00a11aeff0313d2821590fba103d97cfd46acc032826835d41a13bc7b23a4512

Sharing

Copy URL

Twitter E-mail

General

Target

00a11aeff0313d2821590fba103d97cfd46acc032826835d41a13bc7b23a4512
Size

10.0MB
MD5

b21446fb634b3bd551686ee005dadd7a
SHA1

2067f409efb82880fcd33a0ad27f83c43479e90b
SHA256

00a11aeff0313d2821590fba103d97cfd46acc032826835d41a13bc7b23a4512
SHA512

b46a08c8fd2bd8d4390da4c9e28bc70c8fa4845a3a7eb358148a64ec386ae2a15f8020e75c9b19a1a2ced5ddaccff648941b245645cb06df37991aa2d5c15629
SSDEEP

196608:HpeNh6sCnIqnHB3iia6Uhvb89rqN31Nun/2CuuegmdBXpEXjGJ:HpeNh6fnIqnPa5hjcrqN31gn/2Cuuegy

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
00a11aeff0313d2821590fba103d97cfd46acc032826835d41a13bc7b23a4512

Files

00a11aeff0313d2821590fba103d97cfd46acc032826835d41a13bc7b23a4512
.exe windows:5 windows x86 arch:x86

f6e67c2c281ab3ac4a7e5002404317d7

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

C:\bld_area\Norton_RnR_r4.5\bin\bin.iru\SuperMUI\NRnR4.5.pdb

Imports

wintrust

CryptCATAdminCalcHashFromFileHandle
CryptCATAdminReleaseCatalogContext
CryptCATCatalogInfoFromContext
CryptCATAdminEnumCatalogFromHash
CryptCATAdminAcquireContext
CryptCATAdminReleaseContext
WinVerifyTrust
WintrustGetRegPolicyFlags

winhttp

WinHttpQueryDataAvailable
WinHttpWriteData
WinHttpSetOption
WinHttpOpenRequest
WinHttpAddRequestHeaders
WinHttpSendRequest
WinHttpSetCredentials
WinHttpReceiveResponse
WinHttpQueryHeaders
WinHttpGetProxyForUrl
WinHttpReadData
WinHttpConnect
WinHttpCloseHandle
WinHttpOpen
WinHttpCrackUrl
WinHttpSetStatusCallback
WinHttpQueryOption

