88c853a094536d2fa36454b49b1b9c090f6184f0f7e46432e1618d33501c5df3

Sharing

Copy URL Twitter E-mail

General

Target

88c853a094536d2fa36454b49b1b9c090f6184f0f7e46432e1618d33501c5df3
Size

140KB
MD5

00ef30fc230bfd18045b551280693314
SHA1

b9da97271e6afa37ac19ee9a1d73b2b82d8f96b1
SHA256

88c853a094536d2fa36454b49b1b9c090f6184f0f7e46432e1618d33501c5df3
SHA512

15a3137758288e262a8581f1b57f64c25dbe16fc444728d478a2d48e15d92996e2a1c87040a4052eb098059f989d89817935dd9fbddd19968859a45300e683bc
SSDEEP

3072:lZIzWL49W0fmgss0CO1O604vpqrsW9SpPOxvV5b9mJ9WQVG:yW0fpsA6OB4vpqrsASpG5b9qWQVG

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
88c853a094536d2fa36454b49b1b9c090f6184f0f7e46432e1618d33501c5df3

Files

88c853a094536d2fa36454b49b1b9c090f6184f0f7e46432e1618d33501c5df3
.exe windows:4 windows x86 arch:x86

a674143d0aecc42f27080f0c1be81a4a

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

shell32

SHGetSpecialFolderPathA
SHCreateDirectoryExA

user32

GetClassNameA
FindWindowA
IsWindow
SendMessageA
FindWindowExA
GetParent

ole32

CoInitialize
CoCreateGuid
StringFromCLSID
CoTaskMemFree
CoUninitialize

kernel32

GetVersionExA
GetCurrentProcess
HeapFree
HeapAlloc
GetProcessHeap
FreeLibrary
GetProcAddress
LoadLibraryW
WideCharToMultiByte
GetACP
lstrcpynW
LoadLibraryA
lstrlenA
LocalFree
ReadProcessMemory
LoadLibraryExA
GetVersion
lstrcmpA
CreateFileA
OpenMutexA
lstrcmpiA
GetFileAttributesExA
WritePrivateProfileStringA
GetPrivateProfileStringA
GetPrivateProfileIntA
WritePrivateProfileSectionA
GetCurrentProcessId
MapViewOfFile
CreateFileMappingA
OpenFileMappingA
UnmapViewOfFile
lstrlenW
FileTimeToSystemTime
FileTimeToLocalFileTime
LocalAlloc
OpenProcess
Process32NextW
ProcessIdToSessionId
Process32FirstW
ReadFile
CreateFileW
WriteFile
GetFileSize
WritePrivateProfileStructA
SetLastError
GetPrivateProfileStructA
FindFirstFileA
FindNextFileA
FindClose
RemoveDirectoryA
GetTempPathA
GetTempFileNameA
CreateDirectoryA
MultiByteToWideChar
GetLongPathNameA
DeleteFileA
GetWindowsDirectoryA
GetShortPathNameA
GetSystemDirectoryA
SetEvent
CreateEventA
WaitForSingleObject
MoveFileExA
CreateToolhelp32Snapshot
Process32First
Process32Next
CreateProcessA
CreateMutexA
CloseHandle
lstrcpynA
lstrcatA
GetStartupInfoA
GetModuleFileNameA
CopyFileA
GetTickCount
Sleep
GetLastError
GetModuleHandleA

advapi32

SetSecurityDescriptorOwner
GetSidSubAuthorityCount
GetSidSubAuthority
SetTokenInformation
LookupPrivilegeValueW
DuplicateTokenEx
CreateProcessAsUserW
GetTokenInformation
EqualSid
GetNamedSecurityInfoA
SetEntriesInAclA
SetNamedSecurityInfoA
RegDeleteValueA
RegCreateKeyExA
RegCreateKeyA
InitializeAcl
AddAccessAllowedAce
SetSecurityDescriptorDacl
AllocateAndInitializeSid
InitializeSecurityDescriptor
RegSetKeySecurity
FreeSid
OpenProcessToken
LookupPrivilegeValueA
AdjustTokenPrivileges
RegOpenKeyA
RegOpenKeyExW
RegQueryValueExW
RegSetValueExW
StartServiceCtrlDispatcherA
RegisterServiceCtrlHandlerA
SetServiceStatus
RegSetValueExA
RegOpenKeyExA
RegQueryValueExA
RegCloseKey
ControlService
StartServiceA
QueryServiceStatus
DeleteService
OpenServiceA
ChangeServiceConfig2A
OpenSCManagerA
CreateServiceA
CloseServiceHandle
GetLengthSid

shlwapi

PathFileExistsA
wnsprintfA
PathAppendA
StrStrIA
PathStripToRootA
SHDeleteValueA
SHSetValueA
PathFindExtensionA
PathRemoveExtensionA
PathAddExtensionA
SHGetValueA
SHDeleteKeyA
PathFindFileNameA
PathIsDirectoryA
PathRemoveBlanksA
PathRemoveBackslashA
PathRemoveFileSpecA

version

GetFileVersionInfoA
VerQueryValueA
GetFileVersionInfoSizeA

msvcrt

tolower
_controlfp
??1type_info@@UAE@XZ
__set_app_type
__p__fmode
__p__commode
_adjust_fdiv
__setusermatherr
_initterm
__getmainargs
_acmdln
exit
_ltoa
strncpy
_XcptFilter
_exit
_onexit
__dllonexit
memcpy
??0exception@@QAE@ABQBD@Z
??1exception@@UAE@XZ
_CxxThrowException
_EH_prolog
strlen
??0exception@@QAE@ABV0@@Z
_wcsnicmp
_wcsicmp
_strlwr
_except_handler3
strncat
_stricmp
_strnicmp
atol
_mbschr
_tempnam
srand
??2@YAPAXI@Z
__CxxFrameHandler
_mbsicmp
_snprintf
rand
_mbsnbcpy
fseek
fclose
fputs
strstr
fgets
rewind
fopen
wcslen
fwrite
strrchr
strchr
fread
ftell
_mbstok
_ismbcupper
free
malloc
_mbscmp
sscanf
printf
_snwprintf
sprintf
time
localtime
memmove
atoi
rename

ws2_32

WSAStartup
gethostname
gethostbyname
WSACleanup

Sections

.text
Size: 100KB - Virtual size: 97KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 28KB - Virtual size: 24KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

a674143d0aecc42f27080f0c1be81a4a

Headers

File Characteristics

Imports

shell32

user32

ole32

kernel32

advapi32

shlwapi

version

msvcrt

ws2_32

Sections

.text Size: 100KB - Virtual size: 97KB

.rdata Size: 28KB - Virtual size: 24KB

.data Size: 8KB - Virtual size: 14KB

.text
Size: 100KB - Virtual size: 97KB

.rdata
Size: 28KB - Virtual size: 24KB

.data
Size: 8KB - Virtual size: 14KB