deec9afb986895de66b2d2da09f6a4a0ea471fc3e53391651a7e100f8baa1f52

Sharing

Copy URL Twitter E-mail

General

Target

deec9afb986895de66b2d2da09f6a4a0ea471fc3e53391651a7e100f8baa1f52
Size

180KB
MD5

0fb9bc15991bf0b9f96dd622baba327c
SHA1

d0cd19e5191ba6f113bb59aaf30cbf5e388175d2
SHA256

deec9afb986895de66b2d2da09f6a4a0ea471fc3e53391651a7e100f8baa1f52
SHA512

c3869692d8e9f0158b30f344e49ddc3bf59937983eda93988d41ec78a235a75f2782700e7677fa51c0de4b1e9eb69b58554fe355b43d0c0075919afcac9ad365
SSDEEP

3072:igtdThY+NhWqgXJgaHfswQtTUFAiIhkO70Grr+TQTt+SDlWx:5ThBbWqgXJPyrhkO7Xrr+TAUSJm

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
deec9afb986895de66b2d2da09f6a4a0ea471fc3e53391651a7e100f8baa1f52

Files

deec9afb986895de66b2d2da09f6a4a0ea471fc3e53391651a7e100f8baa1f52
.exe windows:6 windows x86 arch:x86

bd7c128b966a6e15be6b7edf2deadedb

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

SearchProtocolHost.pdb

Imports

advapi32

CopySid
GetLengthSid
IsValidSid
SetSecurityDescriptorOwner
SetSecurityDescriptorGroup
GetTokenInformation
AddAce
GetAce
GetAclInformation
AddAccessAllowedAce
InitializeAcl
GetTraceEnableFlags
GetTraceEnableLevel
GetTraceLoggerHandle
RegisterTraceGuidsW
UnregisterTraceGuids
TraceEvent
AdjustTokenPrivileges
LookupPrivilegeValueW
InitializeSecurityDescriptor
SetSecurityDescriptorDacl
OpenProcessToken
OpenThreadToken
LookupAccountNameW
ImpersonateLoggedOnUser
RevertToSelf
RegCloseKey
MakeSelfRelativeSD
ConvertStringSecurityDescriptorToSecurityDescriptorW
GetSecurityDescriptorLength
RegDeleteKeyW
RegDeleteValueW
RegCreateKeyExW
RegOpenKeyExW
RegSetValueExW
RegQueryInfoKeyW
RegEnumKeyExW
GetSidSubAuthority
RegEnumValueW
RegQueryValueExW
SetSecurityDescriptorSacl
MakeAbsoluteSD
InitializeSid
GetSidLengthRequired
DeleteAce
EqualPrefixSid
LookupAccountSidW
CreateWellKnownSid
DeregisterEventSource
RegisterEventSourceW
ReportEventW
ConvertStringSecurityDescriptorToSecurityDescriptorA