kernel32

GetFileAttributesW
RemoveDirectoryW
DeviceIoControl
WaitForSingleObject
GetExitCodeProcess
CreateProcessW
OpenProcess
FreeLibrary
LoadLibraryExW
CopyFileW
MoveFileExW
MultiByteToWideChar
WideCharToMultiByte
CreateToolhelp32Snapshot
Process32FirstW
Process32NextW
GlobalFree
GetPrivateProfileIntW
GetPrivateProfileStringW
GetPrivateProfileSectionNamesW
ExpandEnvironmentStringsW
ProcessIdToSessionId
FormatMessageW
WTSGetActiveConsoleSessionId
CreateFileW
GetProcAddress
SetEvent
CreateEventW
GetModuleHandleW
LoadLibraryW
MulDiv
GetCurrentProcessId
GetCurrentThreadId
DecodePointer
RaiseException
InitializeCriticalSectionAndSpinCount
GetEnvironmentVariableW
SetCurrentDirectoryW
CompareFileTime
CreateDirectoryW
GetTempFileNameW
ResetEvent
WaitForMultipleObjects
GetCurrentThread
OpenThread
GetModuleFileNameW
GetUserDefaultLangID
GetLocalTime
lstrcmpiW
SetDllDirectoryW
GetTempPathW
GetSystemDirectoryW
GetSystemDefaultLangID
GetCommandLineW
GetDiskFreeSpaceExW
LocalFileTimeToFileTime
QueryDosDeviceW
GlobalMemoryStatusEx
GetSystemTimeAsFileTime
FileTimeToSystemTime
SystemTimeToFileTime
CompareStringW
GetLocaleInfoW
GetLocaleInfoA
GetUserDefaultLCID
VerSetConditionMask
VerifyVersionInfoW
GetSystemTime
FormatMessageA
GetFileSize
ReadFile
SetFilePointer
ReadProcessMemory
VirtualQuery
GetLongPathNameW
lstrlenW
lstrcmpA
lstrcmpW
CreateEventA
WaitForSingleObjectEx
InterlockedIncrement
InterlockedDecrement
CreateWaitableTimerW
SetWaitableTimer
FindNextFileW
CreateMutexW
ReleaseMutex
SetFilePointerEx
GetFileSizeEx
SetEndOfFile
WriteFile
FlushFileBuffers
GetFileInformationByHandle
LoadResource
CreateSemaphoreW
ReleaseSemaphore
GetTimeFormatW
GetDateFormatW
GetSystemInfo
GetFileAttributesExW
GetCurrentDirectoryW
GetFileType
RtlUnwind
UnregisterWaitEx
QueryDepthSList
InterlockedFlushSList
InterlockedPushEntrySList
InterlockedPopEntrySList
FreeLibraryAndExitThread
GetThreadTimes
UnregisterWait
RegisterWaitForSingleObject
SetThreadAffinityMask
GetProcessAffinityMask
GetNumaHighestNodeNumber
ChangeTimerQueueTimer
SwitchToThread
SignalObjectAndWait
CreateTimerQueue
AreFileApisANSI
CreateWaitableTimerA
GetLogicalProcessorInformation
OpenEventA
FindResourceExW
DeleteCriticalSection
SetErrorMode
FlushInstructionCache
FindFirstFileW
WritePrivateProfileStringW
LeaveCriticalSection
EnterCriticalSection
InitializeCriticalSection
GetLastError
GetVersionExA
CreateFileA
ExitProcess
FlushViewOfFile
UnmapViewOfFile
CreateFileMappingW
MapViewOfFile
GetThreadLocale
GetTimeZoneInformation
FileTimeToLocalFileTime
CompareStringA
GetModuleHandleExW
GetModuleFileNameA
DeleteTimerQueueTimer
CreateTimerQueueTimer
AllocConsole
GetComputerNameW
GetCurrencyFormatW
GetNumberFormatW
GetVolumeInformationW
OutputDebugStringA
GetTempFileNameA
FindClose
DeleteFileW
GetTickCount
Sleep
GetCurrentProcess
SetLastError
CloseHandle
LocalFree
GetTempPathA
GetStartupInfoW
InitializeSListHead
IsProcessorFeaturePresent
LocalAlloc
FindResourceW
SizeofResource
CancelWaitableTimer
LockResource
GetProcessHeap
HeapSize
UnhandledExceptionFilter
GetLogicalDriveStringsW
GetModuleHandleA
GetVersionExW
SetFileTime
GetThreadContext
SetUnhandledExceptionFilter
TerminateProcess
GlobalAlloc
GlobalUnlock
GlobalSize
GlobalLock
lstrlenA
GetUserDefaultUILanguage
GetSystemDefaultUILanguage
HeapFree
HeapReAlloc
HeapAlloc
HeapDestroy
SetFileAttributesW
WaitForMultipleObjectsEx
ExitThread
GetConsoleMode
ReadConsoleW
GetConsoleCP
SetEnvironmentVariableA
SetEnvironmentVariableW
GetStdHandle
GetACP
GetPrivateProfileSectionW
IsValidLocale
EnumSystemLocalesW
SetStdHandle
WriteConsoleW
FindFirstFileExW
IsValidCodePage
GetOEMCP
GetCommandLineA
GetEnvironmentStringsW
FreeEnvironmentStringsW
LCMapStringW
GetThreadPriority
SetThreadPriority
TerminateThread
ResumeThread
CreateThread
GetProcessTimes
OpenEventW
GetWindowsDirectoryW
GetShortPathNameW
lstrcpyW
VirtualFree
VirtualAlloc
OutputDebugStringW
IsDebuggerPresent
QueryPerformanceFrequency
QueryPerformanceCounter
GetCPInfo
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
DuplicateHandle
TryEnterCriticalSection
EncodePointer
GetStringTypeW
LoadLibraryExA
VirtualProtect

