file[.]0xe108c9e3f1c0[.]0xe108c0455dc0[.]ImageSectionObject[.]avpmapp[.]exe[.]img

Sharing

Copy URL Twitter E-mail

General

Target

file.0xe108c9e3f1c0.0xe108c0455dc0.ImageSectionObject.avpmapp.exe.img
Size

4.0MB
MD5

31932c46b6e84a2002a35fafc5602d7b
SHA1

3e109a898f28abf75fab42423bdf46e2793e7571
SHA256

85929a65ea75082d639571dc3a8aa28a9479ba6d93ac3d5f7f9d0b18085bc66c
SHA512

0992655e984ebe5dbe737b1cb48f3c1740c40031c808e89aa4fe7ecf357f8370fb941d9768cc9a03e95332c569def95147770641722c5e0a17a12b7eeac85179
SSDEEP

49152:Rqs1wH3udxGIxtV5m/pi9qbats0vx5+hOQvO/ydnuc0fgaeoBC:0leeIxtV5m/w9qu5+7v6ydnuUoB

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
file.0xe108c9e3f1c0.0xe108c0455dc0.ImageSectionObject.avpmapp.exe.img

Files

file.0xe108c9e3f1c0.0xe108c0455dc0.ImageSectionObject.avpmapp.exe.img
.exe windows:5 windows x86 arch:x86

374abdfa3b0cf56b502b95ebdbcbde11

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

winmm

sndPlaySoundA

shlwapi

StrChrIA

netapi32

Netbios

ws2_32

recv
ioctlsocket
WSAIoctl
connect
inet_ntoa
htonl
WSARecv
WSAGetLastError
htons
ntohs
socket
WSASetLastError
closesocket
gethostbyaddr
gethostbyname
send
select
ntohl
inet_addr

winhttp

WinHttpAddRequestHeaders
WinHttpSetCredentials
WinHttpReadData
WinHttpCrackUrl
WinHttpSetDefaultProxyConfiguration
WinHttpOpenRequest
WinHttpOpen
WinHttpQueryDataAvailable
WinHttpSetStatusCallback
WinHttpQueryHeaders
WinHttpCloseHandle
WinHttpConnect
WinHttpSendRequest
WinHttpSetOption
WinHttpReceiveResponse

