105b8d305ce417666908d16959cf2ab19530f2d09febf11f080bbee43d483f0a

Sharing

Copy URL

Twitter E-mail

General

Target

105b8d305ce417666908d16959cf2ab19530f2d09febf11f080bbee43d483f0a
Size

1.5MB
MD5

07740deee0f3d58205d5586217e694aa
SHA1

f71d232356d425304214f2723f3cd59cb989e1a4
SHA256

105b8d305ce417666908d16959cf2ab19530f2d09febf11f080bbee43d483f0a
SHA512

17602d45382be3e6c26995e332c7822619401bbd4edca30196a9f984dd3b4eecf5e01e1190c358daba16f4bac51512c1c07dc14f575943040d74898d9fbeec3e
SSDEEP

49152:gNgo8IHe/2+VWMKuYlk1gEA4LbeEbm6HWYW7pn1AViyDN71YOhWbxJ9z0fePbKeM:gNgo8IHe/2+VWMKuYW1O4LbeEbm6HWY+

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
105b8d305ce417666908d16959cf2ab19530f2d09febf11f080bbee43d483f0a

Files

105b8d305ce417666908d16959cf2ab19530f2d09febf11f080bbee43d483f0a
.exe windows:5 windows x86 arch:x86

496afe737f50fb3b0a98f6d54384bc98

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetPrivateProfileSectionA
QueryPerformanceFrequency
DeleteFileA
GlobalAlloc
OutputDebugStringA
GetComputerNameA
HeapAlloc
HeapFree
GetProcessHeap
DosDateTimeToFileTime
lstrlenA
SetFileTime
WriteFile
GetFileAttributesA
lstrcatA
GetFileTime
lstrcpyA
LocalFileTimeToFileTime
MultiByteToWideChar
LocalFree
GetTimeFormatA
GetDateFormatA
FileTimeToSystemTime
FileTimeToLocalFileTime
ResetEvent
GetVersionExA
QueryDosDeviceA
GetDriveTypeA
GetVolumeInformationA
GetLogicalDriveStringsA
LocalAlloc
DeviceIoControl
FindFirstVolumeA
FindNextVolumeA
CreateFileW
GetPrivateProfileIntA
GetPrivateProfileStringA
WritePrivateProfileStringA
MoveFileExA
FormatMessageA
GetSystemWindowsDirectoryA
GetModuleFileNameA
RemoveDirectoryA
SetFileAttributesA
SetUnhandledExceptionFilter
GetModuleHandleW
InitializeCriticalSection
LeaveCriticalSection
EnterCriticalSection
DeleteCriticalSection
FindFirstFileW
FindNextFileW
SystemTimeToTzSpecificLocalTime
GetDiskFreeSpaceExA
GetCurrentProcessId
SystemTimeToFileTime
GetSystemTime
FindNextFileA
UnmapViewOfFile
GetLocalTime
GetFileInformationByHandle
InterlockedIncrement
GlobalFree
ResumeThread
UnhandledExceptionFilter
IsDebuggerPresent
InterlockedCompareExchange
SetEnvironmentVariableA
CompareStringW
CompareStringA
WriteConsoleW
GetConsoleOutputCP
WriteConsoleA
SetEndOfFile
SetStdHandle
GetLocaleInfoW
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsA
GetStringTypeW
GetStringTypeA
IsValidLocale
EnumSystemLocalesA
GetLocaleInfoA
GetUserDefaultLCID
RtlUnwind
FlushFileBuffers
GetPrivateProfileSectionNamesA
LockResource
MoveFileA
FindClose
CopyFileA
FindFirstFileA
CreateDirectoryA
GetSystemDirectoryA
ReadFile
CreateProcessA
GetExitCodeProcess
SizeofResource
FindResourceExA
GetWindowsDirectoryA
GetTickCount
QueryPerformanceCounter
InterlockedDecrement
LoadResource
lstrcmpA
FindResourceA
GetFileSize
CreateFileA
ProcessIdToSessionId
LoadLibraryA
GetProcAddress
lstrlenW
WideCharToMultiByte
FreeLibrary
CreateEventA
GetComputerNameW
CreateThread
CloseHandle
CreateToolhelp32Snapshot
GetModuleHandleA
WaitForMultipleObjects
SetConsoleCtrlHandler
GetConsoleMode
ExitProcess
GetConsoleCP
GetTimeZoneInformation
GetStartupInfoA
SetHandleCount
GetCurrentDirectoryA
GetFileType
PeekNamedPipe
GetFullPathNameA
VirtualAlloc
VirtualFree
HeapDestroy
GetCurrentThreadId
HeapReAlloc
GetSystemTimeAsFileTime
GetCommandLineA
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
SetLastError
LCMapStringA
Process32Next
GetLastError
TerminateProcess
Sleep
OpenProcess
SetEvent
WaitForSingleObject
Process32First
SetFilePointer
GetCurrentProcess
LCMapStringW
HeapSize
RaiseException
GetStdHandle
InterlockedExchange
HeapCreate
InitializeCriticalSectionAndSpinCount
ExitThread

