d96f4c9dcb72575965ba6d8b0908ecf4b5873c229dffa36c03159fa82702b4f0

Sharing

Copy URL Twitter E-mail

General

Target

d96f4c9dcb72575965ba6d8b0908ecf4b5873c229dffa36c03159fa82702b4f0
Size

3.1MB
MD5

34086454d4652832aa3071e663783992
SHA1

1fe3c96d9dc4881aa8191615b74959e7682b247b
SHA256

d96f4c9dcb72575965ba6d8b0908ecf4b5873c229dffa36c03159fa82702b4f0
SHA512

47c044392e45898356beda5c91de59f588840eff35a29a69ba885eb9b7eae3f0dc3abaa556c269dc9ff8b0bd592a486668852aa7ec6c354c21e66e6db09bffaf
SSDEEP

49152:zopRt8ueYC3OzcsbCJQiOASgIpiD6717RBaPALP6G5cwRz1:wt8vYC3OIsbCJbOAGcC3LPcwRz

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
d96f4c9dcb72575965ba6d8b0908ecf4b5873c229dffa36c03159fa82702b4f0

Files

d96f4c9dcb72575965ba6d8b0908ecf4b5873c229dffa36c03159fa82702b4f0
.exe windows:5 windows x86 arch:x86

323bdb2207cdeb16735451bd79bca556

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

advapi32

OpenProcessToken
CreateProcessAsUserW
RegCloseKey
RegCreateKeyW
RegDeleteValueW
RegOpenKeyExW
RegSetValueExW
ChangeServiceConfig2W
CloseServiceHandle
ControlService
CreateServiceW
DeleteService
OpenSCManagerW
OpenServiceW
QueryServiceStatus
StartServiceW
RevertToSelf
EqualSid
GetLengthSid
InitializeAcl
GetAclInformation
AddAce
GetAce
AddAccessAllowedAce
InitializeSecurityDescriptor
GetSecurityDescriptorControl
SetSecurityDescriptorDacl
GetSecurityDescriptorDacl
SetFileSecurityW
GetFileSecurityW
LookupAccountNameW
RegCreateKeyExW
RegDeleteKeyW
RegQueryValueExW
RegEnumKeyW
RegOpenKeyW
ReportEventW
RegisterEventSourceW
DeregisterEventSource
CryptGenRandom
CryptReleaseContext
CryptAcquireContextW
DuplicateTokenEx
GetSidSubAuthorityCount
GetSidSubAuthority
SetTokenInformation
ImpersonateLoggedOnUser
RegQueryValueExA
LookupAccountSidW
GetTokenInformation
RegFlushKey

ole32

CoInitialize
CoInitializeEx
CoTaskMemFree
CoUninitialize
CoCreateInstance

shell32

SHChangeNotify
ShellExecuteExW
SHGetSpecialFolderPathW
SHGetFolderPathW
SHGetSpecialFolderLocation
SHGetPathFromIDListW
SHGetSpecialFolderPathA

shlwapi

SHGetValueW
SHSetValueW
PathAddBackslashW
PathFileExistsW
SHDeleteKeyW
SHDeleteValueW

userenv

DestroyEnvironmentBlock
CreateEnvironmentBlock

user32

wsprintfA
FindWindowW
PostMessageW
wsprintfW
GetProcessWindowStation
GetUserObjectInformationW
MessageBoxW

