00be29ba16456298c5eb6faf69aa6320N[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

00be29ba16456298c5eb6faf69aa6320N.exe
Size

5.0MB
MD5

00be29ba16456298c5eb6faf69aa6320
SHA1

af8d6c1fefebe16c254a68b5dab603174d5779f4
SHA256

123135158689b8b5a68311c5bbf6ffc0ec34c72df7a8c4180824ba5ce3f245ba
SHA512

294b149f6529b92d51b201d1a96bc88514aaa9ec516b01cd8cb0398292db5864d4ec7230949aff2f024e29cf1a5241c07987947bda21a0698103c0e9fed4b140
SSDEEP

98304:19A5XgGlEQGaTwgCvttZ2LHwE+eT4opGJAVTs3x8QcmWAJaDZq:19At5lXvCvttZ2LHwre5UKA/

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
00be29ba16456298c5eb6faf69aa6320N.exe

Files

00be29ba16456298c5eb6faf69aa6320N.exe
.dll windows:6 windows x86 arch:x86

2140243780ba6ada5e1bf3f3dd75629b

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_REMOVABLE_RUN_FROM_SWAP
IMAGE_FILE_NET_RUN_FROM_SWAP
IMAGE_FILE_DLL

PDB Paths

C:\a\b\d_00000000_\b\out\Win32\Release\setupKAVKIS.pdb

Imports

kernel32

GetWindowsDirectoryW
GetTempFileNameW
ReleaseSemaphore
DuplicateHandle
CreateSemaphoreA
Sleep
GetUserDefaultUILanguage
EnumResourceLanguagesW
SetFilePointer
SetFileAttributesW
EnumResourceNamesW
CreateFileMappingW
MapViewOfFile
UnmapViewOfFile
ResetEvent
TerminateProcess
SetFilePointerEx
SetEndOfFile
TerminateThread
Module32FirstW
Module32NextW
GetModuleHandleExW
ReleaseMutex
GetComputerNameA
OpenEventW
FileTimeToSystemTime
GetDateFormatW
GetFileSize
GlobalMemoryStatusEx
GetVolumeInformationW
QueryDosDeviceW
DeleteFileW
MoveFileW
GetFileType
GetFileInformationByHandle
GetSystemTime
SystemTimeToFileTime
FileTimeToDosDateTime
SetErrorMode
Thread32First
Thread32Next
SetProcessShutdownParameters
DeactivateActCtx
ReleaseActCtx
CreateActCtxW
ActivateActCtx
GetUserDefaultLCID
GetTimeZoneInformation
FileTimeToLocalFileTime
CreateSemaphoreW
RemoveDirectoryW
GetSystemInfo
InitializeCriticalSectionAndSpinCount
GetComputerNameW
GetCurrentThread
VirtualProtect
VirtualQuery
LoadLibraryExA
InitializeConditionVariable
WakeConditionVariable
WakeAllConditionVariable
SleepConditionVariableCS
SleepConditionVariableSRW
InitializeSRWLock
ReleaseSRWLockExclusive
AcquireSRWLockExclusive
TryEnterCriticalSection
GetStringTypeW
FindFirstFileExW
GetFileAttributesExW
GetFinalPathNameByHandleW
GetFullPathNameW
SetFileInformationByHandle
AreFileApisANSI
CopyFileW
GetFileInformationByHandleEx
GetExitCodeThread
InitOnceBeginInitialize
InitOnceComplete
FreeLibraryWhenCallbackReturns
CreateThreadpoolWork
SubmitThreadpoolWork
CloseThreadpoolWork
IsProcessorFeaturePresent
EncodePointer
LCMapStringEx
GetSystemDirectoryW
CompareStringEx
GetCPInfo
GetLocaleInfoEx
GetACP
OutputDebugStringA
ResumeThread
FindResourceW
GlobalAlloc
GlobalLock
GlobalDeleteAtom
lstrcmpA
lstrcmpW
LoadLibraryA
GlobalAddAtomW
GlobalFindAtomW
CompareStringW
GlobalFree
GetPrivateProfileIntW
GetPrivateProfileStringW
WritePrivateProfileStringW
GlobalUnlock
MulDiv
GetThreadLocale
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
GlobalReAlloc
GlobalHandle
LocalReAlloc
GetLocaleInfoW
GetSystemDefaultUILanguage
GlobalFlags
LockFile
UnlockFile
GetFileTime
SystemTimeToTzSpecificLocalTime
InitializeSListHead
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
GetStartupInfoW
FindClose
GetTempPathW
GetModuleFileNameW
DeviceIoControl
ExpandEnvironmentStringsW
FindNextFileW
VirtualFree
SetStdHandle
SetEnvironmentVariableW
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetOEMCP
IsValidCodePage
ReadConsoleW
GetConsoleMode
GetConsoleOutputCP
EnumSystemLocalesW
IsValidLocale
LCMapStringW
GetTimeFormatW
ExitProcess
HeapQueryInformation
GetCommandLineA
WriteConsoleW
VirtualAlloc
FreeLibraryAndExitThread
ExitThread
CreateThread
InterlockedFlushSList
InterlockedPushEntrySList
RtlUnwind
WaitForMultipleObjectsEx
CreateWaitableTimerW
SetWaitableTimer
OpenEventA
OutputDebugStringW
GetCurrentDirectoryW
GetFileSizeEx
FindFirstFileW
FindResourceExW
SizeofResource
HeapFree
LockResource
LoadResource
WaitNamedPipeW
WriteFile
InitializeCriticalSection
FlushFileBuffers
EnterCriticalSection
LeaveCriticalSection
ConnectNamedPipe
DisconnectNamedPipe
WaitForMultipleObjects
GetOverlappedResult
CancelIo
CreateEventW
CreateNamedPipeW
Process32NextW
Process32FirstW
CreateToolhelp32Snapshot
ReadFile
GetStdHandle
CreatePipe
CreateHardLinkW
GetTickCount
CreateFileW
GetFileAttributesW
GetExitCodeProcess
GetSystemPowerStatus
GetEnvironmentVariableW
VerifyVersionInfoW
VerSetConditionMask
CreateDirectoryW
GetDiskFreeSpaceExW
GetVersionExW
GetNativeSystemInfo
GetUserGeoID
GetGeoInfoW
GlobalAddAtomA
GlobalFindAtomA
OpenProcess
QueryFullProcessImageNameW
GetDriveTypeW
LoadLibraryExW
GetSystemTimeAsFileTime
GetModuleHandleExA
GetModuleFileNameA
SetPriorityClass
GetProcessId
CreateProcessW
GetCurrentProcessId
GetCurrentThreadId
GetLocalTime
MultiByteToWideChar
LoadLibraryW
QueryPerformanceFrequency
QueryPerformanceCounter
LocalAlloc
WaitForSingleObject
CreateMutexW
FreeLibrary
SetLastError
MoveFileExW
WaitForSingleObjectEx
GetCurrentProcess
GetModuleHandleA
GetCommandLineW
CreateEventA
FormatMessageA
WideCharToMultiByte
GetModuleHandleW
GetProcessHeap
DeleteCriticalSection
LocalFree
GetProcAddress
DecodePointer
HeapAlloc
RaiseException
CloseHandle
HeapReAlloc
SetEvent
GetLastError
FormatMessageW
HeapSize
InitializeCriticalSectionEx

