9af9bfa53aba67307d62ef2d7f163c85c6c1130f39d11fce9cb78057b2340110N

Sharing

Copy URL Twitter E-mail

General

Target

9af9bfa53aba67307d62ef2d7f163c85c6c1130f39d11fce9cb78057b2340110N
Size

1.4MB
MD5

7fac418a2b045748548b9dd02b5892e0
SHA1

4482f85020937562ee57668dd6b80d10345acce1
SHA256

9af9bfa53aba67307d62ef2d7f163c85c6c1130f39d11fce9cb78057b2340110
SHA512

5e514665782b1aaf6f1f566ee23c5e437b29fcf2fa078f7bab0adb784830cafbb613422b53f80ee572346f9627129cfbaf81a5edfc3ebd7414cdb6264f765fd9
SSDEEP

12288:YXGRci0hJmuAcw6kJ/NMPGUd1jek+wfhcG6wv44a8Rx24Iu5a0F68:YXGnExAMmMPtkSfhcGXv44a8RxJ

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
9af9bfa53aba67307d62ef2d7f163c85c6c1130f39d11fce9cb78057b2340110N

Files

9af9bfa53aba67307d62ef2d7f163c85c6c1130f39d11fce9cb78057b2340110N
.exe windows:6 windows x86 arch:x86

03e927665fbd0297cac3a1489c3f1d69

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_REMOVABLE_RUN_FROM_SWAP
IMAGE_FILE_NET_RUN_FROM_SWAP

PDB Paths

Dism.pdb

Imports

advapi32

AdjustTokenPrivileges
LookupPrivilegeValueW
OpenProcessToken
InitiateSystemShutdownExW
AddAce
InitializeAcl
GetSecurityDescriptorControl
MakeAbsoluteSD
GetSecurityDescriptorSacl
GetSecurityDescriptorDacl
GetSecurityDescriptorGroup
GetSecurityDescriptorOwner
InitializeSecurityDescriptor
GetLengthSid
IsValidSid
CopySid
GetAclInformation
SetSecurityDescriptorOwner
SetSecurityDescriptorGroup
SetSecurityDescriptorDacl
GetSidSubAuthority
InitializeSid
GetSidLengthRequired
IsValidSecurityDescriptor
RegQueryValueExW
RegCloseKey
RegOpenKeyExW

kernel32

OutputDebugStringW
SetConsoleCtrlHandler
SetErrorMode
GetStdHandle
GetConsoleMode
GetFileType
LocalFree
WriteFile
WideCharToMultiByte
LocalAlloc
WriteConsoleW
HeapAlloc
lstrlenW
GetModuleFileNameW
SetLastError
GetFileAttributesW
FormatMessageW
IsWow64Process
GetVersionExW
GetSystemInfo
LeaveCriticalSection
EnterCriticalSection
CompareStringW
GetDriveTypeW
GetProcessHeap
SearchPathW
GetUserDefaultUILanguage
GetSystemDefaultUILanguage
UnmapViewOfFile
GetLocaleInfoW
CreateFileMappingW
MapViewOfFile
LoadLibraryExW
FreeLibrary
GetProcAddress
LoadLibraryW
ExpandEnvironmentStringsW
GetSystemWindowsDirectoryW
GetModuleHandleExW
ReadFile
SetFilePointer
GetFullPathNameW
GetTempFileNameW
CreateFileW
UnhandledExceptionFilter
TerminateProcess
GetSystemTimeAsFileTime
GetCurrentProcessId
GetTickCount
QueryPerformanceCounter
GetModuleHandleA
SetUnhandledExceptionFilter
OutputDebugStringA
InterlockedCompareExchange
MultiByteToWideChar
InterlockedExchange
HeapSize
HeapReAlloc
HeapDestroy
GetVersionExA
HeapFree
Sleep
RaiseException
GetCommandLineW
InitializeCriticalSection
DeleteCriticalSection
SizeofResource
LockResource
LoadResource
FindResourceW
FindResourceExW
SetThreadUILanguage
SetEvent
InterlockedDecrement
InterlockedIncrement
GetCurrentThreadId
GetModuleHandleW
GetCurrentProcess
GetLastError
CloseHandle

msvcrt

_CxxThrowException
_wcsicmp
_vscwprintf
bsearch
_wcsnicmp
wcsncmp
wcsstr
wcschr
wprintf
_vsnwprintf
towupper
_isatty
_write
_lseeki64
_fileno
__pioinfo
__badioinfo
ferror
_itoa
_snprintf
_iob
isleadbyte
__mb_cur_max
mbtowc
_controlfp
memmove
memcpy
realloc
_onexit
_lock
__dllonexit
_unlock
?terminate@@YAXXZ
??1type_info@@UAE@XZ
__set_app_type
__p__fmode
__p__commode
__setusermatherr
_amsg_exit
_initterm
exit
_XcptFilter
_exit
_cexit
__wgetmainargs
_callnewh
_wcslwr
_errno
__CxxFrameHandler
??0exception@@QAE@XZ
malloc
wcsrchr
calloc
__RTDynamicCast
_purecall
free
??0exception@@QAE@ABV0@@Z
??1exception@@UAE@XZ
?what@exception@@UBEPBDXZ
??0exception@@QAE@ABQBD@Z
memset
_getwch

ntdll

RtlFreeHeap
RtlAllocateHeap
RtlUnwind

user32

UnregisterClassA
CharLowerBuffW
PostThreadMessageW

ole32

CoInitializeSecurity
CoCreateInstance
CoUninitialize
CoInitializeEx

oleaut32

GetErrorInfo
SysFreeString
SysAllocString
SysStringLen
LoadRegTypeLi
LoadTypeLi
VariantClear
SysAllocStringLen
SysAllocStringByteLen
SysStringByteLen
VarBstrCmp

version

GetFileVersionInfoSizeW
GetFileVersionInfoW
VerQueryValueW

Sections

.text
Size: 149KB - Virtual size: 148KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 6KB - Virtual size: 216KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 28KB - Virtual size: 27KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1.2MB - Virtual size: 1.8MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

03e927665fbd0297cac3a1489c3f1d69

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

advapi32

kernel32

msvcrt

ntdll

user32

ole32

oleaut32

version

Sections

.text Size: 149KB - Virtual size: 148KB

.data Size: 6KB - Virtual size: 216KB

.rsrc Size: 28KB - Virtual size: 27KB

.reloc Size: 1.2MB - Virtual size: 1.8MB

.text
Size: 149KB - Virtual size: 148KB

.data
Size: 6KB - Virtual size: 216KB

.rsrc
Size: 28KB - Virtual size: 27KB

.reloc
Size: 1.2MB - Virtual size: 1.8MB