774046f0039ef9859029b99bec32b19c5c0b3fd3635597f17f07d014e094bcca

Sharing

Copy URL

Twitter E-mail

General

Target

774046f0039ef9859029b99bec32b19c5c0b3fd3635597f17f07d014e094bcca
Size

281KB
MD5

5411565f823f10858216cc4175700b30
SHA1

aca70f159c59cc7ed80c0d852c80829f4cc89f02
SHA256

774046f0039ef9859029b99bec32b19c5c0b3fd3635597f17f07d014e094bcca
SHA512

b33d293797f27441a89c1ad1689467e35c4ee4d45ddfeddc28ef98bfa59f516eeb2401912708ba91f21c3e8911faf5480486b25286b829d4ccbb66f255f64029
SSDEEP

3072:KXBuEjEHbhq0/Dm0kHyKFqBhqDtISNUW8jVF6o0WwH6RXiSbJTF+KJhIysXr5mfC:ZgE7h5S+qd/We7cVbJp+KCb5yLpMsT8

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
774046f0039ef9859029b99bec32b19c5c0b3fd3635597f17f07d014e094bcca

Files

774046f0039ef9859029b99bec32b19c5c0b3fd3635597f17f07d014e094bcca
.exe windows:6 windows x86 arch:x86

848c8ece7e558fdc33ff9442b8c1fa1f

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

rdpshell.pdb

Imports

advapi32

TraceMessage
GetTraceEnableFlags
GetTraceEnableLevel
GetTraceLoggerHandle
RegisterTraceGuidsW
UnregisterTraceGuids
RegCreateKeyExW
RegCreateKeyW
RegQueryInfoKeyW
RegOpenKeyExW
RegQueryValueExW
RegCloseKey
RegOpenKeyW
RegEnumValueW
RegFlushKey

kernel32

HeapSize
RaiseException
ExpandEnvironmentStringsW
ReadProcessMemory
HeapSetInformation
SetProcessShutdownParameters
GetCommandLineW
LocalFree
HeapCreate
GetVersionExW
GetSystemInfo
HeapAlloc
GetCurrentProcessId
ProcessIdToSessionId
WTSGetActiveConsoleSessionId
GetCommandLineA
GetVersionExA
GetStartupInfoA
SetUnhandledExceptionFilter
GetProcAddress
GetModuleHandleA
ExitProcess
WriteFile
GetStdHandle
GetModuleFileNameA
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
WideCharToMultiByte
GetEnvironmentStringsW
SetHandleCount
GetFileType
DeleteCriticalSection
GetModuleHandleW
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
InterlockedIncrement
SetLastError
InterlockedDecrement
GetCurrentThreadId
HeapDestroy
VirtualFree
HeapFree
QueryPerformanceCounter
GetTickCount
GetSystemTimeAsFileTime
OutputDebugStringA
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
CreateMutexW
EnterCriticalSection
FreeLibrary
InterlockedExchange
LoadLibraryExA
InitializeCriticalSection
GetCPInfo
GetACP
GetOEMCP
Sleep
VirtualAlloc
HeapReAlloc
SetFilePointer
GetConsoleCP
GetConsoleMode
MultiByteToWideChar
LCMapStringA
LCMapStringW
GetStringTypeA
GetStringTypeW
GetLocaleInfoA
SetStdHandle
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
VirtualProtect
VirtualQuery
CreateFileA
FlushFileBuffers
LocalAlloc
InterlockedCompareExchange
CreateEventW
SetEvent
ResetEvent
WaitForSingleObject
WaitForMultipleObjects
CreateSemaphoreW
ReleaseSemaphore
CreateThread
GetModuleHandleExW
SwitchToThread
OpenThread
LoadLibraryW
FreeLibraryAndExitThread
lstrcmpiW
GetProcessId
GetExitCodeProcess
OpenProcess
OpenEventW
lstrcmpW
CancelIo
GetOverlappedResult
WaitForSingleObjectEx
QueueUserAPC
ReadFileEx
GlobalAddAtomW
GlobalDeleteAtom
GetLastError
CompareStringW
CloseHandle
LeaveCriticalSection

atl

ord16
ord21

ntdll

RtlMultiByteToUnicodeN
RtlCopyLuid
NtQueryInformationProcess
NtClose
RtlUnwind
NtOpenProcessToken
NtQueryInformationToken
NtQuerySystemInformation

shell32

ShellExecuteExW
CommandLineToArgvW
SHGetKnownFolderPath

ole32

CoTaskMemFree
CoInitializeEx
CoCreateInstance
CoUninitialize

wtsapi32

WTSFreeMemory
WTSVirtualChannelClose
WTSVirtualChannelQuery
WTSVirtualChannelOpen
WTSLogoffSession
WTSQuerySessionInformationW

gdi32

DeleteObject
DeleteDC
ExtEscape
CreateDCW
GetObjectW
CreateCompatibleDC
SelectObject
GetDIBits
GetRegionData
CreateRectRgn

user32

CreateWindowExW
MessageBoxW
LoadStringW
LockWorkStation
SystemParametersInfoW
SetWindowLongW
GetWindowLongW
LoadCursorW
SwapMouseButton
UnhookWinEvent
CloseDesktop
GetUserObjectInformationW
OpenInputDesktop
SetWinEventHook
SetThreadDesktop
OpenDesktopW
GetWindow
GetClassNameW
GetDesktopWindow
GetParent
IsWindowVisible
IsWindow
RedrawWindow
PostMessageW
GetWindowThreadProcessId
UnregisterClassW
GetClassLongW
SendMessageTimeoutW
GetWindowInfo
GetAncestor
GetWindowRgn
GetWindowRgnBox
EnumThreadWindows
GetGUIThreadInfo
GetCursorPos
GetSystemMetrics
MoveWindow
EnumDisplayDevicesW
PostThreadMessageW
RegisterHotKey
UnregisterHotKey
SendInput
MapVirtualKeyW
GetAsyncKeyState
GetClassInfoExW
GetIconInfo
CopyImage
DestroyIcon
RegisterClassExW
DefWindowProcW
EnumWindows
MsgWaitForMultipleObjectsEx
DispatchMessageW
PeekMessageW
DestroyWindow
GetWindowRect
SetForegroundWindow

winsta

WinStationFreePropertyValue
WinStationGetConnectionProperty
WinStationQueryInformationW
WinStationVerify
WinStationVirtualOpenEx

rpcrt4

RpcBindingFromStringBindingW
RpcStringBindingComposeW
RpcBindingFree
RpcStringFreeW
RpcBindingSetAuthInfoExW
NdrClientCall2
I_RpcExceptionFilter

shlwapi

PathUnquoteSpacesW

Sections

.text
Size: 229KB - Virtual size: 229KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 5KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 43KB - Virtual size: 44KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

848c8ece7e558fdc33ff9442b8c1fa1f

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

advapi32

kernel32

atl

ntdll

shell32

ole32

wtsapi32

gdi32

user32

winsta

rpcrt4

shlwapi

Sections

.text Size: 229KB - Virtual size: 229KB

.data Size: 5KB - Virtual size: 13KB

.rsrc Size: 2KB - Virtual size: 2KB

.reloc Size: 43KB - Virtual size: 44KB

.text
Size: 229KB - Virtual size: 229KB

.data
Size: 5KB - Virtual size: 13KB

.rsrc
Size: 2KB - Virtual size: 2KB

.reloc
Size: 43KB - Virtual size: 44KB