8824a1f65e481303b0a133ff27af78b7d12a6b7fcb2173f34ad97f501da22c2cN

Sharing

Copy URL Twitter E-mail

General

Target

8824a1f65e481303b0a133ff27af78b7d12a6b7fcb2173f34ad97f501da22c2cN
Size

332KB
MD5

26de373aeb2793f964be6288b5ca1ed0
SHA1

1dfae5602f9ab41e5ec0bae8f1dbe3d91aa41525
SHA256

8824a1f65e481303b0a133ff27af78b7d12a6b7fcb2173f34ad97f501da22c2c
SHA512

6895e5f040050e532af33b6e8465f27e75a2ace1b49633dc68fc118eb1d97f369a48ff2e6868f1dcc5a2d0707d6b14e1e948f41311e325f41563b9157dfa3231
SSDEEP

3072:aQnCNmhxuQNIV8gheM9Fk8tqK7YwC5ytuO/v60ac8fMTZ9cUDY2AOCBszds6rGT8:xC4+JheMQrkCwtLiLUTr7Ap8fGz7Zit

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
8824a1f65e481303b0a133ff27af78b7d12a6b7fcb2173f34ad97f501da22c2cN

Files

8824a1f65e481303b0a133ff27af78b7d12a6b7fcb2173f34ad97f501da22c2cN
.dll regsvr32 windows:4 windows x86 arch:x86

14e9c9c9f85a509eead8eadeb9a73b81

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

d:\Work\OOfile\w_filemax\bin\w_exployer.pdb

Imports

iphlpapi

GetAdaptersInfo

advapi32

RegOpenKeyExA
RegQueryValueExA
RegDeleteKeyA
RegDeleteValueA
RegCloseKey
RegCreateKeyExA
RegSetValueExA
RegQueryInfoKeyA
RegEnumKeyExA
RegCreateKeyA

kernel32

SizeofResource
LockResource
LoadResource
FindResourceA
FindResourceExA
InterlockedIncrement
InterlockedDecrement
lstrlenA
lstrcmpiA
GetVersion
GetVersionExA
CreateEventA
TerminateThread
CloseHandle
WaitForSingleObject
SetEvent
lstrcpynA
GetModuleFileNameA
ReadFile
WriteFile
SetFilePointer
GetFileSize
DeleteFileA
CreateFileA
CompareStringA
CompareStringW
IsDBCSLeadByte
Sleep
lstrcmpA
EnterCriticalSection
LeaveCriticalSection
FreeLibrary
LoadLibraryExA
GetModuleHandleA
OutputDebugStringA
WinExec
LocalFree
FormatMessageA
GetProcAddress
LoadLibraryA
GetTickCount
CreateThread
ResetEvent
ExitThread
lstrcpynW
SetThreadLocale
GetThreadLocale
CreateNamedPipeA
ConnectNamedPipe
DisconnectNamedPipe
FlushFileBuffers
DeleteCriticalSection
GetCurrentProcess
GetCurrentThreadId
SetLastError
GetPrivateProfileStringA
DeviceIoControl
GetFileAttributesA
CreateDirectoryA
GlobalFree
GlobalUnlock
GlobalLock
GlobalAlloc
OpenFile
LocalAlloc
GetCurrentProcessId
HeapFree
GetProcessHeap
LCMapStringA
GetCommandLineA
SetCurrentDirectoryA
GetCurrentDirectoryA
SetEnvironmentVariableA
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
TerminateProcess
GetSystemTimeAsFileTime
VirtualQuery
GetSystemInfo
VirtualProtect
RtlUnwind
VirtualAlloc
VirtualFree
IsProcessorFeaturePresent
InterlockedCompareExchange
HeapSize
HeapReAlloc
HeapAlloc
HeapDestroy
GetLocaleInfoA
GetACP
HeapCreate
ExitProcess
LCMapStringW
GetStdHandle
GetTimeZoneInformation
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
GetOEMCP
IsValidCodePage
SetHandleCount
GetFileType
GetStartupInfoA
GetStringTypeA
GetStringTypeW
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
QueryPerformanceCounter
GetUserDefaultLCID
InitializeCriticalSection
GetLastError
RaiseException
lstrlenW
WideCharToMultiByte
MultiByteToWideChar
InterlockedExchange
SetEndOfFile
FlushInstructionCache
GetCPInfo
EnumSystemLocalesA
IsValidLocale
GetConsoleCP
GetConsoleMode
WriteConsoleW
GetConsoleOutputCP
WriteConsoleA
SetStdHandle
GetLocaleInfoW

