97aad3f10afab235a5a22a2bb20ad5ff067d6513dd52b326061457149bee9db5

Sharing

Copy URL Twitter E-mail

General

Target

97aad3f10afab235a5a22a2bb20ad5ff067d6513dd52b326061457149bee9db5
Size

1.5MB
MD5

c537c170ba3ace725b4f72c9d90efccf
SHA1

79375e0fcb2c6b872d55af76c2e069cf88a9c47f
SHA256

97aad3f10afab235a5a22a2bb20ad5ff067d6513dd52b326061457149bee9db5
SHA512

24ce18561d496ac2b6b5cccd471f66901365bfc037a9a8d8c1efe31fe1e9eb879593860fbdacd64c897c9b126247b258b0e44091556afd276d41c9590a6c1115
SSDEEP

24576:RZkzLEPQEF+iUmztb8UQL9Wxi19l+5WnNod1cjhIq+K7NSzItV8FTIopaVyt:TknEYEFOBr9WUkUyd2S+78zYVwEyaVy

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
97aad3f10afab235a5a22a2bb20ad5ff067d6513dd52b326061457149bee9db5

Files

97aad3f10afab235a5a22a2bb20ad5ff067d6513dd52b326061457149bee9db5
.dll windows:5 windows x86 arch:x86

eee960e454e037baed292fa8122ee8c3

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

rasapi32

RasHangUpW
RasEnumConnectionsA

ole32

PropVariantClear
RegisterDragDrop
HICON_UserUnmarshal
OleCreateStaticFromData
OleGetIconOfFile
CoGetObject
HPALETTE_UserUnmarshal
StgIsStorageILockBytes
HDC_UserMarshal
CoRevertToSelf
HBITMAP_UserFree
CoDosDateTimeToFileTime

clusapi

ClusterRegEnumValue

pdh

PdhUpdateLogW

ws2_32

WSACancelAsyncRequest
gethostbyname
ioctlsocket
WSAAsyncSelect

imm32

ImmGetConversionStatus
ImmGetIMEFileNameW
ImmGetCompositionWindow
ImmReleaseContext

msacm32

acmStreamOpen
acmFormatEnumW

winscard

SCardListCardsW

netapi32

NetGroupSetUsers
NetLocalGroupSetInfo
NetServerTransportDel
NetShareAdd
NetLocalGroupDelMembers
NetLocalGroupEnum
NetServerDiskEnum
NetServerTransportEnum

comctl32

CreateToolbarEx

comdlg32

GetFileTitleA

rpcrt4

RpcServerUnregisterIf
I_RpcAsyncAbortCall
UuidCreate
NdrOleFree
RpcImpersonateClient
RpcRevertToSelf

winspool.drv

DeletePrinterDriverW
DeviceCapabilitiesA
EnumJobsW
AddPrinterA
FreePrinterNotifyInfo
OpenPrinterA

iphlpapi

GetIpForwardTable
GetBestInterface

kernel32

GetModuleFileNameA
GetConsoleMode
GetBinaryTypeW
GetStringTypeExW
IsBadWritePtr
CreateMailslotW
RaiseException
GetLogicalDrives
TerminateProcess
WriteConsoleA
SetProcessAffinityMask
SetThreadLocale
GetConsoleCP
GetDiskFreeSpaceW
EnumResourceNamesW
GetModuleFileNameW
lstrcatW
SetSystemTime
DeleteCriticalSection
InitializeCriticalSection
GlobalMemoryStatus
ContinueDebugEvent
ReadFileEx
EnumTimeFormatsA
SetCalendarInfoW

shlwapi

PathIsFileSpecA
SHDeleteEmptyKeyW
StrCatBuffW
UrlApplySchemeW
StrChrNW
PathGetCharTypeA
PathIsUNCServerW
SHQueryValueExW
StrChrA
SHRegDuplicateHKey
PathCanonicalizeA
StrChrIA

lz32

GetExpandedNameW
LZInit
LZSeek

ntdsapi

DsFreeSchemaGuidMapW

msvfw32

ICInstall
ICDraw
DrawDibChangePalette
ICSeqCompressFrameStart

avifil32

AVIStreamStart
AVIStreamInfoW

shell32

DragFinish
Shell_NotifyIconA
SHGetFolderPathA
ExtractIconExW
SHGetInstanceExplorer
SHGetSpecialFolderLocation

opengl32

glMap2f

user32

wsprintfA
ChangeDisplaySettingsA
ShowWindow
WindowFromPoint
CopyImage
UpdateWindow
MapDialogRect
GetWindowModuleFileNameW
GetUpdateRgn
CallWindowProcA
GetDCEx
SetScrollRange
ClientToScreen
DefFrameProcW
EnumDesktopsA
ChangeDisplaySettingsExA
UnhookWindowsHook
DestroyIcon
SetCursor
ArrangeIconicWindows
FreeDDElParam
CreatePopupMenu
SetWindowPos
OpenWindowStationA
GetDialogBaseUnits
TranslateAcceleratorW
SetDoubleClickTime
CreateAcceleratorTableA