user32

EndDialog
GetNextDlgTabItem
GetDesktopWindow
MoveWindow
SetWindowTextW
IsDialogMessageW
SetCapture
ReleaseCapture
CopyAcceleratorTableW
InvalidateRgn
SetRect
IntersectRect
IsRectEmpty
CharNextW
DrawTextW
DrawTextExW
GrayStringW
TabbedTextOutW
GetWindowDC
ClientToScreen
RealChildWindowFromPoint
DestroyMenu
GetSysColorBrush
LoadCursorW
GetNextDlgGroupItem
MessageBeep
CharUpperW
RegisterClipboardFormatW
CreateDialogIndirectParamW
IsWindowEnabled
SetCursor
LoadBitmapW
SetMenuItemInfoW
GetMenuCheckMarkDimensions
SetMenuItemBitmaps
EnableMenuItem
CheckMenuItem
MapDialogRect
SetWindowContextHelpId
GetMonitorInfoW
MonitorFromWindow
WinHelpW
GetLastActivePopup
GetTopWindow
GetClassLongW
SetWindowLongW
GetWindowLongW
PtInRect
EqualRect
CopyRect
GetSysColor
MapWindowPoints
ScreenToClient
AdjustWindowRectEx
RemovePropW
GetPropW
SetPropW
GetScrollPos
RedrawWindow
EndPaint
BeginPaint
SetActiveWindow
UpdateWindow
GetMenuItemCount
GetMenuItemID
GetSubMenu
SetMenu
GetMenu
GetCapture
GetFocus
SetFocus
GetDlgCtrlID
GetDlgItem
IsIconic
EndDeferWindowPos
DeferWindowPos
BeginDeferWindowPos
DestroyWindow
IsChild
IsMenu
IsWindow
CreateWindowExW
GetClassInfoExW
RegisterClassW
CallWindowProcW
DefWindowProcW
GetMessageTime
GetMessagePos
PostQuitMessage
CallNextHookEx
GetCursorPos
ValidateRect
GetKeyState
GetActiveWindow
IsWindowVisible
DispatchMessageW
GetParent
OffsetRect
SetRectEmpty
SendDlgItemMessageA
GetClassInfoW
MessageBoxW
wsprintfW
PostMessageW
GetSystemMetrics
SetProcessDefaultLayout
GetShellWindow
GetWindowThreadProcessId
GetDC
ReleaseDC
SetTimer
KillTimer
PeekMessageW
GetMessageW
PostThreadMessageW
GetWindow
GetClassNameW
GetWindowTextW
UnhookWindowsHookEx
SetWindowsHookExW
ShowWindowAsync
RegisterWindowMessageA
SendMessageW
GetClientRect
InvalidateRect
LoadImageW
LoadIconW
SetWindowPos
EnableWindow
GetForegroundWindow
GetWindowRect
SetForegroundWindow
ShowWindow
AllowSetForegroundWindow
RegisterWindowMessageW
EnumThreadWindows
SendMessageA
TranslateMessage