kernel32

SetLastError
GetProcAddress
SetFileAttributesA
ResetEvent
LoadLibraryA
MoveFileA
GetExitCodeThread
FindNextChangeNotification
WaitForMultipleObjects
GetModuleFileNameA
FindFirstChangeNotificationA
GetCurrentDirectoryA
ReleaseMutex
CloseHandle
GetCurrentProcessId
ResumeThread
CreateThread
GetProcessTimes
TerminateThread
GetExitCodeProcess
CreateProcessA
ReadFile
GetLongPathNameA
LocalAlloc
CreatePipe
SetFilePointer
GetCurrentThreadId
FileTimeToSystemTime
MapViewOfFile
UnmapViewOfFile
MoveFileExA
GetTimeFormatA
SetFileTime
InitializeCriticalSection
DeleteCriticalSection
VirtualQuery
MoveFileExW
GetCurrentProcess
GetComputerNameW
GetModuleHandleW
ReadDirectoryChangesW
WideCharToMultiByte
GetFileAttributesW
lstrcmpW
FlushInstructionCache
lstrcmpiA
InterlockedExchangeAdd
CreateFileMappingA
OpenEventA
LoadLibraryExA
FindNextFileW
VirtualProtect
FileTimeToLocalFileTime
WriteProcessMemory
GetFullPathNameA
FindResourceA
lstrcmpA
LoadResource
EnumResourceTypesA
GetDriveTypeA
InitializeCriticalSectionAndSpinCount
SizeofResource
RemoveDirectoryA
LockResource
EnumResourceNamesA
GetDiskFreeSpaceExA
OpenFileMappingA
TerminateProcess
GetPrivateProfileSectionNamesA
GetVersion
HeapAlloc
HeapFree
GetCurrentThread
GetProcessHeap
OpenProcess
GetSystemDefaultLangID
HeapReAlloc
SetCurrentDirectoryA
GlobalMemoryStatus
SetPriorityClass
FindFirstFileW
GetLocaleInfoA
_llseek
lstrcpynA
SetEndOfFile
SystemTimeToFileTime
WritePrivateProfileSectionA
QueryDosDeviceA
CreateDirectoryW
ExpandEnvironmentStringsA
GetWindowsDirectoryA
VirtualFreeEx
CopyFileW
ReadProcessMemory
GetTimeZoneInformation
GetEnvironmentVariableA
SetThreadPriority
FlushFileBuffers
InterlockedExchange
GetStartupInfoA
FindFirstFileA
GetThreadLocale
VirtualAllocEx
OpenMutexA
WritePrivateProfileStringA
GlobalMemoryStatusEx
GetProfileStringA
QueryDosDeviceW
GetDiskFreeSpaceA
SetProcessWorkingSetSize
GetSystemInfo
SetEnvironmentVariableA
FindNextFileA
WriteProfileStringA
CreateMutexA
GetPrivateProfileSectionA
GetFileTime
GetShortPathNameW
DuplicateHandle
DeleteFileW
GetFileInformationByHandle
GetSystemTime
SetFileAttributesW
AreFileApisANSI
DeleteFileA
LocalFileTimeToFileTime
GetThreadSelectorEntry
GetSystemPowerStatus
CreateRemoteThread
SystemTimeToTzSpecificLocalTime
SetSystemTime
GetFullPathNameW
CreateMutexW
HeapCompact
QueryPerformanceCounter
InterlockedCompareExchange
UnlockFile
LockFile
OutputDebugStringW
UnlockFileEx
GetSystemTimeAsFileTime
LoadLibraryW
FormatMessageW
GetVersionExW
HeapDestroy
HeapCreate
HeapValidate
GetTempPathW
HeapSize
LockFileEx
GetDiskFreeSpaceW
CreateFileMappingW
GetFileAttributesExW
OutputDebugStringA
GetShortPathNameA
GetSystemDirectoryA
GetFileAttributesA
WriteFile
WaitForSingleObjectEx
FindCloseChangeNotification
CompareFileTime
FreeLibrary
GetFileSize
LocalFree
GetTempPathA
GetModuleHandleA
DeviceIoControl
GetLocalTime
GetTempFileNameA
EnterCriticalSection
GetLastError
MultiByteToWideChar
CreateFileW
LeaveCriticalSection
CreateEventA
GetDateFormatA
FormatMessageA
SetEvent
WaitForSingleObject
InterlockedDecrement
InterlockedIncrement
lstrlenA
GetComputerNameA
lstrcpyA
GetVersionExA
GetPrivateProfileStringA
FindClose
CopyFileA
CreateDirectoryA
lstrcatA
Sleep
GetTickCount
ExitThread
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
ExitProcess
GetFileType
GetCommandLineA
RaiseException
RtlUnwind
GetCPInfo
LCMapStringA
LCMapStringW
VirtualFree
VirtualAlloc
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
GetACP
GetOEMCP
IsValidCodePage
SetHandleCount
GetStdHandle
GetConsoleCP
GetConsoleMode
SetStdHandle
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetStringTypeA
GetStringTypeW
GetUserDefaultLCID
EnumSystemLocalesA
IsValidLocale
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
GetLocaleInfoW
CompareStringA
CompareStringW
SetFilePointerEx
GetFileSizeEx
CreateFileA