kernel32

HeapFree
GetProcessHeap
SetLastError
GetNativeSystemInfo
lstrlenW
LoadLibraryA
IsBadReadPtr
MapViewOfFile
FlushViewOfFile
UnmapViewOfFile
OpenFileMappingW
CreateThread
TerminateThread
GetExitCodeThread
InitializeCriticalSection
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
SetEvent
WaitForSingleObject
CreateEventW
LoadLibraryW
GetSystemDirectoryW
GetSystemWow64DirectoryW
GetCurrentProcessId
LocalAlloc
LocalFree
GetCurrentProcess
GetCurrentThread
GetLastError
GetModuleHandleW
FindClose
FindFirstFileW
FindNextFileW
GetLogicalDriveStringsW
GetProcessId
GetModuleFileNameW
OutputDebugStringW
CopyFileW
MoveFileExW
GetLocalTime
GetFileTime
SystemTimeToTzSpecificLocalTime
FileTimeToSystemTime
CreateFileW
GetVersionExW
ResetEvent
WaitForSingleObjectEx
IsProcessorFeaturePresent
IsDebuggerPresent
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetStartupInfoW
TerminateProcess
QueryPerformanceCounter
GetCurrentThreadId
GetSystemTimeAsFileTime
InitializeSListHead
GetLongPathNameW
GetExitCodeProcess
HeapAlloc
GetTickCount
GetTempPathW
GetFileAttributesW
GetPrivateProfileIntW
GetEnvironmentVariableW
CreateDirectoryW
RemoveDirectoryW
CreateFileA
SetFileAttributesW
WTSGetActiveConsoleSessionId
VirtualFree
GlobalFree
ReadProcessMemory
lstrcpyW
CreateProcessW
QueryDosDeviceW
DecodePointer
HeapReAlloc
HeapSize
RaiseException
InitializeCriticalSectionAndSpinCount
GetFileSize
ReadFile
MultiByteToWideChar
WideCharToMultiByte
GetSystemInfo
GetVolumeInformationW
DeleteFileA
ReleaseMutex
CreateMutexW
GetWindowsDirectoryW
FreeResource
LockResource
LoadResource
SizeofResource
FindResourceW
CreateFileMappingW
DeviceIoControl
OutputDebugStringA
SetPriorityClass
FindFirstFileA
FindNextFileA
ExpandEnvironmentStringsA
VerSetConditionMask
WriteFile
VirtualProtect
CreateToolhelp32Snapshot
DeleteFileW
CloseHandle
Sleep
OpenProcess
GetThreadTimes
GetFullPathNameW
GetCurrentDirectoryW
VirtualAlloc
GetProcAddress
FreeLibrary
WritePrivateProfileStringW
GetPrivateProfileStringW
Process32NextW
GlobalAlloc
Process32FirstW
GetDriveTypeW
FreeLibraryAndExitThread
ExitThread
SystemTimeToFileTime
GetSystemTime
ReadConsoleA
SetConsoleMode
ConvertThreadToFiber
ConvertFiberToThread
CreateFiber
DeleteFiber
SwitchToFiber
VerifyVersionInfoA
GetSystemDirectoryA
GetModuleHandleA
PeekNamedPipe
WaitForMultipleObjects
SleepEx
FormatMessageA
SetEndOfFile
FlushFileBuffers
GetConsoleCP
SetStdHandle
SetConsoleCtrlHandler
SetEnvironmentVariableA
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineW
GetCommandLineA
GetCPInfo
GetOEMCP
IsValidCodePage
FindFirstFileExW
SetFilePointerEx
ReadConsoleW
GetConsoleMode
GetTimeZoneInformation
EnumSystemLocalesW
GetUserDefaultLCID
IsValidLocale
GetLocaleInfoW
LCMapStringW
CompareStringW
GetStringTypeW
WriteConsoleW
GetFileType
GetACP
GetStdHandle
GetModuleHandleExW
ExitProcess
LoadLibraryExW
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
RtlUnwind
EncodePointer

wtsapi32

WTSQueryUserToken

oleaut32

SysAllocString
SysFreeString
SysStringLen

crypt32

CertGetNameStringW
CertFreeCertificateContext
CertFindCertificateInStore
CertCloseStore
CryptMsgGetParam
CryptMsgClose
CryptQueryObject

psapi

EnumProcessModules
GetProcessImageFileNameW
GetModuleFileNameExW

wininet

InternetReadFile
InternetOpenUrlW
InternetSetOptionW
InternetOpenW
HttpQueryInfoW
InternetQueryOptionW
InternetCloseHandle

wldap32

ord26
ord27
ord32
ord33
ord35
ord41
ord50
ord60
ord211
ord46
ord30
ord200
ord301
ord143
ord22
ord79

ws2_32

sendto
recvfrom
accept
getaddrinfo
WSAIoctl
socket
setsockopt
ntohs
htons
getsockopt
getsockname
gethostname
WSAStartup
WSACleanup
getpeername
connect
closesocket
bind
WSASetLastError
select
__WSAFDIsSet
WSAGetLastError
listen
ioctlsocket
send
recv
freeaddrinfo

version

GetFileVersionInfoSizeW
GetFileVersionInfoW
VerQueryValueW

Exports

Exports

AddProtectFile
AddProtectReg
AddTrustProcess
ClearProtectFile
ClearProtectReg
ClearTrustProcess
RepairDriverServices
SHDeleteSelfProtectService
SHGetDumpPath
SHStartSelfProtectService

Sections

.text
Size: 1.9MB - Virtual size: 1.9MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 571KB - Virtual size: 571KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 21KB - Virtual size: 48KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.gfids
Size: 1024B - Virtual size: 532B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.tls
Size: 512B - Virtual size: 9B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 564KB - Virtual size: 564KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

323bdb2207cdeb16735451bd79bca556

Headers

DLL Characteristics

File Characteristics

Imports

advapi32

ole32

shell32

shlwapi

userenv

user32

kernel32

wtsapi32

oleaut32

crypt32

psapi

wininet

wldap32

ws2_32

version

Exports

Exports

Sections

.text Size: 1.9MB - Virtual size: 1.9MB

.rdata Size: 571KB - Virtual size: 571KB

.data Size: 21KB - Virtual size: 48KB

.gfids Size: 1024B - Virtual size: 532B

.tls Size: 512B - Virtual size: 9B

.rsrc Size: 564KB - Virtual size: 564KB

.text
Size: 1.9MB - Virtual size: 1.9MB

.rdata
Size: 571KB - Virtual size: 571KB

.data
Size: 21KB - Virtual size: 48KB

.gfids
Size: 1024B - Virtual size: 532B

.tls
Size: 512B - Virtual size: 9B

.rsrc
Size: 564KB - Virtual size: 564KB