cd9a2b9a3f25124184bfb6b76305a9e5938762c0d1889a4007689c583151b07a

Sharing

Copy URL Twitter E-mail

General

Target

cd9a2b9a3f25124184bfb6b76305a9e5938762c0d1889a4007689c583151b07a
Size

257KB
MD5

7e04d867c768f0b88e276c49ffbb9ccf
SHA1

0e23d1235cb74d055501165bf5f2d44824405af0
SHA256

cd9a2b9a3f25124184bfb6b76305a9e5938762c0d1889a4007689c583151b07a
SHA512

96d7c13217839ec3f3fe8c8a808aba3efb670de52efe941e2daacc22faf40d0b61ad9eda0ecc68fff1f5e1d01562fd4b88db57e40c964cd360f941c9864979da
SSDEEP

6144:/3aG9rLFP/qVqTjV0y/jCy+tIAjHYYboNNpC:f/V6Wv+I8Ho

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
cd9a2b9a3f25124184bfb6b76305a9e5938762c0d1889a4007689c583151b07a

Files

cd9a2b9a3f25124184bfb6b76305a9e5938762c0d1889a4007689c583151b07a
.exe windows:6 windows x86 arch:x86

2b40a332f191f2504744e26277c29424

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

ehVid.pdb

Imports

advapi32

RegDeleteValueW
RegCloseKey
RegCreateKeyExW
RegOpenKeyExW
RegSetValueExW
RegQueryInfoKeyW
RegEnumKeyExW
RegSetValueExA
RegQueryValueExA
RegCreateKeyExA
OpenProcessToken
SetSecurityDescriptorDacl
InitializeAcl
AddAccessAllowedAce
GetAce
AddAce
LookupAccountNameW
GetTokenInformation
SetSecurityDescriptorGroup
SetSecurityDescriptorOwner
IsValidSid
GetLengthSid
CopySid
InitializeSecurityDescriptor
RegQueryValueExW
GetSecurityDescriptorDacl
GetAclInformation
CreateWellKnownSid
LookupAccountSidW

kernel32

MultiByteToWideChar
SizeofResource
LoadResource
FindResourceW
LoadLibraryExW
ApplicationRecoveryFinished
RegisterApplicationRestart
GetCommandLineW
SetEnvironmentVariableW
GetEnvironmentVariableW
HeapSetInformation
SetThreadPriority
GetThreadPriority
GetCurrentThread
MulDiv
LoadLibraryExA
GlobalMemoryStatus
GetDiskFreeSpaceA
GetEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsW
FreeEnvironmentStringsA
DeviceIoControl
HeapFree
GetProcessHeap
HeapAlloc
ReleaseMutex
CreateMutexW
lstrlenW
RaiseException
EnterCriticalSection
GetWindowsDirectoryW
GetFileInformationByHandleEx
QueryPerformanceFrequency
DeleteFileW
GetFileAttributesW
SetFileAttributesW
GetLocalTime
OutputDebugStringW
EncodeSystemPointer
OutputDebugStringA
UnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
GetSystemTimeAsFileTime
GetCurrentProcessId
GetTickCount
QueryPerformanceCounter
GetModuleHandleA
SetUnhandledExceptionFilter
GetStartupInfoW
InterlockedCompareExchange
lstrlenA
GetVersionExA
LeaveCriticalSection
InitializeCriticalSection
DeleteCriticalSection
GetLastError
CloseHandle
WaitForSingleObject
InterlockedExchange
ResumeThread
WriteFile
LoadLibraryW
GetProcAddress
GetModuleHandleW
lstrcmpiW
CreateEventW
SetEvent
InterlockedIncrement
InterlockedDecrement
CreateThread
GetModuleFileNameW
Sleep
GetCurrentThreadId
FreeLibrary
ReadFile
CreateFileW

user32

TranslateMessage
UnregisterClassA
CharNextW
PostThreadMessageW
CharUpperW
DispatchMessageW
MsgWaitForMultipleObjectsEx
PeekMessageW

msvcrt

fclose
wprintf
fflush
_wfsopen
wcsrchr
_CIlog
_ftol2
_ftol2_sse
_CIsqrt
fwprintf
wcscpy_s
wcsncpy_s
wcscat_s
??2@YAPAXI@Z
memset
??_U@YAPAXI@Z
memcpy
calloc
_purecall
_vsnwprintf
_wcsicmp
__wgetmainargs
_cexit
_exit
_XcptFilter
exit
_wcmdln
_initterm
_amsg_exit
__setusermatherr
__p__commode
__p__fmode
__set_app_type
_except_handler4_common
realloc
_errno
_unlock
__dllonexit
_lock
_onexit
?terminate@@YAXXZ
_controlfp
memcpy_s
free
malloc
??_V@YAXPAX@Z
??3@YAXPAX@Z

ole32

CreateItemMoniker
GetRunningObjectTable
CLSIDFromString
CoFileTimeNow
StgCreateStorageEx
StgOpenStorageEx
CreateStreamOnHGlobal
CoTaskMemAlloc
CoTaskMemRealloc
CoInitializeEx
CoUninitialize
CoCreateInstance
CoSuspendClassObjects
CoRevokeClassObject
CoRegisterClassObject
CoTaskMemFree
StringFromGUID2
CoResumeClassObjects
CoInitializeSecurity

oleaut32

LoadTypeLi
UnRegisterTypeLi
VariantInit
RegisterTypeLi
SysFreeString
SysStringLen
VarUI4FromStr
SysAllocString

shlwapi

PathAppendW
StrCmpIW
PathFindExtensionW
PathFileExistsW
PathFindFileNameW
ord212
ord184
PathSearchAndQualifyW

shell32

SHGetFolderPathAndSubDirW
SHChangeNotify

gdiplus

GdipDrawImageRectI
GdiplusStartup
GdipSetInterpolationMode
GdipGetImageGraphicsContext
GdipGetImageEncoders
GdipDeleteBrush
GdipCreateBitmapFromScan0
GdipSaveImageToStream
GdipCloneImage
GdipDeleteGraphics
GdipAlloc
GdipFree
GdipCreateFontFamilyFromName
GdipDeleteFontFamily
GdipDeleteFont
GdipCreateSolidFill
GdipDrawString
GdipDisposeImage
GdiplusShutdown
GdipCreateFont
GdipGetFontHeight
GdipCloneBrush
GdipBitmapLockBits
GdipGetImageEncodersSize
GdipBitmapUnlockBits
GdipSetSmoothingMode

winmm

timeGetTime

Sections

.text
Size: 215KB - Virtual size: 215KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 33KB - Virtual size: 34KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

2b40a332f191f2504744e26277c29424

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

advapi32

kernel32

user32

msvcrt

ole32

oleaut32

shlwapi

shell32

gdiplus

winmm

Sections

.text Size: 215KB - Virtual size: 215KB

.data Size: 4KB - Virtual size: 4KB

.rsrc Size: 3KB - Virtual size: 2KB

.reloc Size: 33KB - Virtual size: 34KB

.text
Size: 215KB - Virtual size: 215KB

.data
Size: 4KB - Virtual size: 4KB

.rsrc
Size: 3KB - Virtual size: 2KB

.reloc
Size: 33KB - Virtual size: 34KB