user32

GetWindowTextW
OffsetRect
EqualRect
SetClipboardData
CloseClipboard
EmptyClipboard
OpenClipboard
GetLayeredWindowAttributes
GetFocus
IsWindowVisible
GetAncestor
CreateWindowExW
GetScrollInfo
DeferWindowPos
SetScrollInfo
GetSysColor
CreateIconIndirect
GetIconInfo
DrawIconEx
LoadImageW
MessageBeep
AllowSetForegroundWindow
SetParent
EndPaint
BeginPaint
RegisterClassW
RedrawWindow
SetActiveWindow
LoadStringW
GetKeyState
GetKeyboardLayout
CreateCaret
SetCaretPos
UpdateLayeredWindow
RegisterClipboardFormatW
CountClipboardFormats
EnumClipboardFormats
IsClipboardFormatAvailable
GetClipboardData
GetClipboardSequenceNumber
DestroyWindow
FlashWindowEx
IsZoomed
IsIconic
KillTimer
GetMenuState
GetMenuItemID
GetMenuItemCount
TrackPopupMenuEx
UpdateWindow
EnableWindow
AnimateWindow
FlashWindow
SetWindowTextW
SetTimer
NotifyWinEvent
GetMonitorInfoW
GetWindowRect
GetParent
GetClientRect
MapWindowPoints
AdjustWindowRectEx
WaitMessage
DeleteMenu
MonitorFromPoint
GetActiveWindow
GetWindowDC
EnumDisplayDevicesW
GetWindowPlacement
PostThreadMessageW
SetWindowsHookExW
UnhookWindowsHookEx
CallNextHookEx
EnumDisplayMonitors
GetDCEx
InvalidateRect
ReleaseCapture
GetClassLongW
EnumThreadWindows
WindowFromPoint
EndDeferWindowPos
SetCapture
IsRectEmpty
GetMessageTime
MoveWindow
GetDoubleClickTime
ValidateRect
IsChild
GetCapture
GetAsyncKeyState
BeginDeferWindowPos
DestroyCaret
SystemParametersInfoW
CharPrevW
wsprintfW
EnableMenuItem
GetSystemMenu
CharNextW
FindWindowW
ExitWindowsEx
LoadStringA
UnregisterClassW
GetWindowThreadProcessId
GetForegroundWindow
SetFocus
AttachThreadInput
MonitorFromWindow
DestroyIcon
LoadIconW
GetDesktopWindow
ReleaseDC
GetDC
SetForegroundWindow
GetSystemMetrics
SetWindowPos
ShowWindow
IsWindow
PostMessageW
SendMessageW
PeekMessageW
DispatchMessageW
TranslateMessage
PostQuitMessage
RegisterClassExW
GetClassInfoExW
GetWindow
LoadCursorFromFileA
DestroyCursor
SendMessageTimeoutW
CopyRect
SetCursor
SetClassLongW
LoadCursorW
ClientToScreen
PtInRect
ScreenToClient
GetCursorPos
RegisterWindowMessageW
CallWindowProcW
SetWindowLongW
GetWindowLongW
DefWindowProcW
CharUpperW
DispatchMessageA
GetMessageW
GetMessageA
IsWindowUnicode
MsgWaitForMultipleObjectsEx
IsMenu

