a142af42dce4dd20008229039f08037ba558c721cd637f2e3d6e2122aab29b08N

Sharing

Copy URL

Twitter E-mail

General

Target

a142af42dce4dd20008229039f08037ba558c721cd637f2e3d6e2122aab29b08N
Size

256KB
MD5

15127d4cd5bf2f8bde1075f2aa720350
SHA1

e231623c005956fee50c2adf9be2f56b93089185
SHA256

a142af42dce4dd20008229039f08037ba558c721cd637f2e3d6e2122aab29b08
SHA512

ebd4e35a2aafc7477a851c7e940ebe30dce73ec77458bdfd9331d686721925a59c3f5d50a866b08f7c4309c71d93f58e3550b04e3438af713f614433a0010be7
SSDEEP

6144:14C9QS6kCziOuAOuAOuAOuAOuAOuAOuAOuAOu4wwwwwwwwppNNgnmCiPD5:1KjwwwwwwwwpXOn3iPD

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
a142af42dce4dd20008229039f08037ba558c721cd637f2e3d6e2122aab29b08N

Files

a142af42dce4dd20008229039f08037ba558c721cd637f2e3d6e2122aab29b08N
.exe windows:5 windows x86 arch:x86

809f23cbdc62c105f236b910219a874e

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

PDB Paths

SearchStp.pdb

Imports

msvcrt

memmove
_EH_prolog
??3@YAXPAX@Z
wcsncpy
_CxxThrowException
wcscmp
_wcsnicmp
wcsncat
wcscat
iswspace
wcsrchr
_exit
_XcptFilter
exit
_acmdln
__getmainargs
_initterm
__setusermatherr
_adjust_fdiv
__p__commode
__p__fmode
__set_app_type
_except_handler3
?terminate@@YAXXZ
??1type_info@@UAE@XZ
_controlfp
__dllonexit
_onexit
wcscpy
wcslen
_vsnwprintf
_purecall
_wcsicmp
??2@YAPAXI@Z
_wtol
_itow
_snwprintf
__CxxFrameHandler
malloc
free
realloc
swprintf
wcschr

advapi32

EnumDependentServicesW
InitializeSecurityDescriptor
GetSidSubAuthority
GetAclInformation
QueryServiceConfigW
RegEnumKeyExW
RegCreateKeyExW
RegDeleteKeyW
RegCloseKey
RegOpenKeyExW
RegSetValueExW
RegEnumValueW
RegQueryInfoKeyW
RegQueryValueExW
RegDeleteValueW
InitializeAcl
StartServiceW
ControlService
ChangeServiceConfigW
SetFileSecurityW
AddAccessAllowedAce
AddAccessDeniedAce
GetAce
AddAce
GetSidLengthRequired
InitializeSid
SetSecurityDescriptorDacl
GetLengthSid
CloseServiceHandle
OpenSCManagerW
OpenServiceW
QueryServiceStatus

kernel32

GetStartupInfoA
GetModuleHandleA
GetModuleFileNameW
GetCommandLineW
GetEnvironmentVariableW
lstrlenW
GetLastError
WideCharToMultiByte
GetTempPathW
CloseHandle
CreateFileW
WriteFile
SetFilePointer
GetLocalTime
GetFileAttributesW
Sleep
FreeLibrary
GetProcAddress
SetLastError
LoadLibraryW
SetCurrentDirectoryW
GetCurrentDirectoryW
MoveFileExW
GetExitCodeProcess
WaitForSingleObject
CreateProcessW
GetShortPathNameW
RemoveDirectoryW
FindClose
FindNextFileW
DeleteFileW
lstrcmpW
FindFirstFileW
GetVersionExW
SetFileAttributesW
ReadFile
MultiByteToWideChar
lstrcmpiW
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSection
DeleteCriticalSection
LoadLibraryA
lstrcpynW
GetWindowsDirectoryW
GetSystemDirectoryW
lstrlenA
SizeofResource
LoadResource
FindResourceW
LoadLibraryExW
GetComputerNameW
InterlockedExchange
RaiseException
HeapFree
HeapReAlloc
GetProcessHeap
CreateDirectoryW
VirtualFree
LocalAlloc

setupapi

SetupGetTargetPathW
SetupFindFirstLineW
SetupGetLineCountW
SetupInstallFileExW
SetupOpenInfFileW
SetupGetSourceFileLocationW
SetupDefaultQueueCallbackW
SetupSetDirectoryIdW
SetupPromptForDiskW
SetupFindNextLine
SetupGetLineTextW
SetupInitDefaultQueueCallbackEx
SetupInstallFileW
SetupGetStringFieldW
SetupCloseInfFile

ole32

CoUninitialize
CoInitializeEx
CoTaskMemAlloc
CoTaskMemFree
StringFromCLSID
CoCreateInstance
CoTaskMemRealloc

oleaut32

SysAllocString
SysFreeString
VarUI4FromStr

user32

wsprintfW
CharNextW
GetActiveWindow

shlwapi

PathAppendW
PathFileExistsW

version

VerQueryValueW
GetFileVersionInfoSizeW
GetFileVersionInfoW

Sections

.text
Size: 76KB - Virtual size: 73KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 112KB - Virtual size: 112KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rmnet
Size: 60KB - Virtual size: 60KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

809f23cbdc62c105f236b910219a874e

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

msvcrt

advapi32

kernel32

setupapi

ole32

oleaut32

user32

shlwapi

version

Sections

.text Size: 76KB - Virtual size: 73KB

.data Size: 4KB - Virtual size: 8KB

.rsrc Size: 112KB - Virtual size: 112KB

.rmnet Size: 60KB - Virtual size: 60KB

.text
Size: 76KB - Virtual size: 73KB

.data
Size: 4KB - Virtual size: 8KB

.rsrc
Size: 112KB - Virtual size: 112KB

.rmnet
Size: 60KB - Virtual size: 60KB