kernel32

FindResourceW
LoadLibraryExW
GetModuleFileNameW
ResetEvent
SetThreadPriority
CreateThread
LocalFree
GetHandleInformation
OpenEventW
GetCurrentProcessId
SetErrorMode
HeapSetInformation
lstrlenA
GetComputerNameW
SearchPathW
GetUserDefaultUILanguage
GetSystemDefaultUILanguage
GetLocaleInfoW
FindResourceExW
WaitForSingleObjectEx
ReleaseMutex
LoadLibraryW
OutputDebugStringW
CopyFileA
DeleteFileA
FlushViewOfFile
GetLocalTime
CreateFileA
FormatMessageA
FileTimeToSystemTime
SystemTimeToTzSpecificLocalTime
GetTimeFormatW
LCMapStringW
LoadResource
CompareFileTime
RemoveDirectoryW
FindFirstFileW
FindNextFileW
FindClose
SetPriorityClass
GetPriorityClass
IsValidCodePage
OpenFileMappingW
OpenSemaphoreW
CreateFileMappingW
ReleaseSemaphore
ExpandEnvironmentStringsW
SetEnvironmentVariableW
CreateFileW
DuplicateHandle
GetFileSize
GetFileTime
UnlockFile
LockFile
FlushFileBuffers
SetEndOfFile
SetFilePointer
WriteFile
ReadFile
DeleteFileW
FormatMessageW
VerifyVersionInfoW
UnhandledExceptionFilter
TerminateProcess
GetSystemTimeAsFileTime
QueryPerformanceCounter
GetModuleHandleA
SetUnhandledExceptionFilter
OutputDebugStringA
InterlockedCompareExchange
Sleep
GetEnvironmentVariableW
InterlockedExchange
GetVersionExA
SizeofResource
MultiByteToWideChar
GetTickCount
GlobalAlloc
GlobalFree
MapViewOfFile
UnmapViewOfFile
GlobalLock
GlobalUnlock
LoadLibraryA
GetCurrentThread
RaiseException
InitializeCriticalSection
DeleteCriticalSection
GetLastError
lstrcmpiW
CompareStringW
GetSystemDefaultLCID
lstrlenW
WideCharToMultiByte
EnterCriticalSection
LeaveCriticalSection
CloseHandle
FreeLibrary
GetProcAddress
CreateEventW
SetEvent
WaitForSingleObject
GetCurrentThreadId
GetModuleHandleW
GetVersionExW
InterlockedDecrement
InterlockedIncrement
SetLastError
GetCurrentProcess
GetProcessTimes
lstrcmpW

msvcrt

_vsnwprintf
strerror
_ultow
_vsnprintf
strncmp
bsearch
isalnum
iswspace
fprintf
_iob
_controlfp
free
_onexit
_lock
__dllonexit
_unlock
realloc
??1type_info@@UAE@XZ
?terminate@@YAXXZ
__set_app_type
__p__fmode
__p__commode
_adjust_fdiv
__setusermatherr
_amsg_exit
_initterm
exit
_XcptFilter
_exit
_cexit
__wgetmainargs
_errno
__CxxFrameHandler
_set_error_mode
_wcsicmp
_wtoi
_itow
_time64
_CxxThrowException
memcpy
memset
wcschr
_purecall
_wcsnicmp
wcsncmp
malloc
_wtol

user32

CharNextW
GetLastInputInfo
UnregisterClassA
MsgWaitForMultipleObjects
DispatchMessageW
PeekMessageW
LoadStringW

ole32

CoInitializeEx
CoUninitialize
PropVariantClear
CoTaskMemFree
CoUnmarshalInterface
CreateStreamOnHGlobal
CoTaskMemAlloc
CreateBindCtx
CoTaskMemRealloc
CoCreateInstance
CoDisconnectObject
CoInitializeSecurity
StringFromCLSID
CLSIDFromProgID
PropVariantCopy
CLSIDFromString

oleaut32

GetErrorInfo
VarUI4FromStr
CreateErrorInfo
SetErrorInfo
SysStringLen
SysFreeString

tquery

?ciNew@@YGPAXI@Z
?ciNewNoThrow@@YGPAXI@Z
?ciDelete@@YGXPAX@Z

shell32

ord155
SHCreateShellItem
SHParseDisplayName

propsys

PSGetPropertyDescription
PSGetItemPropertyHandlerWithCreateObject

msshooks

LoadMSSearchHooks

shlwapi

SHRegGetValueW

ntdll

VerSetConditionMask
RtlUnwind

Sections

.text
Size: 159KB - Virtual size: 158KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 10KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

bd7c128b966a6e15be6b7edf2deadedb

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

advapi32

kernel32

msvcrt

user32

ole32

oleaut32

tquery

shell32

propsys

msshooks

shlwapi

ntdll

Sections

.text Size: 159KB - Virtual size: 158KB

.data Size: 10KB - Virtual size: 10KB

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 8KB - Virtual size: 8KB

.text
Size: 159KB - Virtual size: 158KB

.data
Size: 10KB - Virtual size: 10KB

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 8KB - Virtual size: 8KB