user32

RegisterDeviceNotificationA
SetCursor
GetDesktopWindow
WaitForInputIdle
GetGUIThreadInfo
LoadCursorA
UpdateWindow
DispatchMessageA
ShowWindow
GetSystemMetrics
CreateWindowExA
TranslateMessage
SendMessageA
LoadIconA
PostQuitMessage
RegisterClassExA
GetMessageA
DefWindowProcA
wsprintfA

advapi32

GetTokenInformation
OpenProcessToken
StartServiceCtrlDispatcherA
RegisterServiceCtrlHandlerA
RegQueryValueExA
RegOpenKeyExA
SetServiceStatus
ConvertSidToStringSidW
LookupAccountNameW
CryptHashData
CryptDestroyHash
CryptCreateHash
CryptAcquireContextA
CryptReleaseContext
CryptGetHashParam
QueryServiceConfigA
IsValidSid
ConvertSidToStringSidA
RegOpenKeyExW
LookupAccountSidA
CreateProcessAsUserA
ControlService
RegEnumValueA
OpenSCManagerA
QueryServiceStatusEx
RegDeleteValueA
RegQueryInfoKeyA
ChangeServiceConfigA
StartServiceA
RegEnumKeyExA
RegQueryValueExW
CloseServiceHandle
OpenServiceA
DuplicateTokenEx
RegSetValueExA
RegCloseKey

shell32

SHGetSpecialFolderPathW
SHGetFolderPathW
ShellExecuteExA
SHGetFolderPathA
SHFileOperationA

ole32

CoInitializeEx
CoSetProxyBlanket
CoTaskMemFree
CoCreateInstance
CoInitializeSecurity
CoUninitialize

oleaut32

VariantInit
SysAllocStringByteLen
SafeArrayCreateVector
SysStringLen
SafeArrayUnaccessData
SafeArrayGetUBound
SysFreeString
SafeArrayGetElement
SafeArrayDestroy
VariantClear
SafeArrayGetLBound
SysAllocString
SafeArrayAccessData

iphlpapi

GetAdaptersInfo
SendARP
GetTcpTable
GetExtendedTcpTable
GetExtendedUdpTable
GetIpNetTable

netapi32

DsRoleGetPrimaryDomainInformation
NetUserEnum
NetUserGetInfo
NetWkstaGetInfo
NetApiBufferFree

shlwapi

PathCombineA
SHDeleteKeyA

ws2_32

inet_addr
select
WSAGetLastError
htons
ntohs
__WSAFDIsSet
WSAStartup
accept
WSAWaitForMultipleEvents
WSAResetEvent
htonl
listen
send
connect
ioctlsocket
WSACleanup
inet_ntoa
closesocket
WSACreateEvent
bind
recv
socket
setsockopt
WSASetEvent
WSAEventSelect
WSAEnumNetworkEvents

psapi

GetProcessMemoryInfo
GetProcessImageFileNameA
EnumProcesses

version

GetFileVersionInfoA
GetFileVersionInfoSizeA
VerQueryValueA

wininet

InternetCanonicalizeUrlA
InternetReadFile
InternetOpenA
InternetCloseHandle
InternetGetConnectedState
InternetOpenUrlA

setupapi

SetupDiGetDeviceInterfaceDetailA
SetupDiEnumDeviceInterfaces
SetupDiDestroyDeviceInfoList
SetupDiGetDeviceRegistryPropertyA
SetupDiCallClassInstaller
SetupDiSetClassInstallParamsA
SetupDiGetClassDevsA
CM_Get_DevNode_Status
CM_Get_Device_IDA
CM_Get_Parent
SetupDiGetDeviceInstanceIdA
SetupDiEnumDeviceInfo
SetupDiGetDeviceRegistryPropertyW

wtsapi32

WTSQueryUserToken
WTSQuerySessionInformationW
WTSFreeMemory
WTSEnumerateSessionsA
WTSQuerySessionInformationA
WTSCloseServer
WTSWaitSystemEvent
WTSOpenServerA
WTSSendMessageW

userenv

DestroyEnvironmentBlock
CreateEnvironmentBlock

urlmon

URLDownloadToFileA

Sections

.text
Size: 1.2MB - Virtual size: 1.2MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 253KB - Virtual size: 252KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 15KB - Virtual size: 79KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 93KB - Virtual size: 92KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

496afe737f50fb3b0a98f6d54384bc98

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

advapi32

shell32

ole32

oleaut32

iphlpapi

netapi32

shlwapi

ws2_32

psapi

version

wininet

setupapi

wtsapi32

userenv

urlmon

Sections

.text Size: 1.2MB - Virtual size: 1.2MB

.rdata Size: 253KB - Virtual size: 252KB

.data Size: 15KB - Virtual size: 79KB

.rsrc Size: 2KB - Virtual size: 1KB

.reloc Size: 93KB - Virtual size: 92KB

.text
Size: 1.2MB - Virtual size: 1.2MB

.rdata
Size: 253KB - Virtual size: 252KB

.data
Size: 15KB - Virtual size: 79KB

.rsrc
Size: 2KB - Virtual size: 1KB

.reloc
Size: 93KB - Virtual size: 92KB