49197d63922ca63b2bdccdce9272764cc2b0e26faa4c813d57c6ccf6d1cb69d6N

Sharing

Copy URL Twitter E-mail

General

Target

49197d63922ca63b2bdccdce9272764cc2b0e26faa4c813d57c6ccf6d1cb69d6N
Size

1.2MB
MD5

ed3e75dd668f0f524553a58b030869d0
SHA1

38fa2013dfd646ff4f096577c02b88b87ec165b2
SHA256

49197d63922ca63b2bdccdce9272764cc2b0e26faa4c813d57c6ccf6d1cb69d6
SHA512

06529ecc04067863697bf81abd68f244099a3251ea29a32a9695a5176595717702cd2d279e7d230fe999300c7fe0f4bd2cea0e1c6814b890f523f2acde38621f
SSDEEP

12288:rHkZtSJtttmLDAptNyvUgXZ32dT4ePc7N29Cxs5+j2QNbxf53nHVoTOyEx:r9NyBo4kx929bL3Hnx

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
49197d63922ca63b2bdccdce9272764cc2b0e26faa4c813d57c6ccf6d1cb69d6N

Files

49197d63922ca63b2bdccdce9272764cc2b0e26faa4c813d57c6ccf6d1cb69d6N
.exe windows:4 windows x64 arch:x64

a908d36b63842f3b2727ea9928adca98

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DEBUG_STRIPPED

Imports

advapi32

AdjustTokenPrivileges
ChangeServiceConfig2W
ChangeServiceConfigW
CloseServiceHandle
ControlService
CreateProcessAsUserW
CreateServiceW
CreateWellKnownSid
DeleteService
GetTokenInformation
InitializeSecurityDescriptor
LookupPrivilegeValueW
LsaAddAccountRights
LsaClose
LsaOpenPolicy
OpenProcessToken
OpenSCManagerW
OpenServiceW
RegCloseKey
RegCreateKeyExA
RegDeleteValueW
RegOpenKeyExA
RegOpenKeyExW
RegQueryValueExW
RegSetValueExW
RegisterServiceCtrlHandlerExW
SetEntriesInAclW
SetSecurityDescriptorDacl
SetServiceStatus
StartServiceCtrlDispatcherW
StartServiceW

comctl32

PropertySheetW

gdi32

CreateSolidBrush
DeleteObject
Ellipse
SelectObject

kernel32

CloseHandle
CreateDirectoryW
CreateEventA
CreateFileW
CreateProcessW
CreateThread
DefineDosDeviceW
DeviceIoControl
ExitProcess
GetCommandLineW
GetCurrentProcess
GetExitCodeProcess
GetFileAttributesW
GetFileSizeEx
GetLastError
GetLogicalDrives
GetModuleFileNameW
GetModuleHandleW
GetProcAddress
GetSystemDirectoryW
GetTempPathW
GetVersionExW
GetVolumeInformationW
LoadLibraryA
OpenEventA
ReadFile
SetCurrentDirectoryW
SetEvent
SetVolumeLabelW
Sleep
VirtualAlloc
WTSGetActiveConsoleSessionId
WaitForSingleObject

msvcrt

_snwprintf
_wtoi
wcscat
wcscmp
wcscpy
wcslen
wcsncmp
wcsstr
wcstok

shell32

CommandLineToArgvW
SHBrowseForFolderW
SHGetPathFromIDListW
ShellExecuteExW
ShellExecuteW

shlwapi

PathAddBackslashW
PathFileExistsW
PathIsDirectoryEmptyW
PathQuoteSpacesW
PathRemoveBackslashW
PathRemoveFileSpecW

user32

BeginPaint
CheckDlgButton
CheckRadioButton
CreateWindowExW
DialogBoxParamW
DrawIcon
EnableWindow
EndDialog
EndPaint
ExitWindowsEx
GetComboBoxInfo
GetDlgItem
GetDlgItemInt
GetDlgItemTextW
GetParent
IsDlgButtonChecked
LoadImageW
MapDialogRect
MessageBeep
MessageBoxW
RedrawWindow
SendDlgItemMessageW
SendMessageW
SetDlgItemInt
SetDlgItemTextW
SetFocus
SetWindowLongPtrW

wtsapi32

WTSQueryUserToken
WTSSendMessageW

Sections

.text
Size: 23KB - Virtual size: 23KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 352B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.pdata
Size: 512B - Virtual size: 360B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.xdata
Size: 512B - Virtual size: 448B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.bss
Size: - Virtual size: 6KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.edata
Size: 512B - Virtual size: 56B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.idata
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 29KB - Virtual size: 28KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 1.2MB - Virtual size: 1.2MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

a908d36b63842f3b2727ea9928adca98

Headers

DLL Characteristics

File Characteristics

Imports

advapi32

comctl32

gdi32

kernel32

msvcrt

shell32

shlwapi

user32

wtsapi32

Sections

.text Size: 23KB - Virtual size: 23KB

.data Size: 512B - Virtual size: 352B

.rdata Size: 4KB - Virtual size: 3KB

.pdata Size: 512B - Virtual size: 360B

.xdata Size: 512B - Virtual size: 448B

.bss Size: - Virtual size: 6KB

.edata Size: 512B - Virtual size: 56B

.idata Size: 5KB - Virtual size: 4KB

.rsrc Size: 29KB - Virtual size: 28KB

.reloc Size: 1.2MB - Virtual size: 1.2MB

.text
Size: 23KB - Virtual size: 23KB

.data
Size: 512B - Virtual size: 352B

.rdata
Size: 4KB - Virtual size: 3KB

.pdata
Size: 512B - Virtual size: 360B

.xdata
Size: 512B - Virtual size: 448B

.bss
Size: - Virtual size: 6KB

.edata
Size: 512B - Virtual size: 56B

.idata
Size: 5KB - Virtual size: 4KB

.rsrc
Size: 29KB - Virtual size: 28KB

.reloc
Size: 1.2MB - Virtual size: 1.2MB