user32

GetDC
UnregisterClassA
wsprintfA
SetWindowPos
GetForegroundWindow
GetWindowThreadProcessId
AttachThreadInput
GetWindowInfo
LoadMenuA
GetCursorPos
SetForegroundWindow
TrackPopupMenu
PostMessageA
LoadIconA
CreateWindowExA
RegisterClassExA
ModifyMenuA
DestroyMenu
KillTimer
CallWindowProcA
GetSubMenu
LoadCursorA
GetClassInfoExA
GetWindowLongA
SetWindowLongA
DefWindowProcA
CreatePopupMenu
InsertMenuA
SetMenuItemBitmaps
LoadBitmapA
GetDesktopWindow
DestroyWindow
PostQuitMessage
SendMessageA
ShowWindow
RegisterClipboardFormatA
OpenClipboard
GetClipboardData
CloseClipboard
FindWindowA
UnregisterHotKey
RegisterHotKey
CharNextA
SetTimer
ReleaseDC

gdi32

GetDeviceCaps
DeleteDC
GetObjectA
GetStockObject
SelectPalette
RealizePalette
GetDIBits
DeleteObject
CreateDCA

shell32

DragQueryFileA
Shell_NotifyIconA
SHGetFolderPathA
ShellExecuteExA

ole32

StringFromGUID2
ReleaseStgMedium
CoCreateGuid
CoInitialize
OleRun
CoGetObjectContext
CoCreateInstance
CoTaskMemFree
CoTaskMemRealloc
CoTaskMemAlloc

oleaut32

GetErrorInfo
SysStringByteLen
SysFreeString
VariantInit
VariantClear
SysAllocString
SysStringLen
VariantCopy
VariantChangeType
SysAllocStringLen
VarUI4FromStr
LoadRegTypeLi
LoadTypeLi
UnRegisterTypeLi
RegisterTypeLi
SysAllocStringByteLen

shlwapi

PathFileExistsA
StrCmpNA

urlmon

URLDownloadToFileA

ws2_32

inet_addr
htonl
htons
bind
socket
gethostname
inet_ntoa
send
recv
accept
WSAStartup
sendto
shutdown
closesocket
WSACleanup
select
recvfrom
setsockopt

netapi32

Netbios

wininet

DeleteUrlCacheEntry

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 228KB - Virtual size: 226KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 48KB - Virtual size: 47KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 19KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 20KB - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 20KB - Virtual size: 18KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

14e9c9c9f85a509eead8eadeb9a73b81

Headers

File Characteristics

PDB Paths

Imports

iphlpapi

advapi32

kernel32

user32

gdi32

shell32

ole32

oleaut32

shlwapi

urlmon

ws2_32

netapi32

wininet

Exports

Exports

Sections

.text Size: 228KB - Virtual size: 226KB

.rdata Size: 48KB - Virtual size: 47KB

.data Size: 12KB - Virtual size: 19KB

.rsrc Size: 20KB - Virtual size: 17KB

.reloc Size: 20KB - Virtual size: 18KB

.text
Size: 228KB - Virtual size: 226KB

.rdata
Size: 48KB - Virtual size: 47KB

.data
Size: 12KB - Virtual size: 19KB

.rsrc
Size: 20KB - Virtual size: 17KB

.reloc
Size: 20KB - Virtual size: 18KB