user32

AttachThreadInput
CreateCursor
GetProcessWindowStation
OpenInputDesktop
wsprintfA
FindWindowExA
GetUserObjectSecurity
CloseDesktop
SendMessageA
RegisterWindowMessageA
EnumWindows
GetForegroundWindow
GetWindowTextA
OpenWindowStationA
MessageBoxA
SetCursorPos
BringWindowToTop
DestroyCursor
CopyImage
GetDesktopWindow
GetCursorPos
ShowWindow
PostMessageA
GetSystemMetrics
IsWindowVisible
LoadCursorA
GetWindowThreadProcessId
CharUpperA
PostQuitMessage
CreateWindowExA
DefWindowProcA
RegisterClassA
GetMessageA
TranslateMessage
PeekMessageA
DispatchMessageA
SystemParametersInfoA
CharLowerA
GetClassNameA
CloseWindowStation
SetForegroundWindow
IsIconic
SendInput
SetSystemCursor
OpenDesktopA
SetActiveWindow
GetWindowRect
SetProcessWindowStation
GetWindowLongA
PostThreadMessageA
LoadIconA
SetTimer
RedrawWindow

gdi32

GetStockObject

winspool.drv

EnumPrintersW

advapi32

CryptGetHashParam
LookupAccountNameA
SetServiceStatus
RegisterServiceCtrlHandlerExA
CreateServiceA
StartServiceCtrlDispatcherA
CryptHashData
CryptDestroyHash
SetSecurityDescriptorSacl
ControlService
GetUserNameA
QueryServiceConfigA
GetSecurityDescriptorSacl
FreeSid
IsValidSid
GetSecurityDescriptorOwner
CryptCreateHash
RegQueryValueExA
RegCreateKeyA
RegOpenKeyA
RegEnumKeyA
RegCloseKey
RegDeleteKeyA
OpenServiceA
CloseServiceHandle
RegCreateKeyExA
RegOpenKeyExA
QueryServiceStatus
OpenSCManagerA
RegNotifyChangeKeyValue
RegEnumKeyExA
RegSetValueExA
RegQueryInfoKeyA
RegDeleteValueA
RevertToSelf
RegEnumValueA
OpenProcessToken
LookupPrivilegeValueA
AdjustTokenPrivileges
OpenThreadToken
CreateProcessAsUserA
ConvertSidToStringSidW
RegisterEventSourceA
GetSidSubAuthority
DeleteService
GetSidSubAuthorityCount
GetTokenInformation
EqualSid
EnumDependentServicesA
LookupAccountSidA
CryptReleaseContext
DuplicateToken
DeregisterEventSource
InitializeSecurityDescriptor
StartServiceA
LookupAccountNameW
ChangeServiceConfigA
SetSecurityDescriptorDacl
ReportEventA
CryptAcquireContextA
DuplicateTokenEx
ImpersonateLoggedOnUser
AllocateAndInitializeSid

shell32

SHGetMalloc
SHGetPathFromIDListA
SHGetDesktopFolder

ole32

CoInitializeSecurity
StringFromGUID2
CoUninitialize
CoSetProxyBlanket
CoCreateInstance
CoCreateGuid
CoInitialize
CoInitializeEx

oleaut32

SafeArrayGetElement
SafeArrayDestroy
SafeArrayGetLBound
SafeArrayGetUBound
VariantInit
VariantClear
SysAllocString
SysStringLen
SysFreeString

Sections

.text
Size: 2.3MB - Virtual size: 2.3MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 491KB - Virtual size: 490KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 225KB - Virtual size: 999KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 890KB - Virtual size: 889KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 165KB - Virtual size: 165KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

374abdfa3b0cf56b502b95ebdbcbde11

Headers

DLL Characteristics

File Characteristics

Imports

winmm

shlwapi

netapi32

ws2_32

winhttp

kernel32

user32

gdi32

winspool.drv

advapi32

shell32

ole32

oleaut32

Sections

.text Size: 2.3MB - Virtual size: 2.3MB

.rdata Size: 491KB - Virtual size: 490KB

.data Size: 225KB - Virtual size: 999KB

.rsrc Size: 890KB - Virtual size: 889KB

.reloc Size: 165KB - Virtual size: 165KB

.text
Size: 2.3MB - Virtual size: 2.3MB

.rdata
Size: 491KB - Virtual size: 490KB

.data
Size: 225KB - Virtual size: 999KB

.rsrc
Size: 890KB - Virtual size: 889KB

.reloc
Size: 165KB - Virtual size: 165KB