wintrust

WintrustAddActionID

urlmon

URLDownloadToCacheFileA

winmm

midiOutGetVolume
waveOutOpen
midiStreamOpen
midiInGetNumDevs
midiOutGetErrorTextW
mciGetErrorStringW
mixerGetLineControlsA
mmioDescend
CloseDriver
mmioWrite
mciSendStringW
waveOutClose
sndPlaySoundW

gdi32

GdiComment
GetWindowOrgEx
PtInRegion
ModifyWorldTransform
DeleteMetaFile
FlattenPath
CreatePen
BeginPath
SetMapMode
CreateColorSpaceA
CreateICW
CreatePolyPolygonRgn
PlayMetaFile
GetMetaFileA
SetEnhMetaFileBits
BitBlt

secur32

DeleteSecurityContext
SetContextAttributesW

advapi32

AddAce
SaferSetPolicyInformation
RegCreateKeyExW
CryptVerifySignatureW
GetTrusteeNameW
RegOpenCurrentUser
CloseServiceHandle
CryptDecrypt
EnumServicesStatusW
ObjectPrivilegeAuditAlarmA
GetNamedSecurityInfoA
DestroyPrivateObjectSecurity
RegLoadKeyA
AreAnyAccessesGranted
SetEntriesInAclW
RegisterServiceCtrlHandlerExA
SetFileSecurityA
ChangeServiceConfig2A
RegEnumKeyExA

wininet

InternetGetConnectedStateExW
InternetConnectW
InternetQueryOptionW
HttpSendRequestW
HttpQueryInfoA
SetUrlCacheEntryInfoA
HttpEndRequestW
InternetCrackUrlA
GetUrlCacheEntryInfoA

msvcrt

iswctype
wcstoul
fgets
rand
wcscoll

crypt32

CryptMsgClose
CryptImportPublicKeyInfo
CertFreeCertificateChainEngine
CertFindCertificateInStore

setupapi

CM_Get_Sibling_Ex
SetupDiEnumDeviceInterfaces
CM_Set_DevNode_Registry_PropertyW
SetupGetInfInformationW
SetupDiDestroyDeviceInfoList
SetupGetMultiSzFieldW
SetupDiCreateDeviceInfoList
SetupDiSetSelectedDriverA
SetupFindNextLine
SetupDiSetClassInstallParamsA
SetupDiGetSelectedDriverA
SetupOpenLog

mprapi

MprAdminMIBEntryGet
MprConfigTransportSetInfo

oleaut32

SafeArrayCreate
VarR4FromCy
SysAllocStringLen
SafeArrayLock
SafeArrayUnaccessData

Exports

Exports

HnebhrnndjehRerazg

Sections

.text
Size: 1.3MB - Virtual size: 1.3MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

CODE
Size: 8KB - Virtual size: 5KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 12KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 56KB - Virtual size: 56KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.CODE
Size: 12KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

3q
Size: 24KB - Virtual size: 22KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.code
Size: 36KB - Virtual size: 33KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

3l4Q
Size: 20KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

I4B*YPa
Size: 20KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 872B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 16KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

eee960e454e037baed292fa8122ee8c3

Headers

File Characteristics

Imports

rasapi32

ole32

clusapi

pdh

ws2_32

imm32

msacm32

winscard

netapi32

comctl32

comdlg32

rpcrt4

winspool.drv

iphlpapi

kernel32

shlwapi

lz32

ntdsapi

msvfw32

avifil32

shell32

opengl32

user32

wintrust

urlmon

winmm

gdi32

secur32

advapi32

wininet

msvcrt

crypt32

setupapi

mprapi

oleaut32

Exports

Exports

Sections

.text Size: 1.3MB - Virtual size: 1.3MB

CODE Size: 8KB - Virtual size: 5KB

.rdata Size: 12KB - Virtual size: 8KB

.data Size: 56KB - Virtual size: 56KB

.CODE Size: 12KB - Virtual size: 8KB

3q Size: 24KB - Virtual size: 22KB

.code Size: 36KB - Virtual size: 33KB

3l4Q Size: 20KB - Virtual size: 16KB

I4B*YPa Size: 20KB - Virtual size: 16KB

.rsrc Size: 4KB - Virtual size: 872B

.reloc Size: 16KB - Virtual size: 14KB

.text
Size: 1.3MB - Virtual size: 1.3MB

CODE
Size: 8KB - Virtual size: 5KB

.rdata
Size: 12KB - Virtual size: 8KB

.data
Size: 56KB - Virtual size: 56KB

.CODE
Size: 12KB - Virtual size: 8KB

3q
Size: 24KB - Virtual size: 22KB

.code
Size: 36KB - Virtual size: 33KB

3l4Q
Size: 20KB - Virtual size: 16KB

I4B*YPa
Size: 20KB - Virtual size: 16KB

.rsrc
Size: 4KB - Virtual size: 872B

.reloc
Size: 16KB - Virtual size: 14KB