gdi32

GetStockObject
SetLayout
GetObjectA
CreateFontW
EnumFontFamiliesExW
GetFontUnicodeRanges
StartDocW
CreateBitmap
StartPage
EndPage
EndDoc
GetClipBox
SaveDC
SetViewportOrgEx
RestoreDC
GetGlyphIndicesW
AddFontMemResourceEx
BitBlt
SelectObject
CreateDIBSection
CreateCompatibleDC
DeleteDC
GetLayout
DeleteObject
GetDIBits
SetMapMode
CreateDCW
GetDeviceCaps
GetObjectW

ole32

DoDragDrop
ReleaseStgMedium
OleInitialize
RevokeDragDrop
StringFromGUID2
CoCreateGuid
RegisterDragDrop
OleUninitialize
PropVariantClear
CoInitializeEx
CoUninitialize
CLSIDFromString
StringFromIID
IIDFromString
CoTaskMemRealloc
CoTaskMemAlloc
CoCreateInstance
CoTaskMemFree
CoInitialize

oleaut32

VariantCopy
SysFreeString
VarUI4FromStr
SysAllocString
SysAllocStringLen
SysStringLen
VariantInit
SafeArrayDestroy
SafeArrayAccessData
SafeArrayUnaccessData
SafeArrayCreateVector
SysStringByteLen
VariantCopyInd
VarBstrCat
VariantClear
SafeArrayLock
SafeArrayPtrOfIndex
SafeArrayPutElement
SafeArrayUnlock
SafeArrayCreate
SysAllocStringByteLen

wtsapi32

WTSFreeMemory
WTSQuerySessionInformationW
WTSEnumerateSessionsW
WTSQueryUserToken

imagehlp

MapFileAndCheckSumW

psapi

GetModuleFileNameExW

oleacc

LresultFromObject
AccessibleObjectFromWindow

imm32

ImmReleaseContext
ImmNotifyIME
ImmAssociateContextEx
ImmSetCandidateWindow
ImmGetContext
ImmIsIME
ImmGetCompositionStringW

winmm

PlaySoundW

urlmon

FindMimeFromData

iphlpapi

IpReleaseAddress
IpRenewAddress
GetInterfaceInfo
GetAdaptersInfo
FlushIpNetTable

dnsapi

DnsQuery_W

uxtheme

GetThemePartSize
DrawThemeBackground
CloseThemeData
OpenThemeData
SetWindowTheme
IsThemeBackgroundPartiallyTransparent

usp10

ScriptPlace
ScriptShape
ScriptBreak
ScriptItemize
ScriptApplyDigitSubstitution
ScriptFreeCache