advapi32

RegDeleteKeyA
LookupPrivilegeValueW
AdjustTokenPrivileges
InitiateSystemShutdownA
CreateProcessAsUserW
CreateWellKnownSid
InitializeSecurityDescriptor
InitializeAcl
AddAccessAllowedAce
SetSecurityDescriptorDacl
FreeSid
RevertToSelf
CopySid
ConvertSidToStringSidW
GetLengthSid
IsValidSid
EqualSid
GetTokenInformation
SetTokenInformation
CreateRestrictedToken
ImpersonateLoggedOnUser
GetSecurityInfo
SetSecurityInfo
OpenSCManagerW
OpenServiceW
QueryServiceStatus
AllocateAndInitializeSid
SetEntriesInAclW
ConvertStringSidToSidW
CloseServiceHandle
DuplicateTokenEx
RegCreateKeyExW
RegOpenKeyExW
RegCloseKey
RegQueryInfoKeyW
RegEnumKeyExW
RegEnumValueW
RegSetValueExW
RegQueryValueExW
RegDeleteValueW
EventWriteTransfer
EventRegister
EventUnregister
RegGetValueW
GetUserNameW
IsValidAcl
SetSecurityDescriptorSacl
CryptReleaseContext
CryptDestroyHash
CryptAcquireContextW
CryptCreateHash
CryptHashData
CryptGetHashParam
GetNamedSecurityInfoW
SetNamedSecurityInfoW
GetAclInformation
GetAce
RegOpenKeyExA
RegCreateKeyExA
RegDeleteKeyW
BuildTrusteeWithSidW
GetEffectiveRightsFromAclW
DeleteAce
AddAccessAllowedAceEx
QueryServiceConfigW
QueryServiceStatusEx
DeleteService
StartServiceW
ControlService
SetSecurityDescriptorOwner
SetSecurityDescriptorGroup
LookupAccountSidW
LookupAccountNameW
ConvertSidToStringSidA
OpenThreadToken
CryptDestroyKey
CryptGetDefaultProviderW
CryptImportKey
CryptSetHashParam
LsaClose
LsaFreeMemory
LsaOpenPolicy
LsaNtStatusToWinError
LsaQueryInformationPolicy
RegEnumKeyW
RegQueryValueW
RegEnumKeyExA
RegDeleteValueA
RegEnumValueA
RegQueryInfoKeyA
RegSetValueExA
RegQueryValueExA
OpenProcessToken

userenv

UnloadUserProfile
DestroyEnvironmentBlock
CreateEnvironmentBlock

Exports

Exports

?GetTracer@@YAPAUITracer@eka@@XZ
InitializeHooks
LogMessage
RunInstance

Sections

.text
Size: 3.8MB - Virtual size: 3.8MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.trcode
Size: 1024B - Virtual size: 721B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 774KB - Virtual size: 774KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 198KB - Virtual size: 340KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.trstr
Size: 1024B - Virtual size: 517B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 594KB - Virtual size: 594KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 285KB - Virtual size: 284KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

2140243780ba6ada5e1bf3f3dd75629b

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

user32

advapi32

userenv

Exports

Exports

Sections

.text Size: 3.8MB - Virtual size: 3.8MB

.trcode Size: 1024B - Virtual size: 721B

.rdata Size: 774KB - Virtual size: 774KB

.data Size: 198KB - Virtual size: 340KB

.trstr Size: 1024B - Virtual size: 517B

.rsrc Size: 594KB - Virtual size: 594KB

.reloc Size: 285KB - Virtual size: 284KB

.text
Size: 3.8MB - Virtual size: 3.8MB

.trcode
Size: 1024B - Virtual size: 721B

.rdata
Size: 774KB - Virtual size: 774KB

.data
Size: 198KB - Virtual size: 340KB

.trstr
Size: 1024B - Virtual size: 517B

.rsrc
Size: 594KB - Virtual size: 594KB

.reloc
Size: 285KB - Virtual size: 284KB