken
NtOpenThreadToken
NtClose
WinSqmAddToStream

ole32

CoInitialize

vssapi

CreateVssBackupComponentsInternal
VssFreeSnapshotPropertiesInternal

Sections

.text
Size: 27KB - Virtual size: 26KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 512B - Virtual size: 984B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 162KB - Virtual size: 161KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

7d5eee5ebbbeb4dac8f8621dfae748e4

Headers

File Characteristics

PDB Paths

Imports

gdi32

user32

msvcrt

comctl32

shell32

shlwapi

api-ms-win-core-heap-l1-2-0

api-ms-win-core-sysinfo-l1-2-1

api-ms-win-core-libraryloader-l1-2-0

api-ms-win-core-errorhandling-l1-1-1

api-ms-win-core-heap-l2-1-0

api-ms-win-core-synch-l1-2-0

api-ms-win-core-handle-l1-1-0

api-ms-win-core-file-l1-2-1

api-ms-win-core-processenvironment-l1-2-0

api-ms-win-core-com-l1-1-1

api-ms-win-core-string-l1-1-0

api-ms-win-eventing-provider-l1-1-0

api-ms-win-core-registry-l1-1-0

oleaut32

api-ms-win-core-processthreads-l1-1-2

api-ms-win-core-timezone-l1-1-0

api-ms-win-core-localization-l1-2-1

api-ms-win-core-profile-l1-1-0

kernel32

ntdll

ole32

vssapi

Sections

.text Size: 27KB - Virtual size: 26KB

.data Size: 512B - Virtual size: 984B

.idata Size: 5KB - Virtual size: 5KB

.rsrc Size: 162KB - Virtual size: 161KB

.reloc Size: 2KB - Virtual size: 1KB

.text
Size: 27KB - Virtual size: 26KB

.data
Size: 512B - Virtual size: 984B

.idata
Size: 5KB - Virtual size: 5KB

.rsrc
Size: 162KB - Virtual size: 161KB

.reloc
Size: 2KB - Virtual size: 1KB