gdiplus

GdipSetPenDashArray
GdipSetPenDashStyle
GdipSetPenMiterLimit
GdipSetPenLineJoin
GdipSetPenStartCap
GdipSetPenEndCap
GdipCreatePen2
GdipGetFontStyle
GdipAddPathString
GdipDrawString
GdipGetCellDescent
GdipMeasureString
GdipSetStringFormatTrimming
GdipSetStringFormatLineAlign
GdipSetStringFormatAlign
GdipDeleteStringFormat
GdipCreateStringFormat
GdipCreateFromHDC
GdipCreateFromHWND
GdipSetTextRenderingHint
GdipSetInterpolationMode
GdipSetPixelOffsetMode
GdipSetCompositingQuality
GdipSetPageUnit
GdipAddPathBezier
ord1
GdipSetPathFillMode
GdipClosePathFigure
GdipAddPathLine
GdipStartPathFigure
GdipIsVisiblePathPoint
GdipResetPath
GdipDrawRectangle
GdipFillRectangle
GdipDrawPie
GdipFillPie
GdipDrawEllipse
GdipFillEllipse
GdipCreateTexture
GdipShearMatrix
GdipScaleMatrix
GdipRotateMatrix
GdipTranslateMatrix
GdipDeleteMatrix
GdipCreateMatrix
GdipMultiplyWorldTransform
GdipTransformPoints
GdipDrawImageRectRect
GdipSetImageAttributesColorMatrix
GdipDisposeImageAttributes
GdipCreateImageAttributes
GdipEndContainer
GdipCreateBitmapFromGraphics
GdipDeleteGraphics
GdipGetImageWidth
GdipGetImageHeight
GdipAddPathRectangleI
GdipSetClipRect
GdipClonePath
GdipGetPathWorldBounds
GdipGraphicsClear
GdipGetImageGraphicsContext
GdipBeginContainer2
GdipRestoreGraphics
GdipSaveGraphics
GdipGetSmoothingMode
GdipTranslateWorldTransform
GdipSetClipRectI
GdipDrawLine
GdipFillRectanglesI
GdipDrawPath
GdipDeletePen
GdipCreatePen1
GdipSetPathGradientTransform
GdipSetPathGradientCenterPoint
GdipSetPathGradientWrapMode
GdipSetPathGradientPresetBlend
GdipCreatePathGradientFromPath
GdipAddPathEllipse
GdipSetLineWrapMode
GdipSetLinePresetBlend
GdipCreateMatrix2
GdipMultiplyLineTransform
GdipCreateLineBrush
GdipGetClipBoundsI
GdipFillPath
GdipAddPathLineI
GdipAddPathArcI
GdipDeletePath
GdipCreatePath
GdipFillRectangleI
GdipCloneBrush
GdipDeleteBrush
GdipCreateSolidFill
GdipDisposeImage
GdipCloneImage
GdipCreateBitmapFromScan0
GdipBitmapUnlockBits
GdipBitmapLockBits
GdiplusStartup
GdiplusShutdown
GdipDeleteFontFamily
GdipGetFamily
GdipCreateFontFromLogfontA
GdipGetEmHeight
GdipGetLineSpacing
GdipDrawImageI
GdipCreateHBITMAPFromBitmap
GdipDrawDriverString
GdipSetSmoothingMode
GdipGetFontSize
GdipDeleteFont
GdipGetCellAscent
GdipFree
GdipCreateFontFromDC
GdipAlloc
GdipGetFontHeightGivenDPI

winspool.drv

EnumPrintersW

comdlg32

GetOpenFileNameW
GetSaveFileNameW
CommDlgExtendedError
PrintDlgW

comctl32

ImageList_GetIconSize
ImageList_DrawEx
ImageList_Destroy

Sections

.text
Size: 4.9MB - Virtual size: 4.9MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1.1MB - Virtual size: 1.1MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 315KB - Virtual size: 354KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.gfids
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.tls
Size: 512B - Virtual size: 133B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 5.8MB - Virtual size: 5.8MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 357KB - Virtual size: 356KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

f6e67c2c281ab3ac4a7e5002404317d7

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

wintrust

winhttp

kernel32

user32

gdi32

ole32

oleaut32

wtsapi32

imagehlp

psapi

oleacc

imm32

winmm

urlmon

iphlpapi

dnsapi

uxtheme

usp10

gdiplus

winspool.drv

comdlg32

comctl32

Sections

.text Size: 4.9MB - Virtual size: 4.9MB

.rdata Size: 1.1MB - Virtual size: 1.1MB

.data Size: 315KB - Virtual size: 354KB

.gfids Size: 4KB - Virtual size: 4KB

.tls Size: 512B - Virtual size: 133B

.rsrc Size: 5.8MB - Virtual size: 5.8MB

.reloc Size: 357KB - Virtual size: 356KB

.text
Size: 4.9MB - Virtual size: 4.9MB

.rdata
Size: 1.1MB - Virtual size: 1.1MB

.data
Size: 315KB - Virtual size: 354KB

.gfids
Size: 4KB - Virtual size: 4KB

.tls
Size: 512B - Virtual size: 133B

.rsrc
Size: 5.8MB - Virtual size: 5.8MB

.reloc
Size: 357KB - Virtual size: 356KB