9370d1eb3593db6cc3a3465a0298194d557db4b946a2fd438afa3ea21d5f2936N

Sharing

Copy URL Twitter E-mail

General

Target

9370d1eb3593db6cc3a3465a0298194d557db4b946a2fd438afa3ea21d5f2936N
Size

220KB
MD5

71d90d766612cae7e1e30a1bf68ede10
SHA1

67f471478b27def36218e7c89545b2431bd3c45d
SHA256

9370d1eb3593db6cc3a3465a0298194d557db4b946a2fd438afa3ea21d5f2936
SHA512

87c4a11a0c8a11d5678d1a2a2647ea4b3ba44442b3a411efbb0bf139960901651927f2f3713c117de83fac6e5f4230701c4fdfab5c40bfc82c07d42ef0a25d1f
SSDEEP

6144:X140FvE7URULsrhwfRgVNQZdb9uiCH+sa+MXSZHaYXe:X1hvE7U/XKuxH+KMCZtXe

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
9370d1eb3593db6cc3a3465a0298194d557db4b946a2fd438afa3ea21d5f2936N

Files

9370d1eb3593db6cc3a3465a0298194d557db4b946a2fd438afa3ea21d5f2936N
.exe windows:4 windows x86 arch:x86

a8c05495d56d567068b75adfbe69b618

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

user32

IsWindow
GetParent
GetClassNameA
FindWindowExA
SendMessageA

ole32

CoTaskMemFree
StringFromCLSID
CoCreateGuid
CoInitialize
CoUninitialize
CoTaskMemAlloc

kernel32

GetCurrentProcess
HeapFree
HeapAlloc
GetProcessHeap
FreeLibrary
GetProcAddress
LoadLibraryW
WideCharToMultiByte
GetACP
lstrcpynW
LoadLibraryA
lstrlenA
GetVersion
ReadProcessMemory
LoadLibraryExA
GetModuleHandleA
lstrcmpA
CreateFileA
MapViewOfFile
CreateFileMappingA
OpenFileMappingA
UnmapViewOfFile
GetPrivateProfileStringA
CopyFileA
OpenProcess
Process32NextW
ProcessIdToSessionId
Process32FirstW
GetCurrentProcessId
GetPrivateProfileStructA
WritePrivateProfileStringA
lstrlenW
FileTimeToSystemTime
FileTimeToLocalFileTime
LocalAlloc
ReadFile
FindFirstFileA
FindNextFileA
FindClose
RemoveDirectoryA
GetTempPathA
GetTempFileNameA
CreateDirectoryA
MultiByteToWideChar
GetLongPathNameA
DeleteFileA
GetWindowsDirectoryA
GetShortPathNameA
GetSystemDirectoryA
SetEvent
CreateEventA
WaitForSingleObject
MoveFileExA
CreateToolhelp32Snapshot
Process32First
Process32Next
lstrcpynA
lstrcatA
CreateProcessA
CreateMutexA
CloseHandle
GetModuleFileNameA
GetTickCount
Sleep
GetLastError
GetVersionExA
LocalFree
GetStartupInfoA

advapi32

GetLengthSid
SetTokenInformation
GetTokenInformation
LookupPrivilegeValueW
DuplicateTokenEx
CreateProcessAsUserW
GetNamedSecurityInfoA
SetEntriesInAclA
SetNamedSecurityInfoA
RegDeleteValueA
RegCreateKeyExA
RegCreateKeyA
AddAccessAllowedAce
SetSecurityDescriptorDacl
AllocateAndInitializeSid
InitializeSecurityDescriptor
SetSecurityDescriptorOwner
RegSetKeySecurity
FreeSid
OpenProcessToken
LookupPrivilegeValueA
AdjustTokenPrivileges
RegOpenKeyA
RegOpenKeyExW
RegQueryValueExW
RegSetValueExW
StartServiceCtrlDispatcherA
RegisterServiceCtrlHandlerA
SetServiceStatus
RegSetValueExA
RegOpenKeyExA
RegQueryValueExA
RegCloseKey
ControlService
StartServiceA
QueryServiceStatus
DeleteService
OpenServiceA
ChangeServiceConfig2A
OpenSCManagerA
CreateServiceA
CloseServiceHandle
InitializeAcl

shlwapi

SHSetValueA
SHGetValueA
SHDeleteKeyA
PathFindFileNameA
PathIsDirectoryA
SHDeleteValueA
PathAppendA
PathRemoveBlanksA
PathRemoveBackslashA
PathRemoveFileSpecA
StrStrIA
wnsprintfA
PathFileExistsA

msvcirt

?sync@istream@@QAEHXZ
?getline@istream@@QAEAAV1@PADHD@Z
??5istream@@QAEAAV0@PAD@Z
??0exception@@QAE@ABQBD@Z
??1exception@@UAE@XZ
??0exception@@QAE@ABV0@@Z
??6ostream@@QAEAAV0@PBD@Z

ws2_32

htons
ntohl
ntohs
WSACleanup
WSAStartup

msvcrt

_onexit
__dllonexit
_strnicmp
_wcsnicmp
_wcsicmp
_strlwr
fgetc
calloc
_exit
_iob
fputc
exit
memcpy
_CxxThrowException
_EH_prolog
strlen
atol
wcscpy
_except_handler3
??1type_info@@UAE@XZ
_controlfp
_XcptFilter
_acmdln
memset
strrchr
__set_app_type
__p__fmode
__p__commode
_adjust_fdiv
__setusermatherr
_initterm
??2@YAPAXI@Z
_snprintf
_mbsicmp
rand
_mbsnbcpy
fseek
fclose
fputs
strstr
fgets
rewind
fopen
__CxxFrameHandler
wcslen
fwrite
_tempnam
strchr
fread
ftell
tolower
_ismbcupper
free
malloc
_mbscmp
sscanf
printf
_snwprintf
sprintf
time
localtime
memmove
atoi
_mbstok
strncpy
srand
__getmainargs

shell32

SHCreateDirectoryExA

Sections

.text
Size: 108KB - Virtual size: 107KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 20KB - Virtual size: 18KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 8KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 72KB - Virtual size: 72KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

a8c05495d56d567068b75adfbe69b618

Headers

File Characteristics

Imports

user32

ole32

kernel32

advapi32

shlwapi

msvcirt

ws2_32

msvcrt

shell32

Sections

.text Size: 108KB - Virtual size: 107KB

.rdata Size: 20KB - Virtual size: 18KB

.data Size: 8KB - Virtual size: 13KB

.rsrc Size: 72KB - Virtual size: 72KB

.text
Size: 108KB - Virtual size: 107KB

.rdata
Size: 20KB - Virtual size: 18KB

.data
Size: 8KB - Virtual size: 13KB

.rsrc
Size: 72KB - Virtual size: 72KB